VPC Provisioning
In here we will look at how to provision a VPC in AWS that is similar to what we discussed earlier. In addition to what's included in the previous section, I will create a NAT gateway. That allows private subnets to access internet (but not the other way around).
First, as usual let's create a file with the name vars.tf,
variable "AWS_REGION" {
default = "eu-west-1"
}Then let's create a file with the name provider.tf,
provider "aws" {
region = var.AWS_REGION
}Then we can create a file with the name vpc.tf to define out VPC,
# Internet VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
enable_classiclink = "false"
tags = {
Name = "main"
}
}
# Public subnets
resource "aws_subnet" "main-public-1" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1a"
tags = {
Name = "main-public-1"
}
}
resource "aws_subnet" "main-public-2" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.2.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1b"
tags = {
Name = "main-public-2"
}
}
resource "aws_subnet" "main-public-3" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.3.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-west-1c"
tags = {
Name = "main-public-3"
}
}
# Private subnets
resource "aws_subnet" "main-private-1" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.4.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1a"
tags = {
Name = "main-private-1"
}
}
resource "aws_subnet" "main-private-2" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.5.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1b"
tags = {
Name = "main-private-2"
}
}
resource "aws_subnet" "main-private-3" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.6.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-west-1c"
tags = {
Name = "main-private-3"
}
}
# Internet GW
resource "aws_internet_gateway" "main-gw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main"
}
}
# route tables
resource "aws_route_table" "main-public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main-gw.id
}
tags = {
Name = "main-public-1"
}
}
# route associations public
resource "aws_route_table_association" "main-public-1-a" {
subnet_id = aws_subnet.main-public-1.id
route_table_id = aws_route_table.main-public.id
}
resource "aws_route_table_association" "main-public-2-a" {
subnet_id = aws_subnet.main-public-2.id
route_table_id = aws_route_table.main-public.id
}
resource "aws_route_table_association" "main-public-3-a" {
subnet_id = aws_subnet.main-public-3.id
route_table_id = aws_route_table.main-public.id
}In here, first we define our VPC. It has the IP range of 10.0.0.0/16. Then we set the instance tenancy to default. Which means multiple instances in one physical hardware. The we enable DNS support and hostnames, which gives private host and domain names for instances within the VPC.
Then we define 3 public subnets with their own address spaces. These subnets are linked to the VPC via the vpc_id property. Each subnet will receive it's own public IP address when launching them. Next are the private sunets, but the only difference in there are that those won't get a public IP address when launching.
Next, we fine an internet gateway linked to our VPC that facilitates public internet access. Then we define a route table associated with our VPC to define our routing rules. The routes are associated with the gateway too.
Finally, we definte the route associations for all three public subnets.
Next, create a file with the name nat.tf,
In here we first create a static IP address. Then we define our NAT gateway by associating it with the main gateway. Next we create route associates for out private subnet associated with the NAT gateway.
Initialize the providers,
Apply the changes,
Don't forget to clean up once experiments are done,
Last updated
Was this helpful?