From bd5c78eda922079db60199c3ab158d4318b84124 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Sun, 17 Jul 2016 13:16:06 -0700 Subject: [PATCH] examples: creating VPCs and subnets across two regions This example demonstrates both creating a network architecture *and* the use of data resources to minimize the number of variables needed for a child module by discovering additional data automatically. --- examples/aws-networking/.gitignore | 3 +++ examples/aws-networking/README.md | 11 ++++++++ .../aws-networking/numbering/variables.tf | 27 +++++++++++++++++++ examples/aws-networking/region/numbering.tf | 1 + examples/aws-networking/region/outputs.tf | 11 ++++++++ .../aws-networking/region/security_group.tf | 25 +++++++++++++++++ examples/aws-networking/region/subnets.tf | 14 ++++++++++ examples/aws-networking/region/variables.tf | 9 +++++++ examples/aws-networking/region/vpc.tf | 7 +++++ examples/aws-networking/regions.tf | 11 ++++++++ examples/aws-networking/subnet/numbering.tf | 1 + examples/aws-networking/subnet/outputs.tf | 3 +++ .../aws-networking/subnet/security_group.tf | 12 +++++++++ examples/aws-networking/subnet/subnet.tf | 13 +++++++++ examples/aws-networking/subnet/variables.tf | 11 ++++++++ examples/aws-networking/variables.tf | 3 +++ 16 files changed, 162 insertions(+) create mode 100644 examples/aws-networking/.gitignore create mode 100644 examples/aws-networking/README.md create mode 100644 examples/aws-networking/numbering/variables.tf create mode 120000 examples/aws-networking/region/numbering.tf create mode 100644 examples/aws-networking/region/outputs.tf create mode 100644 examples/aws-networking/region/security_group.tf create mode 100644 examples/aws-networking/region/subnets.tf create mode 100644 examples/aws-networking/region/variables.tf create mode 100644 examples/aws-networking/region/vpc.tf create mode 100644 examples/aws-networking/regions.tf create mode 120000 examples/aws-networking/subnet/numbering.tf create mode 100644 examples/aws-networking/subnet/outputs.tf create mode 100644 examples/aws-networking/subnet/security_group.tf create mode 100644 examples/aws-networking/subnet/subnet.tf create mode 100644 examples/aws-networking/subnet/variables.tf create mode 100644 examples/aws-networking/variables.tf diff --git a/examples/aws-networking/.gitignore b/examples/aws-networking/.gitignore new file mode 100644 index 000000000000..6382ccad7cc9 --- /dev/null +++ b/examples/aws-networking/.gitignore @@ -0,0 +1,3 @@ +terraform.tfstate +terraform.tfstate.backup +.terraform/* diff --git a/examples/aws-networking/README.md b/examples/aws-networking/README.md new file mode 100644 index 000000000000..f684e7c9b95f --- /dev/null +++ b/examples/aws-networking/README.md @@ -0,0 +1,11 @@ +# AWS Networking Example + +This example creates AWS VPC resources, making a VPC in each of two regions and +then two subnets in each VPC in two different availability zones. + +This example also demonstrates the use of modules to create several copies of +the same resource set with different arguments. The child modules in this +directory are: + +* `region`: container module for all of the network resources within a region. This is instantiated once per region. +* `subnet`: represents a subnet within a given availability zone. This is instantiated twice per region, using the first two availability zones supported within the target AWS account. diff --git a/examples/aws-networking/numbering/variables.tf b/examples/aws-networking/numbering/variables.tf new file mode 100644 index 000000000000..ae32caa89a9b --- /dev/null +++ b/examples/aws-networking/numbering/variables.tf @@ -0,0 +1,27 @@ +variable "region_numbers" { + default = { + us-east-1 = 1 + us-west-1 = 2 + us-west-2 = 3 + eu-west-1 = 4 + } +} + +variable "az_numbers" { + default = { + a = 1 + b = 2 + c = 3 + d = 4 + e = 5 + f = 6 + g = 7 + h = 8 + i = 9 + j = 10 + k = 11 + l = 12 + m = 13 + n = 14 + } +} diff --git a/examples/aws-networking/region/numbering.tf b/examples/aws-networking/region/numbering.tf new file mode 120000 index 000000000000..49f7617b054a --- /dev/null +++ b/examples/aws-networking/region/numbering.tf @@ -0,0 +1 @@ +../numbering/variables.tf \ No newline at end of file diff --git a/examples/aws-networking/region/outputs.tf b/examples/aws-networking/region/outputs.tf new file mode 100644 index 000000000000..fd2c64c3e917 --- /dev/null +++ b/examples/aws-networking/region/outputs.tf @@ -0,0 +1,11 @@ +output "vpc_id" { + value = "${aws_vpc.main.id}" +} + +output "primary_subnet_id" { + value = "${module.primary_subnet.subnet_id}" +} + +output "secondary_subnet_id" { + value = "${module.secondary_subnet.subnet_id}" +} diff --git a/examples/aws-networking/region/security_group.tf b/examples/aws-networking/region/security_group.tf new file mode 100644 index 000000000000..c5792dca55e1 --- /dev/null +++ b/examples/aws-networking/region/security_group.tf @@ -0,0 +1,25 @@ +resource "aws_security_group" "region" { + name = "region" + description = "Open access within this region" + vpc_id = "${aws_vpc.main.id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["${aws_vpc.main.cidr_block}"] + } +} + +resource "aws_security_group" "internal-all" { + name = "internal-all" + description = "Open access within the full internal network" + vpc_id = "${aws_vpc.main.id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["${var.base_cidr_block}"] + } +} diff --git a/examples/aws-networking/region/subnets.tf b/examples/aws-networking/region/subnets.tf new file mode 100644 index 000000000000..d51b10711174 --- /dev/null +++ b/examples/aws-networking/region/subnets.tf @@ -0,0 +1,14 @@ +data "aws_availability_zones" "all" { +} + +module "primary_subnet" { + source = "../subnet" + vpc_id = "${aws_vpc.main.id}" + availability_zone = "${data.aws_availability_zones.all.names[0]}" +} + +module "secondary_subnet" { + source = "../subnet" + vpc_id = "${aws_vpc.main.id}" + availability_zone = "${data.aws_availability_zones.all.names[1]}" +} diff --git a/examples/aws-networking/region/variables.tf b/examples/aws-networking/region/variables.tf new file mode 100644 index 000000000000..b5916f051cb2 --- /dev/null +++ b/examples/aws-networking/region/variables.tf @@ -0,0 +1,9 @@ +variable "region" { + description = "The name of the AWS region to set up a network within" +} + +variable "base_cidr_block" {} + +provider "aws" { + region = "${var.region}" +} diff --git a/examples/aws-networking/region/vpc.tf b/examples/aws-networking/region/vpc.tf new file mode 100644 index 000000000000..84a5e9114878 --- /dev/null +++ b/examples/aws-networking/region/vpc.tf @@ -0,0 +1,7 @@ +resource "aws_vpc" "main" { + cidr_block = "${cidrsubnet(var.base_cidr_block, 4, lookup(var.region_numbers, var.region))}" +} + +resource "aws_internet_gateway" "main" { + vpc_id = "${aws_vpc.main.id}" +} diff --git a/examples/aws-networking/regions.tf b/examples/aws-networking/regions.tf new file mode 100644 index 000000000000..2041bf70260a --- /dev/null +++ b/examples/aws-networking/regions.tf @@ -0,0 +1,11 @@ +module "us-east-1" { + source = "./region" + region = "us-east-1" + base_cidr_block = "${var.base_cidr_block}" +} + +module "us-west-2" { + source = "./region" + region = "us-west-2" + base_cidr_block = "${var.base_cidr_block}" +} diff --git a/examples/aws-networking/subnet/numbering.tf b/examples/aws-networking/subnet/numbering.tf new file mode 120000 index 000000000000..49f7617b054a --- /dev/null +++ b/examples/aws-networking/subnet/numbering.tf @@ -0,0 +1 @@ +../numbering/variables.tf \ No newline at end of file diff --git a/examples/aws-networking/subnet/outputs.tf b/examples/aws-networking/subnet/outputs.tf new file mode 100644 index 000000000000..e7ef1921b02d --- /dev/null +++ b/examples/aws-networking/subnet/outputs.tf @@ -0,0 +1,3 @@ +output "subnet_id" { + value = "${aws_subnet.main.id}" +} diff --git a/examples/aws-networking/subnet/security_group.tf b/examples/aws-networking/subnet/security_group.tf new file mode 100644 index 000000000000..5761ab56fcfc --- /dev/null +++ b/examples/aws-networking/subnet/security_group.tf @@ -0,0 +1,12 @@ +resource "aws_security_group" "az" { + name = "az-${data.aws_availability_zone.target.name}" + description = "Open access within the AZ ${data.aws_availability_zone.target.name}" + vpc_id = "${var.vpc_id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["${aws_subnet.main.cidr_block}"] + } +} diff --git a/examples/aws-networking/subnet/subnet.tf b/examples/aws-networking/subnet/subnet.tf new file mode 100644 index 000000000000..8ad68da49c06 --- /dev/null +++ b/examples/aws-networking/subnet/subnet.tf @@ -0,0 +1,13 @@ +resource "aws_subnet" "main" { + cidr_block = "${cidrsubnet(data.aws_vpc.target.cidr_block, 4, lookup(var.az_numbers, data.aws_availability_zone.target.name_suffix))}" + vpc_id = "${var.vpc_id}" +} + +resource "aws_route_table" "main" { + vpc_id = "${var.vpc_id}" +} + +resource "aws_route_table_association" "main" { + subnet_id = "${aws_subnet.main.id}" + route_table_id = "${aws_route_table.main.id}" +} diff --git a/examples/aws-networking/subnet/variables.tf b/examples/aws-networking/subnet/variables.tf new file mode 100644 index 000000000000..638085268162 --- /dev/null +++ b/examples/aws-networking/subnet/variables.tf @@ -0,0 +1,11 @@ +variable "vpc_id" {} + +variable "availability_zone" {} + +data "aws_availability_zone" "target" { + name = "${var.availability_zone}" +} + +data "aws_vpc" "target" { + id = "${var.vpc_id}" +} diff --git a/examples/aws-networking/variables.tf b/examples/aws-networking/variables.tf new file mode 100644 index 000000000000..054a1fc09f42 --- /dev/null +++ b/examples/aws-networking/variables.tf @@ -0,0 +1,3 @@ +variable "base_cidr_block" { + default = "10.0.0.0/12" +}