-
Notifications
You must be signed in to change notification settings - Fork 0
/
network-aws.tf
154 lines (137 loc) · 4.02 KB
/
network-aws.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# ------ Create AWS Customer Gateway
resource "aws_customer_gateway" "IaC_CGW" {
bgp_asn = 31898
ip_address = "1.1.1.1"
type = "ipsec.1"
tags = {
Name = "IaC_CGW"
}
}
# Create a VPC
resource "aws_vpc" "IaC_VPC" {
cidr_block = var.IaC_VPC_CIDR
tags = {
Name = "VPC_to_OCI"
}
}
# Create a subnet
resource "aws_subnet" "IaC_Subnet" {
vpc_id = aws_vpc.IaC_VPC.id
cidr_block = var.IaC_VPC_subnet
}
# Create a Network ACL
resource "aws_network_acl" "IaC_Network_ACL" {
vpc_id = aws_vpc.IaC_VPC.id
subnet_ids = [aws_subnet.IaC_Subnet.id]
}
# Create a Network ACL Egress Rule
resource "aws_network_acl_rule" "IaC_Network_ACL_egress" {
network_acl_id = aws_network_acl.IaC_Network_ACL.id
rule_number = 100
protocol = "-1"
rule_action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
to_port = 0
egress = true
}
# Create a Network ACL SSH Rule
resource "aws_network_acl_rule" "IaC_Network_ACL_SSH" {
network_acl_id = aws_network_acl.IaC_Network_ACL.id
rule_number = 100
protocol = "6"
rule_action = "allow"
cidr_block = var.IaC_VCN_CIDR
from_port = 22
to_port = 22
egress = false
}
# Create a Network ACL ICMP Rule
resource "aws_network_acl_rule" "IaC_Network_ACL_ICMP" {
network_acl_id = aws_network_acl.IaC_Network_ACL.id
rule_number = 101
protocol = "1"
rule_action = "allow"
cidr_block = var.IaC_VCN_CIDR
from_port = -1
to_port = -1
icmp_code = -1
icmp_type = -1
egress = false
}
# Create a Network Security Group
resource "aws_security_group" "IaC_NSG" {
name = "IaC_NSG"
description = "NSG for IaC"
vpc_id = aws_vpc.IaC_VPC.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.IaC_VCN_CIDR]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = [var.IaC_VCN_CIDR]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Create a Route table
resource "aws_route_table" "IaC_route_table" {
vpc_id = aws_vpc.IaC_VPC.id
tags = {
Name = "Route Table to OCI"
}
}
#Create VPC Route rule
resource "aws_route" "IaC_Route_to_OCI" {
route_table_id = aws_route_table.IaC_route_table.id
destination_cidr_block = var.IaC_VCN_CIDR
gateway_id = aws_vpn_gateway.IaC_vpn_gateway.id
}
# Associate route table to IaC Subnet
resource "aws_route_table_association" "IaC_route_table_association" {
subnet_id = aws_subnet.IaC_Subnet.id
route_table_id = aws_route_table.IaC_route_table.id
}
# Create a Virtual Private Gateway
resource "aws_vpn_gateway" "IaC_vpn_gateway" {
vpc_id = aws_vpc.IaC_VPC.id
tags = {
Name = "VPN-Gateway to OCI"
}
}
# Attach the VPC to the VPN gateway
resource "aws_vpn_gateway_attachment" "IaC_vpn_gateway_attachment" {
vpc_id = aws_vpc.IaC_VPC.id
vpn_gateway_id = aws_vpn_gateway.IaC_vpn_gateway.id
}
# Create a Site to Site VPN connection
resource "aws_vpn_connection" "S2S_VPN_to_OCI" {
customer_gateway_id = aws_customer_gateway.IaC_CGW.id
vpn_gateway_id = aws_vpn_gateway.IaC_vpn_gateway.id
type = "ipsec.1"
tunnel1_inside_cidr = "169.254.150.224/30"
tunnel2_inside_cidr = "169.254.150.228/30"
tunnel1_preshared_key = var.shared_secret_1
tunnel2_preshared_key = var.shared_secret_2
tags = {
Name = "S2S_VPN_to_OCI"
}
}
# ------ Create New AWS Customer Gateway
resource "aws_customer_gateway" "New_IaC_CGW" {
bgp_asn = 31898
ip_address = "${data.oci_core_ipsec_connection_tunnels.aws_ip_sec_connection_tunnels.ip_sec_connection_tunnels[0].vpn_ip}"
type = "ipsec.1"
tags = {
Name = "New_IaC_CGW"
}
}