-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathi2_vpc_cloud_project.tf
152 lines (130 loc) · 5.38 KB
/
i2_vpc_cloud_project.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
// ***GCP VPC Build***
// https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#example-usage---basic-provider-blocks
provider "google" {
// GCP credentials added as Windows environment variable in VScode settings.json file
project = "class-adv2024-vueibaezis10"
region = "us-east1"
}
resource "google_compute_network" "i2_project_gcp_terraform_vpc" {
name = "i2-project-gcp-terraform-vpc"
auto_create_subnetworks = false
routing_mode = "REGIONAL"
}
resource "google_compute_subnetwork" "i2_project_gcp_terraform_subnet_1" {
name = "i2-project-gcp-terraform-subnet-1"
ip_cidr_range = "10.2.0.0/24"
network = google_compute_network.i2_project_gcp_terraform_vpc.name
}
// ***AWS VPC Build***
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/connect_instance
provider "aws" {
// AWS credentials added as Windows environment variable in VScode settings.json file
region = "us-east-1"
}
resource "aws_vpc" "i2_project_aws_terraform_vpc" {
cidr_block = "10.3.0.0/16"
tags = {
Name = "i2_project_aws_terraform_vpc"
}
}
// Create AWS subnet from primary VPC cidr block
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet
resource "aws_subnet" "i2_project_aws_terraform_subnet_1" {
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
cidr_block = "10.3.1.0/24"
availability_zone = "us-east-1a"
tags = {
Name = "i2_project_aws_terraform_subnet_1"
}
}
// Create a Virtual Private Gateway
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway
resource "aws_vpn_gateway" "i2_project_terraform_virtual_private_gateway" {
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
tags = {
Name = "i2_project_terraform_vpg"
}
}
// Attach Virtual Private Gateway
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment
resource "aws_vpn_gateway_attachment" "vpn_attachment" {
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
vpn_gateway_id = aws_vpn_gateway.i2_project_terraform_virtual_private_gateway.id
// Ensure that the Virtual Private Gateway is created first
depends_on = [aws_vpn_gateway.i2_project_terraform_virtual_private_gateway]
}
// Associate prefix with the Direct Connect gateway
// https://registry.terraform.io/providers/figma/aws-4-49-0/latest/docs/resources/dx_gateway_association_proposal
resource "aws_dx_gateway_association_proposal" "i2_project_terraform_dx_gateway_association_proposal" {
dx_gateway_id = "62adae79-7cd8-4ce7-8f1c-e53d31d7abdb"
dx_gateway_owner_account_id = "703594241974"
associated_gateway_id = "vgw-0a9218d7c9ef0b2f1"
allowed_prefixes = ["10.3.1.0/24"]
}
// Create Internet Gateway
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway
resource "aws_internet_gateway" "i2_project_aws_terraform_igw" {
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
tags = {
Name = "i2_project_terraform_igw"
}
}
// Create a route table
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table.html
resource "aws_route_table" "i2_project_aws_terraform_route_table" {
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
}
// Create a route to the Internet Gateway
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route
resource "aws_route" "i2_project_aws_terraform_internet_gateway_route" {
route_table_id = aws_route_table.i2_project_aws_terraform_route_table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.i2_project_aws_terraform_igw.id
}
// Associate the route table with the subnet
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association
resource "aws_route_table_association" "i2_project_aws_terraform_route_table_association" {
subnet_id = aws_subnet.i2_project_aws_terraform_subnet_1.id
route_table_id = aws_route_table.i2_project_aws_terraform_route_table.id
}
// ***AWS Security Group***
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
resource "aws_security_group" "allow_ssh_icmp_from_gcp" {
name = "allow_ssh_icmp_from_gcp"
description = "Security group allowing SSH and ICMP from GCP"
vpc_id = aws_vpc.i2_project_aws_terraform_vpc.id
// ***AWS SSH and ICMP inbound rule exceptions from GCP***
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["10.2.0.0/24"] // Allow ssh traffic from GCP CIDR
}
ingress {
from_port = 8
to_port = 0
protocol = "icmp"
cidr_blocks = ["10.2.0.0/24"] // Allow icmp traffic from GCP CIDR
}
// Allow all outbound traffic
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
// ***GCP SSH and ICMP inbound rule exceptions from AWS***
// https://registry.terraform.io/providers/hashicorp/google/3.0.0-beta.1/docs/resources/compute_firewall
resource "google_compute_firewall" "allow_ssh_icmp_from_aws" {
name = "allow-ssh-icmp-from-aws"
network = google_compute_network.i2_project_gcp_terraform_vpc.name
allow {
protocol = "tcp"
ports = ["22"]
}
allow {
protocol = "icmp"
}
source_ranges = ["10.3.0.0/16"] // Allow ssh and icmp traffic from AWS CIDR
}