+resource "aws_vpc_dhcp_options" "default" {
+ count = "${var.enable_domain_name}"
+ domain_name = "ec2.internal ${var.r53_domain_name}"
+ domain_name_servers = ["AmazonProvidedDNS"]
+ tags {
+ Name = "${var.project}-${var.environment}-dhcp_options_set"
+ service = "${var.project}-${var.environment}-dhcp_options_set"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ role = "dhcp_options_set"
+ }
+}
+
+resource "aws_vpc_dhcp_options_association" "default" {
+ count = "${var.enable_domain_name}"
+ vpc_id = "${aws_vpc.default.id}"
+ dhcp_options_id = "${aws_vpc_dhcp_options.default.id}"
+}
+
+resource "aws_vpc" "default" {
+ cidr_block = "${var.cidr}"
+ enable_dns_hostnames = "${var.enable_dns_hostnames}"
+ enable_dns_support = "${var.enable_dns_support}"
+ instance_tenancy = "default"
+ tags {
+ Name = "${var.project}-${var.environment}-vpc"
+ service = "${var.project}-${var.environment}-vpc"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ role = "vpc"
+ }
+}
+
+resource "aws_internet_gateway" "default" {
+ vpc_id = "${aws_vpc.default.id}"
+ tags {
+ Name = "${var.project}-${var.environment}-igw"
+ service = "${var.project}-${var.environment}-igw"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ role = "igw"
+ }
+}
+
+data "aws_vpc_peering_connection" "peer" {
+ count = "${length(var.peering_connection_ids)}"
+ id = "${element(var.peering_connection_ids, count.index)}"
+}
+
+resource "aws_default_route_table" "default" {
+ default_route_table_id = "${aws_vpc.default.default_route_table_id}"
+}
+
+resource "aws_route" "default_gateway" {
+ route_table_id = "${aws_default_route_table.default.id}"
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = "${aws_internet_gateway.default.id}"
+}
+
+resource "aws_route" "default_peer" {
+ count = "${length(var.peering_connection_ids)}"
+ route_table_id = "${aws_default_route_table.default.id}"
+ destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
+ vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
+}
+
+resource "aws_route_table" "public" {
+ vpc_id = "${aws_vpc.default.id}"
+ tags {
+ Name = "${var.project}-${var.environment}-public"
+ service = "${var.project}-${var.environment}-route-table"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ role = "route-table"
+ }
+}
+
+resource "aws_route" "public_gateway" {
+ route_table_id = "${aws_route_table.public.id}"
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = "${aws_internet_gateway.default.id}"
+}
+
+resource "aws_route" "public_peer" {
+ count = "${length(var.peering_connection_ids)}"
+ route_table_id = "${aws_route_table.public.id}"
+ destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
+ vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
+}
+
+resource "aws_subnet" "public" {
+ count = "${length(var.public_azs)}"
+ vpc_id = "${aws_vpc.default.id}"
+ cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_public)}"
+ availability_zone = "${element(var.public_azs, count.index)}"
+ tags {
+ Name = "${var.project}-${var.environment}-public-${element(var.public_azs, count.index)}"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ service = "${var.project}-${var.environment}-subnet-public"
+ role = "subnet"
+ zone = "pub"
+ }
+ map_public_ip_on_launch = true
+}
+
+resource "aws_route_table_association" "public" {
+ count = "${length(var.public_azs)}"
+ subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
+ route_table_id = "${element(aws_route_table.public.*.id, count.index)}"
+}
+
+resource "aws_subnet" "private" {
+ count = "${length(var.private_azs)}"
+ vpc_id = "${aws_vpc.default.id}"
+ cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_private)}"
+ availability_zone = "${element(var.private_azs, count.index)}"
+ tags {
+ Name = "${var.project}-${var.environment}-private-${element(var.private_azs, count.index)}"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ service = "${var.project}-${var.environment}-subnet-private"
+ role = "subnet"
+ zone = "priv"
+ }
+ map_public_ip_on_launch = false
+}
+
+resource "aws_route_table_association" "private" {
+ count = "${length(var.private_azs)}"
+ subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
+ route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_route_table" "private" {
+ count = "${length(var.private_azs)}"
+ vpc_id = "${aws_vpc.default.id}"
+ tags {
+ Name = "${var.project}-${var.environment}-private${format("%02d", count.index + 1)}"
+ project = "${var.project}"
+ environment = "${var.environment}"
+ service = "${var.project}-${var.environment}-route-table-private"
+ role = "route-table"
+ }
+}
+
+resource "aws_route" "private_gateway" {
+ count = "${length(var.private_azs)}"
+ route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+ destination_cidr_block = "0.0.0.0/0"
+ nat_gateway_id = "${element(aws_nat_gateway.default.*.id, count.index)}"
+}
+
+resource "aws_route" "private_peer" {
+ count = "${length(var.peering_connection_ids) * length(var.private_azs)}"
+ route_table_id = "${element(aws_route_table.private.*.id, count.index / length(var.private_azs))}"
+ destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index % length(var.private_azs))}"
+ vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index % length(var.private_azs))}"
+}
+
+resource "aws_eip" "nat" {
+ count = "${length(var.private_azs)}"
+ vpc = true
+}
+
+resource "aws_nat_gateway" "default" {
+ count = "${length(var.private_azs)}"
+ allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
+ subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
+}
+
+data "aws_iam_policy_document" "base" {
+ statement {
+ sid = "aws-read"
+ resources = ["*"]
+ actions = [
+ "autoscaling:Describe*",
+ "cloudwatch:ListMetrics",
+ "cloudwatch:GetMetricsStatistics",
+ "cloudwatch:Describe*",
+ "ec2:Describe*",
+ "elasticloadbalancing:Describe*",
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:Describe*",
+ "logs:PutLogEvents",
+ "logs:PutMetricFilter"
+ ]
+ }
+}
+
+resource "aws_iam_policy" "base" {
+ name = "base-policy"
+ path = "/"
+ description = "base-policy"
+ policy = "${data.aws_iam_policy_document.base.json}"
+}
+
+resource "aws_security_group" "general-access" {
+ name = "general-access"
+ description = "Allow all ICMP and intra-vpc SSH traffic"
+ vpc_id = "${aws_vpc.default.id}"
+}
+
+resource "aws_security_group_rule" "ga_out_all" {
+ security_group_id = "${aws_security_group.general-access.id}"
+ type = "egress"
+ from_port = 0
+ to_port = 0
+ protocol = "all"
+ cidr_blocks = ["0.0.0.0/0"]
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "aws_security_group_rule" "ga_in_icmp" {
+ security_group_id = "${aws_security_group.general-access.id}"
+ type = "ingress"
+ from_port = -1
+ to_port = -1
+ protocol = "icmp"
+ cidr_blocks = ["0.0.0.0/0"]
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "aws_security_group_rule" "ga_in_ssh" {
+ security_group_id = "${aws_security_group.general-access.id}"
+ type = "ingress"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = ["${concat(list(var.cidr), var.ssh_allowed_cidr)}"]
+ lifecycle {
+ create_before_destroy = true
+ }
+}