UPD: took back the last change, subnet cidrs are now calculated by this module. See README.md for more details
This commit is contained in:
parent
154ee2a0eb
commit
15942ee76c
@ -1,4 +1,5 @@
|
|||||||
# Overview
|
# Overview
|
||||||
|
|
||||||
This module performs the following tasks:
|
This module performs the following tasks:
|
||||||
|
|
||||||
- Create VPC, vpcflow log
|
- Create VPC, vpcflow log
|
||||||
@ -6,41 +7,46 @@ This module performs the following tasks:
|
|||||||
- Create IGW, NGW
|
- Create IGW, NGW
|
||||||
|
|
||||||
## Subnet addressing
|
## Subnet addressing
|
||||||
This module takes in the VPC cidr. Then add 4 bits to the netmask and divide the cidr into 2 ranges.
|
|
||||||
First range will be used for private subnet and second for public subnets.
|
|
||||||
Another 4 bits are added to these ranges for each subnet.
|
|
||||||
|
|
||||||
For example, if the VPC cidr is 10.2.0.0/16, the following subnets will be created:
|
Subnet cidrs are calculated automatically. Due to the design of terraform's cidrsubnets, this module has limitations:
|
||||||
|
|
||||||
| Subnet Type | Subnet AZ1 | Subnet AZ2 | Subnet AZ3 |
|
* supports 2, 4, 6, or 8 subnets in total.
|
||||||
|-------------|------------|------------|------------|
|
* hard-coded to work with 2 AZs, regardless of number of AZs available in the region.
|
||||||
| Private | 10.2.0.0/24 | 10.2.1.0/24 | 10.2.2.0/24 |
|
|
||||||
| Public | 10.2.16.0/24 | 10.2.17.0/24 | 10.2.18.0/24 |
|
|
||||||
|
|
||||||
The VPC cidr netmask should be /20 or above, to produce subnets with /28 netmasks or above.
|
Based on the input variables, it will create subnet cidrs using the following function
|
||||||
Subnet smaller than /28 is unlikely useful.
|
|
||||||
|
| Private Subnets per az | Public Subnets per az | Function | Example if a /24 is used on VPC |
|
||||||
|
| ---------------------- | --------------------- | -------------------------------------------- | ------------------------------- |
|
||||||
|
| 1 | 0 | cidrsubnets(local.vpc-cidr, 1,1) | 2 * /25 |
|
||||||
|
| 1 | 1 | cidrsubnets(local.vpc-cidr, 2,2,2,2) | 4 * /26 |
|
||||||
|
| 2 | 1 | cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) | 6 * /27 |
|
||||||
|
| 2 | 2 | cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) | 8 * /28 |
|
||||||
|
|
||||||
|
simple-divide = local.total-no-subnets >=8 ? cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) : local.total-no-subnets >=6 ? cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) : local.total-no-subnets >=4 ? cidrsubnets(local.vpc-cidr, 2,2,2,2) : local.total-no-subnets >=2 ? cidrsubnets(local.vpc-cidr, 1,1) : null
|
||||||
|
|
||||||
## Inputs:
|
## Inputs:
|
||||||
| Name | Description | Type | Default | Required |
|
|
||||||
|------|-------------|------|---------|:-----:|
|
| Name | Description | Type | Default | Required |
|
||||||
| application | name of application | string | none | yes |
|
| -------------------------------- | ------------------------------------------------- | ------ | ------- |:--------:|
|
||||||
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
|
| application | name of application | string | none | yes |
|
||||||
| customer-name | owner of aws resources | string | none | yes |
|
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
|
||||||
| project | name of project | string | none | yes |
|
| customer-name | owner of aws resources | string | none | yes |
|
||||||
| default-tags | tags to be added to resources | list | none | yes |
|
| project | name of project | string | none | yes |
|
||||||
| number-of-private-subnets-per-az | number of private subnets per az | number | 0 | yes |
|
| default-tags | tags to be added to resources | list | none | yes |
|
||||||
| number-of-public-subnets-per-az | number of public subnets per az | number | 0 | yes |
|
| number-of-private-subnets-per-az | number of private subnets per az | number | 0 | yes |
|
||||||
| create-nat-gateway | whether to deploy NAT gateway for private subnets | bool | true | yes |
|
| number-of-public-subnets-per-az | number of public subnets per az | number | 0 | yes |
|
