npm - @percepta/create - Versions diffs - 3.6.1 → 3.6.3 - Mend

@percepta/create 3.6.1 → 3.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/templates/webapp/terraform/main.tf DELETED Viewed

@@ -1,101 +0,0 @@
-data "aws_eks_cluster" "cluster" {
-  name = var.cluster_name
-}
-data "aws_iam_openid_connect_provider" "cluster_oidc_provider" {
-  url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer
-}
-################################################################################
-# IAM Role for Application Service Account
-################################################################################
-data "aws_iam_policy_document" "app_assume_role_policy" {
-  statement {
-    actions = ["sts:AssumeRoleWithWebIdentity"]
-    principals {
-      type        = "Federated"
-      identifiers = [data.aws_iam_openid_connect_provider.cluster_oidc_provider.arn]
-    }
-    condition {
-      test     = "StringEquals"
-      variable = "${trimsuffix(replace(data.aws_iam_openid_connect_provider.cluster_oidc_provider.url, "https://", ""), "/")}:sub"
-      values   = ["system:serviceaccount:${var.namespace}:${var.kubernetes_service_account}"]
-    }
-    condition {
-      test     = "StringEquals"
-      variable = "${trimsuffix(replace(data.aws_iam_openid_connect_provider.cluster_oidc_provider.url, "https://", ""), "/")}:aud"
-      values   = ["sts.amazonaws.com"]
-    }
-  }
-}
-resource "aws_iam_role" "app_service_account_role" {
-  name               = "__APP_NAME_UPPER__-App-Role-${var.name}-${var.environment}"
-  assume_role_policy = data.aws_iam_policy_document.app_assume_role_policy.json
-}
-# Networking Module - Get VPC and subnet information
-module "networking" {
-  source = "./modules/networking"
-  vpc_id              = var.vpc_id
-  subnet_ids          = var.subnet_ids
-  subnet_tags         = var.subnet_tags
-  ingress_cidr_blocks = var.ingress_cidr_blocks
-}
-# RDS Module - Create or use existing RDS cluster
-module "rds" {
-  source = "./modules/rds"
-  name                   = var.name
-  environment            = var.environment
-  existing_cluster_name  = var.existing_rds_cluster_name
-  create_new_cluster     = var.create_new_rds
-  vpc_id                 = var.vpc_id
-  subnet_ids             = module.networking.subnet_ids
-  engine_version         = var.rds_engine_version
-  port                   = var.rds_port
-  instance_class         = var.rds_instance_class
-  edw_allowed_principals = var.edw_allowed_principals
-  edw_vpc_cidr_blocks    = var.edw_vpc_cidr_blocks
-}
-# S3 Logging Module - Create S3 bucket for access logs
-module "s3_logging" {
-  source = "./modules/s3-logging"
-  name               = var.name
-  environment        = var.environment
-  s3_expiration_days = var.s3_bucket_expiration_days
-}
-# CloudTrail Module - Create CloudTrail trail for S3 data event logging
-module "cloudtrail" {
-  source = "./modules/cloudtrail"
-  name                = var.name
-  environment         = var.environment
-  logging_bucket_name = module.s3_logging.s3_bucket_name
-}
-# Secrets Module - Create EKS secrets for all credentials
-module "secrets" {
-  source = "./modules/secrets"
-  namespace    = var.namespace
-  cluster_name = var.cluster_name
-  # Database credentials
-  db_host     = module.rds.host
-  db_port     = module.rds.port
-  db_name     = module.rds.database_name
-  db_username = module.rds.username
-  db_password = module.rds.password
-  db_ssl_cert = module.rds.ssl_cert
-  db_url      = module.rds.connection_url
-}

