amontalban/main.tf

## main.tf
# Sysadmins trusted IPs
variable "sysadmins_networks" {
  default = [
    "1.2.3.4/32",
    "5.6.7.8/32",
    "9.10.11.12/32",
    "13.14.15.16/32"
  ]
}

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  name = "prod-infr-vpc"
  cidr = "10.10.0.0/16"

  azs             = ["us-west-2a", "us-west-2b", "us-west-2c"]
  private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
  public_subnets  = ["10.10.101.0/24", "10.10.102.0/24", "10.10.103.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  tags = {
    Owner       = "sysadmins"
    Environment = "production"
  }
}

module "common_sysadmins_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "common-sysadmins-sg"
  description = "Common sysadmins security group. Allow icmp and ssh from sysadmins network"
  vpc_id      = "${module.vpc.vpc_id}"

  tags = {
    Owner       = "sysadmins"
    Environment = "production"
  }

  ingress_with_cidr_blocks = [
    {
      from_port   = 22
      to_port     = 22
      protocol    = "tcp"
      description = "SSH Access"
      cidr_blocks = "${join(",", var.sysadmins_networks)}"
    },
    {
      from_port   = 8
      to_port     = 0
      protocol    = "icmp"
      description = "ICMP Ping"
      cidr_blocks = "${join(",", var.sysadmins_networks)}"
    },
  ]

  egress_with_cidr_blocks = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      description = "Allow all protocols"
      cidr_blocks = "0.0.0.0/0"
    },
  ]
}
	# Sysadmins trusted IPs
	variable "sysadmins_networks" {
	default = [
	"1.2.3.4/32",
	"5.6.7.8/32",
	"9.10.11.12/32",
	"13.14.15.16/32"
	]
	}

	module "vpc" {
	source = "terraform-aws-modules/vpc/aws"
	name = "prod-infr-vpc"
	cidr = "10.10.0.0/16"

	azs = ["us-west-2a", "us-west-2b", "us-west-2c"]
	private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
	public_subnets = ["10.10.101.0/24", "10.10.102.0/24", "10.10.103.0/24"]

	enable_nat_gateway = true
	enable_vpn_gateway = true

	tags = {
	Owner = "sysadmins"
	Environment = "production"
	}
	}

	module "common_sysadmins_sg" {
	source = "terraform-aws-modules/security-group/aws"

	name = "common-sysadmins-sg"
	description = "Common sysadmins security group. Allow icmp and ssh from sysadmins network"
	vpc_id = "${module.vpc.vpc_id}"

	tags = {
	Owner = "sysadmins"
	Environment = "production"
	}

	ingress_with_cidr_blocks = [
	{
	from_port = 22
	to_port = 22
	protocol = "tcp"
	description = "SSH Access"
	cidr_blocks = "${join(",", var.sysadmins_networks)}"
	},
	{
	from_port = 8
	to_port = 0
	protocol = "icmp"
	description = "ICMP Ping"
	cidr_blocks = "${join(",", var.sysadmins_networks)}"
	},
	]

	egress_with_cidr_blocks = [
	{
	from_port = 0
	to_port = 0
	protocol = "-1"
	description = "Allow all protocols"
	cidr_blocks = "0.0.0.0/0"
	},
	]
	}