iT邦幫忙

2023 iThome 鐵人賽

DAY 13
0
DevOps

大家都在用 Terraform 實作 IaC 為什麼不將程式寫得更簡潔易讀呢?系列 第 13

實作 AWS 常用服務之 Terraform 模組系列 - Elastic IP 篇

  • 分享至 

  • xImage
  •  

AWS Elastic IP 模組實作

AWS Elastic IP 是 AWS 提供的一種靜態 IPv4 位址,用於在 AWS 中的資源之間進行路由與溝通。

本篇是實作常用的 AWS Elastic IP 服務之 Terraform 模組,完整的專案程式碼分享在我的 Github 上。

  1. 先定義整個專案檔案結構 AWS Elastic IP 模組放置於 ./modules/my_eips 目錄中:
├── configs
│   ├── subnet
│   │   └── my-subnets.yaml
│   └── vpc
│       └── my-vpcs.yaml
├── example.tfvars
├── locals.tf
├── main.tf
├── modules
│   ├── my_eips
│   │   ├── eip.tf
│   │   ├── eip_assoc.tf
│   │   ├── outputs.tf
│   │   ├── provider.tf
│   │   └── variables.tf
│   ├── my_igw
│   ├── my_instances
│   ├── my_nacls
│   ├── my_subnets
│   └── my_vpc
└── variables.tf
  1. 撰寫 my_eips 模組
  • ./modules/my_eips/outputs.tf:
output "bastion_public_ip" {
  value = aws_eip.my_bastion_eip.public_ip
}

output "bastion_eip_id" {
  value = aws_eip.my_bastion_eip.id
}

output "nat_server_public_ip" {
  value = aws_eip.my_nat_server_eip.public_ip
}

output "nat_server_eip_id" {
  value = aws_eip.my_nat_server_eip.id
}

output "nat_server_eip_assoc_eni_id" {
  value = aws_eip.my_nat_server_eip.network_interface
}

  • ./modules/my_eips/provider.tf:
provider "aws" {
    region  = var.aws_region
    profile = var.aws_profile
}
  • ./modules/my_eips/variables.tf:
variable "aws_region" {
  description = "AWS region"
  default     = "ap-northeast-1"
}

variable "aws_profile" {
  description = "AWS profile"
  default     = ""
}

variable "project_name" {
  type        = string
  description = "Project name"
  default     = ""
}

variable "department_name" {
  type        = string
  description = "Department name"
  default     = "SRE"
}

variable "bastion_instance_id" {
  type        = string
  description = "The instance id of Bastion Server"
  default     = ""
}

variable "nat_server_instance_id" {
  type        = string
  description = "The instance id of NAT Server"
  default     = ""
}

  • ./modules/my_eips/eip.tf: 建立兩個 Elastic IPs for Bastion Server 和 NAT Server。
resource "aws_eip" "my_bastion_eip" {
  network_border_group = var.aws_region
  public_ipv4_pool     = "amazon"

  tags = {
    Department = var.department_name
    Name       = "bastion EIP"
    Project    = var.project_name
  }

  tags_all = {
    Department = var.department_name
    Name       = "bastion EIP"
    Project    = var.project_name
  }
}

resource "aws_eip" "my_nat_server_eip" {
  network_border_group = var.aws_region
  public_ipv4_pool     = "amazon"

  tags = {
    Department = var.department_name
    Name       = "NAT Public IP"
    Project    = var.project_name
  }

  tags_all = {
    Department = var.department_name
    Name       = "NAT Public IP"
    Project    = var.project_name
  }
}

  • ./modules/my_eips/eip_assoc.tf: 建立 Elastic IP association for Bastion Server 和 NAT Server。
resource "aws_eip_association" "eip_assoc_nat_server_instance" {
  instance_id   = var.nat_server_instance_id
  allocation_id = aws_eip.my_nat_server_eip.id

  depends_on = [
    var.nat_server_instance_id
  ]
}

resource "aws_eip_association" "eip_assoc_bastion_instance" {
  instance_id   = var.bastion_instance_id
  allocation_id = aws_eip.my_bastion_eip.id

  depends_on = [
    var.bastion_instance_id
  ]
}

  1. 撰寫專案相關程式
  • example.tfvars:
aws_region="ap-northeast-1"
aws_profile="<YOUR_PROFILE>"
project_name="example"
department_name="SRE"
ssh_key_name="<YOUR_SSH_KEY>"
  • main.tf:
terraform {
  required_providers {
    aws = {
      version = "5.15.0"
    }
  }

  backend "s3" {
    bucket                  = "<YOUR_S3_BUCKET_NAME>"
    dynamodb_table          = "<YOUR_DYNAMODB_TABLE_NAME>"
    key                     = "terraform.tfstate"
    region                  = "ap-northeast-1"
    shared_credentials_file = "~/.aws/config"
    profile                 = "<YOUR_PROFILE>"
  }
}

