201 lines
7.0 KiB
HCL
201 lines
7.0 KiB
HCL
|
|
locals {
|
|
vpc_use_strategy = var.vpc_use_strategy
|
|
vpc_mod = (
|
|
local.vpc_use_strategy == "skip" ? 0 : 1
|
|
)
|
|
subnet_use_strategy = var.subnet_use_strategy
|
|
subnet_mod = (
|
|
local.subnet_use_strategy == "skip" ? 0 : (
|
|
local.vpc_use_strategy == "skip" ? 0 : 1 # subnet mod requires vpc mod
|
|
)
|
|
)
|
|
security_group_use_strategy = var.security_group_use_strategy
|
|
security_group_mod = (
|
|
local.security_group_use_strategy == "skip" ? 0 : (
|
|
local.subnet_use_strategy == "skip" ? 0 : ( # security group mod requires subnet mod
|
|
local.vpc_use_strategy == "skip" ? 0 : 1 # security group mod requires vpc mod
|
|
)
|
|
)
|
|
)
|
|
load_balancer_use_strategy = var.load_balancer_use_strategy
|
|
load_balancer_mod = (
|
|
local.load_balancer_use_strategy == "skip" ? 0 : (
|
|
local.security_group_use_strategy == "skip" ? 0 : ( # load balancer mod requires security group mod
|
|
local.subnet_use_strategy == "skip" ? 0 : ( # load balancer mod requires subnet mod
|
|
local.vpc_use_strategy == "skip" ? 0 : 1 # load balancer mod requires vpc mod
|
|
)
|
|
)
|
|
)
|
|
)
|
|
|
|
domain_use_strategy = var.domain_use_strategy
|
|
domain_mod = (
|
|
local.domain_use_strategy == "skip" ? 0 : (
|
|
local.load_balancer_use_strategy == "skip" ? 0 : ( # domain mod requires load balancer mod
|
|
local.security_group_use_strategy == "skip" ? 0 : ( # domain mod requires security group mod
|
|
local.subnet_use_strategy == "skip" ? 0 : ( # domain mod requires subnet mod
|
|
local.vpc_use_strategy == "skip" ? 0 : 1 # domain mod requires vpc mod
|
|
)
|
|
)
|
|
)
|
|
)
|
|
)
|
|
|
|
# vpc
|
|
vpc_name = var.vpc_name
|
|
vpc_type = var.vpc_type
|
|
vpc_public = var.vpc_public
|
|
vpc_zones = var.vpc_zones
|
|
availability_zones = (length(local.vpc_zones) > 0 ?
|
|
({ for i in range(length(local.vpc_zones)) : tostring(i) => local.vpc_zones[i] }) :
|
|
({ "0" = data.aws_availability_zones.available.names[0] })
|
|
)
|
|
vpc_ipv4 = (local.vpc_mod > 0 ? module.vpc[0].ipv4 : null)
|
|
vpc_ipv6 = (local.vpc_mod > 0 ? module.vpc[0].ipv6 : null)
|
|
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_ipv6_missing = (
|
|
(
|
|
local.vpc_mod == 1 &&
|
|
(local.vpc_type == "ipv6" || local.vpc_type == "dualstack") &&
|
|
local.vpc_ipv6 == ""
|
|
) ?
|
|
one([local.vpc_ipv6, "missing_ipv6_address"]) :
|
|
false
|
|
)
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_ipv4_missing = (
|
|
(
|
|
local.vpc_mod == 1 &&
|
|
local.vpc_ipv4 == ""
|
|
) ?
|
|
one([local.vpc_ipv4, "missing_ipv4_address"]) :
|
|
false
|
|
)
|
|
|
|
|
|
# subnet
|
|
subnet_names = var.subnet_names
|
|
subnet_map = (length(local.subnet_names) > 0 ?
