module "vpc" { source = "terraform-aws-modules/vpc/aws" name = join("-", [var.tags.builder, var.tags.project, var.tags.environment]) cidr = var.vpc_cidr azs = var.disaster_zones private_subnets = var.private_cidrs public_subnets = var.public_cidrs enable_nat_gateway = true one_nat_gateway_per_az = true tags = var.tags } module "loadbalancer" { source = "terraform-aws-modules/alb/aws" name = join("-", [var.tags.builder, var.tags.project, var.tags.environment]) load_balancer_type = "application" vpc_id = module.vpc.vpc_id subnets = module.vpc.private_subnets security_groups = [ module.ec2_web_sg.security_group_id ] http_tcp_listeners = [ { port = var.exposed_ports[0] protocol = "HTTP" } ] target_groups = [ { target_type = "ip" backend_protocol = "TCP" backend_port = var.exposed_ports[0] } ] tags = var.tags } module "ec2_web_sg" { source = "terraform-aws-modules/security-group/aws//modules/http-80" name = join("-", [var.tags.builder, var.tags.project, var.tags.environment, "http"]) description = "The primary security group for EC2s serving HTTP." vpc_id = module.vpc.vpc_id ingress_cidr_blocks = var.private_cidrs tags = var.tags } module "ec2_rdp_sg" { source = "terraform-aws-modules/security-group/aws//modules/ssh" name = join("-", [var.tags.builder, var.tags.project, var.tags.environment, "ssh"]) description = "This security group allows remote desktop access." vpc_id = module.vpc.vpc_id ingress_cidr_blocks = var.public_cidrs tags = var.tags } module "db_psql_sg" { source = "terraform-aws-modules/security-group/aws//modules/postgresql" name = join("-", [var.tags.builder, var.tags.project, var.tags.environment, "db"]) description = "This security group helps our compute access the database(s)." vpc_id = module.vpc.vpc_id ingress_with_cidr_blocks = [ { from_port = 5432 to_port = 5432 protocol = "tcp" description = "PostgreSQL access from within VPC" cidr_blocks = module.vpc.vpc_cidr_block } ] tags = var.tags }