NEW: added vpc and subnet code

This commit is contained in:
xpk 2021-01-28 15:04:01 +08:00
parent 2b5b9c18fe
commit 69fe037ec9
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
13 changed files with 346 additions and 2 deletions

View File

@ -0,0 +1,37 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.25.0"
constraints = ">= 2.68.0, >= 3.25.0"
hashes = [
"h1:9bXU5cFO/2DX8z5whaGMA7wcCalKQJZrBm89AuePuEM=",
"zh:2d3c65461bc63ec39bce7b5afdbed9a3b4dd5c2c8ee94616ad1866e24cf9b8f0",
"zh:2fb2ea6ccac30b909b603e183433737a30c58ec1f9a6a8b5565f0f051490c07a",
"zh:31a5f192c8cf29fb677cd639824f9a685578a2564c6b790517db33ea56229045",
"zh:437a12cf9a4d7bc92c9bf14ee7e224d5d3545cbd2154ba113ae82c4bb68edc27",
"zh:4bbdc3155a5dea90b2d50adfa460b0759c4dd959efaf7f66b2a0385a53b469b2",
"zh:63a8cd523ba31358692a34a06e111d88769576ac6d0e5adad8e0b4ae0a2d8882",
"zh:c4301ce86e8cb2c464949bb99e729ffe7b0c55eaf34b82ba526bb5039bca36f3",
"zh:c97b84861c6c550b8d2feb12d089660fffbf51dc7d660dcc9d54d4a7b3c2c882",
"zh:d6a103570e2d5c387b068fac4b88654dfa21d44ca1bdfa4bc8ab94c88effd71a",
"zh:f08cf2faf960a8ca374ac860f37c31c88ed2bab460116ac74678e0591babaac5",
]
}
provider "registry.terraform.io/hashicorp/null" {
version = "3.0.0"
hashes = [
"h1:ysHGBhBNkIiJLEpthB/IVCLpA1Qoncp3KbCTFGFZTO0=",
"zh:05fb7eab469324c97e9b73a61d2ece6f91de4e9b493e573bfeda0f2077bc3a4c",
"zh:1688aa91885a395c4ae67636d411475d0b831e422e005dcf02eedacaafac3bb4",
"zh:24a0b1292e3a474f57c483a7a4512d797e041bc9c2fbaac42fe12e86a7fb5a3c",
"zh:2fc951bd0d1b9b23427acc93be09b6909d72871e464088171da60fbee4fdde03",
"zh:6db825759425599a326385a68acc6be2d9ba0d7d6ef587191d0cdc6daef9ac63",
"zh:85985763d02618993c32c294072cc6ec51f1692b803cb506fcfedca9d40eaec9",
"zh:a53186599c57058be1509f904da512342cfdc5d808efdaf02dec15f0f3cb039a",
"zh:c2e07b49b6efa676bdc7b00c06333ea1792a983a5720f9e2233db27323d2707c",
"zh:cdc8fe1096103cf5374751e2e8408ec4abd2eb67d5a1c5151fe2c7ecfd525bef",
"zh:dbdef21df0c012b0d08776f3d4f34eb0f2f229adfde07ff252a119e52c0f65b7",
]
}

View File

@ -0,0 +1,16 @@
data aws_caller_identity this {}
module networking-vpc-subnets {
source = "../../../modules/networking/vpc_subnets"
application = var.application
environment = var.environment
customer-name = var.customer-name
project = var.project
default-tags = local.default-tags
number-of-private-subnets-per-az = 2
number-of-public-subnets-per-az = 1
create-nat-gateway = true
vpc-cidr = "10.2.0.0/16"
aws-region-short = "apne1"
aws-region = var.aws-region
}

View File

@ -0,0 +1,11 @@
output vpc_id {
value = module.networking-vpc-subnets.vpc_id
}
output public_subnets {
value = module.networking-vpc-subnets.public_subnets
}
output private_subnets {
value = module.networking-vpc-subnets.private_subnets
}

View File

@ -0,0 +1,13 @@
provider "aws" {
region = var.aws-region
}
terraform {
required_version = ">= 0.14"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.25"
}
}
}

View File

@ -0,0 +1,6 @@
aws-region = "ap-northeast-1"
aws-region-short = "apne1"
customer-name = "racken"
environment = "lab"
project = "cleanslate"
application = "infra"

View File

@ -0,0 +1,22 @@
variable "aws-region" {}
variable "aws-region-short" {}
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
locals {
default-tags = {
ServiceProvider = "RackspaceTechnology"
Environment = var.environment
Project = var.project
Application = var.application
TerraformMode = "managed"
TerraformDir = trimprefix(path.cwd, "/my/work/xpk-git/")
CreatedBy = split(":",data.aws_caller_identity.this.user_id)[1]
BuildDate = formatdate("YYYYMMDD", timestamp())
}
ct-bucket-name = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}-ctbucket-${data.aws_caller_identity.this.account_id}"
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
}

View File

@ -0,0 +1 @@
data aws_caller_identity this {}

View File

@ -0,0 +1,11 @@
output vpc_id {
value = aws_vpc.vpc.id
}
output public_subnets {
value = aws_subnet.public-subnets.*.cidr_block
}
output private_subnets {
value = aws_subnet.private-subnets.*.cidr_block
}

View File

@ -0,0 +1,25 @@
variable "customer-name" {}
variable "environment" {}
variable "project" {}
variable "application" {}
variable "default-tags" {}
variable "aws-region" {}
variable "aws-region-short" {}
locals {
resource-prefix = "${var.environment}-${var.aws-region-short}-${var.customer-name}-${var.project}"
}
# VPC variables
variable vpc-cidr {}
variable number-of-public-subnets-per-az {}
variable number-of-private-subnets-per-az {}
variable create-nat-gateway {}
variable enable-flow-log {
type = bool
default = true
}
variable vpcflowlog-retain-days {
type = number
default = 90
}

View File

@ -0,0 +1,67 @@
resource "aws_flow_log" "vpc-flowlog" {
count = var.enable-flow-log ? 1 : 0
iam_role_arn = aws_iam_role.vpcflowlog-role.arn
log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn
traffic_type = "ALL"
vpc_id = aws_vpc.vpc.id
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-vpcflowlog"
},
)
}
resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" {
count = var.enable-flow-log ? 1 : 0
name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/"
kms_key_id = "arn:aws:kms:${var.aws-region}:${data.aws_caller_identity.this.account_id}:alias/lab-apne1-racken-cleanslate-kmskey-default"
retention_in_days = var.vpcflowlog-retain-days
tags = var.default-tags
}
resource "aws_iam_role" "vpcflowlog-role" {
name = "${local.resource-prefix}-vpcflowlog"
path = "/service/"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "vpc-flow-logs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "vpcflowlog-role-policy" {
name = "${local.resource-prefix}-vpcflowlog"
role = aws_iam_role.vpcflowlog-role.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}

View File

@ -0,0 +1,135 @@
data "aws_availability_zones" "available-az" {
state = "available"
}
locals {
subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
}
resource aws_subnet private-subnets {
count = var.number-of-private-subnets-per-az * length(data.aws_availability_zones.available-az.names)
vpc_id = aws_vpc.vpc.id
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
cidr_block = cidrsubnet(local.subnet_start[0], 4, count.index)
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-private-${split("-",element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index+1}"
},
)
}
resource aws_subnet public-subnets {
count = var.number-of-public-subnets-per-az * length(data.aws_availability_zones.available-az.names)
vpc_id = aws_vpc.vpc.id
availability_zone = element(data.aws_availability_zones.available-az.names, count.index)
cidr_block = cidrsubnet(local.subnet_start[1], 4, count.index)
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-public-${split("-",element(data.aws_availability_zones.available-az.names, count.index))[2]}-${count.index+1}"
},
)
}
resource "aws_vpc" "vpc" {
cidr_block = var.vpc-cidr
enable_dns_hostnames = true
enable_dns_support = true
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-vpc"
},
)
lifecycle {
create_before_destroy = true
}
}
resource "aws_internet_gateway" "igw" {
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-igw"
},
)
}
resource "aws_eip" "ngw-eip" {
count = var.create-nat-gateway ? 1 : 0
vpc = true
tags = var.default-tags
depends_on = [aws_internet_gateway.igw]
}
resource "aws_nat_gateway" "ngw" {
count = var.create-nat-gateway ? 1 : 0
allocation_id = aws_eip.ngw-eip[0].id
subnet_id = aws_subnet.public-subnets[0].id
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-ngw"
},
)
depends_on = [aws_internet_gateway.igw]
}
resource aws_route_table public-route-table {
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-publicroutetable"
},
)
}
resource aws_route_table private-route-table {
count = var.number-of-private-subnets-per-az > 0 ? 1 : 0
vpc_id = aws_vpc.vpc.id
tags = merge(
var.default-tags,
{
Name = "${local.resource-prefix}-privateroutetable"
},
)
}
resource "aws_route" "public-routes" {
count = var.number-of-public-subnets-per-az > 0 ? 1 : 0
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw[0].id
route_table_id = aws_route_table.public-route-table[0].id
}
resource "aws_route" "private-routes" {
count = var.number-of-private-subnets-per-az > 0 ? 1 : 0
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.ngw[0].id
route_table_id = aws_route_table.private-route-table[0].id
}
resource "aws_route_table_association" "public_route_association" {
count = length(aws_subnet.public-subnets)
route_table_id = aws_route_table.public-route-table[0].id
subnet_id = aws_subnet.public-subnets[count.index].id
}
resource "aws_route_table_association" "private_route_association" {
count = length(aws_subnet.private-subnets)
route_table_id = aws_route_table.private-route-table[0].id
subnet_id = aws_subnet.private-subnets[count.index].id
}

View File

@ -5,7 +5,7 @@ resource "aws_kms_key" "ctbucket-key" {
}
resource "aws_kms_alias" ctbucket-key-aliaas {
name = "alias/${local.resource-prefix}-ctkey-alias"
name = "alias/${local.resource-prefix}-kmskey-default"
target_key_id = aws_kms_key.ctbucket-key.key_id
}

View File

@ -1,5 +1,5 @@
resource "aws_cloudwatch_log_group" "ct-cwl" {
name = "${local.resource-prefix}-cwl-001"
name_prefix = "cloudtrail/"
retention_in_days = var.cloudtrail-retain-days
kms_key_id = aws_kms_key.ctbucket-key.arn
tags = var.default-tags