# VPC for meteor application (only if using Fargate) resource "aws_vpc" "main" { count = var.enable_fargate ? 1 : 0 cidr_block = "10.0.0.0/16" enable_dns_hostnames = true enable_dns_support = true tags = merge(local.common_tags, { Name = "${local.name_prefix}-vpc" }) } # Internet Gateway resource "aws_internet_gateway" "main" { count = var.enable_fargate ? 1 : 0 vpc_id = aws_vpc.main[0].id tags = merge(local.common_tags, { Name = "${local.name_prefix}-igw" }) } # Data source for availability zones data "aws_availability_zones" "available" { state = "available" } # Public Subnets resource "aws_subnet" "public" { count = var.enable_fargate ? 2 : 0 vpc_id = aws_vpc.main[0].id cidr_block = "10.0.${count.index + 1}.0/24" availability_zone = data.aws_availability_zones.available.names[count.index] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${local.name_prefix}-public-subnet-${count.index + 1}" Type = "Public" }) } # Private Subnets resource "aws_subnet" "private" { count = var.enable_fargate ? 2 : 0 vpc_id = aws_vpc.main[0].id cidr_block = "10.0.${count.index + 10}.0/24" availability_zone = data.aws_availability_zones.available.names[count.index] tags = merge(local.common_tags, { Name = "${local.name_prefix}-private-subnet-${count.index + 1}" Type = "Private" }) } # Elastic IPs for NAT Gateways resource "aws_eip" "nat" { count = var.enable_fargate ? 2 : 0 domain = "vpc" depends_on = [aws_internet_gateway.main] tags = merge(local.common_tags, { Name = "${local.name_prefix}-nat-eip-${count.index + 1}" }) } # NAT Gateways resource "aws_nat_gateway" "main" { count = var.enable_fargate ? 2 : 0 allocation_id = aws_eip.nat[count.index].id subnet_id = aws_subnet.public[count.index].id depends_on = [aws_internet_gateway.main] tags = merge(local.common_tags, { Name = "${local.name_prefix}-nat-${count.index + 1}" }) } # Route Table for Public Subnets resource "aws_route_table" "public" { count = var.enable_fargate ? 1 : 0 vpc_id = aws_vpc.main[0].id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.main[0].id } tags = merge(local.common_tags, { Name = "${local.name_prefix}-public-rt" }) } # Route Table Associations for Public Subnets resource "aws_route_table_association" "public" { count = var.enable_fargate ? 2 : 0 subnet_id = aws_subnet.public[count.index].id route_table_id = aws_route_table.public[0].id } # Route Tables for Private Subnets resource "aws_route_table" "private" { count = var.enable_fargate ? 2 : 0 vpc_id = aws_vpc.main[0].id route { cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.main[count.index].id } tags = merge(local.common_tags, { Name = "${local.name_prefix}-private-rt-${count.index + 1}" }) } # Route Table Associations for Private Subnets resource "aws_route_table_association" "private" { count = var.enable_fargate ? 2 : 0 subnet_id = aws_subnet.private[count.index].id route_table_id = aws_route_table.private[count.index].id } # Security Group for ECS Tasks resource "aws_security_group" "ecs_tasks" { count = var.enable_fargate ? 1 : 0 name = "${local.name_prefix}-ecs-tasks" description = "Security group for ECS tasks" vpc_id = aws_vpc.main[0].id ingress { from_port = 3000 to_port = 3000 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] description = "HTTP from Load Balancer" } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] description = "All outbound traffic" } tags = merge(local.common_tags, { Name = "${local.name_prefix}-ecs-tasks" }) } # VPC Endpoints for AWS services (to reduce NAT Gateway costs) resource "aws_vpc_endpoint" "s3" { count = var.enable_fargate ? 1 : 0 vpc_id = aws_vpc.main[0].id service_name = "com.amazonaws.${data.aws_region.current.name}.s3" tags = merge(local.common_tags, { Name = "${local.name_prefix}-s3-endpoint" }) } resource "aws_vpc_endpoint_route_table_association" "s3_private" { count = var.enable_fargate ? 2 : 0 vpc_endpoint_id = aws_vpc_endpoint.s3[0].id route_table_id = aws_route_table.private[count.index].id }