Last active
June 17, 2019 07:05
-
-
Save acsrujan/c264b10ee615ef4e5897a176ed721ec7 to your computer and use it in GitHub Desktop.
Setup VPC with AWS NAT gateways
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| access_key = "${var.aws_access_key}" | |
| secret_key = "${var.aws_secret_key}" | |
| region = "${var.aws_region}" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws_access_key = "" | |
| aws_secret_key = "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "aws_access_key" {} | |
| variable "aws_secret_key" {} | |
| variable "aws_region" { | |
| description = "EC2 Region for the VPC" | |
| default = "ap-south-1" | |
| } | |
| variable "vpc_cidr" { | |
| description = "CIDR for the whole VPC" | |
| default = "172.31.0.0/16" | |
| } | |
| variable "public_subnet_cidr_1a" { | |
| description = "CIDR for the Public Subnet in 1a" | |
| default = "172.31.80.0/20" | |
| } | |
| variable "private_subnet_cidr_1a" { | |
| description = "CIDR for the Private Subnet in 1a" | |
| default = "172.31.48.0/20" | |
| } | |
| variable "public_subnet_cidr_1b" { | |
| description = "CIDR for the Public Subnet in 1b" | |
| default = "172.31.0.0/20" | |
| } | |
| variable "private_subnet_cidr_1b" { | |
| description = "CIDR for the Private Subnet in 1b" | |
| default = "172.31.16.0/20" | |
| } | |
| variable "public_subnet_cidr_1c" { | |
| description = "CIDR for the Public Subnet in 1c" | |
| default = "172.31.64.0/20" | |
| } | |
| variable "private_subnet_cidr_1c" { | |
| description = "CIDR for the Private Subnet in 1c" | |
| default = "172.31.32.0/20" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_vpc" "default" { | |
| cidr_block = "${var.vpc_cidr}" | |
| enable_dns_hostnames = true | |
| enable_dns_support = true | |
| tags = { | |
| Name = "whatever-name" | |
| } | |
| } | |
| output "vpc_id" { | |
| value = "${aws_vpc.default.id}" | |
| } | |
| resource "aws_internet_gateway" "default" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| } | |
| /* Public Subnets 1 per AZ */ | |
| /* 1a */ | |
| resource "aws_subnet" "ap-south-1a-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.public_subnet_cidr_1a}" | |
| availability_zone = "ap-south-1a" | |
| tags = { | |
| Name = "Public Subnet 1a" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1a-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.default.id}" | |
| } | |
| tags = { | |
| Name = "Public Subnet 1a route table" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1a-public" { | |
| subnet_id = "${aws_subnet.ap-south-1a-public.id}" | |
| route_table_id = "${aws_route_table.ap-south-1a-public.id}" | |
| } | |
| /* 1b */ | |
| resource "aws_subnet" "ap-south-1b-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.public_subnet_cidr_1b}" | |
| availability_zone = "ap-south-1b" | |
| tags = { | |
| Name = "Public Subnet 1b" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1b-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.default.id}" | |
| } | |
| tags = { | |
| Name = "Public Subnet 1b route table" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1b-public" { | |
| subnet_id = "${aws_subnet.ap-south-1b-public.id}" | |
| route_table_id = "${aws_route_table.ap-south-1b-public.id}" | |
| } | |
| /* 1c */ | |
| resource "aws_subnet" "ap-south-1c-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.public_subnet_cidr_1c}" | |
| availability_zone = "ap-south-1c" | |
| tags = { | |
| Name = "Public Subnet 1c" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1c-public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.default.id}" | |
| } | |
| tags = { | |
| Name = "Public Subnet 1c route table" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1c-public" { | |
| subnet_id = "${aws_subnet.ap-south-1c-public.id}" | |
| route_table_id = "${aws_route_table.ap-south-1c-public.id}" | |
| } | |
| /* | |
| Private Subnet | |
| */ | |
| /* 1a */ | |
| resource "aws_subnet" "ap-south-1a-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.private_subnet_cidr_1a}" | |
| availability_zone = "ap-south-1a" | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1a-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| nat_gateway_id = "${aws_nat_gateway.gw-1a.id}" | |
| } | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1a-private" { | |
| subnet_id = "${aws_subnet.ap-south-1a-private.id}" | |
| route_table_id = "${aws_route_table.ap-south-1a-private.id}" | |
| } | |
| /* 1b */ | |
| resource "aws_subnet" "ap-south-1b-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.private_subnet_cidr_1b}" | |
| availability_zone = "ap-south-1b" | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1b-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| nat_gateway_id = "${aws_nat_gateway.gw-1b.id}" | |
| } | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1b-private" { | |
| subnet_id = "${aws_subnet.ap-south-1b-private.id}" | |
| route_table_id = "${aws_route_table.ap-south-1b-private.id}" | |
| } | |
| /* 1c */ | |
| resource "aws_subnet" "ap-south-1c-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "${var.private_subnet_cidr_1c}" | |
| availability_zone = "ap-south-1c" | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table" "ap-south-1c-private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| nat_gateway_id = "${aws_nat_gateway.gw-1c.id}" | |
| } | |
| tags = { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table_association" "ap-south-1c-private" { | |
| subnet_id = "${aws_subnet.ap-south-1c-private.id}" | |
| route_table_id = "${aws_route_table.ap-south-1c-private.id}" | |
| } | |
| /* NAT Gateway */ | |
| // Creates elastic IPs and NAT gateways | |
| resource "aws_eip" "nat-1a" { | |
| vpc = true | |
| tags = { | |
| Name = "nat-1a" | |
| } | |
| } | |
| resource "aws_eip" "nat-1b" { | |
| vpc = true | |
| tags = { | |
| Name = "nat-1b" | |
| } | |
| } | |
| resource "aws_eip" "nat-1c" { | |
| vpc = true | |
| tags = { | |
| Name = "nat-1c" | |
| } | |
| } | |
| resource "aws_nat_gateway" "gw-1a" { | |
| allocation_id = "${aws_eip.nat-1a.id}" | |
| subnet_id = "${aws_subnet.ap-south-1a-public.id}" | |
| } | |
| resource "aws_nat_gateway" "gw-1b" { | |
| allocation_id = "${aws_eip.nat-1b.id}" | |
| subnet_id = "${aws_subnet.ap-south-1b-public.id}" | |
| } | |
| resource "aws_nat_gateway" "gw-1c" { | |
| allocation_id = "${aws_eip.nat-1c.id}" | |
| subnet_id = "${aws_subnet.ap-south-1c-public.id}" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment