From 609f9b3e7b862e87c9996e6c20ed1af2352cd8d3 Mon Sep 17 00:00:00 2001 From: shockrah Date: Tue, 3 Oct 2023 19:07:06 -0700 Subject: [PATCH] Moving networking code out into its own module --- .gitignore | 8 +++---- infra/networking/Makefile | 24 +++++++++++++++++++++ infra/networking/backend.tf | 24 +++++++++++++++++++++ infra/networking/gateway.tf | 8 +++++++ infra/networking/route-table.tf | 23 ++++++++++++++++++++ infra/networking/subnet.tf | 23 ++++++++++++++++++++ infra/networking/terraform.tfvars | 7 +++++++ infra/networking/variables.tf | 35 +++++++++++++++++++++++++++++++ infra/networking/vpc.tf | 11 ++++++++++ 9 files changed, 159 insertions(+), 4 deletions(-) create mode 100644 infra/networking/Makefile create mode 100644 infra/networking/backend.tf create mode 100644 infra/networking/gateway.tf create mode 100644 infra/networking/route-table.tf create mode 100644 infra/networking/subnet.tf create mode 100644 infra/networking/terraform.tfvars create mode 100644 infra/networking/variables.tf create mode 100644 infra/networking/vpc.tf diff --git a/.gitignore b/.gitignore index b937d26..40b21b4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,11 @@ msg *.swp infra/secrets/ -infra/.terraform -infra/.terraform.lock.hcl -infra/terraform.tfvars +infra/**/.terraform/ +infra/**/.terraform.lock.hcl +infra/**/terraform.tfvars infra/keys/ -infra/out.plan +infra/**/out.plan infra/terraform.tfstate infra/terraform.tfstate.backup playbooks/hosts.ini diff --git a/infra/networking/Makefile b/infra/networking/Makefile new file mode 100644 index 0000000..cb42529 --- /dev/null +++ b/infra/networking/Makefile @@ -0,0 +1,24 @@ +plan=out.plan + +SHELL := /bin/bash + +$(plan): *.tf + source ../secrets/set-env.sh && terraform plan -input=false -out $(plan) + +push: build + source ../secrets/set-env.sh && terraform apply $(plan) + +refresh: + source ../secrets/set-env.sh && terraform apply -refresh-only + +test: + terraform validate + + +rip: + source ../secrets/set-env.sh && terraform destroy + +clean: + rm -f $(plan) + +.PHONY: test build clean push rip diff --git a/infra/networking/backend.tf b/infra/networking/backend.tf new file mode 100644 index 0000000..f5fe927 --- /dev/null +++ b/infra/networking/backend.tf @@ -0,0 +1,24 @@ +terraform { + required_version = ">= 0.13" + backend "s3" { + bucket = "project-athens" + key = "infra/networking/state/build.tfstate" + region = "us-west-1" + encrypt = true + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "4.13.0" + } + } +} + +# Base config for using AWS features w/ Terraform +provider "aws" { + access_key = var.aws_key + secret_key = var.aws_secret + region = var.aws_region + max_retries = 1 +} + diff --git a/infra/networking/gateway.tf b/infra/networking/gateway.tf new file mode 100644 index 0000000..4a809f9 --- /dev/null +++ b/infra/networking/gateway.tf @@ -0,0 +1,8 @@ +# Used to provide internet access for instances in the VPC +resource "aws_internet_gateway" "athens_internet_gateway" { + vpc_id = aws_vpc.athens_vpc.id + + tags = { + Name = "Athens Common Internet Gateway in Olypmus" + } +} diff --git a/infra/networking/route-table.tf b/infra/networking/route-table.tf new file mode 100644 index 0000000..43f32cb --- /dev/null +++ b/infra/networking/route-table.tf @@ -0,0 +1,23 @@ +# NOTE: local traffic route is implied and does not need to be specified +resource "aws_route_table" "crete_route_table" { + vpc_id = aws_vpc.athens_vpc.id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.athens_internet_gateway.id + } + + tags = { + Name = "Crete IGW Route Table" + } +} + + +resource "aws_route_table_association" "crete_gateway_association" { + subnet_id = aws_subnet.crete.id + route_table_id = aws_route_table.crete_route_table.id +} + +resource "aws_route_table_association" "delphi_gateway_association" { + subnet_id = aws_subnet.delphi.id + route_table_id = aws_route_table.crete_route_table.id +} diff --git a/infra/networking/subnet.tf b/infra/networking/subnet.tf new file mode 100644 index 0000000..ab8dd7b --- /dev/null +++ b/infra/networking/subnet.tf @@ -0,0 +1,23 @@ +# This script represents the subnet structure for Crete(primary subnet) + +resource "aws_subnet" "crete" { + vpc_id = aws_vpc.athens_vpc.id + # 10.0.1.0/24 + cidr_block = var.crete_cidr + availability_zone = var.athens_availability_zone + + tags = { + Name = "Crete Subnet" + Description = "Main subnet for EC2 and Alpha-LB" + } +} + +resource "aws_subnet" "delphi" { + vpc_id = aws_vpc.athens_vpc.id + cidr_block = "10.0.2.0/24" + availability_zone = "us-west-1c" + tags = { + Name = "Delphi Subnet" + Description = "Secondary subnet for the Alpha-LB mostly" + } +} diff --git a/infra/networking/terraform.tfvars b/infra/networking/terraform.tfvars new file mode 100644 index 0000000..8404a5b --- /dev/null +++ b/infra/networking/terraform.tfvars @@ -0,0 +1,7 @@ +# AWS Things +aws_region = "us-west-1" + +athens_availability_zone = "us-west-1b" +athens_cidr = "10.0.0.0/16" +crete_cidr = "10.0.1.0/24" + diff --git a/infra/networking/variables.tf b/infra/networking/variables.tf new file mode 100644 index 0000000..bf89a93 --- /dev/null +++ b/infra/networking/variables.tf @@ -0,0 +1,35 @@ +# All variables that are used in various places go here + +######################### General provider specific values + +variable "aws_key" { + description = "Access Key for AWS operations" + type = string + sensitive = true +} + +variable "aws_secret" { + description = "Secret Key for AWS operations" + type = string + sensitive = true +} + +variable "aws_region" { + description = "Region where the VPC is located" + type = string + sensitive = true +} + +variable "crete_cidr" { + description = "CIDR block for the servers themselves" + type = string +} +variable "athens_availability_zone" { + description = "Availability zone for Project Bucket" + type = string +} + +variable "athens_cidr" { + description = "VPC Subnet CIDR block" + type = string +} diff --git a/infra/networking/vpc.tf b/infra/networking/vpc.tf new file mode 100644 index 0000000..2411f5e --- /dev/null +++ b/infra/networking/vpc.tf @@ -0,0 +1,11 @@ + +resource "aws_vpc" "athens_vpc" { + cidr_block = var.athens_cidr + enable_dns_support = true + enable_dns_hostnames = true + + tags = { + Name = "Project Athens VPC" + } +} +