Route Table 是一個定義了 Subnet 內部和外部流量路由的網路路由規則集。每個 Subnet 都關聯到一個 Route Table,而 Route Table 則包含了一系列路由規則,指定了流量應該如何進行路由。
這些規則可用於將流量引導到 Internet Gateway、Virtual Private Gateway(用於連接到 AWS VPN 或 Direct Connect)或者 VPC 內部的其他資源。
本篇是實作常用的 AWS Route Table 服務之 Terraform 模組,完整的專案程式碼分享在我的 Github 上。
./modules/my_route_tables
目錄中:├── configs
│ ├── subnet
│ │ └── my-subnets.yaml
│ └── vpc
│ └── my-vpcs.yaml
├── example.tfvars
├── locals.tf
├── main.tf
├── modules
│ ├── my_igw
│ ├── my_instances
│ ├── my_nacls
│ ├── my_route_tables
│ │ ├── outputs.tf
│ │ ├── provider.tf
│ │ ├── route_table.tf
│ │ ├── route_table_association.tf
│ │ └── variables.tf
│ ├── my_subnets
│ └── my_vpc
└── variables.tf
my_route_tables
模組./modules/my_route_tables/outputs.tf
:output "my_public_rtb_id" {
value = aws_route_table.my_public_rtb.id
}
output "my_application_rtb_id" {
value = aws_route_table.my_application_rtb.id
}
output "my_intra_rtb_id" {
value = aws_route_table.my_intra_rtb.id
}
output "my_persistence_rtb_id" {
value = aws_route_table.my_persistence_rtb.id
}
output "my_nat_server_rtb_id" {
value = aws_route_table.my_nat_server_rtb.id
}
./modules/my_route_tables/provider.tf
:provider "aws" {
region = var.aws_region
profile = var.aws_profile
}
./modules/my_route_tables/variables.tf
:xxxxx_path
為傳入的 my-xxxxx.yaml
設定檔路徑位址,透過 yamldecode
取出 key 值 xxxxxs
的 value 為一 list 物件
variable "aws_region" {
description = "AWS region"
default = "ap-northeast-1"
}
variable "aws_profile" {
description = "AWS profile"
default = ""
}
variable "project_name" {
type = string
description = "Project name"
default = ""
}
variable "department_name" {
type = string
description = "Department name"
default = "SRE"
}
variable "vpc_id" {
type = string
description = "The id of VPC"
}
variable "public_subnet_ids" {
type = list(string)
default = []
}
variable "application_subnet_ids" {
type = list(string)
default = []
}
variable "intra_subnet_ids" {
type = list(string)
default = []
}
variable "persistence_subnet_ids" {
type = list(string)
default = []
}
variable "nat_server_subnet_ids" {
type = list(string)
default = []
}
variable "public_routes" {
type = list(any)
default = []
}
variable "application_routes" {
type = list(any)
default = []
}
variable "intra_routes" {
type = list(any)
default = []
}
variable "persistence_routes" {
type = list(any)
default = []
}
variable "nat_server_routes" {
type = list(any)
default = []
}
./modules/my_route_tables/route_table.tf
:for_each
來迭代 var.public_routes
, var.application_routes
, var.intra_routes
, var.persistence_routes
和 var.nat_server_routes
五個物件,並建立對映的動態內容resource "aws_route_table" "my_public_rtb" {
dynamic "route" {
for_each = var.public_routes
content {
carrier_gateway_id = lookup(route.value, "carrier_gateway_id", null)
cidr_block = lookup(route.value, "cidr_block", null)
destination_prefix_list_id = lookup(route.value, "destination_prefix_list_id", null)
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
# instance_id = lookup(route.value, "instance_id", null)
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
local_gateway_id = lookup(route.value, "local_gateway_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}
tags = {
Department = var.department_name
Name = "${var.project_name}-public-rtb"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "${var.project_name}-public-rtb"
Project = var.project_name
}
vpc_id = var.vpc_id
depends_on = [
var.vpc_id
]
}
resource "aws_route_table" "my_application_rtb" {
dynamic "route" {
for_each = var.application_routes
content {
carrier_gateway_id = lookup(route.value, "carrier_gateway_id", null)
cidr_block = lookup(route.value, "cidr_block", null)
destination_prefix_list_id = lookup(route.value, "destination_prefix_list_id", null)
