From 18c6961ee9217dd52260e2b4ec9de74b97d876e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Tue, 28 Jan 2020 19:47:56 +0100 Subject: [PATCH] add comments for the aws-vpc module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- modules/aws-vpc/main.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/aws-vpc/main.tf b/modules/aws-vpc/main.tf index 8c2af1a..061a9db 100644 --- a/modules/aws-vpc/main.tf +++ b/modules/aws-vpc/main.tf @@ -1,3 +1,4 @@ +/* The VPN allows us to limit certain traffic to just local network */ resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" instance_tenancy = "default" @@ -10,6 +11,7 @@ resource "aws_vpc" "main" { } } +/* A VPN can't exist by itself, a subnet is necessary to add instances */ resource "aws_subnet" "main" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" @@ -34,6 +36,7 @@ resource "aws_internet_gateway" "main" { } } +/* Adds rule for accessing internet via the Gateway */ resource "aws_route_table" "main" { vpc_id = aws_vpc.main.id @@ -48,23 +51,26 @@ resource "aws_route_table" "main" { } } +/* Add the route to Gateway to the Subnet */ resource "aws_route_table_association" "main" { subnet_id = aws_subnet.main.id route_table_id = aws_route_table.main.id } +/* Open the necessary ports to the outside */ resource "aws_security_group" "main" { name = "${var.name}-${var.stage}" description = "Allow inbound traffic for Nimbus fleet" vpc_id = aws_vpc.main.id - /* Allow local traffic */ + /* Allow local incoming traffic, necessary for logging */ ingress { from_port = 0 to_port = 0 self = true protocol = "-1" } + /* Allowing outgoing is also necessary */ egress { from_port = 0 to_port = 0