Infra (Template)

opsZero uses Infrastructure as Code to build all infrastructure. The directory structure contains everything needed to run the entire Cloud infrastructure from DNS to IAM to the Cloud. The way different components are used is through different terraform modules.

Structure

• dns: DNS and Cloudflare Access
  • terraform-cloudflare-edge. Configure IAM resources including Github OIDC, Gitlab OIDC, and IAM.
• identity:
  • Setting up
• monitoring: Monitoring configuration
  • terraform-datadog-panopticon: Datadog powered panopticon.
• environments: Cloud Kubernetes Clusters, Common Cloud Terraform, Shared Terraform
  • <environment>: Individual environments. e.g prod, dev, staging.
    • Bastion
      • terraform-aws-bastion. AWS Bastion / Instance with EC2 Instance Connect
    • Kubernetes
      • terraform-aws-kubespot. AWS Configuration
      • terraform-helm-kubespot. Common Helm Charts.
  • shared/<shared>: Shared Terraform modules used by environments. e.g S3 Bucket configuration
  • common/<common>: Common Terraform resources used across environments. e.g ECR

Compliance

To enable the compliance for SOC2, CMMC, HIPAA, ITAR, PCI-DSS please follow the following:

• AWS module

  • environments/common/compliance/aws-cloudtrail: Setup Cloudtrail.
  • environments/common/complaince/aws-elb: Add monitoring to ELBs.
  • environments/common/compliance/aws-guardduty: Enable the Intrusion Detection System.

• bin/aws-log-group-retention-update.py --profile <account> --region us-west-2: Update the AWS Retention period to 365 days.

Tools & Setup

brew install kubectl kubernetes-helm awscli terraform azure-cli

Makefile

• make fmt: Run terraform fmt

Modules

• DevOps
  • Github Actions
    • actions-cloudflare-dns
    • actions-deploytag
    • actions-deploytag-cleanup
    • flowtune
    • flowtune-runner-images
    • tiphys
  • Cloud
    • wintune
    • nixtune
    • opshell
    • terraform-aws-cloudflare-security-group
    • terraform-aws-eks-efs
    • terraform-aws-elb-cloudwatch
    • terraform-aws-github-security-group
    • terraform-aws-instance
    • terraform-aws-kubespot
    • terraform-aws-mongodbatlas
    • terraform-aws-mrmgr
    • terraform-aws-rds-cross-region-backup
    • terraform-aws-redshift
    • terraform-aws-ssm
    • terraform-cloudflare-domain
    • terraform-datadog-panopticon
    • terraform-github-mrmgr
    • terraform-helm-aws-vault
    • terraform-helm-kubespot
    • terraform-kubernetes-socat
    • terraform-template
    • terraform-azuread-mrmgr
    • terraform-azurerm-kubespot
    • terraform-google-kubespot
    • terraform-google-mrmgr
• DataOps
  • airbase
  • terraform-aws-airflow
• Workflows
  • template-aws-lambda-django
  • template-aws-lambda-flask
  • template-azure-functions-django
  • template-helm-django
  • template-helm-jupyter-voila