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
# instance_id = lookup(route.value, "instance_id", null)
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
local_gateway_id = lookup(route.value, "local_gateway_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}
tags = {
Department = var.department_name
Name = "${var.project_name}-application-rtb"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "${var.project_name}-application-rtb"
Project = var.project_name
}
vpc_id = var.vpc_id
depends_on = [
var.vpc_id
]
}
resource "aws_route_table" "my_intra_rtb" {
dynamic "route" {
for_each = var.intra_routes
content {
carrier_gateway_id = lookup(route.value, "carrier_gateway_id", null)
cidr_block = lookup(route.value, "cidr_block", null)
destination_prefix_list_id = lookup(route.value, "destination_prefix_list_id", null)
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
# instance_id = lookup(route.value, "instance_id", null)
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
local_gateway_id = lookup(route.value, "local_gateway_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}
tags = {
Department = var.department_name
Name = "${var.project_name}-intra-rtb"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "${var.project_name}-intra-rtb"
Project = var.project_name
}
vpc_id = var.vpc_id
depends_on = [
var.vpc_id
]
}
resource "aws_route_table" "my_persistence_rtb" {
dynamic "route" {
for_each = var.persistence_routes
content {
carrier_gateway_id = lookup(route.value, "carrier_gateway_id", null)
cidr_block = lookup(route.value, "cidr_block", null)
destination_prefix_list_id = lookup(route.value, "destination_prefix_list_id", null)
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
# instance_id = lookup(route.value, "instance_id", null)
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
local_gateway_id = lookup(route.value, "local_gateway_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}
tags = {
Department = var.department_name
Name = "${var.project_name}-persistence-rtb"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "${var.project_name}-persistence-rtb"
Project = var.project_name
}
vpc_id = var.vpc_id
depends_on = [
var.vpc_id
]
}
resource "aws_route_table" "my_nat_server_rtb" {
dynamic "route" {
for_each = var.nat_server_routes
content {
carrier_gateway_id = lookup(route.value, "carrier_gateway_id", null)
cidr_block = lookup(route.value, "cidr_block", null)
destination_prefix_list_id = lookup(route.value, "destination_prefix_list_id", null)
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
# instance_id = lookup(route.value, "instance_id", null)
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
local_gateway_id = lookup(route.value, "local_gateway_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}
tags = {
Department = var.department_name
Name = "${var.project_name}-nat-rtb"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "${var.project_name}-nat-rtb"
Project = var.project_name
}
vpc_id = var.vpc_id
depends_on = [
var.vpc_id
]
}
./modules/my_route_tables/route_table_association.tf
:for_each
來迭代 var.public_subnet_ids
, var.application_subnet_ids
, var.intra_subnet_ids
, var.persistence_subnet_ids
和 var.nat_server_subnet_ids
五個物件,以 idx 為 key 值建立 map 物件
resource "aws_route_table_association" "my_public_rtb_accociation" {
for_each = { for idx, r in var.public_subnet_ids : idx => r }
route_table_id = aws_route_table.my_public_rtb.id
subnet_id = each.value
depends_on = [
var.public_subnet_ids,
aws_route_table.my_public_rtb
]
}
resource "aws_route_table_association" "my_application_rtb_accociation" {
for_each = { for idx, r in var.application_subnet_ids : idx => r }
