terraform-ibm-modules · maheshwarishikha · Feb 14, 2025 · Feb 14, 2025 · Feb 17, 2025 · Feb 17, 2025
diff --git a/solutions/simple/README.md b/solutions/simple/README.md
@@ -0,0 +1,11 @@
+# IBM VPC deployable architecture
+
+This deployable architecture supports provisioning the following resources:
+
+- A new resource group if one is not passed in.
+- A VPC.
+
+
+![vpc-deployable-architecture](../../reference-architecture/vpc-quickstart-da.svg)
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
diff --git a/solutions/simple/catalogValidationValues.json.template b/solutions/simple/catalogValidationValues.json.template
@@ -0,0 +1,6 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "region": "us-south",
+  "resource_tags": $TAGS,
+  "resource_group_name": $PREFIX
+}
diff --git a/solutions/simple/main.tf b/solutions/simple/main.tf
@@ -0,0 +1,128 @@
+locals {
+  prefix = var.prefix != null ? (var.prefix != "" ? var.prefix : null) : null
+}
+
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source                       = "terraform-ibm-modules/resource-group/ibm"
+  version                      = "1.1.6"
+  resource_group_name          = var.use_existing_resource_group == false ? try("${local.prefix}-${var.resource_group_name}", var.resource_group_name) : null
+  existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null
+}
+
+#############################################################################
+# COS Bucket for VPC flow logs
+#############################################################################
+
+# parse COS details from the existing COS instance CRN
+module "existing_cos_crn_parser" {
+  count   = var.existing_cos_instance_crn != null ? 1 : 0
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = var.existing_cos_instance_crn
+}
+
+locals {
+  bucket_name = try("${local.prefix}-${var.cos_bucket_name}", var.cos_bucket_name)
+
+  bucket_config = [{
+    access_tags                   = var.access_tags
+    bucket_name                   = local.bucket_name
+    kms_encryption_enabled        = var.kms_encryption_enabled_bucket
+    kms_guid                      = var.kms_encryption_enabled_bucket ? module.existing_kms_crn_parser[0].service_instance : null
+    kms_key_crn                   = var.kms_encryption_enabled_bucket ? var.existing_kms_instance_crn : null
+    skip_iam_authorization_policy = var.skip_cos_kms_auth_policy
+    management_endpoint_type      = var.management_endpoint_type_for_bucket
+    storage_class                 = var.cos_bucket_class
+    resource_instance_id          = var.existing_cos_instance_crn
+    region_location               = var.region
+    force_delete                  = true
+  }]
+}
+
+module "cos_buckets" {
+  count          = var.enable_vpc_flow_logs ? 1 : 0
+  source         = "terraform-ibm-modules/cos/ibm//modules/buckets"
+  version        = "8.19.2"
+  bucket_configs = local.bucket_config
+}
+
+#######################################################################################################################
+# KMS Key
+#######################################################################################################################
+
+# parse KMS details from the existing KMS instance CRN
+module "existing_kms_crn_parser" {
+  count   = var.kms_encryption_enabled_bucket && var.existing_kms_instance_crn != null ? 1 : 0
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = var.existing_kms_instance_crn
+}
+
+locals {
+  # fetch KMS region from existing_kms_instance_crn if KMS resources are required
+  kms_region = var.kms_encryption_enabled_bucket && var.existing_kms_instance_crn != null ? module.existing_kms_crn_parser[0].region : null
+
+  kms_key_ring_name = try("${var.prefix}-${var.kms_key_ring_name}", var.kms_key_ring_name)
+  kms_key_name      = try("${var.prefix}-${var.kms_key_name}", var.kms_key_name)
+}
+
+module "kms" {
+  count                       = (var.enable_vpc_flow_logs && var.kms_encryption_enabled_bucket && var.existing_kms_instance_crn != null) ? 1 : 0 # no need to create any KMS resources if not passing an existing KMS CRN
+  source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
+  version                     = "4.19.5"
+  create_key_protect_instance = false
+  region                      = local.kms_region
+  existing_kms_instance_crn   = var.existing_kms_instance_crn
+  key_ring_endpoint_type      = var.kms_endpoint_type
+  key_endpoint_type           = var.kms_endpoint_type
+  keys = [
+    {
+      key_ring_name         = local.kms_key_ring_name
+      existing_key_ring     = false
+      force_delete_key_ring = true
+      keys = [
+        {
+          key_name                 = local.kms_key_name
+          standard_key             = false
+          rotation_interval_month  = 3
+          dual_auth_delete_enabled = false
+          force_delete             = true
+        }
+      ]
+    }
+  ]
+}
+
+#############################################################################
+# VPC
+#############################################################################
+
+locals {
+  # //TO DO
+  # to create use_public_gateways object
+}
+
+module "vpc" {
+  source                      = "../../"
+  resource_group_id           = module.resource_group.resource_group_id
+  region                      = var.region
+  create_vpc                  = true
+  name                        = var.vpc_name
+  prefix                      = local.prefix
+  tags                        = var.resource_tags
+  access_tags                 = var.access_tags
+  subnets                     = var.subnets
+  default_network_acl_name    = var.default_network_acl_name
+  default_security_group_name = var.default_security_group_name
+  default_routing_table_name  = var.default_routing_table_name
+  network_acls                = var.network_acls
+  # use_public_gateways = local.public_gateway_object
+  enable_vpc_flow_logs                   = var.enable_vpc_flow_logs
+  create_authorization_policy_vpc_to_cos = var.create_authorization_policy_vpc_to_cos
+  existing_cos_instance_guid             = var.enable_vpc_flow_logs ? module.existing_cos_crn_parser[0].service_instance : null
+  existing_storage_bucket_name           = var.enable_vpc_flow_logs ? module.cos_buckets[0].buckets[0].bucket_name : null
+}
diff --git a/solutions/simple/outputs.tf b/solutions/simple/outputs.tf
@@ -0,0 +1,36 @@
+##############################################################################
+# VPC
+##############################################################################
+
+output "vpc_name" {
+  description = "Name of VPC created"
+  value       = module.vpc.vpc_name
+}
+
+output "vpc_id" {
+  description = "ID of VPC created"
+  value       = module.vpc.vpc_id
+}
+
+output "vpc_crn" {
+  description = "CRN of VPC created"
+  value       = module.vpc.vpc_crn
+}
+
+##############################################################################
+# Public Gateways
+##############################################################################
+
+output "public_gateways" {
+  description = "Map of public gateways by zone"
+  value       = module.vpc.public_gateways
+}
+
+##############################################################################
+# VPC flow logs
+##############################################################################
+
+output "vpc_flow_logs" {
+  description = "Details of VPC flow logs collector"
+  value       = module.vpc.vpc_flow_logs
+}
diff --git a/solutions/simple/provider.tf b/solutions/simple/provider.tf
@@ -0,0 +1,9 @@
+########################################################################################################################
+# Provider config
+########################################################################################################################
+
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+  visibility       = var.provider_visibility
+}