-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
126 lines (103 loc) · 3.41 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
terraform {
required_version = ">=0.12.3"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3"
}
}
}
resource "aws_vpc" "primary_vpc" {
cidr_block = var.vpc_primary_cidr
enable_dns_hostnames = var.enable_dns_hostnames
enable_dns_support = var.enable_dns_support
tags = {
Name = var.vpc_name
}
}
resource "aws_vpc_ipv4_cidr_block_association" "addl_subnet_cidrs" {
count = length(var.vpc_addl_address_space)
cidr_block = var.vpc_addl_address_space[count.index]
vpc_id = aws_vpc.primary_vpc.id
}
resource "aws_vpc_ipv4_cidr_block_association" "utility_subnet_cidr" {
cidr_block = var.utility_subnet_cidr
vpc_id = aws_vpc.primary_vpc.id
}
resource "aws_subnet" "utility_subnet" {
vpc_id = aws_vpc.primary_vpc.id
cidr_block = var.utility_subnet_cidr
map_public_ip_on_launch = var.enable_utility_public_ips
depends_on = [aws_vpc_ipv4_cidr_block_association.utility_subnet_cidr]
tags = {
Name = "Utility Subnet"
}
}
# Create the private subnets for the public/private pairs
resource "aws_subnet" "private_subnets" {
vpc_id = aws_vpc.primary_vpc.id
count = length(var.public_private_subnet_pairs)
cidr_block = lookup(var.public_private_subnet_pairs[count.index], "cidr")
availability_zone = lookup(var.public_private_subnet_pairs[count.index], "az")
depends_on = [
aws_vpc_ipv4_cidr_block_association.utility_subnet_cidr,
aws_vpc_ipv4_cidr_block_association.addl_subnet_cidrs,
]
tags = {
Name = "Private Subnet (${lookup(var.public_private_subnet_pairs[count.index], "az")})"
Tier = "Private Subnets"
}
}
# Create the public subnets for the public/private pairs
resource "aws_subnet" "public_subnets" {
vpc_id = aws_vpc.primary_vpc.id
count = length(var.public_private_subnet_pairs)
cidr_block = lookup(var.public_private_subnet_pairs[count.index], "public_cidr")
availability_zone = lookup(var.public_private_subnet_pairs[count.index], "az")
depends_on = [
aws_vpc_ipv4_cidr_block_association.utility_subnet_cidr,
aws_vpc_ipv4_cidr_block_association.addl_subnet_cidrs,
]
tags = {
Name = "Public Subnet (${lookup(var.public_private_subnet_pairs[count.index], "az")})"
Tier = "Public Subnets"
}
}
# Create private only subnets.
resource "aws_subnet" "addl_private_subnets" {
vpc_id = aws_vpc.primary_vpc.id
count = length(var.addl_private_subnets)
cidr_block = lookup(var.addl_private_subnets[count.index], "cidr")
availability_zone = lookup(var.addl_private_subnets[count.index], "az")
depends_on = [
aws_vpc_ipv4_cidr_block_association.utility_subnet_cidr,
aws_vpc_ipv4_cidr_block_association.addl_subnet_cidrs,
]
tags = {
Name = "Private Only Subnet (${lookup(var.addl_private_subnets[count.index], "az")})"
Tier = "Private Only Subnets"
}
}
# Create primary IGW
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.primary_vpc.id
tags = {
Name = "IGW for public subnets"
}
}
# Create the EIP for the nat gateway first.
resource "aws_eip" "nat_ip" {
vpc = true
tags = {
Name = "NAT EIP"
}
}
# NAT gateway
resource "aws_nat_gateway" "nat_gw" {
subnet_id = aws_subnet.utility_subnet.id
allocation_id = aws_eip.nat_ip.id
depends_on = [aws_eip.nat_ip]
tags = {
Name = "NAT Gateway for private subnets"
}
}