ExternalVendorCode/sondehub-infra
1
0
Fork 0
mirror of https://github.com/projecthorus/sondehub-infra.git synced 2024-12-18 20:57:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
main
sondehub-infra/vpc.tf
Michaela Wheeler 81830c2d74
Move lambda functions to secrets manager (#126) 
Co-authored-by: xss <michaela@michaela.lgbt>
2023-10-22 14:40:16 +11:00

206 lines
6.5 KiB
HCL
Raw Permalink Blame History

resource "aws_vpc" "main" {
cidr_block = "172.31.0.0/16"
assign_generated_ipv6_cidr_block = true
}
resource "aws_egress_only_internet_gateway" "main" {
vpc_id = aws_vpc.main.id
}
locals {
private_subnets = {
"us-east-1a" = ["172.31.128.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 13)],
"us-east-1b" = ["172.31.131.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 14)],
"us-east-1c" = ["172.31.130.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 15)],
"us-east-1d" = ["172.31.133.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 16)],
"us-east-1e" = ["172.31.129.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 17)],
"us-east-1f" = ["172.31.132.0/24", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 18)]
}
private_v6 = {
"us-east-1a" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 7),
"us-east-1b" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 8),
"us-east-1c" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 9),
"us-east-1d" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 10),
"us-east-1e" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 11),
"us-east-1f" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 12)
}
public_subnets = {
"us-east-1a" = ["172.31.80.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 19)],
"us-east-1b" = ["172.31.16.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 20)],
"us-east-1c" = ["172.31.32.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 21)],
"us-east-1d" = ["172.31.0.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 22)],
"us-east-1e" = ["172.31.48.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 23)],
"us-east-1f" = ["172.31.64.0/20", cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 24)]
}
public_v6 = {
"us-east-1a" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 1),
"us-east-1b" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 2),
"us-east-1c" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 3),
"us-east-1d" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 4),
"us-east-1e" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 5),
"us-east-1f" = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, 6)
}
}
resource "aws_subnet" "private" {
for_each = local.private_subnets
map_public_ip_on_launch = false
vpc_id = aws_vpc.main.id
cidr_block = each.value[0]
ipv6_cidr_block = each.value[1]
assign_ipv6_address_on_creation = true
tags = {
Name = "${each.key} - private"
}
}
resource "aws_subnet" "public" {
for_each = local.public_subnets
map_public_ip_on_launch = false
vpc_id = aws_vpc.main.id
cidr_block = each.value[0]
ipv6_cidr_block = each.value[1]
assign_ipv6_address_on_creation = true
tags = {
Name = "${each.key} - public"
}
}
resource "aws_subnet" "public_v6_only" {
for_each = local.public_v6
availability_zone = each.key
enable_resource_name_dns_aaaa_record_on_launch = true
assign_ipv6_address_on_creation = true
vpc_id = aws_vpc.main.id
ipv6_native = true
ipv6_cidr_block = each.value
tags = {
Name = "${each.key} - public v6 only"
}
}
resource "aws_subnet" "private_v6_only" {
for_each = local.private_v6
availability_zone = each.key
enable_resource_name_dns_aaaa_record_on_launch = true
assign_ipv6_address_on_creation = true
vpc_id = aws_vpc.main.id
ipv6_native = true
ipv6_cidr_block = each.value
tags = {
Name = "${each.key} - private v6 only"
}
}
resource "aws_route_table" "main" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table" "public_v6" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table_association" "public" {
for_each = local.public_subnets
subnet_id = aws_subnet.public[each.key].id
route_table_id = aws_route_table.public_v6.id
}
resource "aws_route_table_association" "public_v6_only" {
for_each = local.public_v6
subnet_id = aws_subnet.public_v6_only[each.key].id
route_table_id = aws_route_table.public_v6.id
}
resource "aws_route_table_association" "private_v6_only" {
for_each = local.private_v6
subnet_id = aws_subnet.private_v6_only[each.key].id
route_table_id = aws_route_table.main.id
}
resource "aws_route_table_association" "private" {
for_each = local.private_subnets
subnet_id = aws_subnet.private[each.key].id
route_table_id = aws_route_table.main.id
}
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
}
resource "aws_route" "main6" {
route_table_id = aws_route_table.main.id
destination_ipv6_cidr_block = "::/0"
egress_only_gateway_id = aws_egress_only_internet_gateway.main.id
}
resource "aws_route" "main" {
route_table_id = aws_route_table.main.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_route" "public" {
route_table_id = aws_route_table.public_v6.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_route" "public_v6" {
route_table_id = aws_route_table.public_v6.id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gw.id
}
resource "aws_security_group" "vpcendpoint" {
name = "vpcendpoint"
description = "vpcendpoint"
ingress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = ""
prefix_list_ids = []
self = false
security_groups = []
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_groups = []
description = ""
prefix_list_ids = []
self = false
}
]
vpc_id = aws_vpc.main.id
}
resource "aws_vpc_endpoint" "secretsmanager" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.us-east-1.secretsmanager"
vpc_endpoint_type = "Interface"
security_group_ids = [
aws_security_group.vpcendpoint.id,
]
private_dns_enabled = true
}
Reference in New Issue View Git Blame Copy Permalink