ExternalVendorCode/sondehub-infra
1
0
Fork 0
mirror of https://github.com/projecthorus/sondehub-infra.git synced 2025-01-18 10:46:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Dualstack subnets + v6 only subnets

Browse Source
This commit is contained in:
xss 2023-08-04 17:10:41 +10:00
parent f177014bd6
commit aad42149d1
2 changed files with 93 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
vpc.tf
View File

@ -10,20 +10,36 @@ resource "aws_egress_only_internet_gateway" "main" {
locals {
private_subnets = {
"us-east-1a" = "172.31.128.0/24",
"us-east-1b" = "172.31.131.0/24",
"us-east-1c" = "172.31.130.0/24",
"us-east-1d" = "172.31.133.0/24",
"us-east-1e" = "172.31.129.0/24",
"us-east-1f" = "172.31.132.0/24"
"us-east-1a" = ["172.31.128.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 13)],
"us-east-1b" = ["172.31.131.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 14)],
"us-east-1c" = ["172.31.130.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 15)],
"us-east-1d" = ["172.31.133.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 16)],
"us-east-1e" = ["172.31.129.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 17)],
"us-east-1f" = ["172.31.132.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 18)]
}
private_v6 = {
"us-east-1a" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 7),
"us-east-1b" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 8),
"us-east-1c" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 9),
"us-east-1d" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 10),
"us-east-1e" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 11),
"us-east-1f" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 12)
}
public_subnets = {
"us-east-1a" = "172.31.80.0/20",
"us-east-1b" = "172.31.16.0/20",
"us-east-1c" = "172.31.32.0/20",
"us-east-1d" = "172.31.0.0/20",
"us-east-1e" = "172.31.48.0/20",
"us-east-1f" = "172.31.64.0/20"
"us-east-1a" = ["172.31.80.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 19)],
"us-east-1b" = ["172.31.16.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 20)],
"us-east-1c" = ["172.31.32.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 21)],
"us-east-1d" = ["172.31.0.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 22)],
"us-east-1e" = ["172.31.48.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 23)],
"us-east-1f" = ["172.31.64.0/20",cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 24)]
}
public_v6 = {
"us-east-1a" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 1),
"us-east-1b" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 2),
"us-east-1c" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 3),
"us-east-1d" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 4),
"us-east-1e" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 5),
"us-east-1f" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 6)
}
}
resource "aws_subnet" "private" {
@ -31,8 +47,8 @@ resource "aws_subnet" "private" {
map_public_ip_on_launch = false
vpc_id = aws_vpc.main.id
cidr_block = each.value
cidr_block = each.value[0]
ipv6_cidr_block = each.value[1]
tags = {
Name = "${each.key} - private"
}
@ -43,21 +59,70 @@ resource "aws_subnet" "public" {
map_public_ip_on_launch = false
vpc_id = aws_vpc.main.id
cidr_block = each.value
cidr_block = each.value[0]
ipv6_cidr_block = each.value[1]
tags = {
Name = "${each.key} - public"
}
}
resource "aws_subnet" "public_v6_only" {
for_each = local.public_v6
availability_zone = each.key
enable_resource_name_dns_aaaa_record_on_launch = true
assign_ipv6_address_on_creation = true
vpc_id = aws_vpc.main.id
ipv6_native = true
ipv6_cidr_block = each.value
tags = {
Name = "${each.key} - public v6 only"
}
}
resource "aws_subnet" "private_v6_only" {
for_each = local.private_v6
availability_zone = each.key
enable_resource_name_dns_aaaa_record_on_launch = true
assign_ipv6_address_on_creation = true
vpc_id = aws_vpc.main.id
ipv6_native = true
ipv6_cidr_block = each.value
tags = {
Name = "${each.key} - private v6 only"
}
}
resource "aws_route_table" "main" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table" "public_v6" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table_association" "public" {
for_each = local.public_subnets
subnet_id = aws_subnet.public[each.key].id
route_table_id = aws_route_table.public_v6.id
}
resource "aws_route_table_association" "public_v6_only" {
for_each = local.public_v6
subnet_id = aws_subnet.public_v6_only[each.key].id
route_table_id = aws_route_table.public_v6.id
}
resource "aws_route_table_association" "private_v6_only" {
for_each = local.private_v6
subnet_id = aws_subnet.private_v6_only[each.key].id
route_table_id = aws_route_table.main.id
}
resource "aws_route_table_association" "private" {
for_each = local.private_subnets
subnet_id = aws_subnet.private[each.key].id
@ -78,4 +143,16 @@ resource "aws_route" "main" {
route_table_id = aws_route_table.main.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_route" "public" {
route_table_id = aws_route_table.public_v6.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_route" "public_v6" {
route_table_id = aws_route_table.public_v6.id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gw.id
}

2
websockets.tf
View File

@ -541,7 +541,7 @@ resource "aws_ecs_service" "ws_reader_ec2" {
task_definition = aws_ecs_task_definition.ws_reader_ec2.arn
enable_ecs_managed_tags = true
launch_type = "EC2"
desired_count = 9
desired_count = 6
placement_constraints {
type = "distinctInstance"
}