examples: creating VPCs and subnets across two regions

This example demonstrates both creating a network architecture *and* the
use of data resources to minimize the number of variables needed for a
child module by discovering additional data automatically.

examples/aws-networking/.gitignore

@@ -0,0 +1,3 @@
+terraform.tfstate
+terraform.tfstate.backup
+.terraform/*

examples/aws-networking/README.md

@@ -0,0 +1,11 @@
+# AWS Networking Example
+
+This example creates AWS VPC resources, making a VPC in each of two regions and
+then two subnets in each VPC in two different availability zones.
+
+This example also demonstrates the use of modules to create several copies of
+the same resource set with different arguments. The child modules in this
+directory are:
+
+* `region`: container module for all of the network resources within a region. This is instantiated once per region.
+* `subnet`: represents a subnet within a given availability zone. This is instantiated twice per region, using the first two availability zones supported within the target AWS account.

examples/aws-networking/numbering/variables.tf

@@ -0,0 +1,27 @@
+variable "region_numbers" {
+  default = {
+    us-east-1 = 1
+    us-west-1 = 2
+    us-west-2 = 3
+    eu-west-1 = 4
+  }
+}
+
+variable "az_numbers" {
+  default = {
+    a = 1
+    b = 2
+    c = 3
+    d = 4
+    e = 5
+    f = 6
+    g = 7
+    h = 8
+    i = 9
+    j = 10
+    k = 11
+    l = 12
+    m = 13
+    n = 14
+  }
+}

examples/aws-networking/region/numbering.tf

@@ -0,0 +1 @@
+../numbering/variables.tf

examples/aws-networking/region/outputs.tf

@@ -0,0 +1,11 @@
+output "vpc_id" {
+  value = "${aws_vpc.main.id}"
+}
+
+output "primary_subnet_id" {
+  value = "${module.primary_subnet.subnet_id}"
+}
+
+output "secondary_subnet_id" {
+  value = "${module.secondary_subnet.subnet_id}"
+}

examples/aws-networking/region/security_group.tf

@@ -0,0 +1,25 @@
+resource "aws_security_group" "region" {
+  name        = "region"
+  description = "Open access within this region"
+  vpc_id      = "${aws_vpc.main.id}"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = ["${aws_vpc.main.cidr_block}"]
+  }
+}
+
+resource "aws_security_group" "internal-all" {
+  name        = "internal-all"
+  description = "Open access within the full internal network"
+  vpc_id      = "${aws_vpc.main.id}"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = ["${var.base_cidr_block}"]
+  }
+}

examples/aws-networking/region/subnets.tf

@@ -0,0 +1,14 @@
+data "aws_availability_zones" "all" {
+}
+
+module "primary_subnet" {
+  source            = "../subnet"
+  vpc_id            = "${aws_vpc.main.id}"
+  availability_zone = "${data.aws_availability_zones.all.names[0]}"
+}
+
+module "secondary_subnet" {
+  source            = "../subnet"
+  vpc_id            = "${aws_vpc.main.id}"
+  availability_zone = "${data.aws_availability_zones.all.names[1]}"
+}

examples/aws-networking/region/variables.tf

@@ -0,0 +1,9 @@
+variable "region" {
+  description = "The name of the AWS region to set up a network within"
+}
+
+variable "base_cidr_block" {}
+
+provider "aws" {
+  region = "${var.region}"
+}

examples/aws-networking/region/vpc.tf

@@ -0,0 +1,7 @@
+resource "aws_vpc" "main" {
+  cidr_block = "${cidrsubnet(var.base_cidr_block, 4, lookup(var.region_numbers, var.region))}"
+}
+
+resource "aws_internet_gateway" "main" {
+  vpc_id = "${aws_vpc.main.id}"
+}

examples/aws-networking/regions.tf

@@ -0,0 +1,11 @@
+module "us-east-1" {
+  source          = "./region"
+  region          = "us-east-1"
+  base_cidr_block = "${var.base_cidr_block}"
+}
+
+module "us-west-2" {
+  source          = "./region"
+  region          = "us-west-2"
+  base_cidr_block = "${var.base_cidr_block}"
+}

examples/aws-networking/subnet/numbering.tf

@@ -0,0 +1 @@
+../numbering/variables.tf

examples/aws-networking/subnet/outputs.tf

@@ -0,0 +1,3 @@
+output "subnet_id" {
+  value = "${aws_subnet.main.id}"
+}

examples/aws-networking/subnet/security_group.tf

@@ -0,0 +1,12 @@
+resource "aws_security_group" "az" {
+  name        = "az-${data.aws_availability_zone.target.name}"
+  description = "Open access within the AZ ${data.aws_availability_zone.target.name}"
+  vpc_id      = "${var.vpc_id}"
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = -1
+    cidr_blocks = ["${aws_subnet.main.cidr_block}"]
+  }
+}

examples/aws-networking/subnet/subnet.tf

@@ -0,0 +1,13 @@
+resource "aws_subnet" "main" {
+  cidr_block = "${cidrsubnet(data.aws_vpc.target.cidr_block, 4, lookup(var.az_numbers, data.aws_availability_zone.target.name_suffix))}"
+  vpc_id     = "${var.vpc_id}"
+}
+
+resource "aws_route_table" "main" {
+  vpc_id = "${var.vpc_id}"
+}
+
+resource "aws_route_table_association" "main" {
+  subnet_id      = "${aws_subnet.main.id}"
+  route_table_id = "${aws_route_table.main.id}"
+}

examples/aws-networking/subnet/variables.tf

@@ -0,0 +1,11 @@
+variable "vpc_id" {}
+
+variable "availability_zone" {}
+
+data "aws_availability_zone" "target" {
+  name = "${var.availability_zone}"
+}
+
+data "aws_vpc" "target" {
+  id = "${var.vpc_id}"
+}

examples/aws-networking/variables.tf

@@ -0,0 +1,3 @@
+variable "base_cidr_block" {
+  default = "10.0.0.0/12"
+}