-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpc.tf
141 lines (99 loc) · 4.23 KB
/
vpc.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
### VPC
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = var.vpc_enable_dns_hostnames
enable_dns_support = var.vpc_enable_dns_support
assign_generated_ipv6_cidr_block = var.vpc_assign_generated_ipv6_cidr_block
tags = merge(var.tags, map("Name", local.environment))
}
resource "aws_vpc_ipv4_cidr_block_association" "secondary_cidr" {
count = length(var.vpc_secondary_cidr_blocks) > 0 ? length(var.vpc_secondary_cidr_blocks) : 0
vpc_id = aws_vpc.main.id
cidr_block = element(var.vpc_secondary_cidr_blocks, count.index)
}
### Internet Gateway
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
tags = merge(var.tags, map("Name", local.environment))
}
### Public Routing
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
tags = merge(var.tags, map("Name", "Public Subnet (${local.environment})"))
}
resource "aws_route" "public_internet_gateway" {
count = length(var.public_subnets)
route_table_id = aws_route_table.public.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_route_table_association" "public" {
count = length(var.public_subnets)
subnet_id = element(aws_subnet.public[*].id, count.index)
route_table_id = aws_route_table.public.id
}
### Private Routing
resource "aws_route_table" "private" {
count = local.max_subnet_length > 0 ? local.nat_gateway_count : 0
vpc_id = aws_vpc.main.id
tags = merge(var.tags, map("Name", "Private (${local.environment})"))
}
resource "aws_route_table_association" "private" {
count = length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
subnet_id = element(aws_subnet.private.*.id, count.index)
route_table_id = element(aws_route_table.private.*.id, var.single_private_nat_gateway ? 0 : count.index)
}
### Public Subnet
resource "aws_subnet" "public" {
count = length(var.public_subnets) > 0 && (! var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0
vpc_id = aws_vpc.main.id
cidr_block = element(concat(var.public_subnets, list("")), count.index)
availability_zone = element(var.azs, count.index)
map_public_ip_on_launch = var.map_public_ip_on_launch
tags = merge(var.tags, map("Name", "Public Subnet (${local.environment})"))
}
### Private Subnet
resource "aws_subnet" "private" {
count = length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
vpc_id = aws_vpc.main.id
cidr_block = "${var.private_subnets[count.index]}"
availability_zone = element(var.azs, count.index)
tags = merge(var.tags, map("Name", "Private Subnet (${local.environment})"))
}
### Database Subnet Group
resource "aws_db_subnet_group" "database" {
count = var.create_database_subnet_group ? 1 : 0
name = lower(var.name)
description = "Database subnet group for ${local.environment}"
subnet_ids = aws_subnet.private.*.id
tags = merge(var.tags, map("Name", "Database Subnet Group ${local.environment}"))
}
### ElastiCache Subnet Group
resource "aws_elasticache_subnet_group" "elasticache" {
count = var.create_elasticache_subnet_group ? 1 : 0
name = lower(var.name)
description = "ElastiCache subnet group for ${local.environment}"
subnet_ids = aws_subnet.private.*.id
}
### Nat Gateway
resource "aws_eip" "nat" {
count = var.enable_public_nat_gateway ? local.nat_gateway_count : 0
vpc = true
tags = merge(var.tags, map("Name", local.environment))
}
resource "aws_nat_gateway" "gw" {
count = var.enable_public_nat_gateway ? local.nat_gateway_count : 0
allocation_id = element(aws_eip.nat[*].id, count.index)
subnet_id = element(aws_subnet.public[*].id, count.index)
tags = merge(var.tags, map("Name", local.environment))
depends_on = ["aws_internet_gateway.gw"]
}
resource "aws_route" "private_nat_gateway" {
count = var.enable_private_nat_gateway ? local.nat_gateway_count : 0
route_table_id = element(aws_route_table.private.*.id, count.index)
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = element(aws_nat_gateway.gw.*.id, count.index)
timeouts {
create = "5m"
}
}