-
-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathsubnets_public.tf
More file actions
157 lines (133 loc) · 5.48 KB
/
subnets_public.tf
File metadata and controls
157 lines (133 loc) · 5.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
################
# Public Subnets
################
resource "aws_subnet" "public" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet
for_each = var.public_subnets
vpc_id = aws_vpc.vpc.id
assign_ipv6_address_on_creation = each.value.assign_ipv6_address_on_creation
availability_zone = each.value.availability_zone
cidr_block = each.value.cidr_block
# customer_owned_ipv4_pool = each.value.customer_owned_ipv4_pool
ipv6_cidr_block = each.value.ipv6_cidr_block
ipv6_native = each.value.ipv6_native
ipv4_ipam_pool_id = each.value.ipv4_ipam_pool_id
ipv4_netmask_length = each.value.ipv4_netmask_length
ipv6_ipam_pool_id = each.value.ipv6_ipam_pool_id
ipv6_netmask_length = each.value.ipv6_netmask_length
# map_customer_owned_ip_on_launch = each.value.map_customer_owned_ip_on_launch
outpost_arn = each.value.outpost_arn
enable_dns64 = var.public_subnets_enable_dns64
enable_resource_name_dns_aaaa_record_on_launch = var.public_subnets_enable_resource_name_dns_aaaa_record_on_launch
enable_resource_name_dns_a_record_on_launch = var.public_subnets_enable_resource_name_dns_a_record_on_launch
map_public_ip_on_launch = var.public_subnets_map_public_ip_on_launch
private_dns_hostname_type_on_launch = var.public_subnets_private_dns_hostname_type_on_launch
tags = merge(
var.additional_tags,
var.public_subnets_additional_tags,
{
Name = format("%s-%s", var.name_prefix, each.key)
}
)
}
##########################
# Public subnets flow logs
##########################
resource "aws_flow_log" "public_subnet_flow_log" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log
for_each = { for k, v in var.public_subnets : k => v if v.enable_flow_log }
deliver_cross_account_role = var.flow_log_deliver_cross_account_role
iam_role_arn = var.flow_log_iam_role_arn
log_destination_type = var.flow_log_log_destination_type
log_destination = var.flow_log_log_destination
log_format = var.flow_log_log_format
max_aggregation_interval = var.flow_log_max_aggregation_interval
subnet_id = aws_subnet.public[each.key].id
traffic_type = var.flow_log_traffic_type
destination_options {
file_format = var.flow_log_destination_options.file_format
hive_compatible_partitions = var.flow_log_destination_options.hive_compatible_partitions
per_hour_partition = var.flow_log_destination_options.per_hour_partition
}
tags = merge(
{
Name = format("%s-public-subnet-%s-flow-log", var.name_prefix, each.key)
},
var.additional_tags,
var.flow_log_additional_tags,
)
}
#############
# NAT Gateway
#############
# Elastic IPs
resource "aws_eip" "nat" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip
for_each = local.nat_gateway_availability_zones
domain = "vpc"
tags = merge(
var.additional_tags,
{
Name = format("%s-nat-eip-%s", var.name_prefix, each.key)
},
)
}
# Regional NAT gateway
resource "aws_nat_gateway" "regional" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway
count = var.nat_gateway_availability_mode == "regional" ? 1 : 0
availability_mode = "regional"
connectivity_type = var.nat_gateway_connectivity_type
vpc_id = aws_vpc.vpc.id
dynamic "availability_zone_address" {
for_each = local.nat_gateway_availability_zones
content {
allocation_ids = [aws_eip.nat[availability_zone_address.key].id]
availability_zone = availability_zone_address.value
}
}
tags = merge(
var.additional_tags,
var.nat_gateway_additional_tags,
{
Name = format("%s-nat-gw", var.name_prefix)
}
)
}
# Zonal NAT gateways
resource "aws_nat_gateway" "zonal" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway
for_each = var.nat_gateway_availability_mode == "zonal" ? local.nat_gateway_availability_zones : {}
allocation_id = aws_eip.nat[each.key].id
availability_mode = "zonal"
connectivity_type = var.nat_gateway_connectivity_type
subnet_id = aws_subnet.public[each.key].id
tags = merge(
var.additional_tags,
var.nat_gateway_additional_tags,
{
Name = format("%s-nat-gw-%s", var.name_prefix, each.key)
}
)
}
##############
# Route tables
##############
resource "aws_route_table" "public" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table
for_each = aws_subnet.public
vpc_id = aws_vpc.vpc.id
tags = merge(
var.additional_tags,
{
Name = format("%s-public-rt-%s", var.name_prefix, each.key)
},
)
}
# Route to access internet
resource "aws_route" "public_internet" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route
for_each = var.vpc_create_internet_gateway ? aws_route_table.public : {}
route_table_id = each.value.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.internet_gw[0].id
}
# Association of Route Table to Subnets
resource "aws_route_table_association" "public" { # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association
for_each = aws_subnet.public
subnet_id = each.value.id
route_table_id = aws_route_table.public[each.key].id
}