# vpc
module "vpc" {
  aws_profile     = var.aws_profile
  aws_region      = var.aws_region
  department_name = var.department_name
  project_name    = var.project_name
  vpc_path        = "./configs/vpc/my-vpcs.yaml"

  source = "./modules/my_vpc"
}

# subnet
module "subnet" {
  aws_profile     = var.aws_profile
  aws_region      = var.aws_region
  department_name = var.department_name
  project_name    = var.project_name
  vpc_id          = module.vpc.my_vpcs["my-vpc"].id
  subnet_path     = "./configs/subnet/my-subnets.yaml"

  source = "./modules/my_subnets"
}

module "igw" {
  aws_profile     = var.aws_profile
  aws_region      = var.aws_region
  department_name = var.department_name
  project_name    = var.project_name
  vpc_id          = module.vpc.my_vpcs["my-vpc"].id

  source = "./modules/my_igw"
}

# nacl
module "nacl" {
  # checkov:skip=CKV_AWS_230: check it later
  # checkov:skip=CKV_AWS_229: check it later
  # checkov:skip=CKV_AWS_232: check it later
  # checkov:skip=CKV_AWS_231: check it later
  aws_profile             = var.aws_profile
  aws_region              = var.aws_region
  department_name         = var.department_name
  project_name            = var.project_name
  vpc_cidr                = module.vpc.my_vpcs["my-vpc"].cidr_block
  vpc_id                  = module.vpc.my_vpcs["my-vpc"].id
  subnet_public_a_id      = module.subnet.subnets["my-public-ap-northeast-1a"].id
  subnet_public_c_id      = module.subnet.subnets["my-public-ap-northeast-1c"].id
  subnet_public_d_id      = module.subnet.subnets["my-public-ap-northeast-1d"].id
  subnet_application_a_id = module.subnet.subnets["my-application-ap-northeast-1a"].id
  subnet_application_c_id = module.subnet.subnets["my-application-ap-northeast-1c"].id
  subnet_application_d_id = module.subnet.subnets["my-application-ap-northeast-1d"].id
  subnet_intra_a_id       = module.subnet.subnets["my-intra-ap-northeast-1a"].id
  subnet_intra_c_id       = module.subnet.subnets["my-intra-ap-northeast-1c"].id
  subnet_intra_d_id       = module.subnet.subnets["my-intra-ap-northeast-1d"].id
  subnet_persistence_a_id = module.subnet.subnets["my-persistence-ap-northeast-1a"].id
  subnet_persistence_c_id = module.subnet.subnets["my-persistence-ap-northeast-1c"].id
  subnet_persistence_d_id = module.subnet.subnets["my-persistence-ap-northeast-1d"].id
  subnet_nat_server_id    = module.subnet.subnets["my-nat-server"].id

  source = "./modules/my_nacls"
}

resource "aws_security_group" "my_bastion_sg" {
  description = "Used for bastion instance public"

  ingress {
    cidr_blocks = local.bastion_allowed_ips
    description = "ssh from allowed ips"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  name = "bastion-sg"

  tags = {
    Department = var.department_name
    Name       = "Bastion-SG"
    Project    = var.project_name
  }

  tags_all = {
    Department = var.department_name
    Name       = "Bastion-SG"
    Project    = var.project_name
  }

  vpc_id = module.vpc.my_vpcs["my-vpc"].id
}

resource "aws_security_group" "my_nat_server_sg" {
  description = "Used for NAT instance public"

  egress {
    cidr_blocks      = ["0.0.0.0/0"]
    from_port        = "0"
    ipv6_cidr_blocks = ["::/0"]
    protocol         = "-1"
    self             = "false"
    to_port          = "0"
  }

