Provide separate route tables for db/elasticache/redshift (#155)

* Provide separate route tables for db/elasticache/redshift

* Added example for saperate routes

* Updated PR with suggestions

* Make redshift to use separate subnet route table also

* More cleanup and updates

* Fixed one more spelling mistake

Author: antonbabenko

README.md

@@ -166,7 +166,11 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | azs | A list of availability zones in the region | string | `<list>` | no |
 | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no |
 | create_database_subnet_group | Controls if database subnet group should be created | string | `true` | no |
+| create_database_subnet_route_table | Controls if separate route table for database should be created | string | `false` | no |
+| create_elasticache_subnet_route_table | Controls if separate route table for elasticache should be created | string | `false` | no |
+| create_redshift_subnet_route_table | Controls if separate route table for redshift should be created | string | `false` | no |
 | create_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no |
+| database_route_table_tags | Additional tags for the database route tables | string | `<map>` | no |
 | database_subnet_group_tags | Additional tags for the database subnet group | string | `<map>` | no |
 | database_subnet_tags | Additional tags for the database subnets | string | `<map>` | no |
 | database_subnets | A list of database subnets | list | `<list>` | no |
@@ -181,6 +185,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | dhcp_options_netbios_node_type | Specify netbios node_type for DHCP options set | string | `` | no |
 | dhcp_options_ntp_servers | Specify a list of NTP servers for DHCP options set | list | `<list>` | no |
 | dhcp_options_tags | Additional tags for the DHCP option set | string | `<map>` | no |
+| elasticache_route_table_tags | Additional tags for the elasticache route tables | string | `<map>` | no |
 | elasticache_subnet_tags | Additional tags for the elasticache subnets | string | `<map>` | no |
 | elasticache_subnets | A list of elasticache subnets | list | `<list>` | no |
 | enable_dhcp_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no |
@@ -210,6 +215,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | public_route_table_tags | Additional tags for the public route tables | string | `<map>` | no |
 | public_subnet_tags | Additional tags for the public subnets | string | `<map>` | no |
 | public_subnets | A list of public subnets inside the VPC | string | `<list>` | no |
+| redshift_route_table_tags | Additional tags for the redshift route tables | string | `<map>` | no |
 | redshift_subnet_group_tags | Additional tags for the redshift subnet group | string | `<map>` | no |
 | redshift_subnet_tags | Additional tags for the redshift subnets | string | `<map>` | no |
 | redshift_subnets | A list of redshift subnets | list | `<list>` | no |
@@ -224,6 +230,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 
 | Name | Description |
 |------|-------------|
+| database_route_table_ids | List of IDs of database route tables |
 | database_subnet_group | ID of database subnet group |
 | database_subnets | List of IDs of database subnets |
 | database_subnets_cidr_blocks | List of cidr_blocks of database subnets |
@@ -239,6 +246,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | default_vpc_id | Default VPC |
 | default_vpc_instance_tenancy | Tenancy of instances spin up within VPC |
 | default_vpc_main_route_table_id | The ID of the main route table associated with this VPC |
+| elasticache_route_table_ids | List of IDs of elasticache route tables |
 | elasticache_subnet_group | ID of elasticache subnet group |
 | elasticache_subnet_group_name | Name of elasticache subnet group |
 | elasticache_subnets | List of IDs of elasticache subnets |
@@ -247,7 +255,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | intra_route_table_ids | List of IDs of intra route tables |
 | intra_subnets | List of IDs of intra subnets |
 | intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets |
-| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| nat_ids | Nat gateway |
 | nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway |
 | natgw_ids | List of NAT Gateway IDs |
 | private_route_table_ids | List of IDs of private route tables |
@@ -256,6 +264,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | public_route_table_ids | Route tables |
 | public_subnets | List of IDs of public subnets |
 | public_subnets_cidr_blocks | List of cidr_blocks of public subnets |
+| redshift_route_table_ids | List of IDs of redshift route tables |
 | redshift_subnet_group | ID of redshift subnet group |
 | redshift_subnets | List of IDs of redshift subnets |
 | redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets |

examples/vpc-separate-private-route-tables/README.md

@@ -0,0 +1,33 @@
+# VPC with separate private route tables
+
+Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup). 
+
+There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| database_subnets | List of IDs of database subnets |
+| elasticache_subnets | List of IDs of elasticache subnets |
+| nat_public_ips | NAT gateways |
+| private_subnets | Subnets |
+| public_subnets | List of IDs of public subnets |
+| redshift_subnets | List of IDs of elasticache subnets |
+| vpc_id | VPC |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/vpc-separate-private-route-tables/main.tf

