// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: MIT-0 # Creates a single health system vpc variable "region" { type = string } variable "cidr_block" { type = list(object({ test-dev-prod_vpc = string app_subnet_1 = string app_subnet_2 = string app_subnet_3 = string db_subnet_1 = string db_subnet_2 = string db_subnet_3 = string })) } variable "az" { type = list(object({ az1 = string az2 = string az3 = string })) } variable "transit_gateway_id" { type = string } # This default tag can be applied to any resource or new tag variables can be created variable "tags" { description = "A map of tags to assign to the resource" type = map(string) default = { environment = "production" ou = "Shared Services" region = "us-east-1" owner = "COMPANY" confidentiality = "restricted" } } resource "aws_vpc" "Test-Dev-Prod" { cidr_block = var.cidr_block.0.test-dev-prod_vpc instance_tenancy = "default" tags = merge({ Name = "test-dev-prod_vpc" flowlog = "all" }, var.tags) } # Creating app subnet security groups resource "aws_security_group" "app_subnet_security_group" { vpc_id = aws_vpc.test-dev-prod_vpc.id description = "Security group for app subnets in a VPC" tags = merge({ Name = "app_subnet_security_group"}, var.tags) } # Creating db subnet security groups resource "aws_security_group" "db_subnet_security_group" { vpc_id = aws_vpc.test-dev-prod_vpc.id description = "Security group for db subnets in a VPC" tags = merge({ Name = "db_subnet_security_group"}, var.tags) } # Get all subnets created in test-dev-prod vpc data "aws_security_group" "app_subnet_security_group" { id = aws_security_group.app_subnet_security_group.id } data "aws_security_group" "db_subnet_security_group" { id = aws_security_group.db_subnet_security_group.id } # Creating app subnets resource "aws_subnet" "app_subnet_1" { vpc_id = data.aws_security_group.app_subnet_security_group.vpc_id cidr_block = var.cidr_block.0.app_subnet_1 availability_zone = var.az.0.az1 tags = merge({ Name = "app_subnet_1"}, var.tags) depends_on = [ aws_vpc.health-system ] } resource "aws_subnet" "app_subnet_2" { vpc_id = data.aws_security_group.app_subnet_security_group.vpc_id cidr_block = var.cidr_block.0.app_subnet_2 availability_zone = var.az.0.az2 tags = merge({ Name = "app_subnet_2"}, var.tags) depends_on = [ aws_vpc.health-system ] } resource "aws_subnet" "app_subnet_3" { vpc_id = data.aws_security_group.app_subnet_security_group.vpc_id cidr_block = var.cidr_block.0.app_subnet_3 availability_zone = var.az.0.az3 tags = merge({ Name = "app_subnet_3"}, var.tags) depends_on = [ aws_vpc.health-system ] } # Creating db subnets resource "aws_subnet" "db_subnet_1" { vpc_id = aws_vpc.health-system.id cidr_block = var.cidr_block.0.db_subnet_1 availability_zone = var.az.0.az1 tags = merge({ Name = "db_subnet_1"}, var.tags) depends_on = [ aws_vpc.health-system ] } resource "aws_subnet" "db_subnet_2" { vpc_id = aws_vpc.health-system.id cidr_block = var.cidr_block.0.db_subnet_2 availability_zone = var.az.0.az2 tags = merge({ Name = "db_subnet_2"}, var.tags) depends_on = [ aws_vpc.health-system ] } resource "aws_subnet" "db_subnet_3" { vpc_id = aws_vpc.health-system.id cidr_block = var.cidr_block.0.db_subnet_3 availability_zone = var.az.0.az3 tags = merge({ Name = "db_subnet_3"}, var.tags) depends_on = [ aws_vpc.health-system ] } resource "aws_ec2_transit_gateway_vpc_attachment" "TGW_VPC_attachment" { subnet_ids = [ aws_subnet.app_subnet_1.id, aws_subnet.app_subnet_2.id, aws_subnet.app_subnet_3.id ] transit_gateway_id = var.transit_gateway_id vpc_id = aws_vpc.health-system.id transit_gateway_default_route_table_association = false tags = merge({ Name = "TGW_VPC_attachment"}, var.tags) lifecycle { ignore_changes = [ transit_gateway_default_route_table_association ] } } resource "aws_route_table" "AppSubnetRT" { vpc_id = aws_vpc.health-system.id route { cidr_block = "0.0.0.0/0" transit_gateway_id = var.transit_gateway_id } tags = merge({ Name = "OutboundVPC_Public_RT"}, var.tags) depends_on = [ aws_ec2_transit_gateway_vpc_attachment.TGW_VPC_attachment ] } resource "aws_route_table" "DBSubnetRT" { vpc_id = aws_vpc.health-system.id tags = merge({ Name = "OutboundVPC_Private_RT_AZ1"}, var.tags) } resource "aws_route_table_association" "AppSubnet1_RTAssociation" { subnet_id = aws_subnet.app_subnet_1.id route_table_id = aws_route_table.AppSubnetRT.id } resource "aws_route_table_association" "AppSubnet2_RTAssociation" { subnet_id = aws_subnet.app_subnet_2.id route_table_id = aws_route_table.AppSubnetRT.id } resource "aws_route_table_association" "AppSubnet3_RTAssociation" { subnet_id = aws_subnet.app_subnet_3.id route_table_id = aws_route_table.AppSubnetRT.id } resource "aws_route_table_association" "DBSubnet1_RTAssociation" { subnet_id = aws_subnet.db_subnet_1.id route_table_id = aws_route_table.DBSubnetRT.id } resource "aws_route_table_association" "DBSubnet2_RTAssociation" { subnet_id = aws_subnet.db_subnet_2.id route_table_id = aws_route_table.DBSubnetRT.id } resource "aws_route_table_association" "DBSubnet3_RTAssociation" { subnet_id = aws_subnet.db_subnet_3.id route_table_id = aws_route_table.DBSubnetRT.id }