diff --git a/README.md b/README.md index 40f74e2fa..fb38b180b 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,11 @@ Terraform version 0.10.3 or newer is required for this module to work. | azs | A list of availability zones in the region | string | `` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | | create_database_subnet_group | Controls if database subnet group should be created | string | `true` | no | +| create_database_subnet_route_table | Controls if separate route table for database should be created | string | `false` | no | +| create_elasticache_subnet_route_table | Controls if separate route table for elasticache should be created | string | `false` | no | +| create_redshift_subnet_route_table | Controls if separate route table for redshift should be created | string | `false` | no | | create_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | +| database_route_table_tags | Additional tags for the database route tables | string | `` | no | | database_subnet_group_tags | Additional tags for the database subnet group | string | `` | no | | database_subnet_tags | Additional tags for the database subnets | string | `` | no | | database_subnets | A list of database subnets | list | `` | no | @@ -181,6 +185,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | dhcp_options_netbios_node_type | Specify netbios node_type for DHCP options set | string | `` | no | | dhcp_options_ntp_servers | Specify a list of NTP servers for DHCP options set | list | `` | no | | dhcp_options_tags | Additional tags for the DHCP option set | string | `` | no | +| elasticache_route_table_tags | Additional tags for the elasticache route tables | string | `` | no | | elasticache_subnet_tags | Additional tags for the elasticache subnets | string | `` | no | | elasticache_subnets | A list of elasticache subnets | list | `` | no | | enable_dhcp_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | @@ -210,6 +215,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | public_route_table_tags | Additional tags for the public route tables | string | `` | no | | public_subnet_tags | Additional tags for the public subnets | string | `` | no | | public_subnets | A list of public subnets inside the VPC | string | `` | no | +| redshift_route_table_tags | Additional tags for the redshift route tables | string | `` | no | | redshift_subnet_group_tags | Additional tags for the redshift subnet group | string | `` | no | | redshift_subnet_tags | Additional tags for the redshift subnets | string | `` | no | | redshift_subnets | A list of redshift subnets | list | `` | no | @@ -224,6 +230,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | |------|-------------| +| database_route_table_ids | List of IDs of database route tables | | database_subnet_group | ID of database subnet group | | database_subnets | List of IDs of database subnets | | database_subnets_cidr_blocks | List of cidr_blocks of database subnets | @@ -239,6 +246,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | default_vpc_id | Default VPC | | default_vpc_instance_tenancy | Tenancy of instances spin up within VPC | | default_vpc_main_route_table_id | The ID of the main route table associated with this VPC | +| elasticache_route_table_ids | List of IDs of elasticache route tables | | elasticache_subnet_group | ID of elasticache subnet group | | elasticache_subnet_group_name | Name of elasticache subnet group | | elasticache_subnets | List of IDs of elasticache subnets | @@ -247,7 +255,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | intra_route_table_ids | List of IDs of intra route tables | | intra_subnets | List of IDs of intra subnets | | intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets | -| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway | +| nat_ids | Nat gateway | | nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway | | natgw_ids | List of NAT Gateway IDs | | private_route_table_ids | List of IDs of private route tables | @@ -256,6 +264,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | public_route_table_ids | Route tables | | public_subnets | List of IDs of public subnets | | public_subnets_cidr_blocks | List of cidr_blocks of public subnets | +| redshift_route_table_ids | List of IDs of redshift route tables | | redshift_subnet_group | ID of redshift subnet group | | redshift_subnets | List of IDs of redshift subnets | | redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets | diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md new file mode 100644 index 000000000..332c12a25 --- /dev/null +++ b/examples/vpc-separate-private-route-tables/README.md @@ -0,0 +1,33 @@ +# VPC with separate private route tables + +Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup). + +There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. + + + +## Outputs + +| Name | Description | +|------|-------------| +| database_subnets | List of IDs of database subnets | +| elasticache_subnets | List of IDs of elasticache subnets | +| nat_public_ips | NAT gateways | +| private_subnets | Subnets | +| public_subnets | List of IDs of public subnets | +| redshift_subnets | List of IDs of elasticache subnets | +| vpc_id | VPC | + + diff --git a/examples/vpc-separate-private-route-tables/main.tf b/examples/vpc-separate-private-route-tables/main.tf new file mode 100644 index 000000000..b380a4065 --- /dev/null +++ b/examples/vpc-separate-private-route-tables/main.tf @@ -0,0 +1,31 @@ +provider "aws" { + region = "eu-west-1" +} + +module "vpc" { + source = "../../" + + name = "vpc-separate-private-route-tables" + + cidr = "10.10.0.0/16" + + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] + public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"] + database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"] + elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"] + redshift_subnets = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"] + + create_database_subnet_route_table = true + create_elasticache_subnet_route_table = true + create_redshift_subnet_route_table = true + + single_nat_gateway = true + enable_nat_gateway = true + + tags = { + Owner = "user" + Environment = "staging" + Name = "separate-private-route-tables" + } +} diff --git a/examples/vpc-separate-private-route-tables/outputs.tf b/examples/vpc-separate-private-route-tables/outputs.tf new file mode 100644 index 000000000..1a4ba6073 --- /dev/null +++ b/examples/vpc-separate-private-route-tables/outputs.tf @@ -0,0 +1,37 @@ +# VPC +output "vpc_id" { + description = "The ID of the VPC" + value = "${module.vpc.vpc_id}" +} + +# Subnets +output "private_subnets" { + description = "List of IDs of private subnets" + value = ["${module.vpc.private_subnets}"] +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = ["${module.vpc.public_subnets}"] +} + +output "database_subnets" { + description = "List of IDs of database subnets" + value = ["${module.vpc.database_subnets}"] +} + +output "elasticache_subnets" { + description = "List of IDs of elasticache subnets" + value = ["${module.vpc.elasticache_subnets}"] +} + +output "redshift_subnets" { + description = "List of IDs of elasticache subnets" + value = ["${module.vpc.redshift_subnets}"] +} + +# NAT gateways +output "nat_public_ips" { + description = "List of public Elastic IPs created for AWS NAT Gateway" + value = ["${module.vpc.nat_public_ips}"] +} diff --git a/main.tf b/main.tf index b40b988a0..79938af9d 100644 --- a/main.tf +++ b/main.tf @@ -98,6 +98,39 @@ resource "aws_route_table" "private" { } } +################# +# Database routes +################# +resource "aws_route_table" "database" { + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0}" + + vpc_id = "${aws_vpc.this.id}" + + tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-database"))}" +} + +################# +# Redshift routes +################# +resource "aws_route_table" "redshift" { + count = "${var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0}" + + vpc_id = "${aws_vpc.this.id}" + + tags = "${merge(var.tags, var.redshift_route_table_tags, map("Name", "${var.name}-redshift"))}" +} + +################# +# Elasticache routes +################# +resource "aws_route_table" "elasticache" { + count = "${var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0}" + + vpc_id = "${aws_vpc.this.id}" + + tags = "${merge(var.tags, var.elasticache_route_table_tags, map("Name", "${var.name}-elasticache"))}" +} + ################# # Intra routes ################# @@ -350,21 +383,21 @@ resource "aws_route_table_association" "database" { count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}" subnet_id = "${element(aws_subnet.database.*.id, count.index)}" - route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}" + route_table_id = "${element(coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index))}" } resource "aws_route_table_association" "redshift" { count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0}" subnet_id = "${element(aws_subnet.redshift.*.id, count.index)}" - route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}" + route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}" } resource "aws_route_table_association" "elasticache" { count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}" subnet_id = "${element(aws_subnet.elasticache.*.id, count.index)}" - route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}" + route_table_id = "${element(coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index))}" } resource "aws_route_table_association" "intra" { diff --git a/outputs.tf b/outputs.tf index 33118e555..2fe5dca89 100644 --- a/outputs.tf +++ b/outputs.tf @@ -151,11 +151,27 @@ output "private_route_table_ids" { value = ["${aws_route_table.private.*.id}"] } +output "database_route_table_ids" { + description = "List of IDs of database route tables" + value = ["${coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id)}"] +} + +output "redshift_route_table_ids" { + description = "List of IDs of redshift route tables" + value = ["${coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id)}"] +} + +output "elasticache_route_table_ids" { + description = "List of IDs of elasticache route tables" + value = ["${coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id)}"] +} + output "intra_route_table_ids" { description = "List of IDs of intra route tables" value = ["${aws_route_table.intra.*.id}"] } +# Nat gateway output "nat_ids" { description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" value = ["${aws_eip.nat.*.id}"] diff --git a/variables.tf b/variables.tf index f1c8c83ce..b7f7bd0f3 100644 --- a/variables.tf +++ b/variables.tf @@ -46,6 +46,21 @@ variable "elasticache_subnets" { default = [] } +variable "create_database_subnet_route_table" { + description = "Controls if separate route table for database should be created" + default = false +} + +variable "create_redshift_subnet_route_table" { + description = "Controls if separate route table for redshift should be created" + default = false +} + +variable "create_elasticache_subnet_route_table" { + description = "Controls if separate route table for elasticache should be created" + default = false +} + variable "intra_subnets" { type = "list" description = "A list of intra subnets" @@ -168,6 +183,21 @@ variable "private_route_table_tags" { default = {} } +variable "database_route_table_tags" { + description = "Additional tags for the database route tables" + default = {} +} + +variable "redshift_route_table_tags" { + description = "Additional tags for the redshift route tables" + default = {} +} + +variable "elasticache_route_table_tags" { + description = "Additional tags for the elasticache route tables" + default = {} +} + variable "intra_route_table_tags" { description = "Additional tags for the intra route tables" default = {}