-
Notifications
You must be signed in to change notification settings - Fork 1
/
private_routing.tf
57 lines (44 loc) · 2.08 KB
/
private_routing.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#-------------------------------------------------------------------------------
# Note that all these resources depend on the VPC, the NAT GWs, or
# both, and hence on the
# aws_iam_role_policy_attachment.provisionnetworking_policy_attachment
# resource.
# -------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Set up routing for the private subnets.
#
# The public subnets will use the default routing table in the VPC, as
# defined in public_routing.tf.
# -------------------------------------------------------------------------------
# Each private subnet gets its own routing table, since each subnet
# uses its own NAT gateway.
resource "aws_route_table" "private_route_tables" {
provider = aws.userservicesprovisionaccount
for_each = toset(var.private_subnet_cidr_blocks)
vpc_id = aws_vpc.userservices.id
}
# Route all non-local COOL (outside this VPC but inside the COOL)
# traffic through the transit gateway.
resource "aws_route" "cool_routes" {
provider = aws.userservicesprovisionaccount
for_each = toset(var.private_subnet_cidr_blocks)
destination_cidr_block = var.cool_cidr_block
route_table_id = aws_route_table.private_route_tables[each.value].id
transit_gateway_id = local.transit_gateway_id
}
# Route all external (outside this VPC and outside the COOL) traffic
# through the NAT gateways
resource "aws_route" "external_routes" {
provider = aws.userservicesprovisionaccount
for_each = toset(var.private_subnet_cidr_blocks)
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat_gws[each.value].id
route_table_id = aws_route_table.private_route_tables[each.value].id
}
# Associate the routing tables with the subnets
resource "aws_route_table_association" "private_route_table_associations" {
provider = aws.userservicesprovisionaccount
for_each = toset(var.private_subnet_cidr_blocks)
route_table_id = aws_route_table.private_route_tables[each.value].id
subnet_id = module.private.subnets[each.value].id
}