Terraform Full Vpc
August 12, 2017
Example of a full VPC setup using terraform, including VPN and using the default subnet:
resource "aws_vpc" "test" {
cidr_block = "10.100.0.0/16"
enable_dns_hostnames = "true"
enable_dns_support = "true"
tags {
Name = "test"
}
}
output "vpc_id" {
value = "${aws_vpc.test.id}"
}
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.test.id}"
tags {
Name = "internet gateway"
}
}
resource "aws_subnet" "public-a" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.0.0/24"
availability_zone = "eu-central-1a"
tags {
Name = "public A"
}
}
output "subnet-public-a" {
value = "${aws_subnet.public-a.id}"
}
resource "aws_subnet" "public-b" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.1.0/24"
availability_zone = "eu-central-1b"
tags {
Name = "public B"
}
}
output "subnet-public-b" {
value = "${aws_subnet.public-b.id}"
}
resource "aws_subnet" "public-c" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.2.0/24"
availability_zone = "eu-central-1c"
tags {
Name = "public C"
}
}
output "subnet-public-c" {
value = "${aws_subnet.public-c.id}"
}
resource "aws_subnet" "private-a" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.8.0/21"
availability_zone = "eu-central-1a"
tags {
Name = "private A"
}
}
output "subnet-private-a" {
value = "${aws_subnet.private-a.id}"
}
resource "aws_subnet" "private-b" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.16.0/21"
availability_zone = "eu-central-1b"
tags {
Name = "private B"
}
}
output "subnet-private-b" {
value = "${aws_subnet.private-b.id}"
}
resource "aws_subnet" "private-c" {
vpc_id = "${aws_vpc.test.id}"
cidr_block = "10.100.24.0/21"
availability_zone = "eu-central-1c"
tags {
Name = "private C"
}
}
output "subnet-private-c" {
value = "${aws_subnet.private-c.id}"
}
resource "aws_default_route_table" "public" {
default_route_table_id = "${aws_vpc.test.default_route_table_id}"
tags {
Name = "Public"
}
}
resource "aws_route" "public" {
route_table_id = "${aws_vpc.test.default_route_table_id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
resource "aws_route" "public-vpn" {
route_table_id = "${aws_vpc.test.default_route_table_id}"
depends_on = ["aws_vpn_gateway.your-vpn"]
destination_cidr_block = "10.13.0.0/16"
gateway_id = "${aws_vpn_gateway.your-vpn.id}"
}
resource "aws_eip" "nat-eip" {
vpc = true
depends_on = ["aws_internet_gateway.igw"]
}
resource "aws_nat_gateway" "nat" {
allocation_id = "${aws_eip.nat-eip.id}"
subnet_id = "${aws_subnet.public-a.id}"
depends_on = ["aws_internet_gateway.igw"]
}
resource "aws_route_table" "nat" {
vpc_id = "${aws_vpc.test.id}"
depends_on = ["aws_internet_gateway.igw"]
tags {
Name = "NAT"
}
}
resource "aws_route" "nat" {
route_table_id = "${aws_route_table.nat.id}"
depends_on = ["aws_route_table.nat"]
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.nat.id}"
}
resource "aws_route" "nat-vpn" {
route_table_id = "${aws_route_table.nat.id}"
depends_on = ["aws_route_table.nat", "aws_vpn_gateway.your-vpn"]
destination_cidr_block = "10.13.0.0/16"
gateway_id = "${aws_vpn_gateway.your-vpn.id}"
}
resource "aws_route_table_association" "nat-a" {
subnet_id = "${aws_subnet.private-a.id}"
route_table_id = "${aws_route_table.nat.id}"
}
resource "aws_route_table_association" "nat-b" {
subnet_id = "${aws_subnet.private-b.id}"
route_table_id = "${aws_route_table.nat.id}"
}
resource "aws_route_table_association" "nat-c" {
subnet_id = "${aws_subnet.private-c.id}"
route_table_id = "${aws_route_table.nat.id}"
}
resource "aws_route_table_association" "public-a" {
subnet_id = "${aws_subnet.public-a.id}"
route_table_id = "${aws_vpc.test.default_route_table_id}"
}
resource "aws_route_table_association" "public-b" {
subnet_id = "${aws_subnet.public-b.id}"
route_table_id = "${aws_vpc.test.default_route_table_id}"
}
resource "aws_route_table_association" "public-c" {
subnet_id = "${aws_subnet.public-c.id}"
route_table_id = "${aws_vpc.test.default_route_table_id}"
}
resource "aws_vpc_dhcp_options" "test" {
domain_name = "test"
domain_name_servers = ["AmazonProvidedDNS"]
netbios_node_type = 2
tags {
Name = "test"
}
}
resource "aws_vpn_gateway" "your-vpn" {
vpc_id = "${aws_vpc.test.id}"
tags {
Name = "your-vpn gw"
}
}
resource "aws_customer_gateway" "your-vpn" {
bgp_asn = "65000"
ip_address = "26.19.97.10"
type = "ipsec.1"
tags {
Name = "your-vpn gateway"
}
}
resource "aws_vpn_connection" "your-vpn" {
vpn_gateway_id = "${aws_vpn_gateway.your-vpn.id}"
customer_gateway_id = "${aws_customer_gateway.your-vpn.id}"
type = "ipsec.1"
static_routes_only = true
tags {
Name = "your-vpn connection"
}
}
resource "aws_vpn_connection_route" "office" {
destination_cidr_block = "10.13.0.0/16"
vpn_connection_id = "${aws_vpn_connection.your-vpn.id}"
}
resource "aws_default_security_group" "default" {
vpc_id = "${aws_vpc.test.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "default"
}
}