mono-infrastructure/terraform/aws/us-east-1/qa/vpc/main.tf
2020-12-18 16:12:04 -07:00

78 lines
3.0 KiB
HCL

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "2.64.0"
# Fail safe for now, flip to true or delete the following line to deploy this configuration.
create_vpc = false
name = "rocky-qa-us-east-1"
cidr = "10.16.192.0/19"
# IPv6, set to true and Amazon will provision a /56 for this VPC
enable_ipv6 = false
azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
# Subnets
## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
public_subnets = ["10.16.192.0/23", "10.16.194.0/23", "10.16.196.0/23", "10.16.198.0/23"]
private_subnets = ["10.16.200.0/23", "10.16.202.0/23", "10.16.204.0/23", "10.16.206.0/23"]
intra_subnets = ["10.16.208.0/23", "10.16.210.0/23", "10.16.212.0/23", "10.16.214.0/23"]
## We might want these, we might not. If not, I would make the private subnets /22s instead and fill the space that way.
database_subnets = ["10.16.216.0/25", "10.16.216.128/25", "10.16.217.0/25", "10.16.217.128/25"]
elasticache_subnets = ["10.16.218.0/25", "10.16.218.128/25", "10.16.219.0/25", "10.16.219.128/25"]
redshift_subnets = ["10.16.220.0/25", "10.16.220.128/25", "10.16.221.0/25", "10.16.221.128/25"]
## There is one /23 remaining at 10.16.222.0/23 for any other usage we might need.
# VPC Options
enable_dns_hostnames = true
enable_dns_support = true
# VPC Flow Logs (Cloudwatch log group and IAM role will be created)
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
# NAT Gateway: 1 per AZ
enable_nat_gateway = true
single_nat_gateway = false
one_nat_gateway_per_az = true
# NAT Gateway: 1 per subnet
# enable_nat_gateway = true
# single_nat_gateway = false
# one_nat_gateway_per_az = false
# NAT Gateway: 1 per VPC
# enable_nat_gateway = true
# single_nat_gateway = true
# one_nat_gateway_per_az = false
# DHCP
enable_dhcp_options = true
dhcp_options_domain_name = "qa.us-east-1.aws.rockylinux.org"
dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
# Default security group - ingress/egress rules cleared to deny all
manage_default_security_group = true
default_security_group_ingress = [{}]
default_security_group_egress = [{}]
# Product-specific configs:
## Database, flip these 3 vars to true to make RDS instances available publicly.
create_database_subnet_group = false
create_database_subnet_route_table = false
create_database_internet_gateway_route = false
## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
create_elasticache_subnet_group = false
create_elasticache_subnet_route_table = false
## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
create_redshift_subnet_group = false
create_redshift_subnet_route_table = false
}