add example for atlas-aws vpc peering (#493)

* add example for atlas-aws vpc peering

* update Readme

* fix the changes as requested

Co-authored-by: Nikhil Singh <[email protected]>

examples/MongoDB-Atlas-AWS-VPC-Peering/.gitignore

@@ -0,0 +1,3 @@
+*.tfstate*
+.terraform*
+terraform.tfvars

examples/MongoDB-Atlas-AWS-VPC-Peering/Readme.md

@@ -0,0 +1,65 @@
+# Example - AWS and Atlas together with Terraform
+
+This project aims to provide a very straight-forward example of using AWS and MongoDB Atlas together.
+
+
+## Dependencies
+
+```
+Terraform v0.15.4
+on darwin_amd64
++ provider registry.terraform.io/hashicorp/aws v3.48.0
++ provider registry.terraform.io/mongodb/mongodbatlas v0.9.1
+```
+
+## Usage
+
+**1\. Ensure your AWS credentials are set up.**
+
+This can be done using environment variables:
+
+``` bash
+$ export AWS_SECRET_ACCESS_KEY='your secret key'
+$ export AWS_ACCESS_KEY_ID='your key id'
+```
+
+... or the `~/.aws/credentials` file.
+
+```
+$ cat ~/.aws/credentials
+[default]
+aws_access_key_id = your key id
+aws_secret_access_key = your secret key
+
+```
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.
+
+**2\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently creates the below deployments:
+
+- MongoDB cluster - M10
+- MongoDB User (Pass the values when asked)
+- AWS Custom VPC, Internet Gateway, Route Tables, Subnets with Public and Private access
+- AWS-MongoDB Atlas VPC Peering
+
+**3\. Execute the Terraform apply.**
+
+Now execute the plan to provision the AWS resources.
+
+``` bash
+$ terraform apply
+```
+
+**4\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary AWS charges.
+
+``` bash
+$ terraform destroy
+```

examples/MongoDB-Atlas-AWS-VPC-Peering/atlas.tf

@@ -0,0 +1,71 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+
+resource "mongodbatlas_project" "aws_atlas" {
+  name   = "aws-atlas"
+  org_id = var.atlasorgid
+}
+
+resource "mongodbatlas_cluster" "cluster-atlas" {
+  project_id   = mongodbatlas_project.aws_atlas.id
+  name         = "cluster-atlas"
+  cluster_type = "REPLICASET"
+  replication_specs {
+    num_shards = 1
+    regions_config {
+      region_name     = "US_EAST_1"
+      electable_nodes = 3
+      priority        = 7
+      read_only_nodes = 0
+    }
+  }
+  provider_backup_enabled      = true
+  auto_scaling_disk_gb_enabled = true
+  mongo_db_major_version       = "5.0"
+
+  //Provider Settings "block"
+  provider_name               = "AWS"
+  disk_size_gb                = 10
+  provider_instance_size_name = "M10"
+}
+
+resource "mongodbatlas_database_user" "db-user" {
+  username           = var.atlas_dbuser
+  password           = var.atlas_dbpassword
+  auth_database_name = "admin"
+  project_id         = mongodbatlas_project.aws_atlas.id
+  roles {
+    role_name     = "readWrite"
+    database_name = "admin"
+  }
+  depends_on = [mongodbatlas_project.aws_atlas]
+}
+resource "mongodbatlas_network_container" "atlas_container" {
+  atlas_cidr_block = var.atlas_vpc_cidr
+  project_id       = mongodbatlas_project.aws_atlas.id
+  provider_name    = "AWS"
+  region_name      = var.atlas_region
+}
+
+data "mongodbatlas_network_container" "atlas_container" {
+  container_id = mongodbatlas_network_container.atlas_container.container_id
+  project_id   = mongodbatlas_project.aws_atlas.id
+}
+
+resource "mongodbatlas_network_peering" "aws-atlas" {
+  accepter_region_name   = var.aws_region
+  project_id             = mongodbatlas_project.aws_atlas.id
+  container_id           = mongodbatlas_network_container.atlas_container.container_id
+  provider_name          = "AWS"
+  route_table_cidr_block = aws_vpc.primary.cidr_block
+  vpc_id                 = aws_vpc.primary.id
+  aws_account_id         = var.aws_account_id
+}
+
+resource "mongodbatlas_project_ip_access_list" "test" {
+  project_id = mongodbatlas_project.aws_atlas.id
+  cidr_block = aws_vpc.primary.cidr_block
+  comment    = "cidr block for AWS VPC"
+}

