-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
147 lines (125 loc) · 3.9 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# VPC
resource "aws_vpc" "this" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = var.enable_dns_hostnames
enable_dns_support = var.enable_dns_support
tags = {
Name = "${var.environment}-vpc"
Environment = "${var.environment}"
}
}
# VPC Default Security Group
resource "aws_security_group" "default" {
name = "${var.environment}-default-sg"
description = "Default security group to allow inbound/outbound trafic to/from VPC"
vpc_id = aws_vpc.this.id
depends_on = [aws_vpc.this]
ingress {
from_port = "0"
to_port = "0"
protocol = "-1"
self = true
}
egress {
from_port = "0"
to_port = "0"
protocol = "-1"
self = "true"
}
tags = {
Name = "${var.environment}-default-sg"
Environment = "${var.environment}"
}
}
# Availability zones
data "aws_availability_zones" "available" {
state = "available"
}
# Private subnets
resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.this.id
count = length(var.private_subnets_cidr)
cidr_block = element(var.private_subnets_cidr, count.index)
availability_zone = data.aws_availability_zones.available.names[count.index]
map_public_ip_on_launch = false
tags = {
Name = "${var.environment}-${element(var.private_subnets_cidr, count.index)}-subnet"
Environment = "${var.environment}"
}
}
# Elastic IP for NAT
resource "aws_eip" "nat_eip" {
domain = "vpc"
depends_on = [aws_internet_gateway.ig]
tags = {
Name = "${var.environment}-nat-eip"
Environment = "${var.environment}"
}
}
# NAT to allow private subnets to commnunicate outside VPC
resource "aws_nat_gateway" "nat" {
allocation_id = aws_eip.nat_eip.id
subnet_id = element(aws_subnet.public_subnet.*.id, 0)
depends_on = [aws_internet_gateway.ig]
tags = {
Name = "${var.environment}-nat"
Environment = "${var.environment}"
}
}
# Public subnets
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.this.id
count = length(var.public_subnets_cidr)
cidr_block = element(var.public_subnets_cidr, count.index)
availability_zone = data.aws_availability_zones.available.names[count.index]
map_public_ip_on_launch = true
tags = {
Name = "${var.environment}-${element(var.public_subnets_cidr, count.index)}-subnet"
Environment = "${var.environment}"
}
}
# Internet gateway for the public subnet
resource "aws_internet_gateway" "ig" {
vpc_id = aws_vpc.this.id
tags = {
Name = "${var.environment}-ig"
Environment = "${var.environment}"
}
}
# Routing table for private subnet
resource "aws_route_table" "private" {
vpc_id = aws_vpc.this.id
tags = {
Name = "${var.environment}-private-route"
Environment = "${var.environment}"
}
}
# Routing table for public subnet
resource "aws_route_table" "public" {
vpc_id = aws_vpc.this.id
tags = {
Name = "${var.environment}-public-route"
Environment = "${var.environment}"
}
}
resource "aws_route" "public_internet_gateway" {
route_table_id = aws_route_table.public.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.ig.id
}
resource "aws_route" "private_nat_gateway" {
route_table_id = aws_route_table.private.id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat.id
}
# Route table associations
resource "aws_route_table_association" "public" {
count = length(var.public_subnets_cidr)
subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
route_table_id = aws_route_table.public.id
}
resource "aws_route_table_association" "private" {
count = length(var.private_subnets_cidr)
subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
route_table_id = aws_route_table.private.id
}