package/templates/webapp/terraform/modules/cloudtrail/main.tf DELETED Viewed

@@ -1,27 +0,0 @@
-################################################################################
-# CloudTrail Trail
-################################################################################
-# Note: The S3 bucket policy for CloudTrail is managed in the s3-logging module
-# to avoid conflicts with multiple bucket policy resources
-resource "aws_cloudtrail" "trail" {
-  name                          = "${var.name}-trail-${var.environment}"
-  s3_bucket_name                = var.logging_bucket_name
-  s3_key_prefix                 = "cloudtrail/"
-  include_global_service_events = true
-  is_multi_region_trail         = true
-  enable_logging                = true
-  enable_log_file_validation    = true
-  event_selector {
-    read_write_type                  = "All"
-    include_management_events        = true
-    exclude_management_event_sources = []
-    data_resource {
-      type   = "AWS::S3::Object"
-      values = ["arn:aws:s3"]
-    }
-  }
-}

package/templates/webapp/terraform/modules/cloudtrail/outputs.tf DELETED Viewed

@@ -1,10 +0,0 @@
-output "trail_arn" {
-  description = "ARN of the CloudTrail trail"
-  value       = aws_cloudtrail.trail.arn
-}
-output "trail_name" {
-  description = "Name of the CloudTrail trail"
-  value       = aws_cloudtrail.trail.name
-}

package/templates/webapp/terraform/modules/cloudtrail/variables.tf DELETED Viewed

@@ -1,15 +0,0 @@
-variable "name" {
-  description = "Base name for resources"
-  type        = string
-}
-variable "environment" {
-  description = "Environment name (e.g. dev, staging, prod)"
-  type        = string
-}
-variable "logging_bucket_name" {
-  description = "Name of the S3 bucket to store CloudTrail logs"
-  type        = string
-}

package/templates/webapp/terraform/modules/networking/main.tf DELETED Viewed

@@ -1,118 +0,0 @@
-data "aws_vpc" "vpc" {
-  id = var.vpc_id
-}
-# Get the private subnets assigned to the vpc
-data "aws_subnets" "subnets" {
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.vpc.id]
-  }
-  tags = var.subnet_tags
-}
-data "aws_subnet" "subnet" {
-  count = length(local.subnet_ids)
-  id    = local.subnet_ids[count.index]
-}
-locals {
-  subnet_ids = var.subnet_ids != null ? var.subnet_ids : data.aws_subnets.subnets.ids
-  vpc_cidr   = data.aws_vpc.vpc.cidr_block
-}
-################################################################################
-# Security Group for VPC Endpoints
-################################################################################
-resource "aws_security_group" "vpc_endpoints" {
-  name_prefix = "__APP_NAME__-vpc-endpoints-"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for __APP_NAME_UPPER__ VPC endpoints"
-  ingress {
-    description = "HTTPS from VPC"
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = [data.aws_vpc.vpc.cidr_block]
-  }
-  egress {
-    description = "All outbound traffic"
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  tags = {
-    Name = "__APP_NAME__-vpc-endpoints"
-  }
-}
-################################################################################
-# VPC Endpoints for AWS Services
-################################################################################
-# S3 VPC Endpoint (Gateway type for better performance and cost)
-resource "aws_vpc_endpoint" "s3" {
-  vpc_id       = data.aws_vpc.vpc.id
-  service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect    = "Allow"
-        Principal = "*"
-        Action = [
-          "s3:GetObject",
-          "s3:PutObject",
-          "s3:DeleteObject",
-          "s3:ListBucket"
-        ]
-        Resource = "*"
-      }
-    ]
-  })
-  tags = {
-    Name = "__APP_NAME__-s3-endpoint"
-  }
-}
-# Get current AWS region
-data "aws_region" "current" {}
-################################################################################
-# Security Group for Ingress CIDR blocks
-################################################################################
-resource "aws_security_group" "ingress" {
-  for_each = var.ingress_cidr_blocks
-  name_prefix = "__APP_NAME__-${each.key}-"
-  vpc_id      = data.aws_vpc.vpc.id
-  description = "Security group for ${each.key}"
-  ingress {
-    description = "All TCP from specified CIDRs"
-    from_port   = 0
-    to_port     = 65535
-    protocol    = "tcp"
-    cidr_blocks = each.value
-  }
-  egress {
-    description = "All outbound traffic"
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-  tags = {
-    Name = "__APP_NAME__-${each.key}"
-  }
-}

