[PFMENG-1278] Update the examples

Duleendra · Duleendra · commit 3fef563b1413 · 2023-11-09T09:56:53.000+08:00
diff --git a/examples/main.tf b/examples/main.tf
@@ -55,13 +55,13 @@ module "verified_access_eni_endpoint" {
   verified_access_group_id = module.verified_access_iam_identity_center.verifiedaccess_group_id
 
   description            = "user-manager"
-  application_domain     = "user-manger.abc.com"
-  domain_certificate_arn = "arn:aws:acm:ap-southeast-1:12345678:certificate/a6e8cc16-b740-4e15-8a3a-a3f643589a36"
+  application_domain     = "user-manger.my-domain.com"
+  domain_certificate_arn = module.acm.acm_certificate_arn
   endpoint_domain_prefix = "user-manger"
-  security_group_ids     = ["sg-090fee8d4dd093"]
+  security_group_ids     = [module.verified_access_sg.security_group_id]
 
   endpoint_type        = "network-interface"
-  network_interface_id = "eni-0ecf3d2c29ad06"
+  network_interface_id = "eni-xys3d2c29ad06"
   port                 = 443
   protocol             = "https"
 
@@ -78,21 +78,103 @@ module "verified_access_elb_endpoint" {
 
   description = "student-portal"
 
-  application_domain     = "student-portal.abc.com"
-  domain_certificate_arn = "arn:aws:acm:ap-southeast-1:123789456:certificate/a6e8cc16-b740-4e15-8a3a-a3f643589a36"
+  application_domain     = "student-portal.my-domain.com"
+  domain_certificate_arn = module.acm.acm_certificate_arn
   endpoint_domain_prefix = "student-portal"
-  security_group_ids     = ["sg-0305d43dd3458dda"]
+  security_group_ids     = [module.verified_access_sg.security_group_id]
 
   endpoint_type     = "load-balancer"
   load_balancer_arn = "arn:aws:elasticloadbalancing:ap-southeast-1:123456789:loadbalancer/app/student-portal/db28c751e6407a7e"
   port              = 443
   protocol          = "https"
-  subnet_ids = [
-    "subnet-0589f70e50ee83b4",
-    "subnet-080006967a027df"
-  ]
+  subnet_ids        = module.vpc.private_subnets
 
   tags = {
     Name = "student-portal"
   }
 }
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.1"
+
+  name = "test-vpc"
+  cidr = "10.0.0.0/16"
+
+  azs             = ["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = true
+  enable_vpn_gateway = true
+
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+  }
+}
+
+module "verified_access_sg" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.1"
+
+  name   = "verified-access-sg"
+  vpc_id = module.vpc.vpc_id
+
+  ingress_cidr_blocks = ["0.0.0.0/0"]
+
+  ingress_rules = [
+    "https-443-tcp"
+  ]
+
+  egress_rules = ["all-all"]
+}
+
+module "acm" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 4.0"
+
+  domain_name = "my-domain.com"
+  zone_id     = "xyz1234B9AZ6SHAE"
+
+  validation_method = "DNS"
+
+  subject_alternative_names = [
+    "*.my-domain.com"
+  ]
+
+  wait_for_validation = true
+
+  tags = {
+    Name = "my-domain.com"
+  }
+}
+
+module "alb" {
+  source  = "terraform-aws-modules/alb/aws"
+  version = "~> 9.1"
+
+  name     = "my-alb"
+  vpc_id   = module.vpc.vpc_id
+  subnets  = module.vpc.private_subnets
+  internal = true
+
+  # Allow traffic from Verified Access security group
+  security_groups = [module.verified_access_sg.security_group_id]
+
+  listeners = {
+    https = {
+      port            = 443
+      protocol        = "HTTPS"
+      certificate_arn = module.acm.acm_certificate_arn
+      forward = {
+        target_group_key = "ex-instance"
+      }
+    }
+  }
+
+  tags = {
+    Environment = "Development"
+    Project     = "Example"
+  }
+}