||||||
| vpc-cidr | VPC cidr | string | none | yes |
|
| create-nat-gateway | whether to deploy NAT gateway for private subnets | bool | true | yes |
|
||||||
| enable-flowlog | whether to enable vpc flowlog | bool | true | yes |
|
| vpc-cidr | VPC cidr | string | none | yes |
|
||||||
| vpcflowlog-retain-days | number of days to retain vpc cloudwatch log | number | 90 | yes |
|
| enable-flowlog | whether to enable vpc flowlog | bool | true | yes |
|
||||||
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
|
| vpcflowlog-retain-days | number of days to retain vpc cloudwatch log | number | 90 | yes |
|
||||||
| aws-region | aws region (e.g. ap-northeast-1) | string | none | yes |
|
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
|
||||||
| vpcflowlog-cwl-loggroup-key-arn | kms key alias arn for log group encryption | string | none | yes |
|
| aws-region | aws region (e.g. ap-northeast-1) | string | none | yes |
|
||||||
|
| vpcflowlog-cwl-loggroup-key-arn | kms key alias arn for log group encryption | string | none | yes |
|
||||||
|
|
||||||
## Outputs:
|
## Outputs:
|
||||||
| Name | Description | Type |
|
|
||||||
|------|-------------|------|
|
| Name | Description | Type |
|
||||||
| vpc_id | vpc id | string |
|
| --------------- | ------------------- | ------ |
|
||||||
| public_subnets | list of cidr blocks | list |
|
| vpc_id | vpc id | string |
|
||||||
| private_subnets | list of cidr blocks | list |
|
| public_subnets | list of cidr blocks | list |
|
||||||
|
| private_subnets | list of cidr blocks | list |
|
||||||
|
@ -11,7 +11,7 @@ locals {
|
|||||||
|
|
||||||
# VPC variables
|
# VPC variables
|
||||||
variable "vpc-cidr" {}
|
variable "vpc-cidr" {}
|
||||||
/*
|
|
||||||
variable number-of-public-subnets-per-az {
|
variable number-of-public-subnets-per-az {
|
||||||
type = number
|
type = number
|
||||||
default = 0
|
default = 0
|
||||||
@ -20,7 +20,7 @@ variable number-of-private-subnets-per-az {
|
|||||||
type = number
|
type = number
|
||||||
default = 0
|
default = 0
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
variable "create-nat-gateway" {
|
variable "create-nat-gateway" {
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
@ -34,8 +34,8 @@ variable "vpcflowlog-retain-days" {
|
|||||||
default = 90
|
default = 90
|
||||||
}
|
}
|
||||||
variable "vpcflowlog-cwl-loggroup-key-arn" {}
|
variable "vpcflowlog-cwl-loggroup-key-arn" {}
|
||||||
variable "private-subnet-cidrs" {}
|
# variable "private-subnet-cidrs" {}
|
||||||
variable "public-subnet-cidrs" {}
|
# variable "public-subnet-cidrs" {}
|
||||||
variable "create-free-vpc-endpoints" {
|
variable "create-free-vpc-endpoints" {
|
||||||
type = bool
|
type = bool
|
||||||
default = true
|
default = true
|
||||||
|
@ -3,16 +3,26 @@ data "aws_availability_zones" "available-az" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
subnet_start = cidrsubnets(var.vpc-cidr, 1, 1) # divide vpc into 2
|
// subnet_start = cidrsubnets(var.vpc-cidr, 1, 1) # divide vpc into 2
|
||||||
|
# no-az = length(data.aws_availability_zones.available-az.id)
|
||||||
|
no-az = 2 # hard-coding to 2AZ
|
||||||
|
vpc-cidr = var.vpc-cidr
|
||||||
|
total-no-subnets = local.no-az * (var.number-of-private-subnets-per-az + var.number-of-public-subnets-per-az)
|
||||||
|
|
||||||
|
simple-divide = local.total-no-subnets >=8 ? cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) : local.total-no-subnets >=6 ? cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) : local.total-no-subnets >=4 ? cidrsubnets(local.vpc-cidr, 2,2,2,2) : local.total-no-subnets >=2 ? cidrsubnets(local.vpc-cidr, 1,1) : null
|
||||||
|
public-subnets = slice(local.simple-divide, 0, var.number-of-public-subnets-per-az * local.no-az)
|
||||||
|
private-subnets = slice(local.simple-divide, var.number-of-public-subnets-per-az * local.no-az , local.total-no-subnets)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource aws_subnet private-subnets {
|
resource aws_subnet private-subnets {
|
||||||
count = length(var.private-subnet-cidrs)
|
count = length(local.private-subnets)
|
||||||
|
# count = length(var.private-subnet-cidrs)
|
