feat(vpc): vpc example (#1)

Young-ook · Feb 18, 2022 · ccd1da9 · ccd1da9
1 parent efe189d
commit ccd1da9
Show file tree

Hide file tree

Showing 13 changed files with 365 additions and 0 deletions.
diff --git a/examples/vpc/README.md b/examples/vpc/README.md
@@ -0,0 +1,50 @@
+[[English](README.md)]
+
+# Amazon VPC
+[Amazon Virtual Private Cloud(Amazon VPC)](https://aws.amazon.com/vpc/) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.
+
+## Download example
+Download this example on your workspace
+```sh
+git clone https://github.com/Young-ook/terraform-aws-vpc
+cd terraform-aws-vpc/examples/vpc
+```
+
+## Setup
+This is an example to explain how to build an Amazon VPC. [This](https://github.com/Young-ook/terraform-aws-vpc/blob/main/examples/vpc/main.tf) is the example of terraform configuration file. Check out and apply it using terraform command.
+
+If you don't have the terraform tool in your environment, go to the main [page](https://github.com/Young-ook/terraform-aws-vpc) of this repository and follow the installation instructions.
+
+Run terraform:
+```
+terraform init
+terraform apply -var-file fixture.tc1.tfvars
+```
+Also you can use the `-var-file` option for customized paramters when you run the terraform plan/apply command.
+```
+terraform plan -var-file fixture.tc1.tfvars
+terraform apply -var-file fixture.tc1.tfvars
+```
+
+## Clean up
+Run terraform:
+```
+$ terraform destroy
+```
+Don't forget you have to use the `-var-file` option when you run terraform destroy command to delete the aws resources created with extra variable files.
+```
+$ terraform destroy -var-file fixture.tc1.tfvars
+```
+
+## Network Architecture
+*Private subnet type*
+By default, this module creates public subnets for internet-facing connections and private subnets for internal networking. And it create also NAT gateway for internet connectivity of the instances with private IP address where in the private subnets.
+
+*Isolated subnet type*
+Optionally, you can disable NAT gateway(s) to make sure the instances are located in the private subnets only communicate to other instances inside VPC.
+
+*VPC Endpoint*
+A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to privately access services by using private IP addresses. Traffic between your VPC and the other service does not leave the Amazon network. A VPC endpoint does not require an internet gateway, virtual private gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service.
+
+For more details about network options of the custom VPC, please refer to the [module guide](https://github.com/Young-ook/terraform-aws-vpc).
+
diff --git a/examples/vpc/default.auto.tfvars b/examples/vpc/default.auto.tfvars
@@ -0,0 +1,5 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "default"
+  vpc_endpoints = "none"
+}
diff --git a/examples/vpc/fixture.tc1.tfvars b/examples/vpc/fixture.tc1.tfvars
@@ -0,0 +1,15 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "private"
+  nat-per-az    = "single"
+  vpc-endpoints = "none"
+  test          = "tc1"
+}
+aws_region = "ap-northeast-2"
+vpc_config = {
+  cidr        = "10.9.0.0/16"
+  azs         = ["ap-northeast-2a", "ap-northeast-2c"]
+  subnet_type = "private" # allowed values : "isolated" | "public" | "private" 
+  single_ngw  = true
+}
diff --git a/examples/vpc/fixture.tc2.tfvars b/examples/vpc/fixture.tc2.tfvars
@@ -0,0 +1,15 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "private"
+  nat-per-az    = "multi"
+  vpc-endpoints = "none"
+  test          = "tc2"
+}
+aws_region = "ap-northeast-2"
+vpc_config = {
+  cidr        = "10.9.0.0/16"
+  azs         = ["ap-northeast-2a", "ap-northeast-2c"]
+  subnet_type = "private" # allowed values : "isolated" | "public" | "private" 
+  single_ngw  = false
+}
diff --git a/examples/vpc/fixture.tc3.tfvars b/examples/vpc/fixture.tc3.tfvars
@@ -0,0 +1,37 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "private"
+  nat-per-az    = "single"
+  vpc_endpoints = "sagemaker-essential"
+  test          = "tc3"
+}
+aws_region = "us-east-1"
+vpc_config = {
+  cidr        = "10.9.0.0/16"
+  azs         = ["us-east-1a", "us-east-1c"]
+  subnet_type = "private" # allowed values : "isolated" | "public" | "private" 
+  single_ngw  = true
+}
+vpce_confnig = [
+  {
+    service             = "s3"
+    type                = "Interface"
+    private_dns_enabled = false
+  },
+  {
+    service             = "sagemaker.api"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "sagemaker.runtime"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "notebook"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+]
diff --git a/examples/vpc/fixture.tc4.tfvars b/examples/vpc/fixture.tc4.tfvars
@@ -0,0 +1,106 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "isolated"
+  vpn-gateway   = "disabled"
+  vpc-endpoints = "for-isolated-network"
+  test          = "tc4"
+}
+aws_region = "ap-northeast-2"
+vpc_config = {
+  cidr        = "10.1.0.0/16"
+  azs         = ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]
