roberto.barbosa
/
terraform


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
							data "aws_availability_zones" "az" {}

resource "aws_vpc" "vpc" {
  cidr_block           = "${var.cidr}"
  enable_dns_hostnames = "${var.enable_dns_hostnames}"
  enable_dns_support   = "${var.enable_dns_support}"

  tags {
    Name = "${var.cloud_name}"
    managed_by	= "terraform"
  }
}

resource "aws_internet_gateway" "igw" {
  vpc_id = "${aws_vpc.vpc.id}"

  tags {
    Name = "${var.cloud_name}-igw"
    managed_by	= "terraform"
  }
}

resource "aws_route_table" "rtb_public" {
  vpc_id           = "${aws_vpc.vpc.id}"
  propagating_vgws = ["${var.public_propagating_vgws}"]

  tags {
    Name = "${var.cloud_name}-rt-public"
    managed_by	= "terraform"
  }
}

resource "aws_route" "rt_public_igw" {
  route_table_id         = "${aws_route_table.rtb_public.id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = "${aws_internet_gateway.igw.id}"
}

resource "aws_route" "rt_private_natgw" {
  route_table_id         = "${aws_route_table.rtb_private.id}"
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = "${aws_nat_gateway.natgw.id}"
}

resource "aws_route_table" "rtb_private" {
  vpc_id           = "${aws_vpc.vpc.id}"
  propagating_vgws = ["${var.private_propagating_vgws}"]

  tags {
    Name = "${var.cloud_name}-rt-private-${data.aws_availability_zones.az.names[1]}"
    managed_by	= "terraform"
  }
}

resource "aws_subnet" "sn_public" {
  vpc_id            = "${aws_vpc.vpc.id}"
  cidr_block        = "${var.sn_public_cidr}"
  availability_zone = "${data.aws_availability_zones.az.names[0]}"

  tags {
    Name = "${var.cloud_name}-subnet-public-${data.aws_availability_zones.az.names[0]}"
    managed_by	= "terraform"
  }

  map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
}

resource "aws_subnet" "sn_private" {
  vpc_id            = "${aws_vpc.vpc.id}"
  cidr_block        = "${var.sn_private_cidr}"
  availability_zone = "${data.aws_availability_zones.az.names[1]}"

  tags {
    Name = "${var.cloud_name}-rt-private-${data.aws_availability_zones.az.names[1]}"
    managed_by	= "terraform"
  }
}


resource "aws_eip" "nateip" {
  vpc   = true
}

resource "aws_nat_gateway" "natgw" {
  allocation_id = "${aws_eip.nateip.id}"
  subnet_id     = "${aws_subnet.sn_public.id}"

  depends_on = ["aws_internet_gateway.igw"]
}

resource "aws_route_table_association" "rta_public" {
  subnet_id      = "${aws_subnet.sn_public.id}"
  route_table_id = "${aws_route_table.rtb_public.id}"
}

resource "aws_route_table_association" "rta_private" {
  subnet_id      = "${aws_subnet.sn_private.id}"
  route_table_id = "${aws_route_table.rtb_private.id}"
}

resource "aws_security_group" "sg_vpc_in_std" {
  name        = "allow-ssh-wnb"
  vpc_id      = "${aws_vpc.vpc.id}"
  description = "Allows external incoming ssh and web traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
}