Merge pull request #6 from fiap-soat-tech-challenge/adicionando_subne…

…ts_privates Adicionando subnet private
jonilsonds9 · Nov 3, 2023 · 96d53aa · 96d53aa
2 parents e4a69e9 + 5bd7587
commit 96d53aa
Show file tree

Hide file tree

Showing 6 changed files with 185 additions and 102 deletions.
diff --git a/infra/alb.tf b/infra/alb.tf
@@ -1,22 +1,31 @@
-resource "aws_lb" "this" {
-  name               = "${var.app_name}-alb"
-  security_groups    = [aws_security_group.alb.id]
-  load_balancer_type = "application"
+resource "aws_security_group" "security_group_alb" {
+  name        = "${var.app_name}-alb-sg"
+  description = "Security Group ALB"
+  vpc_id      = aws_vpc.vpc.id
+
+  ingress {
+    protocol    = "tcp"
+    from_port   = 80
+    to_port     = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
 
-  subnets = [
-    aws_subnet.us-east-2a.id,
-    aws_subnet.us-east-2b.id
-  ]
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
 
   tags = local.tags
 }
 
-resource "aws_lb_target_group" "this" {
+resource "aws_lb_target_group" "target_group_alb" {
   name        = "${var.app_name}-target-group"
   port        = 80
   protocol    = "HTTP"
   target_type = "ip"
-  vpc_id      = aws_vpc.this.id
+  vpc_id      = aws_vpc.vpc.id
 
   health_check {
     healthy_threshold   = "3"
@@ -29,35 +38,23 @@ resource "aws_lb_target_group" "this" {
   }
 }
 
-resource "aws_lb_listener" "this" {
-  load_balancer_arn = aws_lb.this.arn
+resource "aws_lb" "alb" {
+  name               = "${var.app_name}-alb"
+  security_groups    = [aws_security_group.security_group_alb.id]
+  load_balancer_type = "application"
+
+  subnets = aws_subnet.public_subnet.*.id
+
+  tags = local.tags
+}
+
+resource "aws_lb_listener" "listener_alb" {
+  load_balancer_arn = aws_lb.alb.arn
   port              = 80
   protocol          = "HTTP"
 
   default_action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.this.arn
-  }
-}
-
-resource "aws_security_group" "alb" {
-  name        = "${var.app_name}-alb-sg"
-  description = "Security Group ALB"
-  vpc_id      = aws_vpc.this.id
-
-  ingress {
-    protocol    = "tcp"
-    from_port   = 80
-    to_port     = 80
-    cidr_blocks = ["0.0.0.0/0"]
+    target_group_arn = aws_lb_target_group.target_group_alb.arn
   }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  tags = local.tags
 }
diff --git a/infra/ecs.tf b/infra/ecs.tf
@@ -154,7 +154,7 @@ resource "aws_ecs_service" "payment" {
   enable_execute_command = true
 
   network_configuration {
-    subnets          = [aws_subnet.us-east-2a.id, aws_subnet.us-east-2b.id]
+    subnets          = aws_subnet.private_subnet.*.id
     security_groups  = [aws_security_group.ecs.id]
     assign_public_ip = true
   }
@@ -192,17 +192,17 @@ resource "aws_ecs_service" "app" {
   launch_type         = "FARGATE"
   scheduling_strategy = "REPLICA"
   desired_count       = 1
-  depends_on = [aws_lb.this, aws_db_instance.rds, aws_ecs_service.payment]
+  depends_on = [aws_lb.alb, aws_db_instance.rds, aws_ecs_service.payment]
   enable_execute_command = true
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.this.arn
+    target_group_arn = aws_lb_target_group.target_group_alb.arn
     container_name   = var.app_container_name
     container_port   = var.app_container_port
   }
 
