-
Notifications
You must be signed in to change notification settings - Fork 5
/
vpcs.tf
137 lines (126 loc) · 4.35 KB
/
vpcs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
locals {
vpc_subnets = {
(local.region) = {
"public" = {
"cidr" = cidrsubnet(var.vpc_cidr, 8, 0)
}
},
(local.region2) = {
"public" = {
"cidr" = cidrsubnet(var.vpc_cidr, 8, 1)
}
},
(local.region3) = {
"public" = {
"cidr" = cidrsubnet(var.vpc_cidr, 8, 2)
}
}
}
vpcs = {
(local.region) = module.vpc-default
(local.region2) = local.region2 == "region2-stub" ? null : module.vpc-region2[0]
(local.region3) = local.region3 == "region3-stub" ? null : module.vpc-region3[0]
}
}
resource "tls_private_key" "pk" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "local_sensitive_file" "pem_file" {
filename = local.ssh_key_path
file_permission = "600"
directory_permission = "700"
content = tls_private_key.pk.private_key_pem
}
module "vpc-default" {
source = "./modules/vpc"
vpc_region = local.region
provider_alias = "default"
cidr = local.vpc_subnets[local.region]["public"]["cidr"]
prefix = local.prefix
public_key = tls_private_key.pk.public_key_openssh
enable_ipv6 = local.enable_ipv6
providers = {
aws = aws.default
}
}
module "vpc-region2" {
source = "./modules/vpc"
count = local.region2 != "region2-stub" ? 1 : 0
vpc_region = local.region2
provider_alias = "region2"
cidr = local.vpc_subnets[local.region2]["public"]["cidr"]
prefix = local.prefix
public_key = tls_private_key.pk.public_key_openssh
enable_ipv6 = local.enable_ipv6
providers = {
aws = aws.region2
}
}
module "vpc-region3" {
source = "./modules/vpc"
count = local.region3 != "region3-stub" ? 1 : 0
vpc_region = local.region3
provider_alias = "region3"
cidr = local.vpc_subnets[local.region3]["public"]["cidr"]
prefix = local.prefix
public_key = tls_private_key.pk.public_key_openssh
enable_ipv6 = local.enable_ipv6
providers = {
aws = aws.region3
}
}
module "vpc-peering-default-to-region2" {
source = "./modules/vpc_peering"
count = local.region2 != "region2-stub" ? 1 : 0
vpc_id = module.vpc-default.vpc_id
route_table_id = module.vpc-default.main_route_table_id
cidr_block = local.vpc_subnets[local.region]["public"]["cidr"]
peer_vpc_id = module.vpc-region2[0].vpc_id
peer_route_table_id = module.vpc-region2[0].main_route_table_id
peer_region = local.region2
peer_cidr_block = local.vpc_subnets[local.region2]["public"]["cidr"]
providers = {
aws.primary = aws.default
aws.peer = aws.region2
}
}
module "vpc-peering-default-to-region3" {
source = "./modules/vpc_peering"
count = local.region3 != "region3-stub" ? 1 : 0
vpc_id = module.vpc-default.vpc_id
route_table_id = module.vpc-default.main_route_table_id
cidr_block = local.vpc_subnets[local.region]["public"]["cidr"]
peer_vpc_id = module.vpc-region3[0].vpc_id
peer_route_table_id = module.vpc-region3[0].main_route_table_id
peer_region = local.region3
peer_cidr_block = local.vpc_subnets[local.region3]["public"]["cidr"]
providers = {
aws.primary = aws.default
aws.peer = aws.region3
}
}
module "vpc-peering-region2-to-region3" {
source = "./modules/vpc_peering"
count = local.region2 != "region2-stub" && local.region3 != "region3-stub" ? 1 : 0
vpc_id = module.vpc-region2[0].vpc_id
route_table_id = module.vpc-region2[0].main_route_table_id
cidr_block = local.vpc_subnets[local.region2]["public"]["cidr"]
peer_vpc_id = module.vpc-region3[0].vpc_id
peer_route_table_id = module.vpc-region3[0].main_route_table_id
peer_region = local.region3
peer_cidr_block = local.vpc_subnets[local.region3]["public"]["cidr"]
providers = {
aws.primary = aws.region2
aws.peer = aws.region3
}
}
resource "aws_security_group_rule" "allow_access_from_public_nlb" {
type = "ingress"
security_group_id = module.vpc-default.security_group_id
source_security_group_id = module.public_nlb.security_group_id
protocol = "-1"
from_port = 0
to_port = 0
provider = aws.default
}