Create a Valtix Service VPC to deploy Valtix Gateway.
- Create a VPC
- Create internet gateway and attach to the VPC
- Create the following subnets in each of the availability zones:
- datapath subnet and datapath route table associated to it, default route to igw
- mgmt subnet and mgmt route table associated to it, default route to igw
- tgw_attachment subnet and a route table associated to it
- Create security groups in the VPC
- datapath: allow all ingress and egress traffic
- mgmt: allow all egress traffic
- tgw_attachment subnet must be used to attach to the transit gateway
- After the Valtix Gateway is created in the VPC, add a default route in the tgw_attachment route table with next-hop as the gwlbe
zones- Availability zones, defaults to["us-east-1a", "us-east-1b"]prefix- Prefix used for all the resources created, defaults tovaltix_svpcvpc_cidr- CIDR used for the VPC, defaults to172.16.0.0/16vpc_subnet_bits- Additional bits used for the subnets - The final subnet mask is the vpc_cidr mask + the value provided here, defaults to 8 which makes the subnet mask as 24region- (Optional) AWS region where Service VPC (and Valtix Gateways) are deployed. Required when running as root module
vpc- VPC Iddatapath_subnet- A map for each zone, with subnet names and idsdatapath_subnet = { "us-east-1a" = { "route_table_id" = "rtb-111111" "route_table_name" = "valtix_svpc_us-east-1a_datapath" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1a_datapath" } "us-east-1b" = { "route_table_id" = "rtb-1111" "route_table_name" = "valtix_svpc_us-east-1b_datapath" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1b_datapath" } }mgmt_subnet- A map for each zone, with subnet names and idsmgmt_subnet = { "us-east-1a" = { "route_table_id" = "rtb-111111" "route_table_name" = "valtix_svpc_us-east-1a_mgmt" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1a_mgmt" } "us-east-1b" = { "route_table_id" = "rtb-1111" "route_table_name" = "valtix_svpc_us-east-1b_mgmt" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1b_mgmt" } }tgw_attachment_subnet- A map for each zone, with subnet names and ids{ "us-east-1a" = { "route_table_id" = "rtb-111111" "route_table_name" = "valtix_svpc_us-east-1a_tgw_attachment" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1a_tgw_attachment" } "us-east-1b" = { "route_table_id" = "rtb-1111" "route_table_name" = "valtix_svpc_us-east-1b_tgw_attachment" "subnet_id" = "subnet-11111" "subnet_name" = "valtix_svpc_us-east-1b_tgw_attachment" } }mgmt_security_group- A map of id and name{ "id" = "sg-1111" "name" = "valtix_svpc_mgmt }datapath_security_group- A map of id and name{ "id" = "sg-1111" "name" = "valtix_svpc_datapath }valtix_gw_instance_details- A structure suitable to be used as-is in the valtix_gateway terraform resource"us-east-1a" = { "availability_zone" = "us-east-1a" "mgmt_subnet" = "subnet-11111" "datapath_subnet" = "subnet-11112" } "us-east-1b" = { "availability_zone" = "us-east-1b" "mgmt_subnet" = "subnet-21111" "datapath_subnet" = "subnet-21112" }
git clone https://github.com/valtix-security/terraform-aws-service-vpc.git
cd terraform-aws-service-vpc
cp provider provider.tf
cp values-sample values
Edit values with appropriate values
terraform init
terraform apply -var-file values
Create a tf file with the following content
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = "us-east-1"
}
module "service_vpc" {
source = "github.com/valtix-security/terraform-aws-service-vpc"
region = "us-east-1"
zones = ["us-east-1a", "us-east-1b"]
prefix = "valtix_svpc"
vpc_cidr = "172.16.0.0/16"
vpc_subnet_bits = 8
}You can use variables instead of hard coded values
In the directory where you created the above file, run the following commands
terraform init
terraform apply