+  subnet_type = "isolated" # allowed values : "isolated" | "public" | "private" 
+}
+vpce_config = [
+  {
+    service             = "s3"
+    type                = "Interface"
+    private_dns_enabled = false
+  },
+  {
+    service             = "ecr.api"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ecr.dkr"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ecs"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ec2"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ec2messages"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "autoscaling"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "application-autoscaling"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "kinesis-streams"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "kinesis-firehose"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "logs"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "monitoring"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "sts"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "sagemaker.api"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "sagemaker.runtime"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "notebook"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ssm"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+  {
+    service             = "ssmmessages"
+    type                = "Interface"
+    private_dns_enabled = true
+  },
+]
diff --git a/examples/vpc/fixture.tc5.tfvars b/examples/vpc/fixture.tc5.tfvars
@@ -0,0 +1,17 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "isolated"
+  vpn-gateway   = "enabled"
+  vpc-endpoints = "none"
+  test          = "tc5"
+}
+aws_region = "ap-northeast-2"
+vpc_config = {
+  cidr        = "10.1.0.0/16"
+  azs         = ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]
+  subnet_type = "isolated" # allowed values : "isolated" | "public" | "private" 
+}
+vgw_config = {
+  enable_vgw = true
+}
diff --git a/examples/vpc/fixture.tc6.tfvars b/examples/vpc/fixture.tc6.tfvars
@@ -0,0 +1,21 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "public"
+  vpc_endpoints = "s3-essential"
+  test          = "tc6"
+}
+aws_region = "us-east-1"
+vpc_config = {
+  cidr        = "10.9.0.0/16"
+  azs         = ["us-east-1a", "us-east-1c"]
+  subnet_type = "public" # allowed values : "isolated" | "public" | "private" 
+  single_ngw  = true
+}
+vpce_config = [
+  {
+    service             = "s3"
+    type                = "Interface"
+    private_dns_enabled = false
+  },
+]
diff --git a/examples/vpc/fixture.tc7.tfvars b/examples/vpc/fixture.tc7.tfvars
@@ -0,0 +1,17 @@
+name = "yourvpc"
+tags = {
+  env           = "dev"
+  vpc-type      = "custom"
+  subnet-type   = "public"
+  nat-per-az    = "single"
+  vpn-gateway   = "disabled"
+  vpc_endpoints = "none"
+  test          = "tc7"
+}
+aws_region = "ap-northeast-2"
+vpc_config = {
+  cidr        = "10.9.0.0/16"
+  azs         = ["ap-northeast-2a", "ap-northeast-2c"]
+  subnet_type = "public" # allowed values : "isolated" | "public" | "standard" 
+  single_ngw  = true
+}
diff --git a/examples/vpc/fixture.tc8.tfvars b/examples/vpc/fixture.tc8.tfvars
@@ -0,0 +1,14 @@
+tags = {
+  env           = "dev"
+  vpc-type      = "default"
+  vpc_endpoints = "s3-essential"
+  test          = "tc8"
+}
+aws_region = "us-east-1"
+vpce_config = [
+  {
+    service             = "s3"
+    type                = "Interface"
+    private_dns_enabled = false
+  },
+]
diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
@@ -0,0 +1,12 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+module "vpc" {
+  source      = "../../"
+  name        = var.name
+  tags        = var.tags
+  vpc_config  = var.vpc_config
+  vpce_config = var.vpce_config
+  vgw_config  = var.vgw_config
+}
diff --git a/examples/vpc/outputs.tf b/examples/vpc/outputs.tf
@@ -0,0 +1,19 @@
+output "vpc" {
+  value = module.vpc.vpc
+}
+
+output "subnets" {
+  value = module.vpc.subnets
+}
+
+output "route_tables" {
+  value = module.vpc.route_tables
+}
+
+output "vpce" {
+  value = module.vpc.vpce
+}
+
+output "vgw" {
+  value = module.vpc.vgw
+}
diff --git a/examples/vpc/variables.tf b/examples/vpc/variables.tf
@@ -0,0 +1,37 @@
+# Variables for providing to module fixture codes
+
+### network
+variable "aws_region" {
+  description = "The aws region to deploy"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "vpc_config" {
+  description = "A Virtual Private Cloud (VPC) configuration"
+  default     = {}
+}
+
+variable "vpce_config" {
+  description = "A Virtual Private Cloud (VPC) endpoints configuration"
+  default     = []
+}
+
+variable "vgw_config" {
+  description = "A Virtual Private Gateway (VGW) configuration"
+  default     = {}
+}
+
+### description
+variable "name" {
+  description = "The logical name of the module instance"
+  type        = string
+  default     = null
+}
+
+### tags
+variable "tags" {
+  description = "The key-value maps for tagging"
+  type        = map(string)
+  default     = {}
+}