Page MenuHomePhabricator
Paste P2063

shared.tf
ActivePublic

Authored by amckinley on Jun 30 2017, 3:53 PM.
# create the apc
resource "aws_vpc" "private-cluster" {
cidr_block = "172.32.0.0/16"
tags {
Name = "private-cluster"
}
}
# allow everything for testing
resource "aws_security_group" "allow-all" {
name = "allow_all"
description = "Allow all inbound traffic"
vpc_id = "${aws_vpc.private-cluster.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# shared igw
resource "aws_internet_gateway" "vpc-igw" {
vpc_id = "${aws_vpc.private-cluster.id}"
}
# shared nat gateway
resource "aws_eip" "nat-eip" {
vpc = true
}
resource "aws_nat_gateway" "us-east-1a-nat" {
allocation_id = "${aws_eip.nat-eip.id}"
subnet_id = "${aws_subnet.public-us-east-1a.id}"
depends_on = ["aws_internet_gateway.vpc-igw"]
}
# shared route table by all public subnets
resource "aws_route_table" "us-east-1-public" {
vpc_id = "${aws_vpc.private-cluster.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.vpc-igw.id}"
}
tags {
Name = "public-subnet-routing-table"
}
}
# public subnets, one per AZ
resource "aws_subnet" "public-us-east-1a" {
vpc_id = "${aws_vpc.private-cluster.id}"
cidr_block = "172.32.1.0/24"
map_public_ip_on_launch = true
availability_zone = "us-east-1a"
tags {
Name = "public-us-east-1a"
}
}
resource "aws_subnet" "public-us-east-1b" {
vpc_id = "${aws_vpc.private-cluster.id}"
cidr_block = "172.32.2.0/24"
map_public_ip_on_launch = true
availability_zone = "us-east-1b"
tags {
Name = "public-us-east-1b"
}
}
# attach public subnets to routing table
resource "aws_route_table_association" "us-east-1a-public" {
subnet_id = "${aws_subnet.public-us-east-1a.id}"
route_table_id = "${aws_route_table.us-east-1-public.id}"
}
resource "aws_route_table_association" "us-east-1b-public" {
subnet_id = "${aws_subnet.public-us-east-1b.id}"
route_table_id = "${aws_route_table.us-east-1-public.id}"
}