[#1] feat - add vpc module

- vpc 생성을 위한 테라폼 모듈 정의

Author: kyucumber

terraform/aws/modules/vpc/README.md

@@ -0,0 +1,37 @@
+# VPC 생성 모듈
+
+## Inputs
+
+| Name                | Description                                 |  Type  | Default | Required |
+| ------------------  | ------------------------------------------- | :----: | :-----: | :------: |
+| name                | 모듈에서 정의하는 모든 리소스 이름의 prefix | string |   n/a   |   yes    |
+| cidr                | VPC에 할당한 CIDR block                     | string |   n/a   |   yes    |
+| public_subnets      | Public Subnet IP 리스트                     |  list  |   n/a   |   yes    |
+| private_subnets     | Private Subnet IP 리스트                    |  list  |   n/a   |   yes    |
+| database_subnets    | Database Subnet IP 리스트                   |  list  |   n/a   |   yes    |
+| availability_zones  | 사용할 availability zones 리스트              |  list  |   n/a   |   yes    |
+| bastion_id          | bastion instance id                         | string |   n/a   |   yes    |
+| nat_gateway_enable  | nat gateway 설정 여부, false인 경우 instance 사용 | string |   n/a   |   yes    |
+| tags                | 모든 리소스에 추가되는 tag 맵               |  map   |   n/a   |   yes    |
+
+## Outputs
+
+| Name                      | Description                     |
+| ------------------------- | ------------------------------- |
+| database_subnet_group_ids | Database Subnet Group ID 리스트 |
+| database_subnets_ids      | Database Subnet ID 리스트       |
+| default_network_acl_id    | VPC default network ACL ID      |
+| default_security_group_id | VPC default Security Group ID   |
+| igw_id                    | Interget Gateway ID             |
+| private_route_table_ids   | Private Route Table ID 리스트   |
+| private_subnets_ids       | Private Subnet ID 리스트        |
+| public_route_table_ids    | Public Route Table ID 리스트    |
+| public_subnets_ids        | Public Subnet ID 리스트         |
+| vpc_cidr_block            | VPC에 할당한 CIDR block         |
+| vpc_id                    | VPC ID                          |
+
+## Reference
+
+Vpc 모듈과 Bastion을 생성하는 terraform code는 ausbubam님의 블로그를 참고하였습니다.
+
+[ausbubam blog](https://blog.2dal.com/2017/10/28/aws-vpc-with-terraform-modules/)

terraform/aws/modules/vpc/nat-gateway.tf

@@ -0,0 +1,29 @@
+# EIP for NAT gateway
+resource "aws_eip" "nat" {
+  count = var.nat_gateway_enable ? length(var.availability_zones) : 0
+  vpc = true
+}
+
+# NAT gateway
+resource "aws_nat_gateway" "this" {
+  count = var.nat_gateway_enable ? length(var.availability_zones) : 0
+  allocation_id = aws_eip.nat.*.id[count.index]
+  subnet_id = aws_subnet.public.*.id[count.index]
+}
+
+# private route table
+resource "aws_route_table" "nat_gateway_private" {
+  count = var.nat_gateway_enable ? length(var.availability_zones) : 0
+
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+
+    nat_gateway_id = aws_nat_gateway.this.*.id[count.index]
+  }
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-private-%s", var.name, var.availability_zones[count.index])
+  })
+}

terraform/aws/modules/vpc/output.tf

@@ -0,0 +1,72 @@
+# VPC
+output "vpc_id" {
+  description = "VPC ID"
+  value       = aws_vpc.this.id
+}
+
+output "vpc_cidr_block" {
+  description = "VPC에 할당한 CIDR block"
+  value       = aws_vpc.this.cidr_block
+}
+
+output "default_security_group_id" {
+  description = "VPC default Security Group ID"
+  value       = aws_vpc.this.default_security_group_id
+}
+
+output "default_network_acl_id" {
+  description = "VPC default network ACL ID"
+  value       = aws_vpc.this.default_network_acl_id
+}
+
+# internet gateway
+output "igw_id" {
+  description = "Interget Gateway ID"
+  value       = aws_internet_gateway.this.id
+}
+
+# subnets
+output "private_subnets_ids" {
+  description = "Private Subnet ID 리스트"
+  value       = aws_subnet.private.*.id
+}
+
+output "public_subnets_ids" {
+  description = "Public Subnet ID 리스트"
+  value       = aws_subnet.public.*.id
+}
+
+output "database_subnets_ids" {
+  description = "Database Subnet ID 리스트"
+  value       = aws_subnet.database.*.id
+}
+
+output "database_subnet_group_ids" {
+  description = "Database Subnet Group ID 리스트"
+  value       = aws_db_subnet_group.database.*.id
+}
+
+# route tables
+output "public_route_table_ids" {
+  description = "Public Route Table ID 리스트"
+  value       = aws_route_table.public.*.id
+}
+
+output "private_route_table_ids" {
+  description = "Private Route Table ID 리스트"
+  value       = aws_route_table.private.*.id
+}
+
+# NAT gateway
+output "nat_ids" {
+  description = "NAT Gateway에 할당된 EIP ID 리스트"
+  value       = [aws_eip.nat.*.id]
+}
+output "nat_public_ips" {
+  description = "NAT Gateway에 할당된 EIP 리스트"
+  value       = [aws_eip.nat.*.public_ip]
+}
+output "natgw_ids" {
+  description = "NAT Gateway ID 리스트"
+  value       = [aws_nat_gateway.this.*.id]
+}

