Note: Scroll down this article to download the terrafom files in zip format.


Terraform AWS VPC and Subnets

This Terraform configuration creates a foundational network infrastructure in AWS. It sets up a single Virtual Private Cloud (VPC) with two pairs of subnets (one public, one private) distributed across two different Availability Zones. It also creates and configures the necessary routing tables for both subnet tiers. The external route table is configured with a route to an Internet Gateway, providing resources in the public subnets with direct internet access. In contrast, the internal route table is kept private, containing only the default local route, which allows communication within the VPC but prevents any direct internet connectivity.

This network topology is a specific requirement for deploying Cloud Security Connectors in a High Availability (HA) configuration. For a resilient setup, these security appliances require deployment across multiple Availability Zones to ensure service continuity in case one zone fails. Each connector typically needs a public-facing network interface for management and communication with the security cloud, and one private interface for redirecting traffic to and from your internal application resources. This Terraform configuration directly provisions the necessary infrastructure: a pair of public and private subnets in two distinct Availability Zones, establishing the foundation for a robust and fault-tolerant security deployment.

Prerequisites

Before you can use this configuration, you need to have the following tools installed and configured on your machine.

  1. Terraform Terraform is the tool used to build, change, and version infrastructure safely and efficiently.

    • Installation: Follow the official instructions to install Terraform for your operating system: Install Terraform.

  2. AWS Command Line Interface (CLI) The AWS CLI is required to configure your AWS credentials so that Terraform can authenticate with your AWS account.

    • Installation: Follow the official guide to install the AWS CLI: Installing the AWS CLI.
    • Configuration: Once installed, you need to configure your credentials. Run the following command and provide your AWS Access Key ID, Secret Access Key, default region, and default output format when prompted.
      aws configure

  3. Terraform will use these credentials automatically to provision the resources.

Configuration

All the customizable values for this infrastructure are located in the terraform.auto.tfvars file. Before running the commands, open this file and adjust the variables to match your requirements.

Key Variables in terraform.auto.tfvars

  • aws_region: The AWS region where you want to create your infrastructure (e.g., "us-east-1").
  • vpc_cidr: The overall IP address range for your VPC (e.g., "10.0.0.0/16").
  • vpc_name: The value for the Name tag that will be applied to the VPC.
  • igw_name: The Name tag for the Internet Gateway.
  • subnets: This is a map that defines each subnet. You can change:
    • cidr_block: The IP range for each subnet. Ensure these do not overlap.
    • availability_zone: The specific AZ for the subnet (e.g., "us-east-1a").
    • name: The Name tag for the subnet.
  • external_rt_name: The Name tag for the route table used by public subnets.
  • internal_rt_name: The Name tag for the route table used by private subnets.

How to Run

Once your prerequisites are installed and your .tfvars file is configured, follow these steps to deploy the infrastructure.

Step 1: Initialize Terraform

Navigate to the directory containing the .tf files in your terminal and run the init command. This command initializes the working directory, downloading the necessary provider plugins.

terraform init

Step 2: Plan the Deployment

Run the plan command to see an execution plan. This will show you exactly what resources Terraform will create, modify, or destroy. It's a great way to verify your changes before applying them.

terraform plan

Step 3: Apply the Configuration

If the plan looks correct, apply the configuration to create the resources in your AWS account. Terraform will ask for a final confirmation before proceeding.

terraform apply

Type yes and press Enter to confirm.

After the command completes successfully, the outputs defined in the configuration will be displayed on your screen, showing details of the created resources.

Step 4: Destroy the Infrastructure (Optional)

If you want to tear down the infrastructure and remove all the resources created by this configuration, run the destroy command.

terraform destroy