Skip to content

Commit

Permalink
copied from github.com/silinternational/terraform-modules
Browse files Browse the repository at this point in the history
  • Loading branch information
briskt committed Sep 11, 2024
1 parent f5ddd88 commit da0fea4
Show file tree
Hide file tree
Showing 10 changed files with 424 additions and 73 deletions.
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2024 SIL International
Copyright (c) 2017 SIL International

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
31 changes: 15 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,33 +1,32 @@
# Terraform module for ...
# Terraform module for AWS VPC

TODO: First https://developer.hashicorp.com/terraform/registry/modules/publish if you have never developed a publishable Terraform module. Then follow those requirements when creating your new module.
This module is used to create a VPC along with the necessary configuration to be useful. It was
previously published at
https://github.com/silinternational/terraform-modules/aws/vpc.

This module ...
## What this does

TODO: Change the path in this link:
- Create VPC named after `app_name` and `app_env`
- Create public and private subnets for each `aws_zones` specified
- Provision a Internet Gateway and configure public subnets to route through it
- Provision a NAT Gateway (or use an existing Transit Gateway) and configure private subnets to route through it
- Create a DB subnet group including all private subnets
- Optionally allocate IPv6 CIDR blocks, egress-only internet gateway, and default IPv6 routes

This module is published in [Terraform Registry](https://registry.terraform.io/modules/silinternational/module-name/provider-name/latest).
This module is published in [Terraform Registry](https://registry.terraform.io/modules/silinternational/vpc/aws/latest).

## Usage Example

TODO: Update the following as a simple, brief representative sample of the module:

```hcl
module "this" {
source = "silinternational/module-name/aws"
version = "0.1.0"
variable_name = "my variable value"
source = "github.com/silinternational/terraform-modules//aws/vpc"
app_name = var.app_name
aws_zones = var.aws_zones
}
provider "aws" {
region = "us-east-1"
}
```

## Working Example

TODO: Update or remove this section:

A working [example](https://github.com/silinternational/terraform-module-name/tree/main/example) usage of this module is included in the source repository.

12 changes: 0 additions & 12 deletions example/main.tf

This file was deleted.

10 changes: 0 additions & 10 deletions example/providers.tf

This file was deleted.

3 changes: 0 additions & 3 deletions example/variables.tf

This file was deleted.

232 changes: 230 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,235 @@
/*
* Create VPC using app name and env to name it
*/
resource "aws_vpc" "vpc" {
cidr_block = var.vpc_cidr_block
enable_dns_hostnames = var.enable_dns_hostnames
assign_generated_ipv6_cidr_block = var.enable_ipv6

// TODO: define locals at the top of main.tf
tags = {
Name = "vpc-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

/*
* Get default security group for reference later
*/
data "aws_security_group" "vpc_default_sg" {
name = "default"
vpc_id = aws_vpc.vpc.id
}

/*
* Create public and private subnets for each availability zone
*/

locals {
a = "a"
ipv6_cidr_block = aws_vpc.vpc.ipv6_cidr_block
public_subnets = var.enable_ipv6 ? cidrsubnets(cidrsubnet(local.ipv6_cidr_block, 4, 0), 4, 4, 4, 4, 4, 4, 4, 4) : []
private_subnets = var.enable_ipv6 ? cidrsubnets(cidrsubnet(local.ipv6_cidr_block, 4, 1), 4, 4, 4, 4, 4, 4, 4, 4) : []
}

resource "aws_subnet" "public_subnet" {
count = length(var.aws_zones)
vpc_id = aws_vpc.vpc.id
availability_zone = element(var.aws_zones, count.index)
cidr_block = element(var.public_subnet_cidr_blocks, count.index)
ipv6_cidr_block = var.enable_ipv6 ? element(local.public_subnets, count.index) : null

tags = {
Name = "public-${element(var.aws_zones, count.index)}"
app_name = var.app_name
app_env = var.app_env
}
}

resource "aws_subnet" "private_subnet" {
count = length(var.aws_zones)
vpc_id = aws_vpc.vpc.id
availability_zone = element(var.aws_zones, count.index)
cidr_block = element(var.private_subnet_cidr_blocks, count.index)
ipv6_cidr_block = var.enable_ipv6 ? element(local.private_subnets, count.index) : null

tags = {
Name = "private-${element(var.aws_zones, count.index)}"
app_name = var.app_name
app_env = var.app_env
}
}


/*
* Create internet gateway(s) for VPC
*/
resource "aws_internet_gateway" "internet_gateway" {
vpc_id = aws_vpc.vpc.id

tags = {
Name = "IGW-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

resource "aws_egress_only_internet_gateway" "ipv6" {
count = var.enable_ipv6 ? 1 : 0

vpc_id = aws_vpc.vpc.id

tags = {
Name = "egress-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

resource "aws_route" "private_ipv6" {
count = var.enable_ipv6 ? 1 : 0

route_table_id = aws_route_table.private_route_table.id
destination_ipv6_cidr_block = "::/0"
egress_only_gateway_id = one(aws_egress_only_internet_gateway.ipv6[*].id)
}