examples/MongoDB-Atlas-AWS-VPC-Peering/aws-vpc.tf

@@ -0,0 +1,77 @@
+provider "aws" {
+  region     = var.aws_region
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+//Create Primary VPC
+resource "aws_vpc" "primary" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+//Create IGW
+resource "aws_internet_gateway" "primary" {
+  vpc_id = aws_vpc.primary.id
+}
+
+//Route Table
+resource "aws_route" "primary-internet_access" {
+  route_table_id         = aws_vpc.primary.main_route_table_id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.primary.id
+}
+
+resource "aws_route" "peeraccess" {
+  route_table_id            = aws_vpc.primary.main_route_table_id
+  destination_cidr_block    = var.atlas_vpc_cidr
+  vpc_peering_connection_id = mongodbatlas_network_peering.aws-atlas.connection_id
+  depends_on                = [aws_vpc_peering_connection_accepter.peer]
+}
+
+//Subnet-A
+resource "aws_subnet" "primary-az1" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+  availability_zone       = "${var.aws_region}a"
+}
+
+//Subnet-B
+resource "aws_subnet" "primary-az2" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = false
+  availability_zone       = "${var.aws_region}b"
+}
+
+/*Security-Group
+Ingress - Port 80 -- limited to instance
+          Port 22 -- Open to ssh without limitations
+Egress  - Open to All*/
+
+resource "aws_security_group" "primary_default" {
+  name_prefix = "default-"
+  description = "Default security group for all instances in ${aws_vpc.primary.id}"
+  vpc_id      = aws_vpc.primary.id
+  ingress {
+    from_port = 80
+    to_port   = 80
+    protocol  = "tcp"
+    cidr_blocks = [
+      aws_vpc.primary.cidr_block,
+    ]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_vpc_peering_connection_accepter" "peer" {
+  vpc_peering_connection_id = mongodbatlas_network_peering.aws-atlas.connection_id
+  auto_accept               = true
+}

examples/MongoDB-Atlas-AWS-VPC-Peering/variables.tf

@@ -0,0 +1,39 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+}
+
+variable "access_key" {
+  description = "The access key for AWS Account"
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+}
+variable "atlas_region" {
+  default     = "US_EAST_1"
+  description = "Atlas Region"
+}
+variable "aws_region" {
+  default     = "ap-southeast-1"
+  description = "AWS Region"
+}
+variable "atlas_dbuser" {
+  description = "The db user for Atlas"
+}
+variable "atlas_dbpassword" {
+  description = "The db user passwd for Atlas"
+}
+variable "aws_account_id" {
+  description = "My AWS Account ID"
+  default     = "208629369896"
+}
+variable "atlasorgid" {
+  description = "Atlas Org ID"
+  default     = "5c98a80fc56c98ef210b8633"
+}
+variable "atlas_vpc_cidr" {
+  description = "Atlas CIDR"
+  default     = "192.168.232.0/21"
+}

examples/MongoDB-Atlas-AWS-VPC-Peering/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    mongodbatlas = {
+      source = "mongodb/mongodbatlas"
+    }
+    aws = {
+      source = "hashicorp/aws"
+    }
+  }
+  required_version = ">= 0.15"
+}

examples/README.md → examples/Readme.md

@@ -17,3 +17,4 @@ $ terraform plan
 $ terraform apply
 
 ...
+