From 17c1e3467b4e422cf37a7e582af0a8462b065456 Mon Sep 17 00:00:00 2001 From: shockrah Date: Sun, 28 Nov 2021 15:24:26 -0800 Subject: [PATCH] * Fixing NAT gateway for proper usage from crete members With this patch members of Crete can now get system patches --- infra/eip.tf | 1 + infra/gateway.tf | 13 +++++++++---- infra/route-table.tf | 27 ++++++++++++++++++++++----- 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/infra/eip.tf b/infra/eip.tf index 636c9eb..9be52bc 100644 --- a/infra/eip.tf +++ b/infra/eip.tf @@ -15,6 +15,7 @@ resource "aws_eip" "gamma_eip" { } } +# This EIP is reserved for the NAT gateway which lives in Olympus resource "aws_eip" "demeter_eip" { vpc = true tags = { diff --git a/infra/gateway.tf b/infra/gateway.tf index c80338c..1776077 100644 --- a/infra/gateway.tf +++ b/infra/gateway.tf @@ -1,16 +1,21 @@ +# Used to provide internet access for instances in the VPC resource "aws_internet_gateway" "athens_internet_gateway" { vpc_id = aws_vpc.athens_vpc.id tags = { - Name = "Athens Common Internet Gateway" + Name = "Athens Common Internet Gateway in Olypmus" } } -resource "aws_nat_gateway" "athens_nat_gateway" { +# NAT lives in the public subnet because it has an EIP +# which is the main requirement to be situated in Olympus +resource "aws_nat_gateway" "crete_nat_gateway" { allocation_id = aws_eip.demeter_eip.id - subnet_id = aws_subnet.crete_subnet.id + subnet_id = aws_subnet.olympus_subnet.id tags = { - Name = "Demeter - Crete' NAT" + Name = "Demeter - Crete's NAT located in Olympus" } + # Ensure this resource is created after the internet gateway + depends_on = [aws_internet_gateway.athens_internet_gateway] } diff --git a/infra/route-table.tf b/infra/route-table.tf index de2a07d..99a8f7c 100644 --- a/infra/route-table.tf +++ b/infra/route-table.tf @@ -1,17 +1,34 @@ -resource "aws_route_table" "crete_route_table" { +# NOTE: local traffic route is implied and does not need to be specified +resource "aws_route_table" "olympus_route_table" { vpc_id = aws_vpc.athens_vpc.id route { - # ???? cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.athens_internet_gateway.id } + tags = { - Name = "Crete Route Table" + Name = "Olympush IGW Route Table" } } +resource "aws_route_table_association" "olympus_gateway_association" { + subnet_id = aws_subnet.olympus_subnet.id + route_table_id = aws_route_table.olympus_route_table.id +} -resource "aws_route_table_association" "crete_gateway_association" { + +# Here we route crete's traffic to the nat +# NOTE: The NAT is actually located in Olympus because it has an EIP +resource "aws_route_table" "crete_route_table" { + vpc_id = aws_vpc.athens_vpc.id + route { + cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.crete_nat_gateway.id + } + tags = { + Name = "Crete NAT Route Table" + } +} +resource "aws_route_table_association" "crete_nat_association" { subnet_id = aws_subnet.crete_subnet.id route_table_id = aws_route_table.crete_route_table.id } -