mirror of
https://github.com/hashicorp/vault.git
synced 2025-12-27 20:31:12 +01:00
0c6c13dd38
* license: update headers to IBM Corp. * `make proto` * update offset because source file changed Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
115 lines
2.9 KiB
HCL
115 lines
2.9 KiB
HCL
# Copyright IBM Corp. 2016, 2025
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
data "aws_availability_zones" "available" {
|
|
state = "available"
|
|
|
|
filter {
|
|
name = "zone-name"
|
|
values = ["*"]
|
|
}
|
|
}
|
|
|
|
resource "random_string" "cluster_id" {
|
|
length = 8
|
|
lower = true
|
|
upper = false
|
|
numeric = false
|
|
special = false
|
|
}
|
|
|
|
resource "aws_vpc" "vpc" {
|
|
// Always set the ipv4 cidr block as it's required in "dual-stack" VPCs which we create.
|
|
cidr_block = var.ipv4_cidr
|
|
enable_dns_hostnames = true
|
|
enable_dns_support = true
|
|
assign_generated_ipv6_cidr_block = var.ip_version == 6
|
|
|
|
tags = merge(
|
|
var.common_tags,
|
|
{
|
|
"Name" = var.name
|
|
},
|
|
)
|
|
}
|
|
|
|
resource "aws_subnet" "subnet" {
|
|
count = length(data.aws_availability_zones.available.names)
|
|
vpc_id = aws_vpc.vpc.id
|
|
availability_zone = data.aws_availability_zones.available.names[count.index]
|
|
|
|
// IPV4, but since we need to support ipv4 connections from the machine running enos, we're
|
|
// always going to need ipv4 available.
|
|
map_public_ip_on_launch = true
|
|
cidr_block = cidrsubnet(var.ipv4_cidr, 8, count.index)
|
|
|
|
// IPV6, only set these when we want to run in ipv6 mode.
|
|
assign_ipv6_address_on_creation = var.ip_version == 6
|
|
ipv6_cidr_block = var.ip_version == 6 ? cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 4, count.index) : null
|
|
|
|
tags = merge(
|
|
var.common_tags,
|
|
{
|
|
"Name" = "${var.name}-subnet-${data.aws_availability_zones.available.names[count.index]}"
|
|
},
|
|
)
|
|
}
|
|
|
|
resource "aws_internet_gateway" "ipv4" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
|
|
tags = merge(
|
|
var.common_tags,
|
|
{
|
|
"Name" = "${var.name}-igw"
|
|
},
|
|
)
|
|
}
|
|
|
|
resource "aws_egress_only_internet_gateway" "ipv6" {
|
|
count = var.ip_version == 6 ? 1 : 0
|
|
vpc_id = aws_vpc.vpc.id
|
|
}
|
|
|
|
resource "aws_route" "igw_ipv4" {
|
|
route_table_id = aws_vpc.vpc.default_route_table_id
|
|
destination_cidr_block = "0.0.0.0/0"
|
|
gateway_id = aws_internet_gateway.ipv4.id
|
|
}
|
|
|
|
resource "aws_route" "igw_ipv6" {
|
|
count = var.ip_version == 6 ? 1 : 0
|
|
route_table_id = aws_vpc.vpc.default_route_table_id
|
|
destination_ipv6_cidr_block = "::/0"
|
|
egress_only_gateway_id = aws_egress_only_internet_gateway.ipv6[0].id
|
|
}
|
|
|
|
resource "aws_security_group" "default" {
|
|
vpc_id = aws_vpc.vpc.id
|
|
|
|
ingress {
|
|
description = "allow_ingress_from_all"
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
ipv6_cidr_blocks = var.ip_version == 6 ? ["::/0"] : null
|
|
}
|
|
|
|
egress {
|
|
description = "allow_egress_from_all"
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
ipv6_cidr_blocks = var.ip_version == 6 ? ["::/0"] : null
|
|
}
|
|
|
|
tags = merge(
|
|
var.common_tags,
|
|
{
|
|
"Name" = "${var.name}-default"
|
|
},
|
|
)
|
|
}
|