package/templates/webapp/terraform/modules/networking/outputs.tf DELETED Viewed

@@ -1,38 +0,0 @@
-output "vpc_id" {
-  description = "VPC ID"
-  value       = data.aws_vpc.vpc.id
-}
-output "vpc_cidr" {
-  description = "VPC CIDR block"
-  value       = local.vpc_cidr
-}
-output "subnet_ids" {
-  description = "List of subnet IDs"
-  value       = local.subnet_ids
-}
-output "availability_zones" {
-  description = "List of availability zones for the subnets"
-  value       = data.aws_subnet.subnet[*].availability_zone
-}
-################################################################################
-# VPC Endpoint Outputs
-################################################################################
-output "vpc_endpoint_security_group_id" {
-  description = "Security group ID for VPC endpoints"
-  value       = aws_security_group.vpc_endpoints.id
-}
-output "s3_vpc_endpoint_id" {
-  description = "S3 VPC endpoint ID"
-  value       = aws_vpc_endpoint.s3.id
-}
-output "ingress_cidr_blocks" {
-  description = "Map of dynamically created security groups for ingress"
-  value       = aws_security_group.ingress
-}

package/templates/webapp/terraform/modules/networking/variables.tf DELETED Viewed

@@ -1,24 +0,0 @@
-variable "vpc_id" {
-  description = "VPC ID where resources will be deployed"
-  type        = string
-}
-variable "subnet_ids" {
-  description = "List of subnet IDs for resources"
-  type        = list(string)
-  default     = null
-}
-variable "subnet_tags" {
-  description = "Tags for subnet selection"
-  type        = map(string)
-  default = {
-    "kubernetes.io/role/internal-elb" = "1"
-  }
-}
-variable "ingress_cidr_blocks" {
-  description = "A map of security group names to a list of CIDR blocks to allow access from."
-  type        = map(list(string))
-  default     = {}
-}

