Created
February 24, 2016 20:38
-
-
Save adamenger/7ec2c73d093d5366055a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Staging VPC | |
| This terraform plan describes the entire staging VPC. It is intended to be used to bring up and connect all of the staging infrastructure. | |
| This plan does not include the actual staging environments, this is the infrastructure that lies beneath the environments. | |
| */ | |
| provider "aws" { | |
| region = "us-east-1" | |
| } | |
| # The actual VPC instance | |
| resource "aws_vpc" "staging" { | |
| cidr_block = "10.0.0.0/16" | |
| tags { | |
| Name = "staging" | |
| } | |
| } | |
| # The internet GW, used for accessing the internet | |
| resource "aws_internet_gateway" "staging-gw" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| tags { | |
| Name = "staging-gateway" | |
| } | |
| } | |
| /* | |
| Private Network | |
| This network is where most of our instances will live. This subnet uses the NAT instance as a destination for egress traffic. | |
| */ | |
| resource "aws_subnet" "private" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| cidr_block = "10.0.0.0/24" | |
| availability_zone = "us-east-1a" | |
| tags { | |
| Name = "Staging Private" | |
| } | |
| } | |
| resource "aws_route_table" "private" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| network_interface_id = "${aws_nat_gateway.gw.network_interface_id}" | |
| } | |
| tags { | |
| Name = "Staging Private" | |
| } | |
| } | |
| resource "aws_route_table_association" "staging-private" { | |
| subnet_id = "${aws_subnet.private.id}" | |
| route_table_id = "${aws_route_table.private.id}" | |
| } | |
| # Set the main route for the VPC | |
| resource "aws_main_route_table_association" "main" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| route_table_id = "${aws_route_table.private.id}" | |
| } | |
| /* | |
| Public Network | |
| This network is where the load balancers and NAT instances live. This subnet uses the AWS Internet Gateway for egress traffic. | |
| Anything you need to reach from the outside internet goes here. | |
| */ | |
| # Public subnet where internet accessible resources live | |
| # For instance, our NAT instance lives here. | |
| resource "aws_subnet" "public" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| cidr_block = "10.0.10.0/24" | |
| availability_zone = "us-east-1a" | |
| tags { | |
| Name = "Staging Public" | |
| } | |
| } | |
| resource "aws_route_table" "public" { | |
| vpc_id = "${aws_vpc.staging.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.staging-gw.id}" | |
| } | |
| tags { | |
| Name = "Staging Public" | |
| } | |
| } | |
| resource "aws_route_table_association" "staging-public" { | |
| subnet_id = "${aws_subnet.public.id}" | |
| route_table_id = "${aws_route_table.public.id}" | |
| } | |
| /* | |
| Staging Managed NAT Instance | |
| This is the instance we will be using to transport our private subnet communications to the public internet. | |
| */ | |
| # This is the public IP we will associate to the NAT instance | |
| resource "aws_eip" "stg-nat" { | |
| vpc = true | |
| } | |
| resource "aws_nat_gateway" "gw" { | |
| allocation_id = "${aws_eip.stg-nat.id}" | |
| subnet_id = "${aws_subnet.public.id}" | |
| depends_on = ["aws_internet_gateway.staging-gw"] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment