From 458946f7fab8bb9411b601792e0af59438a52115 Mon Sep 17 00:00:00 2001
From: "art.dambrine" <art.dambrine@gmail.com>
Date: Mon, 1 Feb 2021 13:16:20 +0100
Subject: [PATCH] part 2

---
 main.tf      | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++
 outputs.tf   |   4 ++
 variables.tf |   3 +-
 3 files changed, 138 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 1110a22..1470f13 100644
--- a/main.tf
+++ b/main.tf
@@ -4,6 +4,8 @@ provider "aws" {
   region = var.aws_region
 }
 
+# == OUR VPC
+
 resource "aws_vpc" "main" {
   cidr_block       = var.vpc_cidr
 
@@ -14,6 +16,8 @@ resource "aws_vpc" "main" {
   }
 }
 
+# == OUR VPC SUBNETS
+
 ## Fonction super utile pour le calc de ss réseaux 
 # cidrsubnet("172.22.0.0/16",4,iterate_value)
 
@@ -32,6 +36,7 @@ resource "aws_subnet" "private" {
 }
 
 resource "aws_subnet" "public" {
+  # Creation de multiples ressources --> aws_subnet.public["b"].id
   for_each = var.azs
 
   vpc_id = aws_vpc.main.id
@@ -45,3 +50,131 @@ resource "aws_subnet" "public" {
   }
 }
 
+# == INTERNET GATEWAY
+
+resource "aws_internet_gateway" "gw" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "${var.vpc_name}-igw"
+  }
+}
+
+# == NAT Machines within public subnet
+# === Recuperation de l'id d'ami nécessaire
+data "aws_ami" "nat_ami" {
+  most_recent      = true
+  name_regex       = "amzn-ami-vpc-nat-*"
+  owners           = ["amazon"]
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+# === Uploading our public_key with ssh keypair
+
+resource "aws_key_pair" "deployer" {
+  key_name   = "${var.vpc_name}-deployer-key"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEW+kreEW6fiuB0CwyO1hg5QzWLG09fMiRDvgyyaWu/dGJMGcfHU9qYE2e0elSzneFhqJtrYVnZa3XTRRMip57bgWdW7wnwcbUz4P9obIIj7jKYKxS4aNJeV7lteer9Q4bLMJF20eAVDVUc9ZlQJcu3ecKz+zHeMYYqxAbVT6fMQid6FqajTvrNZ3Gue4uWw+bvZuiNTArn4ZSoAcRRdDOY03c3F55eNOiAI2p6aefBv8GKQw8+4IyYkGeblyyXNGqPJyD9WgydOM3WviKhffxYorzra1AnbHap8OIRgN2fJ2enqVzjkA9JlVGDtEwdkoPahqkeIYp9YBnBiCpFKUjuK0c5DxdXqPpAaG8dJfXgTnd7LQID7xy/8o3YosaLqs3bAM1cYXn6MmroOepLHYC9LuzDReEdD3ks+0M/RJURO96BVClZjIZfYzFY6ru1WIlEcQ62lDSKyr8oXVM7qmf7t9piozklcpGP6Mj+Bee//MjBf7blKnNWGElLDe/UDE= art@OPH80PO196"
+}
+
+# === Providing instance
+
+# resource "aws_instance" "nat_instance" {
+#   for_each = var.azs
+
+#   ami           = data.aws_ami.nat_ami.id
+#   instance_type = "t2.micro"
+#   source_dest_check = false # necessaire pour les NATs ou VPNs qui forward du trafic d'autres machines
+#   key_name = "${var.vpc_name}-deployer-key"
+#   security_groups = ["sg-009f0c0b8ad8a17c7"] # group allow ssh  ATTENTION : faire un appel via datasource pour éviter de overrite à chaque fois apply
+
+#   # private_ip = cidrhost(cidrsubnet(var.vpc_cidr, 4, 15 - each.value), 3) # bonne pratiques cloud on laissera notre subnet attribuer l'ip
+#   subnet_id  = aws_subnet.public[each.key].id
+
+#   tags = {
+#     Name = "${var.vpc_name}-amzn-ami-vpc-nat-${each.key}"
+#   }
+# }
+
+resource "aws_eip" "nat_eip" {
+  for_each = var.azs
+
+  vpc = true
+  # instance                   = aws_instance.nat_instance[each.key].id # on pourrait attribuer directement l'eip à une instance mais on préfèrera découpler en utilisant "aws_eip_association"
+  #  associate_with_private_ip = cidrhost(cidrsubnet(var.vpc_cidr, 4, 15 - each.value), 3)
+  depends_on                = [aws_internet_gateway.gw]
+}
+
+# resource "aws_eip_association" "eip_assoc" {
+#   for_each = var.azs
+
+#   instance_id   = aws_instance.nat_instance[each.key].id
+#   allocation_id = aws_eip.nat_eip[each.key].id
+# }
+
+# == Routing our subnets
+
+## PUBLIC ROUTE TABLE
+
+/* 1 pour les 3 azs pub */
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "Public route table"
+  }
+}
+
+/* 1 route */
+resource "aws_route" "public_igw" {
+  route_table_id                 = aws_route_table.public.id
+
+  destination_cidr_block         = "0.0.0.0/0"
+  gateway_id                     = aws_internet_gateway.gw.id
+}
+
+## Private ROUTE TABLE
+
+/* 3 pour les 3 azs private */
+resource "aws_route_table" "private" {
+  for_each = var.azs
+
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "Private route table - subnet -  ${each.key}"
+  }
+}
+
+# resource "aws_route" "private_route_through_nat" {
+#   for_each = var.azs
+
+#   route_table_id            = aws_route_table.private[each.key].id
+#   destination_cidr_block    = "0.0.0.0/0"
+#   instance_id               = aws_instance.nat_instance[each.key].id
+# }
+
+/* Reste à associer les 4 tables (3 priv et 1 pub) avec les 6 subnets (3 priv et 3 pub) */
+
+# resource "aws_route_table_association" "asso_pub_igw" {
+#   for_each = var.azs
+
+#   subnet_id      = aws_subnet.public[each.key].id
+#   route_table_id = aws_route_table.public.id
+# }
+
+# resource "aws_route_table_association" "association_private_nat" {
+#   for_each = var.azs
+
+#   subnet_id      = aws_subnet.private[each.key].id
+#   route_table_id = aws_route_table.private[each.key].id
+# }
+
diff --git a/outputs.tf b/outputs.tf
index c6852c4..b7d72d0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,7 @@
 output "vpc_id" {
   value = aws_vpc.main.id
+}
+
+output "ami_id" {
+  value = data.aws_ami.nat_ami.id
 }
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 4543396..bc07d82 100644
--- a/variables.tf
+++ b/variables.tf
@@ -20,8 +20,7 @@ variable "azs" {
   default = {
     "a" = 0,
     "b" = 1,
-    "c" = 2,
-    "d" = 3
+    "c" = 2
   }
   description = "Availability zones to create within subnet"
 }