route_table_id = aws_route_table.my_application_rtb.id
subnet_id = each.value
depends_on = [
var.application_subnet_ids,
aws_route_table.my_application_rtb
]
}
resource "aws_route_table_association" "my_intra_rtb_accociation" {
for_each = { for idx, r in var.intra_subnet_ids : idx => r }
route_table_id = aws_route_table.my_intra_rtb.id
subnet_id = each.value
depends_on = [
var.intra_subnet_ids,
aws_route_table.my_intra_rtb
]
}
resource "aws_route_table_association" "my_persistence_rtb_accociation" {
for_each = { for idx, r in var.persistence_subnet_ids : idx => r }
route_table_id = aws_route_table.my_persistence_rtb.id
subnet_id = each.value
depends_on = [
var.persistence_subnet_ids,
aws_route_table.my_persistence_rtb
]
}
resource "aws_route_table_association" "my_nat_server_rtb_accociation" {
for_each = { for idx, r in var.nat_server_subnet_ids : idx => r }
route_table_id = aws_route_table.my_nat_server_rtb.id
subnet_id = each.value
depends_on = [
var.nat_server_subnet_ids,
aws_route_table.my_nat_server_rtb
]
}
example.tfvars
:aws_region="ap-northeast-1"
aws_profile="<YOUR_PROFILE>"
project_name="example"
department_name="SRE"
ssh_key_name="<YOUR_SSH_KEY>"
main.tf
:terraform {
required_providers {
aws = {
version = "5.15.0"
}
}
backend "s3" {
bucket = "<YOUR_S3_BUCKET_NAME>"
dynamodb_table = "<YOUR_DYNAMODB_TABLE_NAME>"
key = "terraform.tfstate"
region = "ap-northeast-1"
shared_credentials_file = "~/.aws/config"
profile = "<YOUR_PROFILE>"
}
}
# vpc
module "vpc" {
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
vpc_path = "./configs/vpc/my-vpcs.yaml"
source = "./modules/my_vpc"
}
# subnet
module "subnet" {
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
vpc_id = module.vpc.my_vpcs["my-vpc"].id
subnet_path = "./configs/subnet/my-subnets.yaml"
source = "./modules/my_subnets"
}
module "igw" {
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
vpc_id = module.vpc.my_vpcs["my-vpc"].id
source = "./modules/my_igw"
}
# nacl
module "nacl" {
# checkov:skip=CKV_AWS_230: check it later
# checkov:skip=CKV_AWS_229: check it later
# checkov:skip=CKV_AWS_232: check it later
# checkov:skip=CKV_AWS_231: check it later
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
vpc_cidr = module.vpc.my_vpcs["my-vpc"].cidr_block
vpc_id = module.vpc.my_vpcs["my-vpc"].id
subnet_public_a_id = module.subnet.subnets["my-public-ap-northeast-1a"].id
subnet_public_c_id = module.subnet.subnets["my-public-ap-northeast-1c"].id
subnet_public_d_id = module.subnet.subnets["my-public-ap-northeast-1d"].id
subnet_application_a_id = module.subnet.subnets["my-application-ap-northeast-1a"].id
subnet_application_c_id = module.subnet.subnets["my-application-ap-northeast-1c"].id
subnet_application_d_id = module.subnet.subnets["my-application-ap-northeast-1d"].id
subnet_intra_a_id = module.subnet.subnets["my-intra-ap-northeast-1a"].id
subnet_intra_c_id = module.subnet.subnets["my-intra-ap-northeast-1c"].id
subnet_intra_d_id = module.subnet.subnets["my-intra-ap-northeast-1d"].id
subnet_persistence_a_id = module.subnet.subnets["my-persistence-ap-northeast-1a"].id
subnet_persistence_c_id = module.subnet.subnets["my-persistence-ap-northeast-1c"].id
subnet_persistence_d_id = module.subnet.subnets["my-persistence-ap-northeast-1d"].id
subnet_nat_server_id = module.subnet.subnets["my-nat-server"].id
source = "./modules/my_nacls"
}
resource "aws_security_group" "my_bastion_sg" {
description = "Used for bastion instance public"
ingress {
cidr_blocks = local.bastion_allowed_ips
description = "ssh from allowed ips"
from_port = 22
to_port = 22
protocol = "tcp"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
name = "bastion-sg"
tags = {
Department = var.department_name
