Skip to content

Instantly share code, notes, and snippets.

@brendanmckenzie

brendanmckenzie/vpc.tf Secret

Created February 22, 2023 05:03
Show Gist options
  • Save brendanmckenzie/1b451ec9de785f5471be32cdfcfc094c to your computer and use it in GitHub Desktop.
Save brendanmckenzie/1b451ec9de785f5471be32cdfcfc094c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vpc.tf
# VPC
resource "aws_vpc" "vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "myapp-vpc"
}
}
# Subnets
# - Public
resource "aws_subnet" "subnet_public_apse2a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-southeast-2a"
cidr_block = "10.0.0.0/21"
map_public_ip_on_launch = true
tags = {
Name = "myapp-subnet-public-apse2a"
}
}
resource "aws_subnet" "subnet_public_apse2b" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-southeast-2a"
cidr_block = "10.0.16.0/21"
map_public_ip_on_launch = true
tags = {
Name = "myapp-subnet-public-apse2b"
}
}
# - Private
resource "aws_subnet" "subnet_private_apse2a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-southeast-2a"
cidr_block = "10.0.8.0/21"
map_public_ip_on_launch = false
tags = {
Name = "myapp-subnet-private-apse2a"
}
}
resource "aws_subnet" "subnet_private_apse2b" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-southeast-2b"
cidr_block = "10.0.32.0/21"
map_public_ip_on_launch = false
tags = {
Name = "myapp-subnet-private-apse2b"
}
}
# Internet gateway
resource "aws_internet_gateway" "internet_gateway_apse2a" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "myapp-igw-apse2a"
}
}
# Routes tables
# - Public
resource "aws_route_table" "route_table_public_apse2a" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.internet_gateway_apse2a.id
}
tags = {
Name = "myapp-rtb-public-apse2a"
}
}
resource "aws_route_table" "route_table_public_apse2b" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.internet_gateway_apse2a.id
}
tags = {
Name = "myapp-rtb-public-apse2b"
}
}
# - Private
resource "aws_route_table" "route_table_private_apse2a" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat_gateway_apse2a.id
}
tags = {
Name = "myapp-rtb-private-apse2a"
}
}
resource "aws_route_table" "route_table_private_apse2b" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat_gateway_apse2b.id
}
tags = {
Name = "myapp-rtb-private-apse2b"
}
}
resource "aws_route_table_association" "route_table_association_public_apse2a" {
subnet_id = aws_subnet.subnet_public_apse2a.id
route_table_id = aws_route_table.route_table_public_apse2a.id
}
resource "aws_route_table_association" "route_table_association_public_apse2b" {
subnet_id = aws_subnet.subnet_public_apse2b.id
route_table_id = aws_route_table.route_table_public_apse2b.id
}
resource "aws_route_table_association" "route_table_association_private_apse2a" {
subnet_id = aws_subnet.subnet_private_apse2a.id
route_table_id = aws_route_table.route_table_private_apse2a.id
}
resource "aws_route_table_association" "route_table_association_private_apse2b" {
subnet_id = aws_subnet.subnet_private_apse2b.id
route_table_id = aws_route_table.route_table_private_apse2b.id
}
resource "aws_eip" "eip_apse2a" {
vpc = true
depends_on = [aws_internet_gateway.internet_gateway_apse2a]
tags = {
Name = "myapp-eip-apse2a"
}
}
resource "aws_eip" "eip_apse2b" {
vpc = true
depends_on = [aws_internet_gateway.internet_gateway_apse2a]
tags = {
Name = "myapp-eip-apse2b"
}
}
resource "aws_nat_gateway" "nat_gateway_apse2a" {
allocation_id = aws_eip.eip_apse2a.id
subnet_id = aws_subnet.subnet_public_apse2a.id
tags = {
Name = "myapp-ngw-apse2a"
}
}
resource "aws_nat_gateway" "nat_gateway_apse2b" {
allocation_id = aws_eip.eip_apse2b.id
subnet_id = aws_subnet.subnet_public_apse2b.id
tags = {
Name = "myapp-ngw-apse2b"
}
}
resource "aws_default_network_acl" "default_network_acl" {
default_network_acl_id = aws_vpc.vpc.default_network_acl_id
subnet_ids = [aws_subnet.subnet_public_apse2a.id, aws_subnet.subnet_private_apse2a.id]
ingress {
protocol = -1
rule_no = 100
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
to_port = 0
}
egress {
protocol = -1
rule_no = 100
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
to_port = 0
}
tags = {
Name = "myapp-default-network-acl"
}
}
resource "aws_default_security_group" "default_security_group" {
vpc_id = aws_vpc.vpc.id
ingress {
from_port = 0
to_port = 0
protocol = -1
# self = true
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "myapp-default-sg"
}
}
resource "aws_db_subnet_group" "db" {
name = "myapp-db-subnet-group"
subnet_ids = [
aws_subnet.subnet_public_apse2a.id,
aws_subnet.subnet_public_apse2b.id,
aws_subnet.subnet_private_apse2a.id,
aws_subnet.subnet_private_apse2b.id
]
tags = {
Name = "myapp-db-subnet-group"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment