greyhoundforty/vpc-east.tf

## vpc-east.tf
module "resource_group" {
  source                       = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.0.5"
  resource_group_name          = var.existing_resource_group == null ? "${local.prefix}-resource-group" : null
  existing_resource_group_name = var.existing_resource_group
}

resource "random_string" "prefix" {
  length  = 4
  special = false
  upper   = false
}

resource "ibm_is_vpc" "east_vpc" {
  name                        = "${local.prefix}-east-vpc"
  resource_group              = module.resource_group.resource_group_id
  address_prefix_management   = "manual"
  default_network_acl_name    = "${local.prefix}-east-default-network-acl"
  default_security_group_name = "${local.prefix}-east-default-security-group"
  default_routing_table_name  = "${local.prefix}-east-default-routing-table"
  tags                        = local.tags
}

resource "ibm_is_vpc_address_prefix" "east_prefix" {
  count = length(data.ibm_is_zones.regional.zones)

  name       = "${local.prefix}-east-prefix-${count.index + 1}"
  zone       = local.vpc_zones[count.index].zone
  vpc        = ibm_is_vpc.east_vpc.id
  cidr       = cidrsubnet(var.cidr, 4, count.index)
  is_default = true
}

resource "ibm_is_subnet" "east_subnet" {
  count           = length(var.subnets)
  depends_on      = [ibm_is_vpc_address_prefix.east_prefix]
  name            = "${local.prefix}-east-${count.index}-subnet"
  vpc             = ibm_is_vpc.east_vpc.id
  zone            = local.vpc_zones.0.zone
  resource_group = module.resource_group.resource_group_id
  ipv4_cidr_block = cidrsubnet(ibm_is_vpc_address_prefix.east_prefix[count.index].cidr, 2, count.index)
  tags            = local.tags
}

# Adding Security Group
resource "ibm_is_security_group" "east_workload" {
  name           = "${local.prefix}-east-workload-sg"
  vpc            = ibm_is_vpc.east_vpc.id
  resource_group = module.resource_group.resource_group_id
  tags           = local.tags
}

# SG Rules
# Allow all incoming network traffic on port 22
resource "ibm_is_security_group_rule" "ingress_ssh_east" {
  group     = ibm_is_security_group.east_workload.id
  direction = "inbound"
  remote    = "0.0.0.0/0"

  tcp {
    port_min = 22
    port_max = 22
  }
}

# Allow all incoming network traffic icmp inbound
resource "ibm_is_security_group_rule" "ingress_icmp_east" {
  group     = ibm_is_security_group.east_workload.id
  direction = "inbound"
  remote    = "0.0.0.0/0"
  icmp {
    code = 0
    type = 8
  }
}

# Allow all outbound network traffic --> Solved DNS resolution problem.. refine to just dns resolution
resource "ibm_is_security_group_rule" "dns_outbound_east" {
  group     = ibm_is_security_group.east_workload.id
  direction = "outbound"
  remote    = "0.0.0.0/0"
  udp {
    port_min = 53
    port_max = 53
  }
}

resource "ibm_is_instance" "east_compute" {
  count   = var.instance_count
  name    = "${local.prefix}-east-instance-${count.index + 1}"
  vpc     = ibm_is_vpc.east_vpc.id
  zone    = local.vpc_zones.0.zone
  keys    = [data.ibm_is_ssh_key.ssh_key_id.id]
  image   = data.ibm_is_image.ubuntu.id
  profile = "cx2-2x4"

  primary_network_interface {
    subnet          = ibm_is_subnet.east_subnet.0.id
    security_groups = [ibm_is_security_group.east_workload.id]
  }
}

# !----- Routing table & Route ------!
resource "ibm_is_vpc_routing_table" "east_routing_table" {
  vpc                           = ibm_is_vpc.east_vpc.id
  name                          = "${local.prefix}-east-routing-table"
  route_direct_link_ingress     = false
  route_transit_gateway_ingress = false
  route_vpc_zone_ingress        = false
}

resource "ibm_is_vpc_routing_table_route" "vpn_route_east_to_west" {
  depends_on = [
    ibm_is_subnet_routing_table_attachment.east_subnet_attach
  ]
  vpc           = ibm_is_vpc.east_vpc.id
  routing_table = ibm_is_vpc_routing_table.east_routing_table.routing_table
  zone          = local.vpc_zones.0.zone
  name          = "${local.prefix}-east-to-west-route"
  destination   = ibm_is_subnet.west_subnet.0.ipv4_cidr_block
  action        = "deliver"
  next_hop      = ibm_is_vpn_gateway_connection.east_connection.gateway_connection
}

resource "ibm_is_subnet_routing_table_attachment" "east_subnet_rt_attach" {
  depends_on = [
    ibm_is_vpc_routing_table.east_routing_table
  ]
  subnet        = ibm_is_subnet.east_subnet.0.id
  routing_table = ibm_is_vpc_routing_table.east_routing_table.routing_table
}

