[Terraform]VPCの基本構成テンプレート
Terraform使ってVPCの基本的な構造を作った。
構成図
VPC内の3つのAZにそれぞれPublicとPrivateのサブネットがあるという基本的な構成。IGWやNATへのルーティングも設定しておく。
ディレクトリ構成
terraform
├── main.tf
├── modules
│ └── vpc
│ └── main.tf
├── terraform.tfstate
└── terraform.tfstate.backup
インスタンスを追加する場合はmodulesの中にec2というのを作ってその中に書く
IAMユーザについては、.envを置いて↓のような設定をすると勝手に読み込んでくれる
export AWS_ACCESS_KEY_ID= export AWS_SECRET_ACCESS_KEY=
コード
main.tf
provider "aws" { region = "ap-northeast-1" }
# VPC
module "module_vpc" {
source = "./modules/vpc"
}
modules/vpc/main.tf
# VPC
resource "aws_vpc" "vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "es-vpc"
}
}
# public_subnet
resource "aws_subnet" "public_a" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 0)
availability_zone = "ap-northeast-1a"
tags = {
Name = "public_a"
}
}
resource "aws_subnet" "public_c" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 1)
availability_zone = "ap-northeast-1c"
tags = {
Name = "public_c"
}
}
resource "aws_subnet" "public_d" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 2)
availability_zone = "ap-northeast-1d"
tags = {
Name = "public_d"
}
}
# private_subnet
resource "aws_subnet" "private_a" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 10)
availability_zone = "ap-northeast-1a"
tags = {
Name = "private_a"
}
}
resource "aws_subnet" "private_c" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 11)
availability_zone = "ap-northeast-1c"
tags = {
Name = "private_c"
}
}
resource "aws_subnet" "private_d" {
vpc_id = aws_vpc.vpc.id
cidr_block = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 12)
availability_zone = "ap-northeast-1d"
tags = {
Name = "private_d"
}
}
#IGW
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.vpc.id}"
tags = {
Name = "igw"
}
}
#EIP
resource "aws_eip" "eip_a" {
vpc = true
tags = {
Name = "eip_a"
}
}
resource "aws_eip" "eip_c" {
vpc = true
tags = {
Name = "eip_c"
}
}
resource "aws_eip" "eip_d" {
vpc = true
tags = {
Name = "eip_d"
}
}
#NAT
resource "aws_nat_gateway" "nat_a" {
allocation_id = "${aws_eip.eip_a.id}"
subnet_id = "${aws_subnet.private_a.id}"
tags = {
Name = "nat_a"
}
}
resource "aws_nat_gateway" "nat_c" {
allocation_id = "${aws_eip.eip_c.id}"
subnet_id = "${aws_subnet.private_c.id}"
tags = {
Name = "nat_c"
}
}
resource "aws_nat_gateway" "nat_d" {
allocation_id = "${aws_eip.eip_d.id}"
subnet_id = "${aws_subnet.private_d.id}"
tags = {
Name = "nat_d"
}
}
#Route Tables for public
resource "aws_route_table" "route_public_a" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags = {
Name = "route_public_a"
}
}
resource "aws_route_table_association" "route_association_public_a" {
subnet_id = "${aws_subnet.public_a.id}"
route_table_id = "${aws_route_table.route_public_a.id}"
}
resource "aws_route_table" "route_public_c" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags = {
Name = "route_public_c"
}
}
resource "aws_route_table_association" "route_association_public_c" {
subnet_id = "${aws_subnet.public_c.id}"
route_table_id = "${aws_route_table.route_public_c.id}"
}
resource "aws_route_table" "route_public_d" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags = {
Name = "route_public_d"
}
}
resource "aws_route_table_association" "route_association_public_d" {
subnet_id = "${aws_subnet.public_d.id}"
route_table_id = "${aws_route_table.route_public_d.id}"
}
#Route Tables for private
resource "aws_route_table" "route_private_a" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.nat_a.id}"
}
tags = {
Name = "route_private_a"
}
}
resource "aws_route_table_association" "route_association_private_a" {
subnet_id = "${aws_subnet.private_a.id}"
route_table_id = "${aws_route_table.route_private_a.id}"
}
resource "aws_route_table" "route_private_c" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.nat_c.id}"
}
tags = {
Name = "route_private_c"
}
}
resource "aws_route_table_association" "route_association_private_c" {
subnet_id = "${aws_subnet.private_c.id}"
route_table_id = "${aws_route_table.route_private_c.id}"
}
resource "aws_route_table" "route_private_d" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.nat_d.id}"
}
tags = {
Name = "route_private_d"
}
}
resource "aws_route_table_association" "route_association_private_d" {
subnet_id = "${aws_subnet.private_d.id}"
route_table_id = "${aws_route_table.route_private_d.id}"
}