Terraform AWS vpc自定义模块重新创建路由表和子网
我有下面这个复杂的地形模块Terraform AWS vpc自定义模块重新创建路由表和子网,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,我有下面这个复杂的地形模块 vpc.tf resource "aws_vpc" "main_vpc" { cidr_block = var.vpc_range enable_dns_support = true enable_dns_hostnames = true } resource "aws_internet_gateway" "main_vpc_gateway" {
vpc.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
data.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
locals.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
variables.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
outputs.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
root.tf
resource "aws_vpc" "main_vpc" {
cidr_block = var.vpc_range
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "main_vpc_gateway" {
vpc_id = aws_vpc.main_vpc.id
}
resource "aws_subnet" "main_subnets" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
cidr_block = each.value.subnet_cidr
availability_zone_id = each.value.subnet_az_id
map_public_ip_on_launch = each.value.is_public
}
resource "aws_route_table" "subnet_route_tables" {
vpc_id = aws_vpc.main_vpc.id
for_each = { for cidr_data in local.subnet_cidr_range: cidr_data.subnet_name => cidr_data }
}
resource "aws_route_table_association" "subnet_route_table_associations" {
for_each = { for route_table_association_details in local.route_table_association_details: route_table_association_details.subnet_name => route_table_association_details }
subnet_id = each.value.subnet_id
route_table_id = each.value.route_table_id
}
resource "aws_route" "vpc_default_gateway" {
route_table_id = aws_vpc.main_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_route" "subnet_internet_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if details.is_public }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main_vpc_gateway.id
}
resource "aws_nat_gateway" "vpc_gateways" {
for_each = { for nat_details in local.private_nat_gateway_details: nat_details.availability_zone => nat_details }
depends_on = [ aws_internet_gateway.main_vpc_gateway ]
allocation_id = lookup(lookup(data.aws_eip.nat_gateway_ips, each.value.availability_zone, ""), "id", "")
subnet_id = each.value.nat_public_subnet_details.subnet_id
}
resource "aws_route" "subnet_nat_gateway" {
for_each = { for details in local.created_subnet_details: details.subnet_name => details if !details.is_public && details.subnet_type != "pvt_internal_privileged" }
route_table_id = each.value.route_table_id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = lookup(lookup(aws_nat_gateway.vpc_gateways, each.value.availability_zone, ""), "id", "")
}
data "aws_availability_zones" "all_azs" {
state = "available"
}
data "aws_eip" "nat_gateway_ips" {
for_each = var.nat_gateway_ips
public_ip = each.value
}
locals {
subnet_id_map = zipmap(data.aws_availability_zones.all_azs.names, data.aws_availability_zones.all_azs.zone_ids)
subnet_cidr_range = flatten([
for each_subnet in var.all_subnets : [
for each_az in each_subnet.azs : {
subnet_type = each_subnet.name
subnet_az = each_az.name
subnet_cidr = each_az.range
subnet_name = "${replace(each_az.name, "-", "_")}_${each_subnet.name}"
subnet_az_id = local.subnet_id_map[each_az.name]
is_public = length(regexall("^pub.*", each_subnet.name)) > 0
}
]
])
created_subnet_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_name = each_subnet.subnet_name
is_public = each_subnet.is_public
subnet_type = each_subnet.subnet_type
subnet_cidr = each_subnet.subnet_cidr
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
availability_zone = each_subnet.subnet_az
}
])
created_subnet_map = { for details in local.created_subnet_details: details.subnet_name => details }
route_table_association_details = ([
for each_subnet in local.subnet_cidr_range : {
subnet_id = lookup(lookup(aws_subnet.main_subnets, each_subnet.subnet_name, {}), "id", "")
route_table_id = lookup(lookup(aws_route_table.subnet_route_tables, each_subnet.subnet_name, {}), "id", "")
subnet_name = each_subnet.subnet_name
}
])
# Retrive distinct AZs we want the nat gateways in
private_nat_gateway_azs = distinct([
for details in local.created_subnet_details: details.availability_zone if !details.is_public && details.subnet_type != "pvt_internal_privileged"
])
private_nat_gateway_details = ([
for details in local.private_nat_gateway_azs: {
availability_zone = details
nat_public_subnet_details = lookup(local.created_subnet_map, "${replace(details, "-", "_")}_pub_apps_cust", "")
}
])
}
variable "region" {
type = string
}
variable "vpc_range" {
type = string
}
variable "all_subnets" {}
variable "cluster" {
type = string
}
variable "nat_gateway_ips" {
type = map
}
variable "sensitive_nat_gateway_ips" {
type = map
}
output "created_subnet_details" {
value = { for details in local.created_subnet_details: details.subnet_name => details }
}
output "vpc_details" {
value = aws_vpc.main_vpc
}
module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
}]
}
所有子网地形平面图子网路由表路由路由表关联module "vpc-sa-east-1" {
source = "../../../modules/vpc"
providers = {
aws = aws.sa-east-1
}
region = "sa-east-1"
cluster = ""
vpc_range = "10.73.0.0/16"
nat_gateway_ips = {}
sensitive_nat_gateway_ips = {}
all_subnets = [ {
name: "pub_apps_cust",
azs: [{
name: "sa-east-1a"
range: "10.73.164.0/25"
}, {
name: "sa-east-1b"
range: "10.73.164.128/25"
}]
},
{
name: "pub_apps_internal",
azs: [{
name: "sa-east-1a"
range: "10.73.165.0/25"
}, {
name: "sa-east-1b"
range: "10.73.165.128/25"
}]
}
]
}
`您的代码不可复制
nat\u gateway\u ips数据。tf