Skip to content

Instantly share code, notes, and snippets.

@acsrujan

acsrujan/aws.tf

Last active June 17, 2019 07:05
Show Gist options
  • Save acsrujan/c264b10ee615ef4e5897a176ed721ec7 to your computer and use it in GitHub Desktop.
Save acsrujan/c264b10ee615ef4e5897a176ed721ec7 to your computer and use it in GitHub Desktop.
Download ZIP
Setup VPC with AWS NAT gateways
Raw
aws.tf
provider "aws" {
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
region = "${var.aws_region}"
}
Raw
terraform.tfvars
aws_access_key = ""
aws_secret_key = ""
Raw
vars.tf
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_region" {
description = "EC2 Region for the VPC"
default = "ap-south-1"
}
variable "vpc_cidr" {
description = "CIDR for the whole VPC"
default = "172.31.0.0/16"
}
variable "public_subnet_cidr_1a" {
description = "CIDR for the Public Subnet in 1a"
default = "172.31.80.0/20"
}
variable "private_subnet_cidr_1a" {
description = "CIDR for the Private Subnet in 1a"
default = "172.31.48.0/20"
}
variable "public_subnet_cidr_1b" {
description = "CIDR for the Public Subnet in 1b"
default = "172.31.0.0/20"
}
variable "private_subnet_cidr_1b" {
description = "CIDR for the Private Subnet in 1b"
default = "172.31.16.0/20"
}
variable "public_subnet_cidr_1c" {
description = "CIDR for the Public Subnet in 1c"
default = "172.31.64.0/20"
}
variable "private_subnet_cidr_1c" {
description = "CIDR for the Private Subnet in 1c"
default = "172.31.32.0/20"
}
Raw
vpc.tf
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "whatever-name"
}
}
output "vpc_id" {
value = "${aws_vpc.default.id}"
}
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
}
/* Public Subnets 1 per AZ */
/* 1a */
resource "aws_subnet" "ap-south-1a-public" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_cidr_1a}"
availability_zone = "ap-south-1a"
tags = {
Name = "Public Subnet 1a"
}
}
resource "aws_route_table" "ap-south-1a-public" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
tags = {
Name = "Public Subnet 1a route table"
}
}
resource "aws_route_table_association" "ap-south-1a-public" {
subnet_id = "${aws_subnet.ap-south-1a-public.id}"
route_table_id = "${aws_route_table.ap-south-1a-public.id}"
}
/* 1b */
resource "aws_subnet" "ap-south-1b-public" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_cidr_1b}"
availability_zone = "ap-south-1b"
tags = {
Name = "Public Subnet 1b"
}
}
resource "aws_route_table" "ap-south-1b-public" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
tags = {
Name = "Public Subnet 1b route table"
}
}
resource "aws_route_table_association" "ap-south-1b-public" {
subnet_id = "${aws_subnet.ap-south-1b-public.id}"
route_table_id = "${aws_route_table.ap-south-1b-public.id}"
}
/* 1c */
resource "aws_subnet" "ap-south-1c-public" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_cidr_1c}"
availability_zone = "ap-south-1c"
tags = {
Name = "Public Subnet 1c"
}
}
resource "aws_route_table" "ap-south-1c-public" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
tags = {
Name = "Public Subnet 1c route table"
}
}
resource "aws_route_table_association" "ap-south-1c-public" {
subnet_id = "${aws_subnet.ap-south-1c-public.id}"
route_table_id = "${aws_route_table.ap-south-1c-public.id}"
}
/*
Private Subnet
*/
/* 1a */
resource "aws_subnet" "ap-south-1a-private" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_subnet_cidr_1a}"
availability_zone = "ap-south-1a"
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table" "ap-south-1a-private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.gw-1a.id}"
}
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table_association" "ap-south-1a-private" {
subnet_id = "${aws_subnet.ap-south-1a-private.id}"
route_table_id = "${aws_route_table.ap-south-1a-private.id}"
}
/* 1b */
resource "aws_subnet" "ap-south-1b-private" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_subnet_cidr_1b}"
availability_zone = "ap-south-1b"
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table" "ap-south-1b-private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.gw-1b.id}"
}
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table_association" "ap-south-1b-private" {
subnet_id = "${aws_subnet.ap-south-1b-private.id}"
route_table_id = "${aws_route_table.ap-south-1b-private.id}"
}
/* 1c */
resource "aws_subnet" "ap-south-1c-private" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_subnet_cidr_1c}"
availability_zone = "ap-south-1c"
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table" "ap-south-1c-private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.gw-1c.id}"
}
tags = {
Name = "Private Subnet"
}
}
resource "aws_route_table_association" "ap-south-1c-private" {
subnet_id = "${aws_subnet.ap-south-1c-private.id}"
route_table_id = "${aws_route_table.ap-south-1c-private.id}"
}
/* NAT Gateway */
// Creates elastic IPs and NAT gateways
resource "aws_eip" "nat-1a" {
vpc = true
tags = {
Name = "nat-1a"
}
}
resource "aws_eip" "nat-1b" {
vpc = true
tags = {
Name = "nat-1b"
}
}
resource "aws_eip" "nat-1c" {
vpc = true
tags = {
Name = "nat-1c"
}
}
resource "aws_nat_gateway" "gw-1a" {
allocation_id = "${aws_eip.nat-1a.id}"
subnet_id = "${aws_subnet.ap-south-1a-public.id}"
}
resource "aws_nat_gateway" "gw-1b" {
allocation_id = "${aws_eip.nat-1b.id}"
subnet_id = "${aws_subnet.ap-south-1b-public.id}"
}
resource "aws_nat_gateway" "gw-1c" {
allocation_id = "${aws_eip.nat-1c.id}"
subnet_id = "${aws_subnet.ap-south-1c-public.id}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment