{"id":31727231,"url":"https://github.com/thecodebeneath/codebeneath-lab-aws","last_synced_at":"2026-05-01T21:32:24.036Z","repository":{"id":305367548,"uuid":"1020946725","full_name":"thecodebeneath/codebeneath-lab-aws","owner":"thecodebeneath","description":"Terraform to standup the Codebeneath lab AWS resources","archived":false,"fork":false,"pushed_at":"2025-09-22T04:35:07.000Z","size":103,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-22T06:25:13.895Z","etag":null,"topics":["aws","gitlab","gitlab-runners","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thecodebeneath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-16T16:28:04.000Z","updated_at":"2025-09-22T04:35:10.000Z","dependencies_parsed_at":"2025-07-19T20:26:47.568Z","dependency_job_id":"02057623-06f3-4631-811f-96535d909dfd","html_url":"https://github.com/thecodebeneath/codebeneath-lab-aws","commit_stats":null,"previous_names":["thecodebeneath/codebeneath-lab-aws"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/thecodebeneath/codebeneath-lab-aws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thecodebeneath%2Fcodebeneath-lab-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thecodebeneath%2Fcodebeneath-lab-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thecodebeneath%2Fcodebeneath-lab-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thecodebeneath%2Fcodebeneath-lab-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thecodebeneath","download_url":"https://codeload.github.com/thecodebeneath/codebeneath-lab-aws/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thecodebeneath%2Fcodebeneath-lab-aws/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000849,"owners_count":26082950,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","gitlab","gitlab-runners","terraform"],"created_at":"2025-10-09T06:19:24.613Z","updated_at":"2025-10-09T06:19:26.052Z","avatar_url":"https://github.com/thecodebeneath.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Codebeneath AWS Lab\n\nOpenTofu/Terraform to standup the Codebeneath lab AWS resources\n\n# Table of Contents\n1. [AWS Resources](#aws-resources)\n2. [Security, Policy and Linting Scans](#security-policy-and-linting-scans)\n3. [Reverse Engineer IaC](#reverse-engineer-iac)\n\n## AWS Resources\n\nAll AWS resources for the lab are managed by OpenTofu.\n\n### VPC\nCreate the lab base networking resources.\n\u003e As an example multi-environment module, resources can be created in `aws` or a `localstack` environment.\n\n#### AWS Environment\n```\ncd ./vpc/terraform\ntofu -chdir=./env/aws init -upgrade\ntofu -chdir=./env/aws apply -var-file=codebeneath.tfvars\n\naws ec2 describe-vpc-endpoints\ntofu -chdir=./env/aws destroy -var-file=codebeneath.tfvars\n```\n\n#### Localstack Environment\n```\ncd ./vpc/terraform\ndocker compose -f ./env/localstack/docker-compose.yaml up -d\ntofu -chdir=./env/localstack init -upgrade\ntofu -chdir=./env/localstack apply -var-file=localstack.tfvars\n\naws ec2 describe-vpc-endpoints --endpoint-url http://localhost:4566\ntofu -chdir=./env/localstack destroy -var-file=localstack.tfvars\ndocker compose -f ./env/localstack/docker-compose.yaml down\n```\n\n### Bootstrap Server\nCreate the Bootstrap EC2 server with Docker and extra /data volume\n```\ncd ./bootstrap/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n```\n\n### VPN\nProvision AWS client VPN for access to the lab subnets\n\n\u003e Pricing is per VPC association $0.10/hr and client connection $0.05/hr\n\nReference for VPC setup and custom CA: [AWS Client VPN](https://medium.com/@rishi_abhishek/aws-vpn-client-endpoint-connection-4a09799fdd89)\n\n```\ncd ./vpn/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n```\n\n### Container Registry\nCreate image repositories used in the lab\n\n```\ncd ./ecr/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n```\n\n### Gitlab Instance\nCreate a self-hosted gitlab instance in the lab public subnet\n```\ncd ./gitlab/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n\n\u003cmanual docker compose steps\u003e\n\ncd ./gitlab/oidc-provider/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n\ncd ./route53/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n```\n\n### Managed Streaming Kafka\nCreate a Kafka cluster and an EC2 instance to test sending messages to topics from the console\n\n```\ncd ./msk/terraform\ntofu init -upgrade\ntofu apply -var-file=codebeneath.tfvars\ntofu destroy -var-file=codebeneath.tfvars\n```\n\n## Security, Policy and Linting Scans\nCheckov scans:\n```\ncd to a ./terraform folder\ndocker run -t --rm -v $(pwd):/tf --workdir /tf bridgecrew/checkov --directory /tf\n\ntofu plan -var-file=codebeneath.tfvars -out tfplan.bin\ntofu show -json tfplan.bin | jq \u003e tfplan.json\ndocker run -t --rm -v $(pwd):/tf --workdir /tf bridgecrew/checkov -f tfplan.json\n```\n\ntflint scans\n```\ncd to a ./terraform folder\ndocker run -t --rm -v $(pwd):/data --entrypoint \"/bin/sh\" ghcr.io/terraform-linters/tflint -c \"tflint --init \u0026\u0026 tflint\"\n```\n\nSBOM reports\n```\ntofu plan -var-file=codebeneath.tfvars -out tfplan.bin \u0026\u0026 tofu show -json tfplan.bin | jq \u003e tfplan.json\n\ndocker run -t --rm -v $(pwd):/app aquasec/trivy config --format cyclonedx --output /app/sbom.cdx.json /app/tfplan.json\n```\n\n## Reverse Engineer IaC\n\n### Terraformer \nTerraformer project\nRef: https://github.com/GoogleCloudPlatform/terraformer\n```bash\nterraformer import aws -r route53\n```\nThe generated .tf files are created in `./generated/aws/route53/*.tf`\n\n### Terraform native\nExperimental terraform import and HCL generation with the import blocks below.\nRef: https://developer.hashicorp.com/terraform/language/import/generating-configuration\n```bash\nterraform plan -generate-config-out=generated.tf\n```\nThe `generated.tf` content is then copied here and improved.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthecodebeneath%2Fcodebeneath-lab-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthecodebeneath%2Fcodebeneath-lab-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthecodebeneath%2Fcodebeneath-lab-aws/lists"}