Skip to main content
HashnodeFOSS Experience

Command Palette

Search for a command to run...

How to create a minimal VPC in AWS with Terraform.

Updated
2 min read
How to create a minimal VPC in AWS with Terraform.
M
Maciej Wawrzyńczuk

Don’t want use the default one anymore? Deleted the default one? Good. Let’s do it. Actually it is minimal excepting one detail, my fetish - IPv6 support.

VPC

Of course, to create a VDP - we need VDP:

resource "aws_vpc" "min_vpc" {
  cidr_block                       = "10.0.0.0/16"
  assign_generated_ipv6_cidr_block = true
  enable_dns_support               = true
  enable_dns_hostnames             = true
}

We need to specify:

  • IP range. (Do you have any idea why people hate 172.16/12?)

  • IPv6 range. It’s assigned automatically.

  • DNS support. If the instances uses Amazon DNS. Actually true is default.

  • DNS hostnames. If true - instances get funny hostnames in amazonaws.com.

Subnet

Every VPC needs at least one subnet.

resource "aws_subnet" "pub" {
  vpc_id                          = aws_vpc.min_vpc.id
  cidr_block                      = cidrsubnet(aws_vpc.min_vpc.cidr_block, 8, 0)
  ipv6_cidr_block                 = cidrsubnet(aws_vpc.min_vpc.ipv6_cidr_block, 8, 0)
  assign_ipv6_address_on_creation = true
}

  • vpc_id - the parent VPC.

  • cidr_block - the address range of the segment. Similar for IPv6. We don’t specify it manually - instead we’re using cidrsubnet function. Which cuts a network segments to a smaller one.

Gateway

Like every gateway - traffic goes through it.

resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.min_vpc.id
}

Nothing fancy. Just VPC id.

Routing table

Just routes everything to the gateway.

resource "aws_route_table" "rt" {
  vpc_id = aws_vpc.min_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }
  route {
    ipv6_cidr_block = "::0/0"
    gateway_id      = aws_internet_gateway.gw.id
  }
}

Route table association

Connects a route to a subnet.

resource "aws_route_table_association" "pub_assoc" {
  subnet_id      = aws_subnet.pub.id
  route_table_id = aws_route_table.rt.id
}

Final words

That’s more or less it. You can remove IPv6 related lines. You’ll probably gonna need a security group. I’ll describe it along with an instance example - soon.

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet

https://developer.hashicorp.com/terraform/language/functions/cidrsubnet

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway.html

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table

#terraform#iac#aws

More from this blog

F

FOSS Experience

8 posts