devops-contribution · devops-contribution · Feb 18, 2025 · Feb 18, 2025
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -4,12 +4,11 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.0"  # Allows any version 5.x.x
+      version = "~> 5.0"
     }
   }
 }
 
-
 resource "aws_vpc" "eks_vpc" {
   cidr_block           = var.vpc_cidr
   instance_tenancy     = "default"
@@ -20,44 +19,111 @@ resource "aws_vpc" "eks_vpc" {
   }
 }
 
-resource "aws_internet_gateway" "eks_internet_gateway" {
-  vpc_id = aws_vpc.eks_vpc.id
-}
-
-# Using data source to get all Avalablility Zones in region
+# Data source to get all Availability Zones in the region
 data "aws_availability_zones" "available_zones" {}
 
-resource "aws_subnet" "public_subnet_az1" {
+# Private Subnet in AZ1
+resource "aws_subnet" "private_subnet_az1" {
   vpc_id                  = aws_vpc.eks_vpc.id
-  cidr_block              = var.public_subnet_az1_cidr
+  cidr_block              = var.private_subnet_az1_cidr 
   availability_zone       = data.aws_availability_zones.available_zones.names[0]
-  map_public_ip_on_launch = true
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name = "${var.customer}-private-subnet-az1"
+  }
 }
 
-resource "aws_subnet" "public_subnet_az2" {
+# Private Subnet in AZ2
+resource "aws_subnet" "private_subnet_az2" {
   vpc_id                  = aws_vpc.eks_vpc.id
-  cidr_block              = var.public_subnet_az2_cidr
+  cidr_block              = var.private_subnet_az2_cidr
   availability_zone       = data.aws_availability_zones.available_zones.names[1]
-  map_public_ip_on_launch = true
+  map_public_ip_on_launch = false
+
+  tags = {
+    Name = "${var.customer}-private-subnet-az2"
+  }
+}
+
+# Public Subnet for NAT Gateway
+resource "aws_subnet" "public_subnet" {
+  vpc_id                  = aws_vpc.eks_vpc.id
+  cidr_block              = var.public_subnet_nat_cidr
+  availability_zone       = data.aws_availability_zones.available_zones.names[0]
+  map_public_ip_on_launch = true  # Public for NAT
+
+  tags = {
+    Name = "${var.customer}-public-subnet-for-nat"
+  }
+}
+
+# Internet Gateway (needed for NAT Gateway)
+resource "aws_internet_gateway" "eks_internet_gateway" {
+  vpc_id = aws_vpc.eks_vpc.id
+
+  tags = {
+    Name = "${var.customer}-eks-igw"
+  }
 }
 
+# Elastic IP for NAT Gateway
+resource "aws_eip" "nat_eip" {
+  domain = "vpc"
+}
+
+# NAT Gateway in Public Subnet
+resource "aws_nat_gateway" "nat_gw" {
+  allocation_id = aws_eip.nat_eip.id
+  subnet_id     = aws_subnet.public_subnet.id
+
+  tags = {
+    Name = "${var.customer}-nat-gateway"
+  }
+}
+
+# Private Route Table (Uses NAT Gateway)
+resource "aws_route_table" "private_route_table" {
+  vpc_id = aws_vpc.eks_vpc.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.nat_gw.id
+  }
+
+  tags = {
+    Name = "${var.customer}-private-route-table"
+  }
+}
+
+# Associate Private Subnet in AZ1 with Private Route Table
+resource "aws_route_table_association" "private_subnet_az1_association" {
+  subnet_id      = aws_subnet.private_subnet_az1.id
+  route_table_id = aws_route_table.private_route_table.id
+}
+
+# Associate Private Subnet in AZ2 with Private Route Table
+resource "aws_route_table_association" "private_subnet_az2_association" {
+  subnet_id      = aws_subnet.private_subnet_az2.id
+  route_table_id = aws_route_table.private_route_table.id
+}
+
+# Public Route Table for NAT Gateway
 resource "aws_route_table" "public_route_table" {
   vpc_id = aws_vpc.eks_vpc.id
 
   route {
     cidr_block = "0.0.0.0/0"
     gateway_id = aws_internet_gateway.eks_internet_gateway.id
   }
-}
 
-# Associating Public Subnet in AZ1 to route table
-resource "aws_route_table_association" "public_subnet_az1_route_table_association" {
-  subnet_id      = aws_subnet.public_subnet_az1.id
-  route_table_id = aws_route_table.public_route_table.id
+  tags = {
+    Name = "public-route-table"
+  }
 }
 
-# Associating Public Subnet in AZ2 to route table
-resource "aws_route_table_association" "public_subnet_az2_route_table_association" {
-  subnet_id      = aws_subnet.public_subnet_az2.id
+# Public Subnet with Public Route Table
+resource "aws_route_table_association" "public_subnet_association" {
+  subnet_id      = aws_subnet.public_subnet.id
   route_table_id = aws_route_table.public_route_table.id
 }
diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf
@@ -2,14 +2,18 @@ output "vpc_id" {
   value = aws_vpc.eks_vpc.id
 }
 
-output "public_subnet_az1_id" {
+output "private_subnet_az1_id" {
   value = aws_subnet.public_subnet_az1.id
 }
 
-output "public_subnet_az2_id" {
+output "private_subnet_az2_id" {
   value = aws_subnet.public_subnet_az2.id
 }
 
 output "internet_gateway" {
   value = aws_internet_gateway.eks_internet_gateway.id
 }
+
+output "nat_gateway" {
+  value = 
+}
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
@@ -3,16 +3,21 @@ variable "vpc_cidr" {
   #default = "10.0.0.0/16"
 }
 
-variable "public_subnet_az1_cidr" {
+variable "private_subnet_az1_cidr" {
   type    = string
   #default = "10.0.1.0/24"
 }
 
-variable "public_subnet_az2_cidr" {
+variable "private_subnet_az2_cidr" {
   type    = string
   #default = "10.0.2.0/24"
 }
 
+variable "public_subnet_nat_cidr" {
+  type = string
+  #default = "10.0.3.0/24"
+}
+
 variable "customer" {
   type = string
 }