package/templates/webapp/terraform/modules/rds/main.tf DELETED Viewed

@@ -1,227 +0,0 @@
-data "aws_region" "current" {}
-data "http" "rds_ca" {
-  url = "https://truststore.pki.rds.amazonaws.com/${data.aws_region.current.name}/${data.aws_region.current.name}-bundle.pem"
-}
-data "aws_vpc" "vpc" {
-  id = var.vpc_id
-}
-data "aws_subnet" "subnet" {
-  count = length(var.subnet_ids)
-  id    = var.subnet_ids[count.index]
-}
-# Check if existing cluster exists
-data "aws_rds_cluster" "existing" {
-  count              = var.existing_cluster_name != null ? 1 : 0
-  cluster_identifier = var.existing_cluster_name
-}
-resource "random_pet" "name" {
-  count  = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  length = 2
-}
-resource "random_password" "master_password" {
-  count            = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  length           = 16
-  special          = true
-  override_special = "_!%^"
-}
-locals {
-  cluster_name = var.existing_cluster_name != null ? var.existing_cluster_name : (var.create_new_cluster ? "${var.name}-${random_pet.name[0].id}" : null)
-  # Use existing cluster details if available, otherwise use new cluster details
-  cluster_endpoint = var.existing_cluster_name != null ? data.aws_rds_cluster.existing[0].endpoint : (var.create_new_cluster ? aws_rds_cluster.rds[0].endpoint : null)
-  cluster_port     = var.existing_cluster_name != null ? data.aws_rds_cluster.existing[0].port : (var.create_new_cluster ? aws_rds_cluster.rds[0].port : null)
-  master_username  = var.existing_cluster_name != null ? data.aws_rds_cluster.existing[0].master_username : (var.create_new_cluster ? aws_rds_cluster.rds[0].master_username : null)
-  master_password  = var.existing_cluster_name != null ? null : (var.create_new_cluster ? random_password.master_password[0].result : null)
-}
-# Security group for new RDS cluster
-resource "aws_security_group" "security_group" {
-  count       = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  name        = "rds-__APP_NAME__-${random_pet.name[0].id}"
-  description = "Security group for __APP_NAME_UPPER__ RDS ${random_pet.name[0].id}"
-  vpc_id      = data.aws_vpc.vpc.id
-  ingress {
-    description = "Allow Postgres from VPC"
-    from_port   = var.port
-    to_port     = var.port
-    protocol    = "tcp"
-    cidr_blocks = [data.aws_vpc.vpc.cidr_block]
-  }
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-# Subnet group for new RDS cluster
-resource "aws_db_subnet_group" "subnet_group" {
-  count       = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  name        = "rds-__APP_NAME__-${random_pet.name[0].id}"
-  description = "Subnet group for __APP_NAME_UPPER__ RDS ${random_pet.name[0].id}"
-  subnet_ids  = var.subnet_ids
-}
-# New RDS cluster
-resource "aws_rds_cluster" "rds" {
-  count                   = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  cluster_identifier      = local.cluster_name
-  engine                  = "aurora-postgresql"
-  engine_mode             = "provisioned"
-  engine_version          = var.engine_version
-  vpc_security_group_ids  = [aws_security_group.security_group[0].id]
-  db_subnet_group_name    = aws_db_subnet_group.subnet_group[0].name
-  availability_zones      = slice(data.aws_subnet.subnet[*].availability_zone, 0, min(3, length(data.aws_subnet.subnet)))
-  database_name           = "__DB_NAME__"
-  port                    = var.port
-  master_username         = "__APP_NAME_SNAKE___admin"
-  master_password         = random_password.master_password[0].result
-  storage_encrypted       = true
-  backup_retention_period = 5
-  preferred_backup_window = "07:00-09:00"
-  skip_final_snapshot  = true
-  enable_http_endpoint = true
-  serverlessv2_scaling_configuration {
-    max_capacity             = 1.0
-    min_capacity             = 0.0
-    seconds_until_auto_pause = 3600
-  }
-}
-# RDS cluster instance for new cluster
-resource "aws_rds_cluster_instance" "instance" {
-  count               = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  identifier          = "${local.cluster_name}-instance-${count.index}"
-  cluster_identifier  = aws_rds_cluster.rds[0].id
-  instance_class      = var.instance_class
-  engine              = aws_rds_cluster.rds[0].engine
-  engine_version      = aws_rds_cluster.rds[0].engine_version
-  publicly_accessible = false
-}
-# Store master password in AWS Secrets Manager for new cluster
-resource "aws_secretsmanager_secret" "master_password" {
-  count       = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  name_prefix = "rds-__APP_NAME__-master-password-${random_pet.name[0].id}-"
-}
-resource "aws_secretsmanager_secret_version" "master_password" {
-  count         = var.create_new_cluster && var.existing_cluster_name == null ? 1 : 0
-  secret_id     = aws_secretsmanager_secret.master_password[0].id
-  secret_string = random_password.master_password[0].result
-}
-################################################################################
-# EDW Readonly User Resources
-################################################################################
-# Generate secure password for readonly user
-resource "random_password" "readonly_user_password" {
-  length  = 32
-  special = true
-  # Use PostgreSQL-safe special characters
-  override_special = "!#$%&*()-_=+[]{}<>:?"
-}
-# Store readonly user credentials in Secrets Manager
-resource "aws_secretsmanager_secret" "readonly_user_credentials" {
-  name_prefix = "rds-__APP_NAME__-readonly-${var.name}-${var.environment}-"
-  description = "Readonly database credentials for EDW access to __APP_NAME_UPPER__ database"
-  tags = {
-    Name        = "__APP_NAME__-readonly-credentials"
-    Environment = var.environment
-    Purpose     = "EDW"
-  }
-}
-resource "aws_secretsmanager_secret_version" "readonly_user_credentials" {
-  secret_id = aws_secretsmanager_secret.readonly_user_credentials.id
-  secret_string = jsonencode({
-    username = "__APP_NAME_SNAKE___readonly"
-    password = random_password.readonly_user_password.result
-    host     = local.cluster_endpoint
-    port     = local.cluster_port
-    database = "__DB_NAME__"
-    engine   = "postgres"
-  })
-}
-# Cross-account IAM role for EDW to assume
-resource "aws_iam_role" "edw_secret_reader_role" {
-  count = length(var.edw_allowed_principals) > 0 ? 1 : 0
-  name  = "__APP_NAME_UPPER__-EDW-SecretReader-${var.name}-${var.environment}"
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Principal = {
-          AWS = var.edw_allowed_principals
-        }
-        Action = "sts:AssumeRole"
-      }
-    ]
-  })
-  tags = {
-    Name        = "__APP_NAME__-edw-secret-reader"
-    Environment = var.environment
-    Purpose     = "EDW"
-  }
-}
-# IAM policy to allow reading the readonly credentials secret
-resource "aws_iam_policy" "edw_secret_reader_policy" {
-  count       = length(var.edw_allowed_principals) > 0 ? 1 : 0
-  name        = "__APP_NAME_UPPER__-EDW-SecretReader-Policy-${var.name}-${var.environment}"
-  description = "Allows EDW to read __APP_NAME_UPPER__ readonly database credentials from Secrets Manager"
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "secretsmanager:GetSecretValue",
-          "secretsmanager:DescribeSecret"
-        ]
-        Resource = aws_secretsmanager_secret.readonly_user_credentials.arn
-      }
-    ]
-  })
-}
-resource "aws_iam_role_policy_attachment" "edw_secret_reader_attach" {
-  count      = length(var.edw_allowed_principals) > 0 ? 1 : 0
-  role       = aws_iam_role.edw_secret_reader_role[0].name
-  policy_arn = aws_iam_policy.edw_secret_reader_policy[0].arn
-}
-# Add ingress rule to security group for EDW VPC CIDR blocks
-resource "aws_security_group_rule" "edw_ingress" {
-  count             = var.create_new_cluster && var.existing_cluster_name == null && length(var.edw_vpc_cidr_blocks) > 0 ? 1 : 0
-  type              = "ingress"
-  description       = "Allow Postgres from EDW VPC via VPC peering"
-  from_port         = var.port
-  to_port           = var.port
-  protocol          = "tcp"
-  cidr_blocks       = var.edw_vpc_cidr_blocks
-  security_group_id = aws_security_group.security_group[0].id
-}