Name = "Bastion-SG"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "Bastion-SG"
Project = var.project_name
}
vpc_id = module.vpc.my_vpcs["my-vpc"].id
}
resource "aws_security_group" "my_nat_server_sg" {
description = "Used for NAT instance public"
egress {
cidr_blocks = ["0.0.0.0/0"]
from_port = "0"
ipv6_cidr_blocks = ["::/0"]
protocol = "-1"
self = "false"
to_port = "0"
}
ingress {
cidr_blocks = [module.vpc.my_vpcs["my-vpc"].cidr_block]
from_port = "0"
protocol = "-1"
self = "false"
to_port = "0"
}
name = "nat-server-sg"
tags = {
Department = var.department_name
Name = "NAT-Server-SG"
Project = var.project_name
}
tags_all = {
Department = var.department_name
Name = "NAT-Server-SG"
Project = var.project_name
}
vpc_id = module.vpc.my_vpcs["my-vpc"].id
}
# instances
module "instances" {
# checkov:skip=CKV_AWS_8: check it later
# checkov:skip=CKV_AWS_135:do it later
# checkov:skip=CKV_AWS_79:do it later
# checkov:skip=CKV_AWS_126:don't enable detail monitor in sandbox env
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
instance_type = "t3a.small"
subnet_bastion_id = module.subnet.subnets["my-public-ap-northeast-1d"].id
subnet_nat_server_id = module.subnet.subnets["my-nat-server"].id
bastion_security_group_ids = [aws_security_group.my_bastion_sg.id]
nat_server_security_group_ids = [aws_security_group.my_nat_server_sg.id]
ssh_key_name = var.ssh_key_name
bastion_ami = local.bastion_ami
bastion_ami_id = null
nat_server_ami_id = null
create_nat_server_instance = true
bastion_launch_template = null
bastion_user_data = <<HERE
#!/bin/bash
echo "Do something you want here."
HERE
source = "./modules/my_instances"
}
# elastic ip
module "eip" {
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
bastion_instance_id = module.instances.bastion_instance_id
nat_server_instance_id = module.instances.nat_server_instance_id
source = "./modules/my_eips"
}
# route table
module "rtb" {
aws_profile = var.aws_profile
aws_region = var.aws_region
department_name = var.department_name
project_name = var.project_name
vpc_id = module.vpc.my_vpcs["my-vpc"].id
public_subnet_ids = [
module.subnet.subnets["my-public-ap-northeast-1a"].id,
module.subnet.subnets["my-public-ap-northeast-1c"].id,
module.subnet.subnets["my-public-ap-northeast-1d"].id
]
application_subnet_ids = [
module.subnet.subnets["my-application-ap-northeast-1a"].id,
module.subnet.subnets["my-application-ap-northeast-1c"].id,
module.subnet.subnets["my-application-ap-northeast-1d"].id
]
intra_subnet_ids = [
module.subnet.subnets["my-intra-ap-northeast-1a"].id,
module.subnet.subnets["my-intra-ap-northeast-1c"].id,
module.subnet.subnets["my-intra-ap-northeast-1d"].id
]
persistence_subnet_ids = [
module.subnet.subnets["my-persistence-ap-northeast-1a"].id,
module.subnet.subnets["my-persistence-ap-northeast-1c"].id,
module.subnet.subnets["my-persistence-ap-northeast-1d"].id
]
nat_server_subnet_ids = [
module.subnet.subnets["my-nat-server"].id
]
public_routes = [
{
cidr_block = "0.0.0.0/0",
gateway_id = module.igw.igw_id
},
{
gateway_id = module.igw.igw_id,
ipv6_cidr_block = "::/0"
}
]
application_routes = [
{
cidr_block = "0.0.0.0/0",
network_interface_id = module.eip.nat_server_eip_assoc_eni_id
}
]
intra_routes = [
{
cidr_block = "0.0.0.0/0",
network_interface_id = module.eip.nat_server_eip_assoc_eni_id
}
]
persistence_routes = [
{
cidr_block = "0.0.0.0/0",
network_interface_id = module.eip.nat_server_eip_assoc_eni_id
}
]
nat_server_routes = [
{
cidr_block = "0.0.0.0/0"
gateway_id = module.igw.igw_id
}
]
source = "./modules/my_route_tables"
}
terraform init && terraform plan --out .plan -var-file=example.tfvars
來確認一下結果:
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
... 中間省略 僅留下 module.rtb ...