  ingress {
    cidr_blocks = [module.vpc.my_vpcs["my-vpc"].cidr_block]
    from_port   = "0"
    protocol    = "-1"
    self        = "false"
    to_port     = "0"
  }

  name = "nat-server-sg"

  tags = {
    Department = var.department_name
    Name       = "NAT-Server-SG"
    Project    = var.project_name
  }

  tags_all = {
    Department = var.department_name
    Name       = "NAT-Server-SG"
    Project    = var.project_name
  }

  vpc_id = module.vpc.my_vpcs["my-vpc"].id
}

# instances
module "instances" {
  # checkov:skip=CKV_AWS_8: check it later
  # checkov:skip=CKV_AWS_135:do it later
  # checkov:skip=CKV_AWS_79:do it later
  # checkov:skip=CKV_AWS_126:don't enable detail monitor in sandbox env

  aws_profile                   = var.aws_profile
  aws_region                    = var.aws_region
  department_name               = var.department_name
  project_name                  = var.project_name
  instance_type                 = "t3a.small"
  subnet_bastion_id             = module.subnet.subnets["my-public-ap-northeast-1d"].id
  subnet_nat_server_id          = module.subnet.subnets["my-nat-server"].id
  bastion_security_group_ids    = [aws_security_group.my_bastion_sg.id]
  nat_server_security_group_ids = [aws_security_group.my_nat_server_sg.id]
  ssh_key_name                  = var.ssh_key_name
  bastion_ami                   = local.bastion_ami
  bastion_ami_id                = null
  nat_server_ami_id             = null
  create_nat_server_instance    = true
  bastion_launch_template       = null
  bastion_user_data             = <<HERE
#!/bin/bash

echo "Do something you want here."

HERE

  source = "./modules/my_instances"
}

# elastic ip
module "eip" {
  aws_profile            = var.aws_profile
  aws_region             = var.aws_region
  department_name        = var.department_name
  project_name           = var.project_name
  bastion_instance_id    = module.instances.bastion_instance_id
  nat_server_instance_id = module.instances.nat_server_instance_id

  source = "./modules/my_eips"
}

Terraform 執行計畫

於專案目錄下執行 terraform init && terraform plan --out .plan -var-file=example.tfvars 來確認一下結果:


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_security_group.my_bastion_sg will be created
  + resource "aws_security_group" "my_bastion_sg" {
      + arn                    = (known after apply)
      + description            = "Used for bastion instance public"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = [
                  + "::/0",
                ]
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "114.34.61.84/32",
                ]
              + description      = "ssh from allowed ips"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "bastion-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Department" = "SRE"
          + "Name"       = "Bastion-SG"
          + "Project"    = "example"
        }
      + tags_all               = {
          + "Department" = "SRE"
          + "Name"       = "Bastion-SG"
          + "Project"    = "example"
        }
      + vpc_id                 = (known after apply)
    }

  # aws_security_group.my_nat_server_sg will be created
  + resource "aws_security_group" "my_nat_server_sg" {
      + arn                    = (known after apply)
      + description            = "Used for NAT instance public"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = [
                  + "::/0",
                ]
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.2.0.0/16",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + name                   = "nat-server-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Department" = "SRE"
          + "Name"       = "NAT-Server-SG"
          + "Project"    = "example"
        }
      + tags_all               = {
          + "Department" = "SRE"
          + "Name"       = "NAT-Server-SG"
          + "Project"    = "example"
        }
      + vpc_id                 = (known after apply)
    }

  # module.eip.aws_eip.my_bastion_eip will be created
  + resource "aws_eip" "my_bastion_eip" {
      + allocation_id        = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = "ap-northeast-1"
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = "amazon"
      + tags                 = {
          + "Department" = "SRE"
          + "Name"       = "bastion EIP"
          + "Project"    = "example"
        }
      + tags_all             = {
          + "Department" = "SRE"
          + "Name"       = "bastion EIP"
          + "Project"    = "example"
        }
      + vpc                  = (known after apply)
    }

