mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
38 lines
1.3 KiB
Plaintext
38 lines
1.3 KiB
Plaintext
# Example variables for 02-network layer
|
|
# Copy to terraform.tfvars and update values
|
|
|
|
state_bucket = "myproject-terraform-state"
|
|
deployment_mode = "single-account"
|
|
region = "us-east-1"
|
|
vpc_cidr = "10.0.0.0/16"
|
|
azs = ["us-east-1a", "us-east-1b"]
|
|
|
|
# NAT Gateway - set to false for cost savings (~$32/mo)
|
|
enable_nat = true
|
|
|
|
################################################################################
|
|
# Cost Optimization Options
|
|
################################################################################
|
|
#
|
|
# Option 1: Standard (enable_nat = true)
|
|
# - NAT Gateway: ~$32/mo + $0.045/GB data transfer
|
|
# - Recommended for: Production, compliance requirements
|
|
#
|
|
# Option 2: No NAT (enable_nat = false)
|
|
# - Cost: $0/mo for NAT
|
|
# - Private subnets can't reach internet
|
|
# - Use VPC endpoints for AWS services (S3, DynamoDB, ECR, etc.)
|
|
# - Recommended for: Dev/test, serverless-heavy, small accounts
|
|
#
|
|
# Option 3: Use vpc-lite module instead
|
|
# - nat_mode = "none" → $0/mo (VPC endpoints only)
|
|
# - nat_mode = "instance" → ~$3/mo (t4g.nano NAT, single-AZ)
|
|
# - nat_mode = "gateway" → ~$32/mo (standard)
|
|
#
|
|
# Example vpc-lite usage:
|
|
# module "vpc" {
|
|
# source = "../modules/vpc-lite"
|
|
# name = "dev-vpc"
|
|
# nat_mode = "none" # or "instance" for cheap NAT
|
|
# }
|