NEW: code revised
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
terraform {
|
||||
backend "s3" {
|
||||
encrypt = true
|
||||
bucket = "tfstate-sandbox-hkex-5727"
|
||||
encrypt = true
|
||||
bucket = "tfstate-sandbox-hkex-5727"
|
||||
dynamodb_table = "tflock-sandbox-HKEX-5727"
|
||||
key = "network/terraform.tfstate"
|
||||
region = "ap-southeast-1"
|
||||
key = "network/terraform.tfstate"
|
||||
region = "ap-southeast-1"
|
||||
}
|
||||
}
|
||||
|
||||
+20
-4
@@ -1,15 +1,31 @@
|
||||
variable "aws_access_key" {}
|
||||
variable "aws_secret_key" {}
|
||||
variable "aws_region" {}
|
||||
|
||||
provider "aws" {
|
||||
access_key = var.aws_access_key
|
||||
secret_key = var.aws_secret_key
|
||||
region = var.aws_region
|
||||
version = ">= 2.28.1"
|
||||
region = var.aws-region
|
||||
}
|
||||
|
||||
variable "default-tags" {}
|
||||
variable "vpc-cidr" {
|
||||
default = "172.16.0.0/16"
|
||||
}
|
||||
|
||||
variable aws-region {}
|
||||
variable serviceprovider {}
|
||||
variable owner {}
|
||||
variable project {}
|
||||
variable environment {}
|
||||
variable application {}
|
||||
variable terraformmode {}
|
||||
|
||||
locals {
|
||||
default-tags = {
|
||||
serviceprovider = "rackspace"
|
||||
terraform = var.terraformmode
|
||||
environment = var.environment
|
||||
project = var.project
|
||||
application = var.application
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+30
-7
@@ -1,7 +1,7 @@
|
||||
data "aws_availability_zones" "available" {}
|
||||
|
||||
locals {
|
||||
subnet_start = cidrsubnets(var.vpc-cidr,4,4)
|
||||
subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
|
||||
}
|
||||
|
||||
module "random" {
|
||||
@@ -10,21 +10,44 @@ module "random" {
|
||||
|
||||
module "vpc" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
version = "2.6.0"
|
||||
version = "2.47.0"
|
||||
|
||||
name = "demo-vpc-${module.random.number}"
|
||||
cidr = var.vpc-cidr
|
||||
azs = data.aws_availability_zones.available.names
|
||||
private_subnets = cidrsubnets(local.subnet_start[0], 4,4)
|
||||
public_subnets = cidrsubnets(local.subnet_start[1], 4,4)
|
||||
private_subnets = cidrsubnets(local.subnet_start[0], 4, 4)
|
||||
public_subnets = cidrsubnets(local.subnet_start[1], 4, 4)
|
||||
enable_nat_gateway = false
|
||||
single_nat_gateway = true
|
||||
enable_dns_hostnames = true
|
||||
|
||||
tags = var.default-tags
|
||||
# this is kinda slow
|
||||
# enable_ssm_endpoint = true
|
||||
# ssm_endpoint_private_dns_enabled = true
|
||||
# ssm_endpoint_security_group_ids = [aws_security_group.endpoint-sg.id]
|
||||
# ssm_endpoint_subnet_ids = module.vpc.public_subnets
|
||||
|
||||
tags = local.default-tags
|
||||
|
||||
}
|
||||
|
||||
output "vpc_id" {
|
||||
value = module.vpc.vpc_id
|
||||
resource "aws_security_group" "endpoint-sg" {
|
||||
name = "endpoint-sg"
|
||||
vpc_id = module.vpc.vpc_id
|
||||
ingress {
|
||||
description = "Allow within VPC"
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = [module.vpc.vpc_cidr_block]
|
||||
}
|
||||
egress {
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
}
|
||||
tags = local.default-tags
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user