/*
* Create NAT gateway and allocate Elastic IP for it
*/
resource "aws_eip" "gateway_eip" {
tags = {
Name = "EIP-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
vpc = true
}

resource "aws_nat_gateway" "nat_gateway" {
count = var.create_nat_gateway ? 1 : 0

allocation_id = aws_eip.gateway_eip.id
subnet_id = aws_subnet.public_subnet[0].id
depends_on = [aws_internet_gateway.internet_gateway]

tags = {
Name = "NAT-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

/*
* Set use_transit_gateway to true create transit gateway attachments in the private subnets and
* route traffic to the TGW instead of NAT GW.
* Should be used when create_nat_gateway=false.
*/
resource "aws_ec2_transit_gateway_vpc_attachment" "transit_gateway" {
count = var.use_transit_gateway ? 1 : 0

subnet_ids = aws_subnet.private_subnet.*.id
transit_gateway_id = var.transit_gateway_id
vpc_id = aws_vpc.vpc.id
transit_gateway_default_route_table_association = var.transit_gateway_default_route_table_association
transit_gateway_default_route_table_propagation = var.transit_gateway_default_route_table_propagation

tags = {
Name = "TGW-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

/*
* Routes for private subnets to use NAT or Transit gateway
*/
resource "aws_route_table" "private_route_table" {
vpc_id = aws_vpc.vpc.id

tags = {
Name = "RT-private-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

/*
* Refactoring information to note that we renamed aws_route_table.nat_route_table to aws_route_table.private_route_table
* This prevents the resource from being destroyed and recreated. Should be kept at least until the next major revision
* but probably should remain permanently.
*/
moved {
from = aws_route_table.nat_route_table
to = aws_route_table.private_route_table
}

resource "aws_route" "nat_route" {
count = var.create_nat_gateway ? 1 : 0

route_table_id = aws_route_table.private_route_table.id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = one(aws_nat_gateway.nat_gateway[*].id)
}

resource "aws_route" "transit_gateway" {
count = var.use_transit_gateway ? 1 : 0

route_table_id = aws_route_table.private_route_table.id
destination_cidr_block = "0.0.0.0/0"
transit_gateway_id = var.transit_gateway_id
}

resource "aws_route_table_association" "private_route" {
count = length(var.aws_zones)
subnet_id = element(aws_subnet.private_subnet.*.id, count.index)
route_table_id = aws_route_table.private_route_table.id
}

/*
* Routes for public subnets to use internet gateway
*/
resource "aws_route_table" "igw_route_table" {
vpc_id = aws_vpc.vpc.id

tags = {
Name = "RT-public-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

resource "aws_route" "igw_route" {
route_table_id = aws_route_table.igw_route_table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.internet_gateway.id
}

resource "aws_route" "public_ipv6" {
count = var.enable_ipv6 ? 1 : 0

route_table_id = aws_route_table.igw_route_table.id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.internet_gateway.id
}

resource "aws_route_table_association" "public_route" {
count = length(var.aws_zones)
subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
route_table_id = aws_route_table.igw_route_table.id
}

/*
* Create DB Subnet Group for private subnets
*/
resource "aws_db_subnet_group" "db_subnet_group" {
name = "db-subnet-${var.app_name}-${var.app_env}"
subnet_ids = aws_subnet.private_subnet.*.id

tags = {
Name = "db-subnet-${var.app_name}-${var.app_env}"
app_name = var.app_name
app_env = var.app_env
}
}

46 changes: 42 additions & 4 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,43 @@
output "output_name" {
value = var.variable_name
description = "description of the output"
sensitive = true
output "id" {
value = aws_vpc.vpc.id
}

output "ipv6_association_id" {
value = aws_vpc.vpc.ipv6_association_id
}

output "ipv6_cidr_block" {
value = aws_vpc.vpc.ipv6_cidr_block
}

output "vpc_default_sg_id" {
value = data.aws_security_group.vpc_default_sg.id
}

output "public_subnet_ids" {
value = aws_subnet.public_subnet.*.id
}

output "public_subnet_cidr_blocks" {
value = aws_subnet.public_subnet.*.cidr_block
}

output "private_subnet_ids" {
value = aws_subnet.private_subnet.*.id
}

output "private_subnet_cidr_blocks" {
value = aws_subnet.private_subnet.*.cidr_block
}

output "db_subnet_group_name" {
value = aws_db_subnet_group.db_subnet_group.name
}

output "aws_zones" {
value = var.aws_zones
}

output "nat_gateway_ip" {
value = one(aws_nat_gateway.nat_gateway[*].public_ip)
}
Loading

0 comments on commit da0fea4

Please sign in to comment.