package/templates/webapp/terraform/modules/rds/outputs.tf DELETED Viewed

@@ -1,73 +0,0 @@
-output "host" {
-  description = "RDS cluster endpoint"
-  value       = local.cluster_endpoint
-}
-output "port" {
-  description = "RDS cluster port"
-  value       = local.cluster_port
-}
-output "database_name" {
-  description = "Database name"
-  value       = "__DB_NAME__"
-}
-output "username" {
-  description = "Database username (master user)"
-  value       = local.master_username
-}
-output "password" {
-  description = "Database password (master user)"
-  value       = local.master_password
-  sensitive   = true
-}
-output "ssl_cert" {
-  description = "RDS CA certificate"
-  value       = data.http.rds_ca.response_body
-  sensitive   = true
-}
-output "connection_url" {
-  description = "PostgreSQL connection URL"
-  value       = "postgresql://${local.master_username}:${local.master_password}@${local.cluster_endpoint}:${local.cluster_port}/__DB_NAME__"
-  sensitive   = true
-}
-output "cluster_name" {
-  description = "RDS cluster name"
-  value       = local.cluster_name
-}
-output "master_username" {
-  description = "RDS master username (for new clusters only)"
-  value       = local.master_username
-}
-output "master_password" {
-  description = "RDS master password (for new clusters only)"
-  value       = local.master_password
-  sensitive   = true
-}
-output "readonly_username" {
-  description = "Readonly database username for EDW access"
-  value       = "__APP_NAME_SNAKE___readonly"
-}
-output "readonly_user_secret_arn" {
-  description = "ARN of the Secrets Manager secret containing readonly user credentials"
-  value       = aws_secretsmanager_secret.readonly_user_credentials.arn
-}
-output "readonly_user_secret_name" {
-  description = "Name of the Secrets Manager secret containing readonly user credentials"
-  value       = aws_secretsmanager_secret.readonly_user_credentials.name
-}
-output "readonly_user_secret_reader_role_arn" {
-  description = "ARN of the IAM role that EDW can assume to read the readonly credentials secret"
-  value       = length(var.edw_allowed_principals) > 0 ? aws_iam_role.edw_secret_reader_role[0].arn : null
-}