||||||
# count = var.number-of-private-subnets-per-az * length(data.aws_availability_zones.available-az.names)
|
# count = var.number-of-private-subnets-per-az * length(data.aws_availability_zones.available-az.names)
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
|
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
|
||||||
# cidr_block = cidrsubnet(local.subnet_start[0], 2, count.index)
|
# cidr_block = cidrsubnet(local.subnet_start[0], 2, count.index)
|
||||||
cidr_block = var.private-subnet-cidrs[count.index]
|
# cidr_block = var.private-subnet-cidrs[count.index]
|
||||||
|
cidr_block = local.private-subnets[count.index]
|
||||||
tags = merge(
|
tags = merge(
|
||||||
var.default-tags,
|
var.default-tags,
|
||||||
{
|
{
|
||||||
@ -22,12 +32,14 @@ resource aws_subnet private-subnets {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource aws_subnet public-subnets {
|
resource aws_subnet public-subnets {
|
||||||
count = length(var.public-subnet-cidrs)
|
count = length(local.public-subnets)
|
||||||
|
# count = length(var.public-subnet-cidrs)
|
||||||
# count = var.number-of-public-subnets-per-az * length(data.aws_availability_zones.available-az.names)
|
# count = var.number-of-public-subnets-per-az * length(data.aws_availability_zones.available-az.names)
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
|
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
|
||||||
# cidr_block = cidrsubnet(local.subnet_start[1], 2, count.index)
|
# cidr_block = cidrsubnet(local.subnet_start[1], 2, count.index)
|
||||||
cidr_block = var.public-subnet-cidrs[count.index]
|
# cidr_block = var.public-subnet-cidrs[count.index]
|
||||||
|
cidr_block = local.public-subnets[count.index]
|
||||||
tags = merge(
|
tags = merge(
|
||||||
var.default-tags,
|
var.default-tags,
|
||||||
{
|
{
|
||||||
@ -54,7 +66,7 @@ resource "aws_vpc" "vpc" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_internet_gateway" "igw" {
|
resource "aws_internet_gateway" "igw" {
|
||||||
count = length(var.public-subnet-cidrs) > 0 ? 1 : 0
|
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
|
|
||||||
tags = merge(
|
tags = merge(
|
||||||
@ -88,7 +100,7 @@ resource "aws_nat_gateway" "ngw" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource aws_route_table public-route-table {
|
resource aws_route_table public-route-table {
|
||||||
count = length(var.public-subnet-cidrs) > 0 ? 1 : 0
|
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
tags = merge(
|
tags = merge(
|
||||||
var.default-tags,
|
var.default-tags,
|
||||||
@ -99,7 +111,7 @@ resource aws_route_table public-route-table {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource aws_route_table private-route-table {
|
resource aws_route_table private-route-table {
|
||||||
count = length(var.private-subnet-cidrs) > 0 ? 1 : 0
|
count = var.number-of-private-subnets-per-az > 0 ? 1 : 0
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
tags = merge(
|
tags = merge(
|
||||||
var.default-tags,
|
var.default-tags,
|
||||||
@ -110,7 +122,7 @@ resource aws_route_table private-route-table {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route" "public-routes" {
|
resource "aws_route" "public-routes" {
|
||||||
count = length(var.public-subnet-cidrs) > 0 ? 1 : 0
|
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
|
||||||
|
|
||||||
destination_cidr_block = "0.0.0.0/0"
|
destination_cidr_block = "0.0.0.0/0"
|
||||||
gateway_id = aws_internet_gateway.igw[0].id
|
gateway_id = aws_internet_gateway.igw[0].id
|
||||||
@ -118,7 +130,7 @@ resource "aws_route" "public-routes" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route" "private-routes" {
|
resource "aws_route" "private-routes" {
|
||||||
count = length(var.private-subnet-cidrs) > 0 && var.create-nat-gateway ? 1 : 0
|
count = var.number-of-private-subnets-per-az > 0 && var.create-nat-gateway ? 1 : 0
|
||||||
|
|
||||||
destination_cidr_block = "0.0.0.0/0"
|
destination_cidr_block = "0.0.0.0/0"
|
||||||
nat_gateway_id = aws_nat_gateway.ngw[0].id
|
nat_gateway_id = aws_nat_gateway.ngw[0].id
|
||||||
|
Loading…
Reference in New Issue
Block a user