NRL-1385 create vpc module

jackleary · jackleary · commit bd836f3616a7 · 2025-05-11T14:24:41.000+01:00
diff --git a/terraform/account-wide-infrastructure/modules/vpc/outputs.tf b/terraform/account-wide-infrastructure/modules/vpc/outputs.tf
@@ -0,0 +1,7 @@
+output "subnet_id" {
+  value = aws_subnet.public_subnet.id
+}
+
+output "security_group" {
+  value = [aws_security_group.sg.id]
+}
diff --git a/terraform/account-wide-infrastructure/modules/vpc/vars.tf b/terraform/account-wide-infrastructure/modules/vpc/vars.tf
@@ -0,0 +1,7 @@
+variable "aws_region" {}
+variable "aws_azs" {}
+variable "enable_dns_hostnames" {}
+variable "vpc_cidr_block" {}
+variable "vpc_public_subnets_cidr_block" {}
+variable "common_tags" {}
+variable "name_prefix" {}
diff --git a/terraform/account-wide-infrastructure/modules/vpc/vpc.tf b/terraform/account-wide-infrastructure/modules/vpc/vpc.tf
@@ -0,0 +1,83 @@
+# Create the VPC
+resource "aws_vpc" "app_vpc" {
+  cidr_block           = var.vpc_cidr_block
+  enable_dns_hostnames = var.enable_dns_hostnames
+
+  tags = merge(var.common_tags, {
+    Name = "${var.name_prefix}-vpc"
+  })
+}
+
+# Create the internet gateway
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.app_vpc.id
+
+  tags = merge(var.common_tags, {
+    Name = "${var.name_prefix}-igw"
+  })
+}
+
+# Create the public subnet
+resource "aws_subnet" "public_subnet" {
+  vpc_id                  = aws_vpc.app_vpc.id
+  cidr_block              = var.vpc_public_subnets_cidr_block
+  map_public_ip_on_launch = true
+  availability_zone       = var.aws_azs
+
+  tags = merge(var.common_tags, {
+    Name = "${var.name_prefix}-pubsubnet"
+  })
+
+}
+
+# Create the route table
+resource "aws_route_table" "public_rt" {
+  vpc_id = aws_vpc.app_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw.id
+  }
+
+}
+
+# Assign the public route table to the public subnet
+resource "aws_route_table_association" "public_rt_asso" {
+  subnet_id      = aws_subnet.public_subnet.id
+  route_table_id = aws_route_table.public_rt.id
+}
+
+
+
+# Create the security group
+resource "aws_security_group" "sg" {
+  name        = "allow_ssh_http"
+  description = "Allow ssh http inbound traffic"
+  vpc_id      = aws_vpc.app_vpc.id
+
+  ingress {
+    from_port        = 3389
+    to_port          = 3389
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    description      = "HTTP from VPC"
+    from_port        = 80
+    to_port          = 80
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+}
