Create the Network infra

The following was created:

1. VPC
2. Subnets
3. IGW
4. NAT
5. Route tables

diff --git a/assessment/terraform/main.tf b/assessment/terraform/main.tf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..16ad0ea05b2772f91d924bb78604edf5fac86c7a 100644 (file)
--- a/assessment/terraform/main.tf
+++ b/assessment/terraform/main.tf
@@ -0,0 +1,104 @@
+# VPC
+resource "aws_vpc" "this" {
+  cidr_block           = var.vpc_cidr
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "security-assessment-vpc"
+  }
+}
+
+# Public subnets
+resource "aws_subnet" "public" {
+  count                   = length(var.public_subnets_cidr)
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = var.public_subnets_cidr[count.index]
+  availability_zone       = var.availability_zones[count.index]
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "public-subnet-${count.index + 1}"
+  }
+}
+
+# Private subnets
+resource "aws_subnet" "private" {
+  count             = length(var.private_subnets_cidr)
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = var.private_subnets_cidr[count.index]
+  availability_zone = var.availability_zones[count.index]
+
+  tags = {
+    Name = "private-subnet-${count.index + 1}"
+  }
+}
+
+# IGW
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+
+  tags = {
+    Name = "security-assessment-igw"
+  }
+}
+
+# Elastic IP
+resource "aws_eip" "nat" {
+  domain = "vpc"
+}
+
+# NAT Gateway attached to the public subnet
+resource "aws_nat_gateway" "this" {
+  allocation_id = aws_eip.nat.id
+  subnet_id     = aws_subnet.public[0].id
+
+  tags = {
+    Name = "security-assessment-nat"
+  }
+
+  depends_on = [aws_internet_gateway.this]
+}
+
+# Public route table
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  tags = {
+    Name = "public-rt"
+  }
+}
+
+# Associate public subnets
+resource "aws_route_table_association" "public" {
+  count          = length(aws_subnet.public)
+  subnet_id      = aws_subnet.public[count.index].id
+  route_table_id = aws_route_table.public.id
+}
+
+# Private route table
+resource "aws_route_table" "private" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this.id
+  }
+
+  tags = {
+    Name = "private-rt"
+  }
+}
+
+# Associate private subnets
+resource "aws_route_table_association" "private" {
+  count          = length(aws_subnet.private)
+  subnet_id      = aws_subnet.private[count.index].id
+  route_table_id = aws_route_table.private.id
+}
+

diff --git a/assessment/terraform/variables.tf b/assessment/terraform/variables.tf
index ae60318c94c72df5e6df0617fb90da1a922f344d..1a4b05280d6cf4e2707f36ad7ce7c90cc5315e49 100644 (file)
--- a/assessment/terraform/variables.tf
+++ b/assessment/terraform/variables.tf
@@ -3,3 +3,24 @@ variable "aws_region" {
   type        = string
   default     = "us-east-1"
 }
+
+variable "vpc_cidr" {
+  type    = string
+  default = "10.0.0.0/16"
+}
+
+variable "public_subnets_cidr" {
+  type    = list(string)
+  default = ["10.0.1.0/24", "10.0.2.0/24"]
+}
+
+variable "private_subnets_cidr" {
+  type    = list(string)
+  default = ["10.0.101.0/24", "10.0.102.0/24"]
+}
+
+variable "availability_zones" {
+  type    = list(string)
+  default = ["us-east-1a", "us-east-1b"]
+}
+