  # module.eip.aws_eip.my_nat_server_eip will be created
  + resource "aws_eip" "my_nat_server_eip" {
      + allocation_id        = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = "ap-northeast-1"
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = "amazon"
      + tags                 = {
          + "Department" = "SRE"
          + "Name"       = "NAT Public IP"
          + "Project"    = "example"
        }
      + tags_all             = {
          + "Department" = "SRE"
          + "Name"       = "NAT Public IP"
          + "Project"    = "example"
        }
      + vpc                  = (known after apply)
    }

  # module.eip.aws_eip_association.eip_assoc_bastion_instance will be created
  + resource "aws_eip_association" "eip_assoc_bastion_instance" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + instance_id          = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip_address   = (known after apply)
      + public_ip            = (known after apply)
    }

  # module.eip.aws_eip_association.eip_assoc_nat_server_instance will be created
  + resource "aws_eip_association" "eip_assoc_nat_server_instance" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + instance_id          = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip_address   = (known after apply)
      + public_ip            = (known after apply)
    }

  # module.igw.aws_internet_gateway.my_igw will be created
  + resource "aws_internet_gateway" "my_igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Department" = "SRE"
          + "Name"       = "example-igw"
          + "Project"    = "example"
        }
      + tags_all = {
          + "Department" = "SRE"
          + "Name"       = "example-igw"
          + "Project"    = "example"
        }
      + vpc_id   = (known after apply)
    }

  # module.instances.aws_instance.bastion_instance will be created
  + resource "aws_instance" "bastion_instance" {
      + ami                                  = "ami-0f419d2f905bb344e"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t3a.small"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "my-ssh-key"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Department"         = "SRE"
          + "Name"               = "Bastion"
          + "Project"            = "example"
          + "Prometheus-monitor" = "enabled"
        }
      + tags_all                             = {
          + "Department"         = "SRE"
          + "Name"               = "Bastion"
          + "Project"            = "example"
          + "Prometheus-monitor" = "enabled"
        }
      + tenancy                              = (known after apply)
      + user_data                            = "337ac5cb1a9b05f5b460f72f8cd79ae54a7f22f4"
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)
    }

  # module.instances.aws_instance.nat_server_instance[0] will be created
  + resource "aws_instance" "nat_server_instance" {
      + ami                                  = "ami-0f419d2f905bb344e"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t3a.small"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "my-ssh-key"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = false
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Department"         = "SRE"
          + "Name"               = "NAT Server"
          + "Project"            = "example"
          + "Prometheus-monitor" = "enabled"
        }
      + tags_all                             = {
          + "Department"         = "SRE"
          + "Name"               = "NAT Server"
          + "Project"            = "example"
          + "Prometheus-monitor" = "enabled"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = "IyEvYmluL2Jhc2gKc3lzY3RsIC13IG5ldC5pcHY0LmlwX2ZvcndhcmQ9MQovc2Jpbi9pcHRhYmxlcyAtdCBuYXQgLUEgUE9TVFJPVVRJTkcgLW8gZXRoMCAtaiBNQVNRVUVSQURFCnl1bSBpbnN0YWxsIC15IGlwdGFibGVzLXNlcnZpY2VzCnNlcnZpY2UgaXB0YWJsZXMgc2F2ZQo="
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)
    }

  # module.nacl.aws_network_acl.my_application_acl will be created
  + resource "aws_network_acl" "my_application_acl" {
      + arn        = (known after apply)
      + egress     = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = -1
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 140
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "-1"
              + rule_no         = 1
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 1024
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 130
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 802
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 443
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 110
              + to_port         = 443
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 80
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 100
              + to_port         = 80
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 23
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 900
              + to_port         = 65535
            },
        ]
      + id         = (known after apply)
      + ingress    = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = -1
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 140
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "-1"
              + rule_no         = 1002
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "17"
              + rule_no         = 1
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 1024
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 130
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 1000
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 120
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 23
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 900
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 80
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 999
              + to_port         = 80
            },
        ]
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Department" = "SRE"
          + "Name"       = "example-application"
          + "Project"    = "example"
        }
      + tags_all   = {
          + "Department" = "SRE"
          + "Name"       = "example-application"
          + "Project"    = "example"
        }
      + vpc_id     = (known after apply)
    }

