diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf --- a/services/terraform/self-host/aws_db.tf +++ b/services/terraform/self-host/aws_db.tf @@ -2,7 +2,7 @@ resource "aws_security_group" "keyserver_mariadb_security_group" { name = "keyserver-mariadb-sg" description = "Allow inbound traffic on port 3307 and all outbound traffic" - vpc_id = aws_vpc.default.id + vpc_id = local.vpc_id # Inbound rules ingress { @@ -21,7 +21,6 @@ } } - # MariaDB RDS Instance resource "aws_db_instance" "mariadb" { allocated_storage = 100 diff --git a/services/terraform/self-host/aws_vpc.tf b/services/terraform/self-host/aws_vpc.tf --- a/services/terraform/self-host/aws_vpc.tf +++ b/services/terraform/self-host/aws_vpc.tf @@ -1,11 +1,31 @@ -# VPC +# Default VPC Data + +data "aws_vpc" "default" { + default = true +} + +data "aws_subnets" "default" { + filter { + name = "vpc-id" + values = [data.aws_vpc.default.id] + } +} + +data "aws_internet_gateway" "default" { + filter { + name = "attachment.vpc-id" + values = [data.aws_vpc.default.id] + } +} + + +# User Created VPC resource "aws_vpc" "default" { cidr_block = "172.31.0.0/16" enable_dns_support = true enable_dns_hostnames = true } -# Public Subnets resource "aws_subnet" "public_1" { vpc_id = aws_vpc.default.id cidr_block = "172.31.0.0/20" @@ -20,35 +40,35 @@ map_public_ip_on_launch = true } -# Internet Gateway + resource "aws_internet_gateway" "default" { vpc_id = aws_vpc.default.id } # Route Table for Internet Gateway resource "aws_route_table" "public_igw_route_table" { - vpc_id = aws_vpc.default.id + vpc_id = local.vpc_id route { - cidr_block = "${var.allowed_ip}/32" - gateway_id = aws_internet_gateway.default.id + cidr_block = "0.0.0.0/0" + gateway_id = var.user_created_vpc ? aws_internet_gateway.default.id : data.aws_internet_gateway.default.id } } resource "aws_route_table_association" "public_1_igw_route_association" { - subnet_id = aws_subnet.public_1.id + subnet_id = local.vpc_subnets[0] route_table_id = aws_route_table.public_igw_route_table.id } resource "aws_route_table_association" "public_2_igw_route_association" { - subnet_id = aws_subnet.public_2.id + subnet_id = local.vpc_subnets[1] route_table_id = aws_route_table.public_igw_route_table.id } # DB Subnet Group resource "aws_db_subnet_group" "public_db_subnet_group" { name = "public-db-subnet-group" - subnet_ids = [aws_subnet.public_1.id, aws_subnet.public_2.id] + subnet_ids = local.vpc_subnets tags = { Name = "DB subnet group associated with private vpc subnet" diff --git a/services/terraform/self-host/main.tf b/services/terraform/self-host/main.tf --- a/services/terraform/self-host/main.tf +++ b/services/terraform/self-host/main.tf @@ -1,3 +1,8 @@ +locals { + vpc_id = var.user_created_vpc ? aws_vpc.default.id : data.aws_vpc.default.id + vpc_subnets = var.user_created_vpc ? [aws_subnet.public_1.id, aws_subnet.public_2.id] : [data.aws_subnets.default.ids[0], data.aws_subnets.default.ids[1]] +} + provider "aws" { region = var.region diff --git a/services/terraform/self-host/terraform.tfvars.example b/services/terraform/self-host/terraform.tfvars.example --- a/services/terraform/self-host/terraform.tfvars.example +++ b/services/terraform/self-host/terraform.tfvars.example @@ -1,6 +1,4 @@ mariadb_username = "username" mariadb_password = "password" region = "us-west-1" -availability_zone_1 = "us-west-1b" -availability_zone_2 = "us-west-1c" allowed_ip = "0.0.0.0" diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf --- a/services/terraform/self-host/variables.tf +++ b/services/terraform/self-host/variables.tf @@ -21,14 +21,20 @@ type = string } +variable "user_created_vpc" { + description = "Use non-default vpc and subnets" + type = bool + default = false +} + variable "availability_zone_1" { - description = "First availability zone for vpc subnet" + description = "First availability zone for vpc subnet if user created vpc" type = string default = "us-west-1b" } variable "availability_zone_2" { - description = "Second availability zone for vpc subnet" + description = "Second availability zone for vpc subnet if user created vpc" type = string default = "us-west-1c" }