Skip to content

Commit

Permalink
Merge pull request #1577 from alphagov/samsimpson1/tfc-imports
Browse files Browse the repository at this point in the history 
Manage legacy subnets
  • Loading branch information
@samsimpson1
samsimpson1 authored Jan 17, 2025
2 parents 09fde8b + 7bde543 commit 6240cf9
Show file tree
Hide file tree
Showing 3 changed files with 184 additions and 0 deletions.
73 changes: 73 additions & 0 deletions terraform/deployments/vpc/subnets.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
locals {
azs = { for name, subnet in var.legacy_public_subnets : subnet.az => name }
nat_legacy_private_subnets = { for name, subnet in var.legacy_private_subnets : name => subnet if subnet["nat"] }
}

# Private subnets

resource "aws_subnet" "private_subnet" {
for_each = var.legacy_private_subnets
vpc_id = aws_vpc.vpc.id
cidr_block = each.value.cidr
availability_zone = each.value.az
tags = { Name = "govuk_private_${each.key}" }
}

# we want one NAT gateway per AZ
resource "aws_eip" "private_subnet_nat" {
for_each = local.azs
domain = "vpc"
tags = { Name = "${each.key}-nat" }
}

resource "aws_nat_gateway" "private_subnet" {
for_each = local.azs
allocation_id = aws_eip.private_subnet_nat[each.key].id
subnet_id = aws_subnet.public_subnet[each.value].id
}

resource "aws_route_table" "private_subnet" {
for_each = var.legacy_private_subnets
vpc_id = aws_vpc.vpc.id
tags = { Name = "govuk_private_${each.key}" }
}

resource "aws_route_table_association" "private_subnet" {
for_each = var.legacy_private_subnets
subnet_id = aws_subnet.private_subnet[each.key].id
route_table_id = aws_route_table.private_subnet[each.key].id
}

resource "aws_route" "private_subnet_nat" {
for_each = local.nat_legacy_private_subnets
route_table_id = aws_route_table.private_subnet[each.key].id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.private_subnet[each.value.az].id
}

# Public subnets

resource "aws_subnet" "public_subnet" {
for_each = var.legacy_public_subnets
vpc_id = aws_vpc.vpc.id
cidr_block = each.value.cidr
availability_zone = each.value.az
tags = { Name = "govuk_public_${each.key}" }
}

resource "aws_route_table" "public_subnet" {
vpc_id = aws_vpc.vpc.id
tags = { Name = "govuk_public" }
}

resource "aws_route_table_association" "public_subnet" {
for_each = var.legacy_public_subnets
subnet_id = aws_subnet.public_subnet[each.key].id
route_table_id = aws_route_table.public_subnet.id
}

resource "aws_route" "public_subnet_igw" {
route_table_id = aws_route_table.public_subnet.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.public.id
}
101 changes: 101 additions & 0 deletions terraform/deployments/vpc/subnets_import.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
data "aws_subnet" "private_subnet_import" {
for_each = var.legacy_private_subnets
filter {
name = "tag:Name"
values = ["govuk_private_${each.key}"]
}
}

import {
for_each = var.legacy_private_subnets
to = aws_subnet.private_subnet[each.key]
id = data.aws_subnet.private_subnet_import[each.key].id
}

data "aws_subnet" "public_subnet_import" {
for_each = var.legacy_public_subnets
filter {
name = "tag:Name"
values = ["govuk_public_${each.key}"]
}
}

data "aws_eip" "nat_eip_import" {
for_each = local.azs
filter {
name = "tag:Name"
values = ["govuk-legacy-nat-${each.value}"]
}
}

import {
for_each = local.azs
to = aws_eip.private_subnet_nat[each.key]
id = data.aws_eip.nat_eip_import[each.key].id
}

data "aws_nat_gateway" "private_subnet_import" {
for_each = local.azs
filter {
name = "tag:Name"
values = ["govuk-legacy-${each.value}"]
}
}

import {
for_each = local.azs
to = aws_nat_gateway.private_subnet[each.key]
id = data.aws_nat_gateway.private_subnet_import[each.key].id
}

data "aws_route_table" "private_subnet_import" {
for_each = var.legacy_private_subnets
subnet_id = data.aws_subnet.private_subnet_import[each.key].id
}

import {
for_each = var.legacy_private_subnets
to = aws_route_table.private_subnet[each.key]
id = data.aws_route_table.private_subnet_import[each.key].id
}

import {
for_each = var.legacy_private_subnets
to = aws_route_table_association.private_subnet[each.key]
id = "${data.aws_subnet.private_subnet_import[each.key].id}/${data.aws_route_table.private_subnet_import[each.key].id}"
}

import {
for_each = local.nat_legacy_private_subnets
to = aws_route.private_subnet_nat[each.key]
id = "${data.aws_route_table.private_subnet_import[each.key].id}_0.0.0.0/0"
}

import {
for_each = var.legacy_public_subnets
to = aws_subnet.public_subnet[each.key]
id = data.aws_subnet.public_subnet_import[each.key].id
}

data "aws_route_table" "public_subnet_import" {
filter {
name = "tag:Name"
values = ["govuk-${var.govuk_environment}"]
}
}

import {
to = aws_route_table.public_subnet
id = data.aws_route_table.public_subnet_import.id
}

import {
for_each = var.legacy_public_subnets
to = aws_route_table_association.public_subnet[each.key]
id = "${data.aws_subnet.public_subnet_import[each.key].id}/${data.aws_route_table.public_subnet_import.id}"
}

import {
to = aws_route.public_subnet_igw
id = "${data.aws_route_table.public_subnet_import.id}_0.0.0.0/0"
}
10 changes: 10 additions & 0 deletions terraform/deployments/vpc/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,13 @@ variable "cyber_slunk_aws_account_id" {
description = "Account ID which holds the Splunk log bucket"
default = "885513274347"
}

variable "legacy_private_subnets" {
type = map(object({ az = string, cidr = string, nat = bool }))
description = "Map of {subnet_name: {az=<az>, cidr=<cidr>}} for the private subnets for legacy resources"
}

variable "legacy_public_subnets" {
type = map(object({ az = string, cidr = string }))
description = "Map of {subnet_name: {az=<az>, cidr=<cidr>}} for the public subnets for legacy resources"
}

0 comments on commit 6240cf9

Please sign in to comment.