-
-
Save MaG21/1f6355b747849d16a61fd08b4ab7db26 to your computer and use it in GitHub Desktop.
Terraform VPC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| version = "~> 2.0" | |
| region = "eu-central-1" | |
| } | |
| # VPC | |
| resource "aws_vpc" "tf_vpc" { | |
| cidr_block = "10.0.0.0/16" | |
| tags = { | |
| Name = "TerraformVPC" | |
| } | |
| } | |
| # The internet gateway associated with the VPC | |
| resource "aws_internet_gateway" "tf_ig" { | |
| vpc_id = "${aws_vpc.tf_vpc.id}" | |
| tags = { | |
| Name = "TerraformIG" | |
| } | |
| } | |
| # Public subnet, allows resources (e.g. EC2 instances) with open access to the internet | |
| resource "aws_subnet" "tf_public_subnet" { | |
| vpc_id = "${aws_vpc.tf_vpc.id}" | |
| cidr_block = "10.0.2.0/24" | |
| map_public_ip_on_launch = true | |
| availability_zone = "eu-central-1a" | |
| tags = { | |
| Name = "TerraformPublicSubnet 10.0.2.0 - eu-central-1a" | |
| } | |
| } | |
| # Private subnet, resources with access only within the VPC | |
| resource "aws_subnet" "tf_private_subnet" { | |
| vpc_id = "${aws_vpc.tf_vpc.id}" | |
| cidr_block = "10.0.1.0/24" | |
| availability_zone = "eu-central-1b" | |
| tags = { | |
| Name = "TerraformPrivateSubnet 10.0.1.0 - eu-central-1b" | |
| } | |
| } | |
| # Elastic IP, used for the NAT Gateway | |
| resource "aws_eip" "tf_nat_eip" { | |
| vpc = true | |
| tags = { | |
| Name = "TerraformEIPForNATGateway" | |
| } | |
| } | |
| # NAT Gateway, used for allowing the resources in the private | |
| # subnet to have access to the internet (egress only) | |
| resource "aws_nat_gateway" "tf_nat_gateway" { | |
| subnet_id = "${aws_subnet.tf_public_subnet.id}" | |
| allocation_id = "${aws_eip.tf_nat_eip.id}" | |
| tags = { | |
| Name = "TerraformNATGateway" | |
| } | |
| } | |
| # Assign a tag to the default route table created by the VPC | |
| resource "aws_default_route_table" "tf_private_default_route_table" { | |
| default_route_table_id = "${aws_vpc.tf_vpc.default_route_table_id}" | |
| tags = { | |
| Name = "TerraformPrivateMainRouteTable" | |
| } | |
| } | |
| # Assign a name tag and the NAT Gateway to the default route table created | |
| # by AWS when creating the VPC using a route | |
| resource "aws_route" "tf_private_default_route_table_route" { | |
| route_table_id = "${aws_vpc.tf_vpc.default_route_table_id}" | |
| destination_cidr_block = "0.0.0.0/0" | |
| nat_gateway_id = "${aws_nat_gateway.tf_nat_gateway.id}" | |
| } | |
| # The public route table, associated with the internet gateway | |
| resource "aws_route_table" "tf_public_route_table" { | |
| vpc_id = "${aws_vpc.tf_vpc.id}" | |
| tags = { | |
| Name = "TerraformPublicRouteTable" | |
| } | |
| } | |
| # The route associated with the public route table | |
| resource "aws_route" "tf_public_route_table_route" { | |
| route_table_id = "${aws_route_table.tf_public_route_table.id}" | |
| destination_cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.tf_ig.id}" | |
| } | |
| # Associates the public route table with the public subnet | |
| resource "aws_route_table_association" "tf_public_route_subnet_assoc" { | |
| route_table_id = "${aws_route_table.tf_public_route_table.id}" | |
| subnet_id = "${aws_subnet.tf_public_subnet.id}" | |
| } | |
| # Allow all traffic both ingress/egress in the default Network ACL and assign a name tag to it | |
| resource "aws_default_network_acl" "tf_default_network_acl" { | |
| default_network_acl_id = "${aws_vpc.tf_vpc.default_network_acl_id}" | |
| ingress { | |
| protocol = -1 | |
| rule_no = 100 | |
| action = "allow" | |
| cidr_block = "0.0.0.0/0" | |
| from_port = 0 | |
| to_port = 0 | |
| } | |
| egress { | |
| protocol = -1 | |
| rule_no = 100 | |
| action = "allow" | |
| cidr_block = "0.0.0.0/0" | |
| from_port = 0 | |
| to_port = 0 | |
| } | |
| tags = { | |
| Name = "TerraformNetworkACL" | |
| } | |
| } | |
| # Security group associated with this VPC | |
| # which can later be assigned to resources (e.g. EC2) | |
| resource "aws_default_security_group" "tf_security_group" { | |
| vpc_id = "${aws_vpc.tf_vpc.id}" | |
| egress { | |
| cidr_blocks = ["0.0.0.0/0"] | |
| ipv6_cidr_blocks = ["::/0"] | |
| protocol = "-1" | |
| from_port = "0" | |
| to_port = "0" | |
| } | |
| ingress { | |
| cidr_blocks = ["0.0.0.0/0"] | |
| ipv6_cidr_blocks = ["::/0"] | |
| protocol = "-1" | |
| from_port = "0" | |
| to_port = "0" | |
| } | |
| tags = { | |
| Name = "TerraformSecurityGroup" | |
| Description = "default VPC security group for ${aws_vpc.tf_vpc.tags.Name}" | |
| } | |
| } | |
| # AMI information for EC2 (image type) | |
| data "aws_ami" "tf_ec2_ami" { | |
| most_recent = true | |
| owners = ["amazon"] | |
| filter { | |
| name = "name" | |
| values = ["amzn2-ami-hvm-2.0.20200304.0-x86_64-gp2"] | |
| } | |
| filter { | |
| name = "virtualization-type" | |
| values = ["hvm"] | |
| } | |
| } | |
| # The public EC2 instance (uses the public subnet) | |
| resource "aws_instance" "tf_public_ec2_instance" { | |
| subnet_id = "${aws_subnet.tf_public_subnet.id}" | |
| vpc_security_group_ids = ["${aws_default_security_group.tf_security_group.id}"] | |
| ami = "${data.aws_ami.tf_ec2_ami.id}" | |
| instance_type = "t2.micro" | |
| key_name = "tf_kvp" | |
| tags = { | |
| Name = "TerraformPublicEC2Instance" | |
| } | |
| } | |
| # The private EC2 instance (uses the private subnet) | |
| resource "aws_instance" "tf_private_ec2_instance" { | |
| subnet_id = "${aws_subnet.tf_private_subnet.id}" | |
| vpc_security_group_ids = ["${aws_default_security_group.tf_security_group.id}"] | |
| ami = "${data.aws_ami.tf_ec2_ami.id}" | |
| instance_type = "t2.micro" | |
| key_name = "tf_kvp" | |
| tags = { | |
| Name = "TerraformPrivateEC2Instance" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment