-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpc.tf
167 lines (134 loc) · 4.99 KB
/
vpc.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
data "external" "seeded_random" {
program = [
"python",
"-c",
"import random; import json; random.seed('${terraform.workspace}'); print(json.dumps({'cidr_block': '10.{}.0.0/16'.format(random.randint(0, 255))}))",
]
}
locals {
vpc_cidr = length(var.vpc_cidr) > 0 ? var.vpc_cidr : data.external.seeded_random.result.cidr_block
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "2.70.0"
name = local.vpc_name
cidr = local.vpc_cidr
azs = var.vpc_azs
private_subnets = [
cidrsubnet(local.vpc_cidr, 3, 0),
cidrsubnet(local.vpc_cidr, 3, 2),
cidrsubnet(local.vpc_cidr, 3, 4),
cidrsubnet(local.vpc_cidr, 10, 192),
cidrsubnet(local.vpc_cidr, 10, 448),
cidrsubnet(local.vpc_cidr, 10, 704),
]
public_subnets = [
cidrsubnet(local.vpc_cidr, 4, 2),
cidrsubnet(local.vpc_cidr, 4, 6),
cidrsubnet(local.vpc_cidr, 4, 10),
]
enable_nat_gateway = var.vpc_enable_nat_gateway
single_nat_gateway = var.vpc_single_nat_gateway
enable_vpn_gateway = var.vpc_enable_vpn_gateway
enable_s3_endpoint = var.vpc_enable_s3_endpoint
enable_dynamodb_endpoint = var.vpc_enable_dynamodb_endpoint
enable_dns_hostnames = var.vpc_enable_dns_hostnames
enable_dhcp_options = var.vpc_enable_dhcp_options
dhcp_options_domain_name = "${terraform.workspace}.${var.vpc_domain_name}"
private_subnet_tags = {
"kubernetes.io/role/internal-elb" = ""
"kubernetes.io/role/alb-ingress" = ""
"Visibility" = "private"
}
public_subnet_tags = {
"Visibility" = "public"
}
tags = {
Owner = var.owner
Environment = terraform.workspace
Name = local.vpc_name
"kubernetes.io/cluster/${local.kubernetes_cluster_name}" = "shared"
}
}
resource "aws_db_subnet_group" "default" {
name = "environment db ${terraform.workspace} subnet group"
description = "DB Subnet Group"
subnet_ids = module.vpc.private_subnets
tags = {
Name = "Subnet Group for Environment ${terraform.workspace} VPC"
}
}
variable "vpc_cidr" {
description = "The CIDR block for the VPC"
default = ""
}
variable "vpc_azs" {
description = "A list of availability zones in the region"
default = ["us-west-2a", "us-west-2b", "us-west-2c"]
}
variable "vpc_single_nat_gateway" {
description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
default = true
}
variable "vpc_enable_nat_gateway" {
description = "Provision NAT Gateways for each of your availability zones"
default = true
}
variable "vpc_enable_vpn_gateway" {
description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
default = true
}
variable "vpc_enable_s3_endpoint" {
description = "Should be true if you want to provision an S3 endpoint to the VPC"
default = true
}
variable "vpc_enable_dynamodb_endpoint" {
description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
default = true
}
variable "vpc_enable_dns_hostnames" {
description = "Should be true to enable DNS hostnames in the VPC"
default = true
}
variable "vpc_enable_dhcp_options" {
description = "Toggle setting of DHCP server options for the VPC"
default = true
}
variable "vpc_domain_name" {
description = "The domain name to set on the DHCP options for the VPC, prepended by terraform workspace."
default = "internal.smartcolumbusos.com"
}
variable "owner" {
description = "User creating this VPC. It should be done through jenkins"
default = "jenkins"
}
locals {
hdp_subnets = slice(module.vpc.private_subnets, 3, 6)
}
locals {
private_subnets = length(module.vpc.private_subnets) > 2 ? slice(module.vpc.private_subnets, 0, 3) : module.vpc.private_subnets
}
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
variable "key_pair_public_key" {
description = "The public key used to create a key pair"
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZUiqcbO+5rkKXuYxBcUGtyLWtNainCjKaKaV4ZBEDhUZIxSJXLNq0SH7NxcODYDNNREqUdy6okJMP16NLuMHngmZYGW7FWaB5AVeKpYOdUHL2ik+RH0pY6PquGNWXMqUP+uVB8Kn5SgqsYT/u84Re6m0FztqVf7N8L5SuDbdnkvfLUc+R3JiMArvVGGKj5GkcUAqMFuzEuBQ2e7ID/bSevtMKfrPlOCLVSUzbMIVPCrxE7YyhTDgZjN7kMNZePWQhdyq86QzHJr50qa0fMnp2oUP1qwzbFjymYbG+oXPcj9dSiB7q2anf2imBnWP8JlhSinzJZrR2wa7Vn535MBhD"
}
variable "key_pair_name" {
description = "The name of the keypair. This must be changed to roll the keys"
default = "invalid_key_pair"
}