1 resource "aws_vpc_dhcp_options" "default" {
2 count = "${var.enable_domain_name}"
3 domain_name = "ec2.internal ${var.r53_domain_name}"
4 domain_name_servers = ["AmazonProvidedDNS"]
6 Name = "${var.project}-${var.environment}-dhcp_options_set"
7 service = "${var.project}-${var.environment}-dhcp_options_set"
8 project = "${var.project}"
9 environment = "${var.environment}"
10 role = "dhcp_options_set"
14 resource "aws_vpc_dhcp_options_association" "default" {
15 count = "${var.enable_domain_name}"
16 vpc_id = "${aws_vpc.default.id}"
17 dhcp_options_id = "${aws_vpc_dhcp_options.default.id}"
20 resource "aws_vpc" "default" {
21 cidr_block = "${var.cidr}"
22 enable_dns_hostnames = "${var.enable_dns_hostnames}"
23 enable_dns_support = "${var.enable_dns_support}"
24 instance_tenancy = "default"
26 Name = "${var.project}-${var.environment}-vpc"
27 service = "${var.project}-${var.environment}-vpc"
28 project = "${var.project}"
29 environment = "${var.environment}"
34 resource "aws_internet_gateway" "default" {
35 vpc_id = "${aws_vpc.default.id}"
37 Name = "${var.project}-${var.environment}-igw"
38 service = "${var.project}-${var.environment}-igw"
39 project = "${var.project}"
40 environment = "${var.environment}"
45 data "aws_vpc_peering_connection" "peer" {
46 count = "${length(var.peering_connection_ids)}"
47 id = "${element(var.peering_connection_ids, count.index)}"
50 resource "aws_default_route_table" "default" {
51 default_route_table_id = "${aws_vpc.default.default_route_table_id}"
54 resource "aws_route" "default_gateway" {
55 route_table_id = "${aws_default_route_table.default.id}"
56 destination_cidr_block = "0.0.0.0/0"
57 gateway_id = "${aws_internet_gateway.default.id}"
60 resource "aws_route" "default_peer" {
61 count = "${length(var.peering_connection_ids)}"
62 route_table_id = "${aws_default_route_table.default.id}"
63 destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
64 vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
67 resource "aws_route_table" "public" {
68 vpc_id = "${aws_vpc.default.id}"
70 Name = "${var.project}-${var.environment}-public"
71 service = "${var.project}-${var.environment}-route-table"
72 project = "${var.project}"
73 environment = "${var.environment}"
78 resource "aws_route" "public_gateway" {
79 route_table_id = "${aws_route_table.public.id}"
80 destination_cidr_block = "0.0.0.0/0"
81 gateway_id = "${aws_internet_gateway.default.id}"
84 resource "aws_route" "public_peer" {
85 count = "${length(var.peering_connection_ids)}"
86 route_table_id = "${aws_route_table.public.id}"
87 destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
88 vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
91 resource "aws_subnet" "public" {
92 count = "${length(var.public_azs)}"
93 vpc_id = "${aws_vpc.default.id}"
94 cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_public)}"
95 availability_zone = "${element(var.public_azs, count.index)}"
97 Name = "${var.project}-${var.environment}-public-${element(var.public_azs, count.index)}"
98 project = "${var.project}"
99 environment = "${var.environment}"
100 service = "${var.project}-${var.environment}-subnet-public"
104 map_public_ip_on_launch = true
107 resource "aws_route_table_association" "public" {
108 count = "${length(var.public_azs)}"
109 subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
110 route_table_id = "${element(aws_route_table.public.*.id, count.index)}"
113 resource "aws_subnet" "private" {
114 count = "${length(var.private_azs)}"
115 vpc_id = "${aws_vpc.default.id}"
116 cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_private)}"
117 availability_zone = "${element(var.private_azs, count.index)}"
119 Name = "${var.project}-${var.environment}-private-${element(var.private_azs, count.index)}"
120 project = "${var.project}"
121 environment = "${var.environment}"
122 service = "${var.project}-${var.environment}-subnet-private"
126 map_public_ip_on_launch = false
129 resource "aws_route_table_association" "private" {
130 count = "${length(var.private_azs)}"
131 subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
132 route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
135 resource "aws_route_table" "private" {
136 count = "${length(var.private_azs)}"
137 vpc_id = "${aws_vpc.default.id}"
139 Name = "${var.project}-${var.environment}-private${format("%02d", count.index + 1)}"
140 project = "${var.project}"
141 environment = "${var.environment}"
142 service = "${var.project}-${var.environment}-route-table-private"
147 resource "aws_route" "private_gateway" {
148 count = "${length(var.private_azs)}"
149 route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
150 destination_cidr_block = "0.0.0.0/0"
151 nat_gateway_id = "${element(aws_nat_gateway.default.*.id, count.index)}"
154 resource "aws_route" "private_peer" {
155 count = "${length(var.peering_connection_ids) * length(var.private_azs)}"
156 route_table_id = "${element(aws_route_table.private.*.id, count.index / length(var.private_azs))}"
157 destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index % length(var.private_azs))}"
158 vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index % length(var.private_azs))}"
161 resource "aws_eip" "nat" {
162 count = "${length(var.private_azs)}"
166 resource "aws_nat_gateway" "default" {
167 count = "${length(var.private_azs)}"
168 allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
169 subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
172 data "aws_iam_policy_document" "base" {
177 "autoscaling:Describe*",
178 "cloudwatch:ListMetrics",
179 "cloudwatch:GetMetricsStatistics",
180 "cloudwatch:Describe*",
182 "elasticloadbalancing:Describe*",
183 "logs:CreateLogGroup",
184 "logs:CreateLogStream",
187 "logs:PutMetricFilter"
192 resource "aws_iam_policy" "base" {
195 description = "base-policy"
196 policy = "${data.aws_iam_policy_document.base.json}"
199 resource "aws_security_group" "general-access" {
200 name = "general-access"
201 description = "Allow all ICMP and intra-vpc SSH traffic"
202 vpc_id = "${aws_vpc.default.id}"
205 resource "aws_security_group_rule" "ga_out_all" {
206 security_group_id = "${aws_security_group.general-access.id}"
211 cidr_blocks = ["0.0.0.0/0"]
213 create_before_destroy = true
217 resource "aws_security_group_rule" "ga_in_icmp" {
218 security_group_id = "${aws_security_group.general-access.id}"
223 cidr_blocks = ["0.0.0.0/0"]
225 create_before_destroy = true
229 resource "aws_security_group_rule" "ga_in_ssh" {
230 security_group_id = "${aws_security_group.general-access.id}"
235 cidr_blocks = ["${concat(list(var.cidr), var.ssh_allowed_cidr)}"]
237 create_before_destroy = true