initial commit

rashid4lyf · rashid4lyf · commit 09a90131e5f0 · 2022-04-18T18:30:46.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+*.lock.hcl
+.terraform
diff --git a/README.md b/README.md
@@ -0,0 +1,84 @@
+# Demo VPC, IGW, Public & Private Subnets
+
+This repository creates a VPC, IGW, public and private subnets and route tables. 
+
+## Architecture
+
+The following will be created: 
+
+![image](assets/cloud_vpc.png)
+
+## Configuring S3 Backend
+
+This project can be configured to use S3 as a backend to store the state file. In addition a DynamoDB locks table will be created. 
+
+To enable S3 first set the varible `backend_enabled` to `true`. Then run a `terraform innit` and `terraform apply`. Once applied you can now change `versions.tf` and enable backend support.
+
+```
+terraform {
+   backend "s3" {
+     bucket         = "ENTER_BUCKET_NAME"
+     key            = "terraform_vpc/terraform.tfstate"
+     region         = "eu-west-1"
+     encrypt        = true
+     kms_key_id     = "ENTER_KMS_ID"
+     dynamodb_table = "ENTER_DYNAMODB_TABLE_NAME"
+   }
+   // other terraform configuration
+}
+```
+These values can be gathered from the outputs from the `terraform apply`.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 4.10.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.10.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_remote-state-s3-backend"></a> [remote-state-s3-backend](#module\_remote-state-s3-backend) | nozaq/remote-state-s3-backend/aws | 1.2.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/eip) | resource |
+| [aws_internet_gateway.igw](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/internet_gateway) | resource |
+| [aws_nat_gateway.nat](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/nat_gateway) | resource |
+| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route) | resource |
+| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route) | resource |
+| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route_table) | resource |
+| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route_table) | resource |
+| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route_table_association) | resource |
+| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/route_table_association) | resource |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/security_group) | resource |
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/subnet) | resource |
+| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/subnet) | resource |
+| [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/4.10.0/docs/resources/vpc) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | n/a | `list(string)` | <pre>[<br>  "eu-west-1a",<br>  "eu-west-1b",<br>  "eu-west-1c"<br>]</pre> | no |
+| <a name="input_backend_enabled"></a> [backend\_enabled](#input\_backend\_enabled) | n/a | `bool` | `false` | no |
+| <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | VPC cidr block. Example: 10.0.0.0/16 | `string` | `"10.0.0.0/16"` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | `"eu-west-1"` | no |
+| <a name="input_replica_region"></a> [replica\_region](#input\_replica\_region) | Region in which S3 bucket to be replicated. | `string` | `"eu-west-2"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_dynamodb_table"></a> [dynamodb\_table](#output\_dynamodb\_table) | n/a |
+| <a name="output_kms_key"></a> [kms\_key](#output\_kms\_key) | n/a |
+| <a name="output_state_bucket"></a> [state\_bucket](#output\_state\_bucket) | n/a |
diff --git a/assets/cloud_vpc.png b/assets/cloud_vpc.png
diff --git a/network.tf b/network.tf
@@ -0,0 +1,106 @@
+resource "aws_vpc" "main" {
+  cidr_block       = var.cidr_block
+  instance_tenancy = "default"
+  tags = {
+    Name = "CloudDemo"
+    Demo = "Terraform"
+  }
+}
+
+resource "aws_subnet" "public" {
+  vpc_id            = aws_vpc.main.id
+  count             = length(var.availability_zones)
+  cidr_block        = cidrsubnet(var.cidr_block, 8, count.index)
+  availability_zone = element(var.availability_zones, count.index)
+
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "Public Subnet: ${element(var.availability_zones, count.index)}"
+    Type = "Public"
+  }
+}
+
