-
-
Save brendanmckenzie/1b451ec9de785f5471be32cdfcfc094c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# VPC | |
resource "aws_vpc" "vpc" { | |
cidr_block = "10.0.0.0/16" | |
enable_dns_hostnames = true | |
enable_dns_support = true | |
tags = { | |
Name = "myapp-vpc" | |
} | |
} | |
# Subnets | |
# - Public | |
resource "aws_subnet" "subnet_public_apse2a" { | |
vpc_id = aws_vpc.vpc.id | |
availability_zone = "ap-southeast-2a" | |
cidr_block = "10.0.0.0/21" | |
map_public_ip_on_launch = true | |
tags = { | |
Name = "myapp-subnet-public-apse2a" | |
} | |
} | |
resource "aws_subnet" "subnet_public_apse2b" { | |
vpc_id = aws_vpc.vpc.id | |
availability_zone = "ap-southeast-2a" | |
cidr_block = "10.0.16.0/21" | |
map_public_ip_on_launch = true | |
tags = { | |
Name = "myapp-subnet-public-apse2b" | |
} | |
} | |
# - Private | |
resource "aws_subnet" "subnet_private_apse2a" { | |
vpc_id = aws_vpc.vpc.id | |
availability_zone = "ap-southeast-2a" | |
cidr_block = "10.0.8.0/21" | |
map_public_ip_on_launch = false | |
tags = { | |
Name = "myapp-subnet-private-apse2a" | |
} | |
} | |
resource "aws_subnet" "subnet_private_apse2b" { | |
vpc_id = aws_vpc.vpc.id | |
availability_zone = "ap-southeast-2b" | |
cidr_block = "10.0.32.0/21" | |
map_public_ip_on_launch = false | |
tags = { | |
Name = "myapp-subnet-private-apse2b" | |
} | |
} | |
# Internet gateway | |
resource "aws_internet_gateway" "internet_gateway_apse2a" { | |
vpc_id = aws_vpc.vpc.id | |
tags = { | |
Name = "myapp-igw-apse2a" | |
} | |
} | |
# Routes tables | |
# - Public | |
resource "aws_route_table" "route_table_public_apse2a" { | |
vpc_id = aws_vpc.vpc.id | |
route { | |
cidr_block = "0.0.0.0/0" | |
gateway_id = aws_internet_gateway.internet_gateway_apse2a.id | |
} | |
tags = { | |
Name = "myapp-rtb-public-apse2a" | |
} | |
} | |
resource "aws_route_table" "route_table_public_apse2b" { | |
vpc_id = aws_vpc.vpc.id | |
route { | |
cidr_block = "0.0.0.0/0" | |
gateway_id = aws_internet_gateway.internet_gateway_apse2a.id | |
} | |
tags = { | |
Name = "myapp-rtb-public-apse2b" | |
} | |
} | |
# - Private | |
resource "aws_route_table" "route_table_private_apse2a" { | |
vpc_id = aws_vpc.vpc.id | |
route { | |
cidr_block = "0.0.0.0/0" | |
nat_gateway_id = aws_nat_gateway.nat_gateway_apse2a.id | |
} | |
tags = { | |
Name = "myapp-rtb-private-apse2a" | |
} | |
} | |
resource "aws_route_table" "route_table_private_apse2b" { | |
vpc_id = aws_vpc.vpc.id | |
route { | |
cidr_block = "0.0.0.0/0" | |
nat_gateway_id = aws_nat_gateway.nat_gateway_apse2b.id | |
} | |
tags = { | |
Name = "myapp-rtb-private-apse2b" | |
} | |
} | |
resource "aws_route_table_association" "route_table_association_public_apse2a" { | |
subnet_id = aws_subnet.subnet_public_apse2a.id | |
route_table_id = aws_route_table.route_table_public_apse2a.id | |
} | |
resource "aws_route_table_association" "route_table_association_public_apse2b" { | |
subnet_id = aws_subnet.subnet_public_apse2b.id | |
route_table_id = aws_route_table.route_table_public_apse2b.id | |
} | |
resource "aws_route_table_association" "route_table_association_private_apse2a" { | |
subnet_id = aws_subnet.subnet_private_apse2a.id | |
route_table_id = aws_route_table.route_table_private_apse2a.id | |
} | |
resource "aws_route_table_association" "route_table_association_private_apse2b" { | |
subnet_id = aws_subnet.subnet_private_apse2b.id | |
route_table_id = aws_route_table.route_table_private_apse2b.id | |
} | |
resource "aws_eip" "eip_apse2a" { | |
vpc = true | |
depends_on = [aws_internet_gateway.internet_gateway_apse2a] | |
tags = { | |
Name = "myapp-eip-apse2a" | |
} | |
} | |
resource "aws_eip" "eip_apse2b" { | |
vpc = true | |
depends_on = [aws_internet_gateway.internet_gateway_apse2a] | |
tags = { | |
Name = "myapp-eip-apse2b" | |
} | |
} | |
resource "aws_nat_gateway" "nat_gateway_apse2a" { | |
allocation_id = aws_eip.eip_apse2a.id | |
subnet_id = aws_subnet.subnet_public_apse2a.id | |
tags = { | |
Name = "myapp-ngw-apse2a" | |
} | |
} | |
resource "aws_nat_gateway" "nat_gateway_apse2b" { | |
allocation_id = aws_eip.eip_apse2b.id | |
subnet_id = aws_subnet.subnet_public_apse2b.id | |
tags = { | |
Name = "myapp-ngw-apse2b" | |
} | |
} | |
resource "aws_default_network_acl" "default_network_acl" { | |
default_network_acl_id = aws_vpc.vpc.default_network_acl_id | |
subnet_ids = [aws_subnet.subnet_public_apse2a.id, aws_subnet.subnet_private_apse2a.id] | |
ingress { | |
protocol = -1 | |
rule_no = 100 | |
action = "allow" | |
cidr_block = "0.0.0.0/0" | |
from_port = 0 | |
to_port = 0 | |
} | |
egress { | |
protocol = -1 | |
rule_no = 100 | |
action = "allow" | |
cidr_block = "0.0.0.0/0" | |
from_port = 0 | |
to_port = 0 | |
} | |
tags = { | |
Name = "myapp-default-network-acl" | |
} | |
} | |
resource "aws_default_security_group" "default_security_group" { | |
vpc_id = aws_vpc.vpc.id | |
ingress { | |
from_port = 0 | |
to_port = 0 | |
protocol = -1 | |
# self = true | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
tags = { | |
Name = "myapp-default-sg" | |
} | |
} | |
resource "aws_db_subnet_group" "db" { | |
name = "myapp-db-subnet-group" | |
subnet_ids = [ | |
aws_subnet.subnet_public_apse2a.id, | |
aws_subnet.subnet_public_apse2b.id, | |
aws_subnet.subnet_private_apse2a.id, | |
aws_subnet.subnet_private_apse2b.id | |
] | |
tags = { | |
Name = "myapp-db-subnet-group" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment