Scribd
Upload
6 views4 pages

Nat Instance

Uploaded by

vicky13921392
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
6 views4 pages

Nat Instance

Uploaded by

vicky13921392
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

terraform {

required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
}
}
}

# Configure the AWS Provider


provider "aws" {
region = "eu-west-1"
}

#create vpc
resource "aws_vpc" "vpcnat" {
cidr_block = "172.20.0.0/16"
instance_tenancy = "default"

tags = {
Name = "vpcnat"
}
}

#create internet gateway


resource "aws_internet_gateway" "natigw" {
vpc_id = aws_vpc.vpcnat.id

tags = {
Name = "natigw"
}
}

#create public subnet


resource "aws_subnet" "publicsubnet" {
vpc_id = aws_vpc.vpcnat.id
cidr_block = "172.20.1.0/24"

tags = {
Name = "publicsubnet"
}
}
# create private subnet
resource "aws_subnet" "privatesubnet" {
vpc_id = aws_vpc.vpcnat.id
cidr_block = "172.20.3.0/24"

tags = {
Name = "privatesubnet"
}
}

resource "aws_route_table" "publicroute" {


vpc_id = aws_vpc.vpcnat.id

route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.natigw.id
}
tags = {
Name = "publicroute"
}
}
# routetable association
resource "aws_route_table_association" "publicsub" {
subnet_id = aws_subnet.publicsubnet.id
route_table_id = aws_route_table.publicroute.id
}

# CREATE NAT INSTANCE SECURITY GROUP


resource "aws_security_group" "NAT_INSTANCE_SG" {
name = "NAT_INSTANCE_SG"
description = "Allow TLS inbound traffic and all outbound traffic"
vpc_id = aws_vpc.vpcnat.id

tags = {
Name = "NAT_INSTANCE_SG"
}
}

resource "aws_vpc_security_group_ingress_rule" "allow_ALL_access" {


security_group_id = aws_security_group.NAT_INSTANCE_SG.id
cidr_ipv4 = "0.0.0.0/0"
from_port = 0
ip_protocol = "-1"
to_port = 0
}

resource "aws_vpc_security_group_egress_rule" "ALLOW_ALL" {


security_group_id = aws_security_group.NAT_INSTANCE_SG.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
}
# CREATE NAT INSTANCE
resource "aws_instance" "NAT_INSTANCE" {
ami = "ami-06fd44057cc9e8551"
instance_type = "t2.micro"
key_name = "155"
subnet_id = aws_subnet.publicsubnet.id
vpc_security_group_ids = [aws_security_group.NAT_INSTANCE_SG.id]
associate_public_ip_address = true
source_dest_check = false
tags = {
Name = "NAT_INSTANCE"
}
}

#private routetable
resource "aws_route_table" "privateroute" {
vpc_id = aws_vpc.vpcnat.id

route {
cidr_block = "0.0.0.0/0"
network_interface_id = aws_instance.NAT_INSTANCE.primary_network_interface_id
}
tags = {
Name = "privateroute"
}
}

resource "aws_route_table_association" "privateroute" {


subnet_id = aws_subnet.privatesubnet.id
route_table_id = aws_route_table.privateroute.id
}

# Create a Security Group


resource "aws_security_group" "instance_SG" {
name = "VM-NSG"
description = "Allow SSH http Access"
vpc_id = aws_vpc.vpcnat.id

tags = {
Name = "instance_SG"
}
}

resource "aws_vpc_security_group_ingress_rule" "allow_ssh_access" {


security_group_id = aws_security_group.instance_SG.id
cidr_ipv4 = "0.0.0.0/0"
from_port = 22
ip_protocol = "tcp"
to_port = 22
}
resource "aws_vpc_security_group_ingress_rule" "allow_http_access" {
security_group_id = aws_security_group.instance_SG.id
cidr_ipv4 = "0.0.0.0/0"
from_port = 80
ip_protocol = "tcp"
to_port = 80
}

resource "aws_vpc_security_group_egress_rule" "allow_all_traffic" {


security_group_id = aws_security_group.instance_SG.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
}
#CREATE PUBLIC INSTANCE
resource "aws_instance" "PUBLIC_VM" {
ami = "ami-01621ce8f257d0d13"
instance_type = "t2.micro"
key_name = "155"
subnet_id = aws_subnet.publicsubnet.id
vpc_security_group_ids = [aws_security_group.instance_SG.id]
associate_public_ip_address = true

tags = {
Name = "PUBLIC_VM"
}
}

#CREATE PRIVATE INSTANCE


resource "aws_instance" "PRIVATE_VM" {
ami = "ami-01621ce8f257d0d13"
instance_type = "t2.micro"
key_name = "155"
subnet_id = aws_subnet.privatesubnet.id
vpc_security_group_ids = [aws_security_group.instance_SG.id]

tags = {
Name = "PRIVATE_VM"
}
}

You might also like