+resource "aws_subnet" "private" {
+  vpc_id            = aws_vpc.main.id
+  count             = length(var.availability_zones)
+  cidr_block        = cidrsubnet(var.cidr_block, 8, count.index + length(var.availability_zones))
+  availability_zone = element(var.availability_zones, count.index)
+
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name = "Private Subnet: ${element(var.availability_zones, count.index)}"
+    Type = "Private"
+  }
+}
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.main.id
+  tags = {
+    "Name"  = "${var.region}-igw"
+    "Owner" = "CloudDemo"
+  }
+}
+
+
+resource "aws_eip" "nat" {
+  count = length(var.availability_zones)
+  vpc   = true
+}
+
+resource "aws_nat_gateway" "nat" {
+  count         = length(var.availability_zones)
+  subnet_id     = element(aws_subnet.public.*.id, count.index)
+  allocation_id = element(aws_eip.nat.*.id, count.index)
+
+  tags = {
+    "Name"  = "NAT: ${element(var.availability_zones, count.index)}"
+    "Owner" = "CloudDemo"
+  }
+
+  depends_on = [aws_internet_gateway.igw]
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "Public"
+  }
+}
+
+resource "aws_route" "public_internet_gateway" {
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.igw.id
+}
+
+resource "aws_route_table_association" "public" {
+  count          = length(var.availability_zones)
+  subnet_id      = element(aws_subnet.public.*.id, count.index)
+  route_table_id = aws_route_table.public.id
+}
+
+
+resource "aws_route_table" "private" {
+  vpc_id = aws_vpc.main.id
+  count  = length(var.availability_zones)
+
+  tags = {
+    "Name" = "Private: ${element(var.availability_zones, count.index)}"
+  }
+}
+
+resource "aws_route" "private_nat_gateway" {
+  count                  = length(var.availability_zones)
+  route_table_id         = element(aws_route_table.private.*.id, count.index)
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = element(aws_nat_gateway.nat.*.id, count.index)
+}
+
+resource "aws_route_table_association" "private" {
+  count          = length(var.availability_zones)
+  subnet_id      = element(aws_subnet.private.*.id, count.index)
+  route_table_id = element(aws_route_table.private.*.id, count.index)
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,11 @@
+output "state_bucket" {
+  value = var.backend_enabled ?  module.remote-state-s3-backend.state_bucket.bucket : ""
+}
+
+output "dynamodb_table" {
+  value = var.backend_enabled ? module.remote-state-s3-backend.dynamodb_table.id : ""
+}
+
+output "kms_key" {
+  value = var.backend_enabled ? module.remote-state-s3-backend.kms_key.id: ""
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,9 @@
+provider "aws" {
+  region = var.region
+}
+
+provider "aws" {
+  alias  = "replica"
+  region = var.replica_region
+}
+
diff --git a/s3.tf b/s3.tf
@@ -0,0 +1,11 @@
+module "remote-state-s3-backend" {
+  count   = var.backend_enabled ? 1 : 0
+  source  = "nozaq/remote-state-s3-backend/aws"
+  version = "1.2.0"
+  providers = {
+    aws         = aws
+    aws.replica = aws.replica
+  }
+  terraform_iam_policy_create = false
+}
+
diff --git a/sg.tf b/sg.tf
@@ -0,0 +1,19 @@
+resource "aws_security_group" "default" {
+  name        = "${var.region}-default-sg"
+  description = "Default security group to allow inbound/outbound from the VPC"
+  vpc_id      = "${aws_vpc.main.id}"
+  depends_on  = [aws_vpc.main]
+  ingress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = true
+  }
+  
+  egress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = "true"
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,27 @@
+variable "region" {
+  description = "AWS Region"
+  default     = "eu-west-1"
+}
+
+variable "replica_region" {
+  description = "Region in which S3 bucket to be replicated."
+  default     = "eu-west-2"
+
+}
+
+variable "cidr_block" {
+  type        = string
+  description = "VPC cidr block. Example: 10.0.0.0/16"
+  default     = "10.0.0.0/16"
+}
+
+variable "availability_zones" {
+  type    = list(string)
+  default = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+}
+
+variable "backend_enabled" {
+  type    = bool
+  default = false
+
+}
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.10.0"
+    }
+  }
+}
