github.com/SUSE/skuba@v1.4.17/ci/infra/aws/network.tf (about) 1 resource "aws_vpc" "platform" { 2 cidr_block = var.vpc_cidr_block 3 enable_dns_hostnames = true 4 enable_dns_support = true 5 tags = merge( 6 local.tags, 7 { 8 "Name" = "${var.stack_name}-vpc" 9 "Class" = "VPC" 10 }, 11 ) 12 } 13 14 // list of az which can be access from the current region 15 data "aws_availability_zones" "az" { 16 state = "available" 17 } 18 19 resource "aws_vpc_dhcp_options" "platform" { 20 domain_name = "${var.aws_region}.compute.internal" 21 domain_name_servers = ["AmazonProvidedDNS"] 22 tags = merge( 23 local.tags, 24 { 25 "Class" = "VPCDHCP" 26 }, 27 ) 28 } 29 30 resource "aws_vpc_dhcp_options_association" "dns_resolver" { 31 dhcp_options_id = aws_vpc_dhcp_options.platform.id 32 vpc_id = aws_vpc.platform.id 33 } 34 35 resource "aws_internet_gateway" "platform" { 36 tags = merge( 37 local.tags, 38 { 39 "Class" = "Gateway" 40 }, 41 ) 42 vpc_id = aws_vpc.platform.id 43 depends_on = [aws_vpc.platform] 44 } 45 46 resource "aws_subnet" "public" { 47 availability_zone = element(data.aws_availability_zones.az.names, 0) 48 cidr_block = var.public_subnet 49 depends_on = [aws_main_route_table_association.main] 50 map_public_ip_on_launch = true 51 52 tags = merge( 53 local.tags, 54 { 55 "Name" = "${var.stack_name}-subnet-public-${element(data.aws_availability_zones.az.names, 0)}" 56 "Class" = "VPC" 57 }, 58 ) 59 60 vpc_id = aws_vpc.platform.id 61 } 62 63 resource "aws_subnet" "private" { 64 availability_zone = element(data.aws_availability_zones.az.names, 0) 65 cidr_block = var.private_subnet 66 67 tags = merge( 68 local.tags, 69 { 70 "Name" = "${var.stack_name}-subnet-private-${element(data.aws_availability_zones.az.names, 0)}" 71 "Class" = "Subnet" 72 }, 73 ) 74 75 vpc_id = aws_vpc.platform.id 76 } 77 78 resource "aws_route_table" "public" { 79 vpc_id = aws_vpc.platform.id 80 81 tags = merge( 82 local.tags, 83 { 84 "Name" = "${var.stack_name}-route-table-public" 85 "Class" = "RouteTable" 86 }, 87 ) 88 } 89 90 resource "aws_route" "public_to_everywhere" { 91 route_table_id = aws_route_table.public.id 92 destination_cidr_block = "0.0.0.0/0" 93 gateway_id = aws_internet_gateway.platform.id 94 } 95 96 resource "aws_route_table" "private" { 97 vpc_id = aws_vpc.platform.id 98 99 tags = merge( 100 local.tags, 101 { 102 "Name" = "${var.stack_name}-route-table-private" 103 "Class" = "RouteTable" 104 }, 105 ) 106 } 107 108 resource "aws_route" "private_nat_gateway" { 109 route_table_id = aws_route_table.private.id 110 destination_cidr_block = "0.0.0.0/0" 111 nat_gateway_id = aws_nat_gateway.nat_gw.id 112 } 113 114 resource "aws_main_route_table_association" "main" { 115 route_table_id = aws_route_table.public.id 116 vpc_id = aws_vpc.platform.id 117 } 118 119 resource "aws_route_table_association" "private" { 120 route_table_id = aws_route_table.private.id 121 subnet_id = aws_subnet.private.id 122 } 123 124 resource "aws_route_table_association" "public" { 125 route_table_id = aws_route_table.public.id 126 subnet_id = aws_subnet.public.id 127 } 128 129 resource "aws_eip" "nat_eip" { 130 vpc = true 131 depends_on = [aws_internet_gateway.platform] 132 133 tags = merge( 134 local.tags, 135 { 136 "Name" = "${var.stack_name}-eip-nat_eip" 137 "Class" = "ElasticIP" 138 }, 139 ) 140 } 141 142 resource "aws_nat_gateway" "nat_gw" { 143 allocation_id = aws_eip.nat_eip.id 144 subnet_id = aws_subnet.public.id 145 depends_on = [aws_eip.nat_eip] 146 147 tags = merge( 148 local.tags, 149 { 150 "Name" = "${var.stack_name}-nat_gateway" 151 "Class" = "NatGateway" 152 }, 153 ) 154 } 155