26 lines
907 B
HCL
26 lines
907 B
HCL
variable "cidr" { default = "10.0.0.0/16" }
|
|
variable "environment" {}
|
|
variable "az_count" { default = 3 }
|
|
|
|
locals {
|
|
azs = slice(data.aws_availability_zones.available.names, 0, var.az_count)
|
|
public_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i)]
|
|
private_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i + 10)]
|
|
}
|
|
|
|
data "aws_availability_zones" "available" { state = "available" }
|
|
|
|
resource "aws_vpc" "main" {
|
|
cidr_block = var.cidr
|
|
enable_dns_hostnames = true
|
|
enable_dns_support = true
|
|
tags = { Name = "nexus-${var.environment}", Environment = var.environment }
|
|
}
|
|
|
|
# Flow logs — added after security review flagged their absence
|
|
resource "aws_flow_log" "main" {
|
|
vpc_id = aws_vpc.main.id
|
|
traffic_type = "ALL"
|
|
iam_role_arn = aws_iam_role.flow_log.arn
|
|
log_destination = aws_cloudwatch_log_group.flow_log.arn
|
|
}
|