-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvpc.tf
157 lines (118 loc) · 3.51 KB
/
vpc.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
###======================== CTF VPC ====================== ###
resource "aws_vpc" "ctf" {
#checkov:skip=CKV2_AWS_11:Ensure VPC flow logging is enabled in all VPCs
cidr_block = var.vpc_cidr_block
instance_tenancy = "default"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "CTF (${var.aws_region})"
}
}
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.ctf.id
tags = {
Name = "CTF | Internet Gateway"
}
}
resource "aws_nat_gateway" "natgw" {
allocation_id = aws_eip.natgw_eip.id
subnet_id = aws_subnet.natgw.id
tags = {
Name = "CTF | NAT Gateway"
}
# To ensure proper ordering, it is recommended to add an explicit dependency
# on the Internet Gateway for the VPC.
depends_on = [aws_internet_gateway.gw, aws_eip.natgw_eip]
}
resource "aws_eip" "natgw_eip" {
domain = "vpc"
public_ipv4_pool = "amazon"
# To ensure proper ordering, it is recommended to add an explicit dependency
# on the Internet Gateway for the VPC.
depends_on = [aws_internet_gateway.gw]
}
resource "aws_route_table" "ctf" {
vpc_id = aws_vpc.ctf.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "CTF IGW | Subnet Routing Table"
}
}
resource "aws_route_table" "ctf_natgw" {
vpc_id = aws_vpc.ctf.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.natgw.id
}
tags = {
Name = "CTF NAT GW | Subnet Routing Table"
}
}
resource "aws_subnet" "public_a" {
vpc_id = aws_vpc.ctf.id
cidr_block = var.subnet_a_public_cidr_block
availability_zone = var.aws_availability_zone_a
enable_resource_name_dns_a_record_on_launch = true
tags = {
Name = "Public | Subnet A ${var.aws_availability_zone_a}"
}
}
resource "aws_subnet" "public_b" {
vpc_id = aws_vpc.ctf.id
cidr_block = var.subnet_b_public_cidr_block
availability_zone = var.aws_availability_zone_b
enable_resource_name_dns_a_record_on_launch = true
tags = {
Name = "Public | Subnet B ${var.aws_availability_zone_b}"
}
}
resource "aws_subnet" "natgw" {
vpc_id = aws_vpc.ctf.id
cidr_block = var.subnet_natgw_cidr_block
enable_resource_name_dns_a_record_on_launch = true
tags = {
Name = "NAT Gateway | Subnet"
}
}
resource "aws_subnet" "ctfd" {
vpc_id = aws_vpc.ctf.id
cidr_block = var.subnet_cftd_cidr_block
availability_zone = var.aws_availability_zone_a
enable_resource_name_dns_a_record_on_launch = true
tags = {
Name = "CFPd | Subnet"
}
}
resource "aws_subnet" "owaspjs" {
vpc_id = aws_vpc.ctf.id
cidr_block = var.subnet_owaspjs_cidr_block
availability_zone = var.aws_availability_zone_a
enable_resource_name_dns_a_record_on_launch = true
tags = {
Name = "OWASP Juice Shop | Subnet"
}
}
resource "aws_route_table_association" "public_a" {
subnet_id = aws_subnet.public_a.id
route_table_id = aws_route_table.ctf.id
}
resource "aws_route_table_association" "public_b" {
subnet_id = aws_subnet.public_b.id
route_table_id = aws_route_table.ctf.id
}
resource "aws_route_table_association" "natgw" {
subnet_id = aws_subnet.natgw.id
route_table_id = aws_route_table.ctf.id
}
resource "aws_route_table_association" "ctfd" {
subnet_id = aws_subnet.ctfd.id
route_table_id = aws_route_table.ctf_natgw.id
}
resource "aws_route_table_association" "owaspjs" {
subnet_id = aws_subnet.owaspjs.id
route_table_id = aws_route_table.ctf_natgw.id
}