Go to Qiita Advent Calendar 2024 Top
LoginSignup
2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@ymd65536(Kento Yamada)inCloudTech

【AWS】NAT GatewayをTerraformで書くと…

Last updated at Posted at 2021-09-22

LINE bot RSS受信用 Terraform

## AWS Config ##
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.21.0"
    }
  }
}

variable "aws_region" {
  default = "ap-northeast-1"
}
variable "aws_profile" {
  # type = string
  default = "aws-demo"
}
provider "aws" {
  region  = var.aws_region
  profile = var.aws_profile
}

# Lambda設置用のVPCを設置
resource "aws_vpc" "lamda_vpc" {
  cidr_block           = "10.0.0.0/16"
  instance_tenancy     = "default"
  enable_dns_support   = "true"
  enable_dns_hostnames = "true"
  tags = {
    Name = "Lamda on VPC"
  }
}

# サブネットを作成
## パブリックサブネットの作成
resource "aws_subnet" "PublicSubnet" {
  vpc_id            = aws_vpc.lamda_vpc.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "ap-northeast-1a"

  tags = {
    Name = "PublicSubnet"
  }
}

## プライベートサブネットの作成
resource "aws_subnet" "PrivateSubnet" {
  vpc_id            = aws_vpc.lamda_vpc.id
  cidr_block        = "10.0.2.0/24"
  availability_zone = "ap-northeast-1a"

  tags = {
    Name = "PrivateSubnet"
  }
}

# ルートテーブルを構築
##ルートテーブルの追加(0.0.0.0/0)
resource "aws_route_table" "public_subnet_route" {
  vpc_id = aws_vpc.lamda_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.lambda_gateway.id
  }
}

##ルートテーブルの追加(1a)
resource "aws_route_table_association" "public_route_table" {
  subnet_id      = aws_subnet.PublicSubnet.id
  route_table_id = aws_route_table.public_subnet_route.id
}

# InternetGatewayの設定
resource "aws_internet_gateway" "lambda_gateway" {
  vpc_id = aws_vpc.lamda_vpc.id
}

# EIPを作成
resource "aws_eip" "nat_gateway" {
  vpc = true
}

# NAT Gatewayを構築
resource "aws_nat_gateway" "private" {
  allocation_id = aws_eip.nat_gateway.id
  subnet_id     = aws_subnet.PublicSubnet.id

  tags = {
    Name = "example_nat_gateway"
  }
}

# セキュリティグループの設定
resource "aws_security_group" "vpc_access" {
  name        = "vpc_access"
  description = "vpc_access"
  vpc_id      = aws_vpc.lamda_vpc.id

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "lambda_access"
  }
}

# パブリックIPアドレスを見てみる
output "nat_gateway_public_ip" {
  value = aws_eip.nat_gateway.public_ip
}

# プライベートIPアドレスを見てみる
output "nat_gateway_private_ip" {
  value = aws_eip.nat_gateway.private_ip
}
2
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?