   network_configuration {
-    subnets          = [aws_subnet.us-east-2a.id, aws_subnet.us-east-2b.id]
+    subnets          = aws_subnet.private_subnet.*.id
     security_groups  = [aws_security_group.ecs.id]
     assign_public_ip = true
   }
@@ -236,13 +236,13 @@ resource "aws_ecs_service" "app" {
 resource "aws_security_group" "ecs" {
   name        = "${var.cluster_name}-ecs-task-sg"
   description = "Security Group for ECS Task"
-  vpc_id      = aws_vpc.this.id
+  vpc_id      = aws_vpc.vpc.id
 
   ingress {
     protocol        = "tcp"
     from_port       = var.app_container_port
     to_port         = var.app_container_port
-    security_groups = [aws_security_group.alb.id]
+    security_groups = [aws_security_group.security_group_alb.id]
     cidr_blocks = ["192.168.0.0/16"]
   }
 

diff --git a/infra/locals.tf b/infra/locals.tf
@@ -1,6 +1,5 @@
 locals {
   tags = {
-    Project   = "Lanchonete App ECS"
-    Service   = "ECS Fargate"
+    Environment = var.environment
   }
 }
diff --git a/infra/rds.tf b/infra/rds.tf
@@ -1,10 +1,7 @@
 resource "aws_db_subnet_group" "rds" {
   name       = "subnet_group_rds"
 
-  subnet_ids = [
-    aws_subnet.us-east-2a.id,
-    aws_subnet.us-east-2b.id
-  ]
+  subnet_ids = aws_subnet.private_subnet.*.id
 
   tags = {
     Name = "DB subnet group"
@@ -14,7 +11,7 @@ resource "aws_db_subnet_group" "rds" {
 resource "aws_security_group" "rds" {
   name = "${var.app_name}-rds-sg"
   description = "SG for RDS"
-  vpc_id      = aws_vpc.this.id
+  vpc_id      = aws_vpc.vpc.id
 
   ingress = [{
     cidr_blocks = [ "187.19.185.70/32" ]

diff --git a/infra/variables.tf b/infra/variables.tf
@@ -1,3 +1,14 @@
+/*==== Global project variables ======*/
+variable "environment" {
+  type = string
+  default = "lanchonete"
+}
+
+variable "aws_region" {
+  type    = string
+  default = "us-east-2"
+}
+
 variable "app_name" {
   type    = string
   default = "lanchonete-app"
@@ -7,12 +18,32 @@ variable "cluster_name" {
   type    = string
   default = "lanchonete-cluster"
 }
+/*==== End global project variables ======*/
 
-variable "aws_region" {
+
+/*==== Variables for VPC ======*/
+variable "vpc_cidr" {
   type    = string
-  default = "us-east-2"
+  default = "192.168.0.0/16"
 }
 
+variable "public_subnets_cidr" {
+  type    = list
+  default = ["192.168.0.0/20", "192.168.16.0/20"]
+}
+
+variable "private_subnets_cidr" {
+  type    = list
+  default = ["192.168.128.0/20", "192.168.144.0/20"]
+}
+
+variable "availability_zones" {
+  type    = list
+  default = ["us-east-2a", "us-east-2b"]
+}
+/*==== End variables for VPC ======*/
+
+
 variable "user_github_actions" {
   type    = string
   default = "github-actions"