@@ -0,0 +1,31 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+module "vpc" {
+  source = "../../"
+
+  name = "vpc-separate-private-route-tables"
+
+  cidr = "10.10.0.0/16"
+
+  azs                 = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  private_subnets     = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
+  public_subnets      = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]
+  database_subnets    = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
+  elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]
+  redshift_subnets    = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"]
+
+  create_database_subnet_route_table    = true
+  create_elasticache_subnet_route_table = true
+  create_redshift_subnet_route_table    = true
+
+  single_nat_gateway = true
+  enable_nat_gateway = true
+
+  tags = {
+    Owner       = "user"
+    Environment = "staging"
+    Name        = "separate-private-route-tables"
+  }
+}

examples/vpc-separate-private-route-tables/outputs.tf

@@ -0,0 +1,37 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = "${module.vpc.vpc_id}"
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = ["${module.vpc.private_subnets}"]
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = ["${module.vpc.public_subnets}"]
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = ["${module.vpc.database_subnets}"]
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = ["${module.vpc.elasticache_subnets}"]
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = ["${module.vpc.redshift_subnets}"]
+}
+
+# NAT gateways
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = ["${module.vpc.nat_public_ips}"]
+}

main.tf

@@ -98,6 +98,39 @@ resource "aws_route_table" "private" {
   }
 }
 
+#################
+# Database routes
+#################
+resource "aws_route_table" "database" {
+  count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0}"
+
+  vpc_id = "${aws_vpc.this.id}"
+
+  tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-database"))}"
+}
+
+#################
+# Redshift routes
+#################
+resource "aws_route_table" "redshift" {
+  count = "${var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0}"
+
+  vpc_id = "${aws_vpc.this.id}"
+
+  tags = "${merge(var.tags, var.redshift_route_table_tags, map("Name", "${var.name}-redshift"))}"
+}
+
+#################
+# Elasticache routes
+#################
+resource "aws_route_table" "elasticache" {
+  count = "${var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0}"
+
+  vpc_id = "${aws_vpc.this.id}"
+
+  tags = "${merge(var.tags, var.elasticache_route_table_tags, map("Name", "${var.name}-elasticache"))}"
+}
+
 #################
 # Intra routes
 #################
@@ -350,21 +383,21 @@ resource "aws_route_table_association" "database" {
   count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}"
 
   subnet_id      = "${element(aws_subnet.database.*.id, count.index)}"
-  route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
+  route_table_id = "${element(coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index))}"
 }
 
 resource "aws_route_table_association" "redshift" {
   count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0}"
 
   subnet_id      = "${element(aws_subnet.redshift.*.id, count.index)}"
-  route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
+  route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}"
 }
 
 resource "aws_route_table_association" "elasticache" {
   count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}"
 
   subnet_id      = "${element(aws_subnet.elasticache.*.id, count.index)}"
-  route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
+  route_table_id = "${element(coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index))}"
 }
 
 resource "aws_route_table_association" "intra" {

outputs.tf

@@ -151,11 +151,27 @@ output "private_route_table_ids" {
   value       = ["${aws_route_table.private.*.id}"]
 }
 
+output "database_route_table_ids" {
+  description = "List of IDs of database route tables"
+  value       = ["${coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id)}"]
+}
+
+output "redshift_route_table_ids" {
+  description = "List of IDs of redshift route tables"
+  value       = ["${coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id)}"]
+}
+
+output "elasticache_route_table_ids" {
+  description = "List of IDs of elasticache route tables"
+  value       = ["${coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id)}"]
+}
+
 output "intra_route_table_ids" {
   description = "List of IDs of intra route tables"
   value       = ["${aws_route_table.intra.*.id}"]
 }
 
+# Nat gateway
 output "nat_ids" {
   description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
   value       = ["${aws_eip.nat.*.id}"]

variables.tf

@@ -46,6 +46,21 @@ variable "elasticache_subnets" {
   default     = []
 }
 
+variable "create_database_subnet_route_table" {
+  description = "Controls if separate route table for database should be created"
+  default     = false
+}
+
+variable "create_redshift_subnet_route_table" {
+  description = "Controls if separate route table for redshift should be created"
+  default     = false
+}
+
+variable "create_elasticache_subnet_route_table" {
+  description = "Controls if separate route table for elasticache should be created"
+  default     = false
+}
+
 variable "intra_subnets" {
   type        = "list"
   description = "A list of intra subnets"
@@ -168,6 +183,21 @@ variable "private_route_table_tags" {
   default     = {}
 }
 
+variable "database_route_table_tags" {
+  description = "Additional tags for the database route tables"
+  default     = {}
+}
+
+variable "redshift_route_table_tags" {
+  description = "Additional tags for the redshift route tables"
+  default     = {}
+}
+
+variable "elasticache_route_table_tags" {
+  description = "Additional tags for the elasticache route tables"
+  default     = {}
+}
+
 variable "intra_route_table_tags" {
   description = "Additional tags for the intra route tables"
   default     = {}