terraform/aws/modules/vpc/variables.tf

@@ -0,0 +1,44 @@
+variable "name" {
+  description = "모듈에서 정의하는 모든 리소스 이름의 prefix"
+  type        = string
+}
+
+variable "cidr" {
+  description = "VPC에 할당한 CIDR block"
+  type        = string
+}
+
+variable "public_subnets" {
+  description = "Public Subnet IP 리스트"
+  type        = list(string)
+}
+
+variable "private_subnets" {
+  description = "Private Subnet IP 리스트"
+  type        = list(string)
+}
+
+variable "database_subnets" {
+  description = "Database Subnet IP 리스트"
+  type        = list(string)
+}
+
+variable "availability_zones" {
+  description = "사용할 availability zones 리스트"
+  type        = list(string)
+}
+
+variable "bastion_id" {
+  description = "bastion instance id"
+  type        = string
+}
+
+variable "nat_gateway_enable" {
+  description = "nat gateway enabled"
+  default = false
+}
+
+variable "tags" {
+  description = "모든 리소스에 추가되는 tag 맵"
+  type        = map(string)
+}

terraform/aws/modules/vpc/versions.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12"
+}

terraform/aws/modules/vpc/vpc-subnet.tf

@@ -0,0 +1,103 @@
+# public subnet
+resource "aws_subnet" "public" {
+  count = length(var.public_subnets)
+
+  vpc_id = aws_vpc.this.id
+  cidr_block = var.public_subnets[count.index]
+  availability_zone = var.availability_zones[count.index]
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-public-%s", var.name, var.availability_zones[count.index]),
+  })
+}
+
+# private subnet
+resource "aws_subnet" "private" {
+  count = length(var.private_subnets)
+
+  vpc_id = aws_vpc.this.id
+  cidr_block = var.private_subnets[count.index]
+  availability_zone = var.availability_zones[count.index]
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-private-%s", var.name, var.availability_zones[count.index]),
+  })
+}
+
+# private database subnet
+resource "aws_subnet" "database" {
+  count = length(var.database_subnets)
+
+  vpc_id = aws_vpc.this.id
+  cidr_block = var.database_subnets[count.index]
+  availability_zone = var.availability_zones[count.index]
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-db-%s", var.name, var.availability_zones[count.index])
+  })
+}
+
+resource "aws_db_subnet_group" "database" {
+  count = length(var.database_subnets) > 0 ? 1 : 0
+
+  name = var.name
+  description = "Database subnet group for ${var.name}"
+  subnet_ids = aws_subnet.database.*.id
+
+  tags = merge(var.tags, {
+    "Name" = format("%s", var.name)
+  })
+}
+
+# public route table
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-public", var.name)
+  })
+}
+
+# private route table
+resource "aws_route_table" "private" {
+  count = var.nat_gateway_enable ? 0 : length(var.availability_zones)
+
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    instance_id = var.bastion_id
+  }
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-private-%s", var.name, var.availability_zones[count.index])
+  })
+}
+
+# route table association
+resource "aws_route_table_association" "public" {
+  count = length(var.public_subnets)
+
+  subnet_id = aws_subnet.public[count.index].id
+  route_table_id = aws_route_table.public.id
+}
+
+resource "aws_route_table_association" "private" {
+  count = length(var.private_subnets)
+
+  subnet_id = aws_subnet.private[count.index].id
+  route_table_id = var.nat_gateway_enable ? aws_route_table.nat_gateway_private[count.index].id :aws_route_table.private[count.index].id
+}
+
+resource "aws_route_table_association" "database" {
+  count = length(var.database_subnets)
+
+  subnet_id = aws_subnet.database[count.index].id
+  route_table_id = var.nat_gateway_enable ? aws_route_table.nat_gateway_private[count.index].id :aws_route_table.private[count.index].id
+}
+

terraform/aws/modules/vpc/vpc.tf

@@ -0,0 +1,77 @@
+# VPC
+resource "aws_vpc" "this" {
+  cidr_block = var.cidr
+  enable_dns_hostnames = true
+  enable_dns_support = true
+  instance_tenancy = "default"
+
+  tags = merge(var.tags, {
+    "Name" = format("%s", var.name)
+  })
+}
+
+# internet gateway
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+
+  tags = merge(var.tags, {
+    "Name" = format("%s", var.name)
+  })
+}
+
+# default network ACL
+resource "aws_default_network_acl" "dev_default" {
+  default_network_acl_id = aws_vpc.this.default_network_acl_id
+
+  ingress {
+    protocol = -1
+    rule_no = 100
+    action = "allow"
+    cidr_block = "0.0.0.0/0"
+    from_port = 0
+    to_port = 0
+  }
+
+  egress {
+    protocol = -1
+    rule_no = 100
+    action = "allow"
+    cidr_block = "0.0.0.0/0"
+    from_port = 0
+    to_port = 0
+  }
+
+  subnet_ids = concat(
+  aws_subnet.public.*.id,
+  aws_subnet.private.*.id,
+  aws_subnet.database.*.id)
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-default", var.name)
+  })
+}
+
+# default security group
+resource "aws_default_security_group" "dev_default" {
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    protocol = -1
+    self = true
+    from_port = 0
+    to_port = 0
+  }
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
+  }
+
+  tags = merge(var.tags, {
+    "Name" = format("%s-default", var.name)
+  })
+}