# module.rtb.aws_route_table.my_application_rtb will be created
+ resource "aws_route_table" "my_application_rtb" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = (known after apply)
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Department" = "SRE"
+ "Name" = "example-application-rtb"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "example-application-rtb"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.rtb.aws_route_table.my_intra_rtb will be created
+ resource "aws_route_table" "my_intra_rtb" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = (known after apply)
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Department" = "SRE"
+ "Name" = "example-intra-rtb"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "example-intra-rtb"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.rtb.aws_route_table.my_nat_server_rtb will be created
+ resource "aws_route_table" "my_nat_server_rtb" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Department" = "SRE"
+ "Name" = "example-nat-rtb"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "example-nat-rtb"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.rtb.aws_route_table.my_persistence_rtb will be created
+ resource "aws_route_table" "my_persistence_rtb" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = (known after apply)
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Department" = "SRE"
+ "Name" = "example-persistence-rtb"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "example-persistence-rtb"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.rtb.aws_route_table.my_public_rtb will be created
+ resource "aws_route_table" "my_public_rtb" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = ""
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ ipv6_cidr_block = "::/0"
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Department" = "SRE"
+ "Name" = "example-public-rtb"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "example-public-rtb"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_application_rtb_accociation["0"] will be created
+ resource "aws_route_table_association" "my_application_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_application_rtb_accociation["1"] will be created
+ resource "aws_route_table_association" "my_application_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_application_rtb_accociation["2"] will be created
+ resource "aws_route_table_association" "my_application_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_intra_rtb_accociation["0"] will be created
+ resource "aws_route_table_association" "my_intra_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_intra_rtb_accociation["1"] will be created
+ resource "aws_route_table_association" "my_intra_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_intra_rtb_accociation["2"] will be created
+ resource "aws_route_table_association" "my_intra_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_nat_server_rtb_accociation["0"] will be created
+ resource "aws_route_table_association" "my_nat_server_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_persistence_rtb_accociation["0"] will be created
+ resource "aws_route_table_association" "my_persistence_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_persistence_rtb_accociation["1"] will be created
+ resource "aws_route_table_association" "my_persistence_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_persistence_rtb_accociation["2"] will be created
+ resource "aws_route_table_association" "my_persistence_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_public_rtb_accociation["0"] will be created
+ resource "aws_route_table_association" "my_public_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_public_rtb_accociation["1"] will be created
+ resource "aws_route_table_association" "my_public_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.rtb.aws_route_table_association.my_public_rtb_accociation["2"] will be created
+ resource "aws_route_table_association" "my_public_rtb_accociation" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-application-ap-northeast-1a"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.4.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1a"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1a"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-application-ap-northeast-1c"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.5.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1c"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1c"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-application-ap-northeast-1d"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.6.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1d"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-application-ap-northeast-1d"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1a"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.8.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1a"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1a"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1c"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.9.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1c"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1c"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-intra-ap-northeast-1d"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.10.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1d"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-intra-ap-northeast-1d"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-nat-server"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.3.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-nat-server"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-nat-server"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1a"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.16.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1a"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1a"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1c"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.17.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1c"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1c"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-persistence-ap-northeast-1d"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.18.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1d"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-persistence-ap-northeast-1d"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-public-ap-northeast-1a"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.0.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1a"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1a"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-public-ap-northeast-1c"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.1.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1c"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1c"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.subnet.aws_subnet.subnets["my-public-ap-northeast-1d"] will be created
+ resource "aws_subnet" "subnets" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "ap-northeast-1d"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.2.2.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_customer_owned_ip_on_launch = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1d"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-public-ap-northeast-1d"
+ "Project" = "example"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_vpc.my_vpcs["my-vpc"] will be created
+ resource "aws_vpc" "my_vpcs" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.2.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Department" = "SRE"
+ "Name" = "my-vpc"
+ "Project" = "example"
}
+ tags_all = {
+ "Department" = "SRE"
+ "Name" = "my-vpc"
+ "Project" = "example"
}
}
Plan: 45 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: .plan
To perform exactly these actions, run the following command to apply:
terraform apply ".plan"
Releasing state lock. This may take a few moments...
2. 於專案目錄下執行 `terraform apply '.plan'` 一次把這幾篇與 AWS Infra 相關的 modules 一次性建立起來。
下一篇文章將會展示實作 AWS IAM 篇 之 Terraform 模組。