resource "ibm_is_floating_ip" "east_fips" {
  count          = var.instance_count
  name           = "${local.prefix}-instance-${count.index + 1}-fip"
  target         = ibm_is_instance.east_compute[count.index].primary_network_interface[0].id
  resource_group = module.resource_group.resource_group_id
  tags           = local.tags
}
	module "resource_group" {
	source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.0.5"
	resource_group_name = var.existing_resource_group == null ? "${local.prefix}-resource-group" : null
	existing_resource_group_name = var.existing_resource_group
	}

	resource "random_string" "prefix" {
	length = 4
	special = false
	upper = false
	}

	resource "ibm_is_vpc" "east_vpc" {
	name = "${local.prefix}-east-vpc"
	resource_group = module.resource_group.resource_group_id
	address_prefix_management = "manual"
	default_network_acl_name = "${local.prefix}-east-default-network-acl"
	default_security_group_name = "${local.prefix}-east-default-security-group"
	default_routing_table_name = "${local.prefix}-east-default-routing-table"
	tags = local.tags
	}

	resource "ibm_is_vpc_address_prefix" "east_prefix" {
	count = length(data.ibm_is_zones.regional.zones)

	name = "${local.prefix}-east-prefix-${count.index + 1}"
	zone = local.vpc_zones[count.index].zone
	vpc = ibm_is_vpc.east_vpc.id
	cidr = cidrsubnet(var.cidr, 4, count.index)
	is_default = true
	}

	resource "ibm_is_subnet" "east_subnet" {
	count = length(var.subnets)
	depends_on = [ibm_is_vpc_address_prefix.east_prefix]
	name = "${local.prefix}-east-${count.index}-subnet"
	vpc = ibm_is_vpc.east_vpc.id
	zone = local.vpc_zones.0.zone
	resource_group = module.resource_group.resource_group_id
	ipv4_cidr_block = cidrsubnet(ibm_is_vpc_address_prefix.east_prefix[count.index].cidr, 2, count.index)
	tags = local.tags
	}

	# Adding Security Group
	resource "ibm_is_security_group" "east_workload" {
	name = "${local.prefix}-east-workload-sg"
	vpc = ibm_is_vpc.east_vpc.id
	resource_group = module.resource_group.resource_group_id
	tags = local.tags
	}

	# SG Rules
	# Allow all incoming network traffic on port 22
	resource "ibm_is_security_group_rule" "ingress_ssh_east" {
	group = ibm_is_security_group.east_workload.id
	direction = "inbound"
	remote = "0.0.0.0/0"

	tcp {
	port_min = 22
	port_max = 22
	}
	}

	# Allow all incoming network traffic icmp inbound
	resource "ibm_is_security_group_rule" "ingress_icmp_east" {
	group = ibm_is_security_group.east_workload.id
	direction = "inbound"
	remote = "0.0.0.0/0"
	icmp {
	code = 0
	type = 8
	}
	}

	# Allow all outbound network traffic --> Solved DNS resolution problem.. refine to just dns resolution
	resource "ibm_is_security_group_rule" "dns_outbound_east" {
	group = ibm_is_security_group.east_workload.id
	direction = "outbound"
	remote = "0.0.0.0/0"
	udp {
	port_min = 53
	port_max = 53
	}
	}

	resource "ibm_is_instance" "east_compute" {
	count = var.instance_count
	name = "${local.prefix}-east-instance-${count.index + 1}"
	vpc = ibm_is_vpc.east_vpc.id
	zone = local.vpc_zones.0.zone
	keys = [data.ibm_is_ssh_key.ssh_key_id.id]
	image = data.ibm_is_image.ubuntu.id
	profile = "cx2-2x4"

	primary_network_interface {
	subnet = ibm_is_subnet.east_subnet.0.id
	security_groups = [ibm_is_security_group.east_workload.id]
	}
	}

	# !----- Routing table & Route ------!
	resource "ibm_is_vpc_routing_table" "east_routing_table" {
	vpc = ibm_is_vpc.east_vpc.id
	name = "${local.prefix}-east-routing-table"
	route_direct_link_ingress = false
	route_transit_gateway_ingress = false
	route_vpc_zone_ingress = false
	}

	resource "ibm_is_vpc_routing_table_route" "vpn_route_east_to_west" {
	depends_on = [
	ibm_is_subnet_routing_table_attachment.east_subnet_attach
	]
	vpc = ibm_is_vpc.east_vpc.id
	routing_table = ibm_is_vpc_routing_table.east_routing_table.routing_table
	zone = local.vpc_zones.0.zone
	name = "${local.prefix}-east-to-west-route"
	destination = ibm_is_subnet.west_subnet.0.ipv4_cidr_block
	action = "deliver"
	next_hop = ibm_is_vpn_gateway_connection.east_connection.gateway_connection
	}

	resource "ibm_is_subnet_routing_table_attachment" "east_subnet_rt_attach" {
	depends_on = [
	ibm_is_vpc_routing_table.east_routing_table
	]
	subnet = ibm_is_subnet.east_subnet.0.id
	routing_table = ibm_is_vpc_routing_table.east_routing_table.routing_table
	}

	resource "ibm_is_floating_ip" "east_fips" {
	count = var.instance_count
	name = "${local.prefix}-instance-${count.index + 1}-fip"
	target = ibm_is_instance.east_compute[count.index].primary_network_interface[0].id
	resource_group = module.resource_group.resource_group_id
	tags = local.tags
	}