53 lines
1.3 KiB
Terraform
53 lines
1.3 KiB
Terraform
data "aws_availability_zones" "available" {}
|
|
|
|
locals {
|
|
subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
|
|
}
|
|
|
|
module "random" {
|
|
source = "./m.random"
|
|
}
|
|
|
|
module "vpc01" {
|
|
source = "terraform-aws-modules/vpc/aws"
|
|
version = "2.47.0"
|
|
|
|
name = "demo-vpc-${module.random.number}"
|
|
cidr = var.vpc-cidr
|
|
azs = data.aws_availability_zones.available.names
|
|
private_subnets = cidrsubnets(local.subnet_start[0], 4, 4)
|
|
public_subnets = cidrsubnets(local.subnet_start[1], 4, 4)
|
|
enable_nat_gateway = false
|
|
single_nat_gateway = true
|
|
enable_dns_hostnames = true
|
|
|
|
# this is kinda slow
|
|
# enable_ssm_endpoint = true
|
|
# ssm_endpoint_private_dns_enabled = true
|
|
# ssm_endpoint_security_group_ids = [aws_security_group.endpoint-sg.id]
|
|
# ssm_endpoint_subnet_ids = module.vpc01.public_subnets
|
|
|
|
tags = local.default-tags
|
|
|
|
}
|
|
|
|
resource "aws_security_group" "endpoint-sg" {
|
|
name = "endpoint-sg"
|
|
vpc_id = module.vpc01.vpc_id
|
|
ingress {
|
|
description = "Allow within VPC"
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = [module.vpc01.vpc_cidr_block]
|
|
}
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
tags = local.default-tags
|
|
}
|
|
|