diff options
| author | Paul Buetow <paul@buetow.org> | 2023-12-23 02:04:50 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2023-12-23 02:05:09 +0200 |
| commit | 30178daecc274cbd90e77ad55d97e804fe02889a (patch) | |
| tree | cc7e22d50881b89d3ef322a820be26393c05bcb3 /org-buetow-base | |
| parent | 0e5ff097a9c5fae99813eddbed84c136eaafd551 (diff) | |
Initial IPv6
Diffstat (limited to 'org-buetow-base')
| -rw-r--r-- | org-buetow-base/efs.tf | 8 | ||||
| -rw-r--r-- | org-buetow-base/network.tf | 73 |
2 files changed, 53 insertions, 28 deletions
diff --git a/org-buetow-base/efs.tf b/org-buetow-base/efs.tf index 0e916ec..8ef5930 100644 --- a/org-buetow-base/efs.tf +++ b/org-buetow-base/efs.tf @@ -1,6 +1,14 @@ resource "aws_efs_file_system" "self_hosted_services_efs" { creation_token = "self-hosted-services-efs" encrypted = true + + # backup_policy { + # status = "ENABLED" + #} + + tags = { + Name = "self-hosted-services" + } } resource "aws_efs_mount_target" "efs_mt_a" { diff --git a/org-buetow-base/network.tf b/org-buetow-base/network.tf index a128569..86f3dfb 100644 --- a/org-buetow-base/network.tf +++ b/org-buetow-base/network.tf @@ -2,6 +2,8 @@ resource "aws_vpc" "vpc" { cidr_block = "10.0.0.0/16" # Specify your CIDR block enable_dns_support = true enable_dns_hostnames = true + + assign_generated_ipv6_cidr_block = true } resource "aws_internet_gateway" "igw" { @@ -9,24 +11,30 @@ resource "aws_internet_gateway" "igw" { } resource "aws_subnet" "public_subnet_a" { - vpc_id = aws_vpc.vpc.id - cidr_block = "10.0.1.0/24" - availability_zone = "eu-central-1a" - map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + cidr_block = "10.0.1.0/24" + assign_ipv6_address_on_creation = true + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1) + availability_zone = "eu-central-1a" + map_public_ip_on_launch = true } resource "aws_subnet" "public_subnet_b" { - vpc_id = aws_vpc.vpc.id - cidr_block = "10.0.2.0/24" - availability_zone = "eu-central-1b" - map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + cidr_block = "10.0.2.0/24" + assign_ipv6_address_on_creation = true + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2) + availability_zone = "eu-central-1b" + map_public_ip_on_launch = true } resource "aws_subnet" "public_subnet_c" { - vpc_id = aws_vpc.vpc.id - cidr_block = "10.0.3.0/24" - availability_zone = "eu-central-1c" - map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + cidr_block = "10.0.3.0/24" + assign_ipv6_address_on_creation = true + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 3) + availability_zone = "eu-central-1c" + map_public_ip_on_launch = true } resource "aws_route_table" "route_table" { @@ -36,6 +44,11 @@ resource "aws_route_table" "route_table" { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } + + route { + ipv6_cidr_block = "::/0" + gateway_id = aws_internet_gateway.igw.id + } } resource "aws_route_table_association" "a" { @@ -72,31 +85,35 @@ resource "aws_security_group" "allow_web" { vpc_id = aws_vpc.vpc.id ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } ingress { - from_port = 8080 - to_port = 8080 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + from_port = 8080 + to_port = 8080 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } } |