swap vpc

aliziel · aliziel · commit dd662d98ef4a · 2025-05-20T12:43:19.000-07:00
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,8 +1,18 @@
 provider "aws" {
   region = var.region
-  default_tags { tags = var.default_tags }
+  default_tags { tags = var.tags }
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+
+  # https://docs.aws.amazon.com/eks/latest/userguide/network-reqs.html#cluster-subnets
+  exclude_zone_ids = ["use1-az3", "usw1-az2", "cac1-az3"]
 }
 
 locals {
-  cluster_prefix = "${var.cluster_name}-${var.environment}"
+  cluster_prefix = "hotosm-${var.environment}"
+  
+  azs      = slice(sort(data.aws_availability_zones.available.names), 0, min(4, length(data.aws_availability_zones.available.names)))
+  vpc_cidr = "10.0.0.0/16"
 }
diff --git a/terraform/network.tf b/terraform/network.tf
@@ -1,9 +1,13 @@
-# TODO: swap out to no longer use module
 module "vpc" {
-  source = "git::https://github.com/hotosm/terraform-aws-vpc/"
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
 
-  deployment_environment = var.environment
+  name               = "k8s-infra-${var.environment}"
+  cidr               = local.vpc_cidr
+  enable_nat_gateway = true
+  single_nat_gateway = true
 
-  default_tags = var.default_tags
-  project_meta = var.project_meta
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -13,24 +13,18 @@ variable "region" {
   EOT
 }
 
-variable "default_tags" {
+variable "tags" {
   type        = map(string)
   default     = {}
   description = <<-EOT
   (Optional) AWS resource tags.
   EOT
 }
 
-variable "cluster_name" {
-  type        = string
-  description = <<-EOT
-  Name of EKS cluster to create
-  EOT
-}
-
 variable "permissions_boundary" {
   type        = string
   default     = null
+  sensitive   = true
   description = <<-EOT
   (Optional) ARN of the policy that is used to set the permissions boundary for
   the role.
@@ -164,16 +158,4 @@ variable "map_users" {
   description = <<-EOT
   (Optional) Users to include on aws-auth ConfigMap
   EOT
-}
-
-variable "project_meta" {
-  description = "Metadata required for VPC module"
-  type        = map(string)
-
-  default = {
-    name       = "k8s-infra"
-    short_name = "k8s-infra"
-    version    = "0.0.1"
-    url        = "https://github.com/hotosm/k8s-infra"
-  }
 }
