· 7 years ago · Feb 10, 2018, 07:16 AM
1provider "aws" {
2 ### Details passed by ENV variables
3 # access_key = ""
4 # secret_key = ""
5 # region = ""
6}
7
8data "aws_availability_zones" "available" {}
9
10### VPC + IGW + Egress GW
11resource "aws_vpc" "MyVPC" {
12 cidr_block = "${var.subnetcidr}"
13 enable_dns_support = true
14 enable_dns_hostnames = true
15 assign_generated_ipv6_cidr_block = true
16
17 tags {
18 Name = "${var.name}-vpc"
19 Project = "${var.project}"
20 Environment = "${var.environment}"
21 }
22}
23
24resource "aws_internet_gateway" "MyIGW" {
25 vpc_id = "${aws_vpc.MyVPC.id}"
26
27 tags {
28 Name = "${var.name}-igw"
29 Project = "${var.project}"
30 Environment = "${var.environment}"
31 }
32}
33
34resource "aws_egress_only_internet_gateway" "MyEgressGW" {
35 vpc_id = "${aws_vpc.MyVPC.id}"
36}
37
38### NAT Gateways
39
40resource "aws_eip" "nat" {
41 count = "${length(data.aws_availability_zones.available.names)}"
42 vpc = true
43}
44
45resource "aws_nat_gateway" "default" {
46 count = "${length(data.aws_availability_zones.available.names)}"
47
48 allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
49 subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
50
51 depends_on = ["aws_internet_gateway.MyIGW"]
52
53 tags {
54 Name = "${var.name}-natgw-${data.aws_availability_zones.available.names[count.index]}"
55 Project = "${var.project}"
56 Environment = "${var.environment}"
57 }
58}
59
60### Subnets
61
62resource "aws_subnet" "public" {
63 count = "${length(data.aws_availability_zones.available.names)}"
64 vpc_id = "${aws_vpc.MyVPC.id}"
65 cidr_block = "${cidrsubnet(aws_vpc.MyVPC.cidr_block, 8, count.index+1)}"
66 availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
67 map_public_ip_on_launch = true
68
69 ipv6_cidr_block = "${cidrsubnet(aws_vpc.MyVPC.ipv6_cidr_block, 8, count.index+1)}"
70 assign_ipv6_address_on_creation = true
71
72 tags {
73 Name = "${var.name}-subnet-public-${data.aws_availability_zones.available.names[count.index]}"
74 Project = "${var.project}"
75 Environment = "${var.environment}"
76 }
77}
78
79resource "aws_subnet" "private" {
80 count = "${length(data.aws_availability_zones.available.names)}"
81 vpc_id = "${aws_vpc.MyVPC.id}"
82 cidr_block = "${cidrsubnet(aws_vpc.MyVPC.cidr_block, 8, count.index+51)}"
83 availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
84 map_public_ip_on_launch = false
85
86 ipv6_cidr_block = "${cidrsubnet(aws_vpc.MyVPC.ipv6_cidr_block, 8, count.index+51)}"
87 assign_ipv6_address_on_creation = true
88
89 tags {
90 Name = "${var.name}-subnet-private-${data.aws_availability_zones.available.names[count.index]}"
91 Project = "${var.project}"
92 Environment = "${var.environment}"
93 }
94}
95
96resource "aws_subnet" "rds" {
97 count = "${length(data.aws_availability_zones.available.names)}"
98 vpc_id = "${aws_vpc.MyVPC.id}"
99 cidr_block = "${cidrsubnet(aws_vpc.MyVPC.cidr_block, 8, count.index+101)}"
100 availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
101 map_public_ip_on_launch = false
102
103 ipv6_cidr_block = "${cidrsubnet(aws_vpc.MyVPC.ipv6_cidr_block, 8, count.index+101)}"
104 assign_ipv6_address_on_creation = true
105
106 tags {
107 Name = "${var.name}-subnet-rds-${data.aws_availability_zones.available.names[count.index]}"
108 Project = "${var.project}"
109 Environment = "${var.environment}"
110 }
111}
112
113### Route Tables & Routes
114
115###### Public
116
117resource "aws_route_table" "public" {
118 vpc_id = "${aws_vpc.MyVPC.id}"
119
120 tags {
121 Name = "${var.name}-routetable-public"
122 Project = "${var.project}"
123 Environment = "${var.environment}"
124 }
125}
126
127resource "aws_route" "public" {
128 route_table_id = "${aws_route_table.public.id}"
129 destination_cidr_block = "0.0.0.0/0"
130 gateway_id = "${aws_internet_gateway.MyIGW.id}"
131}
132
133resource "aws_route" "public-v6" {
134 route_table_id = "${aws_route_table.public.id}"
135 destination_ipv6_cidr_block = "::/0"
136 egress_only_gateway_id = "${aws_egress_only_internet_gateway.MyEgressGW.id}"
137}
138
139resource "aws_route_table_association" "public" {
140 count = "${length(data.aws_availability_zones.available.names)}"
141
142 subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
143 route_table_id = "${aws_route_table.public.id}"
144}
145
146###### Private
147
148resource "aws_route_table" "private" {
149 count = "${length(data.aws_availability_zones.available.names)}"
150 vpc_id = "${aws_vpc.MyVPC.id}"
151
152 tags {
153 Name = "${var.name}-routetable-private-${data.aws_availability_zones.available.names[count.index]}"
154 Project = "${var.project}"
155 Environment = "${var.environment}"
156 }
157}
158
159resource "aws_route" "private" {
160 count = "${length(data.aws_availability_zones.available.names)}"
161 route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
162 destination_cidr_block = "0.0.0.0/0"
163 nat_gateway_id = "${element(aws_nat_gateway.default.*.id, count.index)}"
164}
165
166resource "aws_route" "private-v6" {
167 count = "${length(data.aws_availability_zones.available.names)}"
168 route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
169 destination_ipv6_cidr_block = "::/0"
170 egress_only_gateway_id = "${aws_egress_only_internet_gateway.MyEgressGW.id}"
171}
172
173resource "aws_route_table_association" "private" {
174 count = "${length(data.aws_availability_zones.available.names)}"
175
176 subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
177 route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
178}
179
180###### RDS
181
182resource "aws_route_table" "rds" {
183 count = "${length(data.aws_availability_zones.available.names)}"
184 vpc_id = "${aws_vpc.MyVPC.id}"
185
186 tags {
187 Name = "${var.name}-routetable-rds-${data.aws_availability_zones.available.names[count.index]}"
188 Project = "${var.project}"
189 Environment = "${var.environment}"
190 }
191}
192
193resource "aws_route" "rds" {
194 count = "${length(data.aws_availability_zones.available.names)}"
195 route_table_id = "${element(aws_route_table.rds.*.id, count.index)}"
196 destination_cidr_block = "0.0.0.0/0"
197 nat_gateway_id = "${element(aws_nat_gateway.default.*.id, count.index)}"
198}
199
200resource "aws_route" "rds-v6" {
201 count = "${length(data.aws_availability_zones.available.names)}"
202 route_table_id = "${element(aws_route_table.rds.*.id, count.index)}"
203 destination_ipv6_cidr_block = "::/0"
204 egress_only_gateway_id = "${aws_egress_only_internet_gateway.MyEgressGW.id}"
205}
206
207resource "aws_route_table_association" "rds" {
208 count = "${length(data.aws_availability_zones.available.names)}"
209
210 subnet_id = "${element(aws_subnet.rds.*.id, count.index)}"
211 route_table_id = "${element(aws_route_table.rds.*.id, count.index)}"
212}