Description: Here I have explained, How to Create VPC along with subnet and Network ACL on AWS using Terraform
Below is the Terraform project and variable file, using this we create VPC with subnet and Network ACL
- Below is the VPC terraform project file
# vi VPC.tf # Create VPC/Subnet/Security Group/Network ACL provider "aws" { access_key = var.access_key secret_key = var.secret_key region = var.region } # create the VPC resource "aws_vpc" "Tech_VPC" { cidr_block = var.vpcCIDRblock instance_tenancy = var.instanceTenancy enable_dns_support = var.dnsSupport enable_dns_hostnames = var.dnsHostNames tags = { Name = "Tech VPC" } } # end resource # create the Subnet resource "aws_subnet" "Tech_VPC_Subnet" { vpc_id = aws_vpc.Tech_VPC.id cidr_block = var.subnetCIDRblock map_public_ip_on_launch = var.mapPublicIP availability_zone = var.availabilityZone tags = { Name = "Tech VPC Subnet" } } # end resource # Create the Security Group resource "aws_security_group" "Tech_VPC_Security_Group" { vpc_id = aws_vpc.Tech_VPC.id name = "Tech VPC Security Group" description = "Tech VPC Security Group" # allow ingress of port 22 ingress { cidr_blocks = var.ingressCIDRblock from_port = 22 to_port = 22 protocol = "tcp" } # allow egress of all ports egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "Tech VPC Security Group" Description = "Tech VPC Security Group" } } # end resource # create VPC Network access control list resource "aws_network_acl" "Tech_VPC_Security_ACL" { vpc_id = aws_vpc.Tech_VPC.id subnet_ids = [ aws_subnet.Tech_VPC_Subnet.id ] # allow ingress port 22 ingress { protocol = "tcp" rule_no = 100 action = "allow" cidr_block = var.destinationCIDRblock from_port = 22 to_port = 22 } # allow ingress port 80 ingress { protocol = "tcp" rule_no = 200 action = "allow" cidr_block = var.destinationCIDRblock from_port = 80 to_port = 80 } # allow ingress ephemeral ports ingress { protocol = "tcp" rule_no = 300 action = "allow" cidr_block = var.destinationCIDRblock from_port = 1024 to_port = 65535 } # allow egress port 22 egress { protocol = "tcp" rule_no = 100 action = "allow" cidr_block = var.destinationCIDRblock from_port = 22 to_port = 22 } # allow egress port 80 egress { protocol = "tcp" rule_no = 200 action = "allow" cidr_block = var.destinationCIDRblock from_port = 80 to_port = 80 } # allow egress ephemeral ports egress { protocol = "tcp" rule_no = 300 action = "allow" cidr_block = var.destinationCIDRblock from_port = 1024 to_port = 65535 } tags = { Name = "Tech VPC ACL" } } # end resource # Create the Internet Gateway resource "aws_internet_gateway" "Tech_VPC_GW" { vpc_id = aws_vpc.Tech_VPC.id tags = { Name = "Tech VPC Internet Gateway" } } # end resource # Create the Route Table resource "aws_route_table" "Tech_VPC_route_table" { vpc_id = aws_vpc.Tech_VPC.id tags = { Name = "Tech VPC Route Table" } } # end resource # Create the Internet Access resource "aws_route" "Tech_VPC_internet_access" { route_table_id = aws_route_table.Tech_VPC_route_table.id destination_cidr_block = var.destinationCIDRblock gateway_id = aws_internet_gateway.Tech_VPC_GW.id } # end resource # Associate the Route Table with the Subnet resource "aws_route_table_association" "Tech_VPC_association" { subnet_id = aws_subnet.Tech_VPC_Subnet.id route_table_id = aws_route_table.Tech_VPC_route_table.id } # end resource # end vpc.tf
- Below is the variable file for Terraform. In the variable file, I have used 172.16.0.0/16 CIDR
# variables.tf variable "access_key" { default = "XXXXXXXXX" } variable "secret_key" { default = "XXXXXXXXXXXXXXXXXXXX" } variable "region" { default = "us-east-1" } variable "availabilityZone" { default = "us-east-1a" } variable "instanceTenancy" { default = "default" } variable "dnsSupport" { default = true } variable "dnsHostNames" { default = true } variable "vpcCIDRblock" { default = "172.16.0.0/16" } variable "subnetCIDRblock" { default = "172.16.1.0/24" } variable "destinationCIDRblock" { default = "0.0.0.0/0" } variable "ingressCIDRblock" { type = list default = [ "0.0.0.0/0" ] } variable "egressCIDRblock" { type = list default = [ "0.0.0.0/0" ] } variable "mapPublicIP" { default = true } # end of variables.tf
- After creating both the files now initialize terraform project and apply using the below commands
# terraform apply
No comments:
Post a Comment