From 9a41eb9108b74b26de94931da9c77dc4ddcb0c04 Mon Sep 17 00:00:00 2001 From: gregory hendrickson Date: Wed, 15 Mar 2023 11:48:28 -0700 Subject: [PATCH] add nat_gateway and add ref --- main.tf | 44 ++++++++++----- modules/nat_gateway/main.tf | 71 +++++++++++++++++++++++ modules/nat_gateway/variables.tf | 96 ++++++++++++++++++++++++++++++++ 3 files changed, 197 insertions(+), 14 deletions(-) create mode 100644 modules/nat_gateway/main.tf create mode 100644 modules/nat_gateway/variables.tf diff --git a/main.tf b/main.tf index 4b5e4e3..c6f4d1b 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,14 @@ terraform { - backend "local" { - path = "terraform.tfstate" - } + required_version = ">= 0.14.0" +} + +variable "project_id" { + description = "The ID of the GCP project." +} + +variable "region" { + description = "The region to create resources in." + default = "us-central1" } provider "google" { @@ -10,22 +17,31 @@ provider "google" { } module "network" { - source = "./modules/network" - project_id = var.project_id - region = var.region - network = var.network - subnet = var.subnet + source = "./modules/network" } module "backend" { source = "./modules/backend" + startup_script = module.network.startup_script +} + +module "nat_gateway" { + source = "./modules/network/nat_gateway" + network_name = module.network.network_name + region = var.region +} + +module "firewall" { + source = "./modules/firewall" + network_name = module.network.network_name } module "frontend" { - source = "./modules/frontend" - project_id = var.project_id - region = var.region - instance_type = var.instance_type - backend_ip = module.network.backend_ip - subnet_ip = module.network.subnet_ip + source = "./modules/frontend" + backend_service_name = module.backend.backend_service_name + network_name = module.network.network_name +} + +output "frontend_external_ip" { + value = module.frontend.external_ip } diff --git a/modules/nat_gateway/main.tf b/modules/nat_gateway/main.tf new file mode 100644 index 0000000..8953614 --- /dev/null +++ b/modules/nat_gateway/main.tf @@ -0,0 +1,71 @@ +provider "google" { + project = var.project_id + region = var.region +} + +resource "google_compute_network" "vpc_network" { + name = var.vpc_name + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnet" { + name = var.subnet_name + network = google_compute_network.vpc_network.self_link + ip_cidr_range = var.subnet_cidr_range +} + +resource "google_compute_router" "router" { + name = var.router_name + region = var.region + network = google_compute_network.vpc_network.self_link + + bgp { + asn = 64514 + } + + dynamic "interface" { + for_each = var.router_interfaces + content { + name = interface.value.name + ip_address = interface.value.ip_address + management = interface.value.management + management_config = interface.value.management_config + } + } +} + +resource "google_compute_address" "nat_ip" { + name = var.nat_ip_name + region = var.region + address_type = "EXTERNAL" +} + +resource "google_compute_instance" "nat_instance" { + name = var.nat_instance_name + machine_type = var.machine_type + zone = var.zone + tags = ["nat"] + boot_disk { + initialize_params { + image = var.image_name + } + } + network_interface { + network = google_compute_network.vpc_network.self_link + access_config { + nat_ip = google_compute_address.nat_ip.address + } + } +} + +resource "google_compute_route" "nat_route" { + name = var.nat_route_name + destination_range = var.destination_range + next_hop_instance = google_compute_instance.nat_instance.self_link + next_hop_instance_zone = var.zone + tags = ["nat"] +} + +output "nat_ip_address" { + value = google_compute_address.nat_ip.address +} diff --git a/modules/nat_gateway/variables.tf b/modules/nat_gateway/variables.tf new file mode 100644 index 0000000..c38848e --- /dev/null +++ b/modules/nat_gateway/variables.tf @@ -0,0 +1,96 @@ +# Variables for network module +variable "region" { + description = "The region where the network will be created" + type = string +} + +variable "project_id" { + description = "The project id where the network will be created" + type = string +} + +variable "network_name" { + description = "The name of the VPC network" + type = string +} + +variable "subnet_name" { + description = "The name of the subnet within the VPC network" + type = string +} + +variable "subnet_ip_cidr_range" { + description = "The IP CIDR range of the subnet within the VPC network" + type = string +} + +# Variables for backend module +variable "bucket_name" { + description = "The name of the GCS bucket" + type = string +} + +# Variables for frontend module +variable "instance_name" { + description = "The name of the instance" + type = string +} + +variable "instance_zone" { + description = "The zone where the instance will be created" + type = string +} + +variable "machine_type" { + description = "The machine type of the instance" + type = string +} + +variable "instance_startup_script" { + description = "The startup script for the instance" + type = string +} + +variable "firewall_allow_80" { + description = "Whether or not to allow incoming traffic on port 80" + type = bool +} + +# Variables for nat_gateway module +variable "nat_gateway_name" { + description = "The name of the NAT gateway instance" + type = string +} + +variable "nat_gateway_zone" { + description = "The zone where the NAT gateway instance will be created" + type = string +} + +variable "nat_gateway_machine_type" { + description = "The machine type of the NAT gateway instance" + type = string +} + +variable "nat_gateway_startup_script" { + description = "The startup script for the NAT gateway instance" + type = string +} + +variable "nat_subnet_name" { + description = "The name of the subnet in which to deploy the NAT gateway" + type = string +} + +# Variables for firewall module +variable "allowed_ingress_ports" { + description = "The list of ingress ports allowed to access the instance" + type = list(number) + default = [22, 80] +} + +variable "allowed_egress_ports" { + description = "The list of egress ports allowed to leave the instance" + type = list(number) + default = [] +}