[Terraform]VPCの基本構成テンプレート

2020年11月1日

Terraform使ってVPCの基本的な構造を作った。

構成図

VPC内の3つのAZにそれぞれPublicとPrivateのサブネットがあるという基本的な構成。IGWやNATへのルーティングも設定しておく。

ディレクトリ構成

 terraform
    ├── main.tf
    ├── modules
    │   └── vpc
    │       └── main.tf
    ├── terraform.tfstate
    └── terraform.tfstate.backup

インスタンスを追加する場合はmodulesの中にec2というのを作ってその中に書く
IAMユーザについては、.envを置いて↓のような設定をすると勝手に読み込んでくれる

export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=

コード

main.tf

provider "aws" { region = "ap-northeast-1" }

# VPC
module "module_vpc" {
  source = "./modules/vpc"
}

modules/vpc/main.tf

# VPC
resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "es-vpc"
  }
}

# public_subnet
resource "aws_subnet" "public_a" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 0)
  availability_zone = "ap-northeast-1a"

  tags = {
    Name = "public_a"
  }
}

resource "aws_subnet" "public_c" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 1)
  availability_zone = "ap-northeast-1c"

  tags = {
    Name = "public_c"
  }
}

resource "aws_subnet" "public_d" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 2)
  availability_zone = "ap-northeast-1d"

  tags = {
    Name = "public_d"
  }
}

# private_subnet
resource "aws_subnet" "private_a" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 10)
  availability_zone = "ap-northeast-1a"

  tags = {
    Name = "private_a"
  }
}


resource "aws_subnet" "private_c" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 11)
  availability_zone = "ap-northeast-1c"

  tags = {
    Name = "private_c"
  }
}

resource "aws_subnet" "private_d" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = cidrsubnet(aws_vpc.vpc.cidr_block, 8, 12)
  availability_zone = "ap-northeast-1d"

  tags = {
    Name = "private_d"
  }
}

#IGW
resource "aws_internet_gateway" "igw" {
  vpc_id = "${aws_vpc.vpc.id}"

  tags = {
    Name = "igw"
  }
}

#EIP
resource "aws_eip" "eip_a" {
  vpc = true

  tags = {
    Name = "eip_a"
  }
}

resource "aws_eip" "eip_c" {
  vpc = true

  tags = {
    Name = "eip_c"
  }
}

resource "aws_eip" "eip_d" {
  vpc = true

  tags = {
    Name = "eip_d"
  }
}


#NAT
resource "aws_nat_gateway" "nat_a" {
  allocation_id = "${aws_eip.eip_a.id}"
  subnet_id     = "${aws_subnet.private_a.id}"

  tags = {
    Name = "nat_a"
  }
}

resource "aws_nat_gateway" "nat_c" {
  allocation_id = "${aws_eip.eip_c.id}"
  subnet_id     = "${aws_subnet.private_c.id}"

  tags = {
    Name = "nat_c"
  }
}

resource "aws_nat_gateway" "nat_d" {
  allocation_id = "${aws_eip.eip_d.id}"
  subnet_id     = "${aws_subnet.private_d.id}"

  tags = {
    Name = "nat_d"
  }
}

#Route Tables for public
resource "aws_route_table" "route_public_a" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.igw.id}"
  }

  tags = {
    Name = "route_public_a"
  }
}

resource "aws_route_table_association" "route_association_public_a" {
  subnet_id      = "${aws_subnet.public_a.id}"
  route_table_id = "${aws_route_table.route_public_a.id}"
}

resource "aws_route_table" "route_public_c" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.igw.id}"
  }

  tags = {
    Name = "route_public_c"
  }
}

resource "aws_route_table_association" "route_association_public_c" {
  subnet_id      = "${aws_subnet.public_c.id}"
  route_table_id = "${aws_route_table.route_public_c.id}"
}

resource "aws_route_table" "route_public_d" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.igw.id}"
  }

  tags = {
    Name = "route_public_d"
  }
}

resource "aws_route_table_association" "route_association_public_d" {
  subnet_id      = "${aws_subnet.public_d.id}"
  route_table_id = "${aws_route_table.route_public_d.id}"
}

#Route Tables for private
resource "aws_route_table" "route_private_a" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = "${aws_nat_gateway.nat_a.id}"
  }

  tags = {
    Name = "route_private_a"
  }
}

resource "aws_route_table_association" "route_association_private_a" {
  subnet_id      = "${aws_subnet.private_a.id}"
  route_table_id = "${aws_route_table.route_private_a.id}"
}

resource "aws_route_table" "route_private_c" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = "${aws_nat_gateway.nat_c.id}"
  }

  tags = {
    Name = "route_private_c"
  }
}

resource "aws_route_table_association" "route_association_private_c" {
  subnet_id      = "${aws_subnet.private_c.id}"
  route_table_id = "${aws_route_table.route_private_c.id}"
}

resource "aws_route_table" "route_private_d" {
  vpc_id = "${aws_vpc.vpc.id}"

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = "${aws_nat_gateway.nat_d.id}"
  }

  tags = {
    Name = "route_private_d"
  }
}

resource "aws_route_table_association" "route_association_private_d" {
  subnet_id      = "${aws_subnet.private_d.id}"
  route_table_id = "${aws_route_table.route_private_d.id}"
}