added NAT gateway, private_subnet, route tables

Author: theslash84

Full Deployment/variables.tf

@@ -46,6 +46,17 @@ variable "public_subnet_cidrs" {
   }
 }
 
+variable "private_subnet_cidrs" {
+  description = "CIDR blocks for private subnets for each environment"
+  type        = map(list(string))
+  default = {
+    dev     = ["10.0.10.0/24", "10.0.11.0/24"]
+    staging = ["10.1.10.0/24", "10.1.11.0/24"]
+    prod    = ["10.2.10.0/24", "10.2.11.0/24"]
+  }
+}
+
+
 variable "ingress_rules" {
   description = "List of ingress rules for the security group"
   type = list(object({
@@ -57,11 +68,25 @@ variable "ingress_rules" {
   }))
   default = [
     {
-      description = "SSH access from office"
+      description = "SSH access from specific IP"
       from_port   = 22
       to_port     = 22
       protocol    = "tcp"
-      cidr_blocks = ["your_office_ip/32"] # Replace with your actual office IP
+      cidr_blocks = ["198.51.100.1/32"] # Replace with actual SSH accessible IP
+    },
+    {
+      description = "HTTP access"
+      from_port   = 80
+      to_port     = 80
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"] # Open to the world, adjust as necessary
+    },
+    {
+      description = "HTTPS access"
+      from_port   = 443
+      to_port     = 443
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"] # Open to the world, adjust as necessary
     }
   ]
 }
@@ -77,12 +102,11 @@ variable "egress_rules" {
   }))
   default = [
     {
-      description = "HTTPS access to the Internet"
-      from_port   = 443
-      to_port     = 443
-      protocol    = "tcp"
+      description = "Allow all outbound traffic"
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
       cidr_blocks = ["0.0.0.0/0"]
     }
   ]
 }
-

Full Deployment/vpc.tf

@@ -21,6 +21,22 @@ resource "aws_subnet" "public_subnet" {
 }
 
 
+resource "aws_subnet" "private_subnet" {
+  count                   = length(var.private_subnet_cidrs[var.environment])
+  vpc_id                  = aws_vpc.ci_cd_demo_vpc.id
+  cidr_block              = var.private_subnet_cidrs[var.environment][count.index]
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name        = "Private-Subnet-${count.index + 1}-${var.environment}"
+    Terraform   = "true"
+    Environment = var.environment
+  }
+}
+
+
+
+
 resource "aws_internet_gateway" "ci_cd_demo_igw" {
   vpc_id = aws_vpc.ci_cd_demo_vpc.id
 
@@ -46,4 +62,51 @@ resource "aws_route_table_association" "public_route_table_association" {
   count          = length(aws_subnet.public_subnet)
   subnet_id      = aws_subnet.public_subnet[count.index].id
   route_table_id = aws_route_table.public_route_table.id
-}
+}
+
+resource "aws_eip" "nat" {
+  vpc = true
+}
+
+#Public Subnet for NAT Gateway:
+#Ensure you have a public subnet that can host the NAT Gateway.
+
+#Create the NAT Gateway:
+#This example assumes you have an Elastic IP (EIP) allocated for the NAT Gateway.
+
+
+resource "aws_nat_gateway" "nat_gateway" {
+  allocation_id = aws_eip.nat.id
+  subnet_id     = aws_subnet.public_subnet[0].id
+
+  tags = {
+    Name        = "NAT-Gateway-${var.environment}"
+    Terraform   = "true"
+    Environment = var.environment
+  }
+}
+
+#Configure Route Tables for Private Subnets:
+#Route tables need to direct traffic from private subnets to the NAT gateway for internet access
+
+resource "aws_route_table" "private_route_table" {
+  vpc_id = aws_vpc.ci_cd_demo_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_nat_gateway.nat_gateway.id
+  }
+
+  tags = {
+    Name        = "Private-Route-Table-${var.environment}"
+    Terraform   = "true"
+    Environment = var.environment
+  }
+}
+
+resource "aws_route_table_association" "private_route_table_association" {
+  count          = length(aws_subnet.private_subnet)
+  subnet_id      = aws_subnet.private_subnet[count.index].id
+  route_table_id = aws_route_table.private_route_table.id
+}
+