diff --git a/infra/vpc.tf b/infra/vpc.tf
@@ -1,53 +1,112 @@
-resource "aws_vpc" "this" {
-  cidr_block           = "192.168.0.0/16"
-  enable_dns_support   = true
-  enable_dns_hostnames = true
-
-  tags = merge(local.tags, { Name : "${var.app_name}-VPC" })
-}
-
-resource "aws_subnet" "us-east-2a" {
-  vpc_id            = aws_vpc.this.id
-  availability_zone = "us-east-2a"
-  cidr_block        = "192.168.1.0/24"
-
-  tags = {
-    AZ = "a"
-  }
-}
-
-resource "aws_subnet" "us-east-2b" {
-  vpc_id            = aws_vpc.this.id
-  availability_zone = "us-east-2b"
-  cidr_block        = "192.168.2.0/24"
-
-  tags = {
-    AZ = "b"
-  }
-}
-
-resource "aws_internet_gateway" "this" {
-  vpc_id = aws_vpc.this.id
-  tags = merge(local.tags, { Name : "${var.app_name}-IGW" })
-}
-
-resource "aws_route_table" "public" {
-  vpc_id = aws_vpc.this.id
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.this.id
-  }
-
-  tags = merge(local.tags, { Name : "${var.app_name}-route-table" })
-}
-
-resource "aws_route_table_association" "a" {
-  subnet_id      = aws_subnet.us-east-2a.id
-  route_table_id = aws_route_table.public.id
-}
-
-resource "aws_route_table_association" "b" {
-  subnet_id      = aws_subnet.us-east-2b.id
-  route_table_id = aws_route_table.public.id
+/*==== The VPC ======*/
+resource "aws_vpc" "vpc" {
+  cidr_block           = var.vpc_cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = {
+    Name        = "${var.environment}-vpc"
+    Environment = var.environment
+  }
+}
+
+/*==== Subnets ======*/
+# Public subnet
+resource "aws_subnet" "public_subnet" {
+  vpc_id                  = aws_vpc.vpc.id
+  count                   = length(var.public_subnets_cidr)
+  cidr_block              = element(var.public_subnets_cidr, count.index)
+  availability_zone       = element(var.availability_zones, count.index)
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name        = "${var.environment}-${element(var.availability_zones, count.index)}-public-subnet"
+    Environment = var.environment
+  }
+}
+
+# Private Subnet
+resource "aws_subnet" "private_subnet" {
+  vpc_id                  = aws_vpc.vpc.id
+  count                   = length(var.private_subnets_cidr)
+  cidr_block              = element(var.private_subnets_cidr, count.index)
+  availability_zone       = element(var.availability_zones, count.index)
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name        = "${var.environment}-${element(var.availability_zones, count.index)}-private-subnet"
+    Environment = var.environment
+  }
+}
+
+# Internet gateway for the public subnet
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.vpc.id
+  tags = {
+    Name        = "${var.environment}-igw"
+    Environment = var.environment
+  }
+}
+
+# Elastic-IP (eip) for NAT public
+resource "aws_eip" "nat_eip" {
+  domain     = "vpc"
+  depends_on = [aws_internet_gateway.igw]
+}
+
+# NAT
+resource "aws_nat_gateway" "nat" {
+  allocation_id = aws_eip.nat_eip.id
+  subnet_id     = element(aws_subnet.public_subnet.*.id, 0)
+
+  tags = {
+    Name        = "${var.environment}-nat"
+    Environment = var.environment
+  }
+}
+
+# Routing tables to route traffic for Public Subnet
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.vpc.id
+  tags = {
+    Name        = "${var.environment}-public-route-table"
+    Environment = var.environment
+  }
+}
+
+# Routing tables to route traffic for Private Subnet
+resource "aws_route_table" "private" {
+  vpc_id = aws_vpc.vpc.id
+  tags = {
+    Name        = "${var.environment}-private-route-table"
+    Environment = var.environment
+  }
+}
+
+# Route for Internet Gateway
+resource "aws_route" "public_internet_gateway" {
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.igw.id
+}
+
+# Route for NAT
+resource "aws_route" "private_nat_gateway" {
+  route_table_id         = aws_route_table.private.id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat.id
+}
+
+# Route table associations for public subnets
+resource "aws_route_table_association" "public" {
+  count          = length(var.public_subnets_cidr)
+  subnet_id      = element(aws_subnet.public_subnet.*.id, count.index)
+  route_table_id = aws_route_table.public.id
+}
+
+# Route table associations for private subnets
+resource "aws_route_table_association" "private" {
+  count          = length(var.private_subnets_cidr)
+  subnet_id      = element(aws_subnet.private_subnet.*.id, count.index)
+  route_table_id = aws_route_table.private.id
 }