#Create shared VPC for NYC resource "aws_vpc" "nyc-shared" { provider = aws cidr_block = "10.112.192.0/21" enable_dns_support = true enable_dns_hostnames = true tags = { Name = "nyc-aws-shared-use1" } } # DHCP OPTIONSET resource "aws_vpc_dhcp_options" "nyc-shared" { domain_name = "nyc.domain.com domain.com" domain_name_servers = ["10.10.0.1", "10.10.0.2"] ntp_servers = ["10.10.0.1", "10.10.0.2"] tags = { Name = "nyc-shared-optionset" } } resource "aws_vpc_dhcp_options_association" "nyc-shared" { vpc_id = aws_vpc.nyc-shared.id dhcp_options_id = aws_vpc_dhcp_options.nyc-shared.id } # VIRTUAL PRIVATE GATEWAY resource "aws_vpn_gateway" "nyc-shared-vpgw" { vpc_id = aws_vpc.nyc-shared.id tags = { Name = "nyc-shared-vpgw" } } # ROUTE TABLE resource "aws_route_table" "nyc-shared-rt" { vpc_id = aws_vpc.nyc-shared.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_vpn_gateway.nyc-shared-vpgw.id } tags = { Name = "nyc-shared-rt" } } resource "aws_main_route_table_association" "nyc-shared-rt" { vpc_id = aws_vpc.nyc-shared.id route_table_id = aws_route_table.nyc-shared-rt.id } resource "aws_ec2_tag" "nyc-shared-ort" { resource_id = aws_main_route_table_association.nyc-shared-rt.original_route_table_id key = "Name" value = "DO_NOT_DELETE" depends_on = [ aws_route_table.nyc-shared-rt ] } resource "aws_vpn_gateway_route_propagation" "nyc-shared-rt" { vpn_gateway_id = aws_vpn_gateway.nyc-shared-vpgw.id route_table_id = aws_route_table.nyc-shared-rt.id depends_on = [ aws_vpn_gateway.nyc-shared-vpgw ] } #Get all available AZ's in VPC for s region data "aws_availability_zones" "azs_shared" { state = "available" } resource "aws_subnet" "nycaws-shared-use1-1" { availability_zone = element(data.aws_availability_zones.azs_shared.names, 0) vpc_id = aws_vpc.nyc-shared.id cidr_block = "10.112.192.0/23" tags = { Name = "nycaws-shared-use1-1" } } resource "aws_route_table_association" "nycaws-shared-use1-1-rta" { subnet_id = aws_subnet.nycaws-shared-use1-1.id route_table_id = aws_route_table.nyc-shared-rt.id } resource "aws_subnet" "nycaws-shared-use1-2" { availability_zone = element(data.aws_availability_zones.azs_shared.names, 1) vpc_id = aws_vpc.nyc-shared.id cidr_block = "10.112.194.0/23" tags = { Name = "nycaws-shared-use1-2" } } resource "aws_route_table_association" "nycaws-shared-use1-2-rta" { subnet_id = aws_subnet.nycaws-shared-use1-2.id route_table_id = aws_route_table.nyc-shared-rt.id 0 resource "aws_subnet" "nycaws-shared-use1-3" { availability_zone = element(data.aws_availability_zones.azs_shared.names, 2) vpc_id = aws_vpc.nyc-shared.id cidr_block = "10.112.196.0/24" tags = { Name = "nycaws-shared-use1-3" } } resource "aws_route_table_association" "nycaws-shared-use1-3-rta" { subnet_id = aws_subnet.nycaws-shared-use1-3.id route_table_id = aws_route_table.nyc-shared-rt.id } # SECURITY GROUP resource "aws_security_group" "nyc-shared" { name = "shared-all-traffic" description = "shared-all-traffic" vpc_id = aws_vpc.nyc-shared.id ingress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "shared-all-traffic" } }