|
|
{ for i in range((length(local.subnet_names) * local.subnet_mod)) :
|
|
tostring(i) => {
|
|
name = local.subnet_names[i]
|
|
ipv4_cidr = cidrsubnet(local.vpc_ipv4, length(local.subnet_names), i)
|
|
ipv6_cidr = cidrsubnet(local.vpc_ipv6, 8, i) # must be hard coded to 8: AWS only accepts a /64 and always assigns a /56 to the VPC
|
|
az = local.availability_zones[i]
|
|
}
|
|
} :
|
|
{ for i in range((length(local.availability_zones) * local.subnet_mod)) :
|
|
tostring(i) => {
|
|
name = "${local.vpc_name}-${local.availability_zones[i]}"
|
|
ipv4_cidr = cidrsubnet(local.vpc_ipv4, length(local.subnet_names), i)
|
|
ipv6_cidr = cidrsubnet(local.vpc_ipv6, 8, i) # must be hard coded to 8: AWS only accepts a /64 and always assigns a /56 to the VPC
|
|
az = local.availability_zones[i]
|
|
}
|
|
}
|
|
)
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_subnet_map_length = ((local.subnet_mod == 1 && local.subnet_use_strategy == "create" && (length(local.subnet_map) != length(local.availability_zones))) ? one([jsonencode(local.subnet_names), "length_subnet_names_must_match_availability_zones"]) : false)
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_subnet_map_empty = ((local.subnet_mod == 1 && local.subnet_use_strategy == "create" && (length(local.subnet_map) < 1)) ? one([jsonencode(local.subnet_map), "subnet_map_empty"]) : false)
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_subnets_not_created = ((local.subnet_mod == 1 && length(module.subnet) < 1) ? one([local.subnet_mod, "subnets_not_created"]) : false)
|
|
|
|
|
|
# security group
|
|
security_group_name = var.security_group_name
|
|
security_group_type = var.security_group_type
|
|
|
|
# load balancer
|
|
load_balancer_name = var.load_balancer_name
|
|
load_balancer_access_cidrs = var.load_balancer_access_cidrs
|
|
|
|
# domain
|
|
domain = var.domain
|
|
cert_use_strategy = var.cert_use_strategy
|
|
domain_zone = var.domain_zone
|
|
# tflint-ignore: terraform_unused_declarations
|
|
fail_domain_zone = ((local.domain_mod == 1 && local.domain_use_strategy != "skip" && local.domain_zone == "") ? one([local.domain_zone, "domain_zone_missing"]) : false)
|
|
}
|
|
|
|
data "aws_availability_zones" "available" {
|
|
state = "available"
|
|
}
|
|
|
|
module "vpc" {
|
|
count = local.vpc_mod
|
|
source = "./modules/vpc"
|
|
use = local.vpc_use_strategy
|
|
name = local.vpc_name
|
|
type = local.vpc_type
|
|
}
|
|
|
|
module "subnet" {
|
|
depends_on = [
|
|
module.vpc,
|
|
]
|
|
for_each = (local.subnet_mod == 1 ? local.subnet_map : tomap({}))
|
|
source = "./modules/subnet"
|
|
use = local.subnet_use_strategy
|
|
type = local.vpc_type
|
|
vpc_id = module.vpc[0].id
|
|
ipv4_cidr = each.value.ipv4_cidr
|
|
ipv6_cidr = each.value.ipv6_cidr
|
|
name = each.value.name
|
|
availability_zone = each.value.az
|
|
public = local.vpc_public
|
|
}
|
|
|
|
module "project_security_group" {
|
|
depends_on = [
|
|
module.subnet,
|
|
module.vpc,
|
|
]
|
|
count = local.security_group_mod
|
|
source = "./modules/security_group"
|
|
use = local.security_group_use_strategy
|
|
name = local.security_group_name
|
|
type = local.security_group_type
|
|
vpc_id = module.vpc[0].id
|
|
vpc_type = local.vpc_type
|
|
vpc_cidr = {
|
|
ipv4 = module.vpc[0].ipv4
|
|
ipv6 = module.vpc[0].ipv6
|
|
}
|
|
}
|
|
|
|
module "network_load_balancer" {
|
|
depends_on = [
|
|
module.vpc,
|
|
module.subnet,
|
|
module.project_security_group,
|
|
]
|
|
count = local.load_balancer_mod
|
|
source = "./modules/network_load_balancer"
|
|
use = local.load_balancer_use_strategy
|
|
name = local.load_balancer_name
|
|
vpc_id = module.vpc[0].id
|
|
vpc_type = local.vpc_type
|
|
security_group_id = module.project_security_group[0].id
|
|
access_info = local.load_balancer_access_cidrs
|
|
subnets = module.subnet
|
|
}
|
|
|
|
module "domain" {
|
|
depends_on = [
|
|
module.vpc,
|
|
module.subnet,
|
|
module.project_security_group,
|
|
module.network_load_balancer,
|
|
]
|
|
count = local.domain_mod
|
|
source = "./modules/domain"
|
|
use = local.domain_use_strategy
|
|
cert_use_strategy = local.cert_use_strategy
|
|
content = lower(local.domain)
|
|
ips = module.network_load_balancer[0].public_ips
|
|
domain_zone = local.domain_zone
|
|
vpc_type = local.vpc_type
|
|
}
|