  # module.nacl.aws_network_acl.my_nat_acl will be created
  + resource "aws_network_acl" "my_nat_acl" {
      + arn        = (known after apply)
      + egress     = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "-1"
              + rule_no         = 100
              + to_port         = 0
            },
        ]
      + id         = (known after apply)
      + ingress    = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "-1"
              + rule_no         = 100
              + to_port         = 0
            },
        ]
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Department" = "SRE"
          + "Name"       = "example-nat"
          + "Project"    = "example"
        }
      + tags_all   = {
          + "Department" = "SRE"
          + "Name"       = "example-nat"
          + "Project"    = "example"
        }
      + vpc_id     = (known after apply)
    }

  # module.nacl.aws_network_acl.my_persistence_acl will be created
  + resource "aws_network_acl" "my_persistence_acl" {
      + arn        = (known after apply)
      + egress     = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 32768
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 130
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 443
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 110
              + to_port         = 443
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 80
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 100
              + to_port         = 80
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 141
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 8
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 140
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 23
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 900
              + to_port         = 65535
            },
        ]
      + id         = (known after apply)
      + ingress    = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 1
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 32768
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 130
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 141
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 8
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 140
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 120
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 23
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 900
              + to_port         = 65535
            },
        ]
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Department" = "SRE"
          + "Name"       = "example-persistence"
          + "Project"    = "example"
        }
      + tags_all   = {
          + "Department" = "SRE"
          + "Name"       = "example-persistence"
          + "Project"    = "example"
        }
      + vpc_id     = (known after apply)
    }

  # module.nacl.aws_network_acl.my_public_acl will be created
  + resource "aws_network_acl" "my_public_acl" {
      + arn        = (known after apply)
      + egress     = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = -1
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 3
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 1
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 1024
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 119
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 120
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 443
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 110
              + to_port         = 443
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 80
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 100
              + to_port         = 80
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 141
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "10.2.0.0/16"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = 8
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 140
              + to_port         = 0
            },
        ]
      + id         = (known after apply)
      + ingress    = [
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = -1
              + icmp_type       = -1
              + ipv6_cidr_block = ""
              + protocol        = "1"
              + rule_no         = 10
              + to_port         = 0
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 0
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "17"
              + rule_no         = 1000
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 1024
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 999
              + to_port         = 65535
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 22
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 50
              + to_port         = 22
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 443
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 110
              + to_port         = 443
            },
          + {
              + action          = "allow"
              + cidr_block      = "0.0.0.0/0"
              + from_port       = 80
              + icmp_code       = 0
              + icmp_type       = 0
              + ipv6_cidr_block = ""
              + protocol        = "6"
              + rule_no         = 100
              + to_port         = 80
            },
        ]
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Department" = "SRE"
          + "Name"       = "example-public"
          + "Project"    = "example"
        }
      + tags_all   = {
          + "Department" = "SRE"
          + "Name"       = "example-public"
          + "Project"    = "example"
        }
      + vpc_id     = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-application-ap-northeast-1a"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1a"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1a"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-application-ap-northeast-1c"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.5.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1c"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1c"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-application-ap-northeast-1d"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.6.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1d"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-application-ap-northeast-1d"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1a"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.8.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1a"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1a"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1c"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.9.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1c"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1c"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1d"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.10.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1d"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-intra-ap-northeast-1d"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-nat-server"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-nat-server"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-nat-server"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1a"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.16.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1a"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1a"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1c"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.17.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1c"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1c"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1d"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.18.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1d"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-persistence-ap-northeast-1d"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-public-ap-northeast-1a"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.0.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-public-ap-northeast-1a"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-public-ap-northeast-1a"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-public-ap-northeast-1c"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_customer_owned_ip_on_launch                = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Department" = "SRE"
          + "Name"       = "my-public-ap-northeast-1c"
          + "Project"    = "example"
        }
      + tags_all                                       = {
          + "Department" = "SRE"
          + "Name"       = "my-public-ap-northeast-1c"
          + "Project"    = "example"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.subnet.aws_subnet.subnets["my-public-ap-northeast-1d"] will be created
  + resource "aws_subnet" "subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.2.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_ass

上一篇
實作 AWS 常用服務之 Terraform 模組系列 - Bastion & NAT Server 篇
下一篇
實作 AWS 常用服務之 Terraform 模組系列 - Route Table 篇
系列文
大家都在用 Terraform 實作 IaC 為什麼不將程式寫得更簡潔易讀呢?30
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言