Skip to content

Latest commit

 

History

History
76 lines (63 loc) · 3.28 KB

NETWORK.MD

File metadata and controls

76 lines (63 loc) · 3.28 KB

Network

This module can either create all network resources, or use subnets that are already existing.

To create all network resources:

  • Don't set var.vault_aws_vpc_id.
  • Don't set var.vault_private_subnet_ids.
  • Don't set var.vault_public_subnet_ids.

To use existing network resources:

  • Set the var.vpvault_aws_vpc_idc_id.
  • Set var.vault_private_subnet_ids to a subnet with a NAT router.
  • Set var.vault_public_subnet_ids to a subnet with an internet gateway.
  • Optionally set var.vault_vpc_cidr_block_start to the first two CIDR octets available in the VPC.

API and replication

The API port (and optionally the replication port) is/are exposed using a loadbalancer.

                         +---------+
   +--------- :22/tcp -> | bastion | -- :22/tcp -------------------------+
   |                     +---------+                                     |
+----------+ :8200/tcp   +---------------+ :8200/tcp   +--------------+  |
| INTERNET | ----------> | loadbalancer  | ----------> | target_group |  |
+--+-------+ :8201/tcp   +---------------+ :8201/tcp   +--+-----------+  |
   ^                        |                             | :8200/tcp    |
   |                        |                             | :8201/tcp    |
   |                     +--+----------+              +---+-------+      |
   |                     | certificate |              | instances | <----+
   |                     +-------------+              +--+--------+
   |                                                     |
   |                     +-------------+                 |
   +---------------------| nat_gateway |<----------------+
                         +-------------+

Network components

+--- vpc -------------------------------------------+
|                                                   |
|   +--- internet_gateway ----+                     |
|   |                         |                     |
|   +-------------------------+                     |
|                                                   |
|   +--- subnet: public --------+                   |
|   |   +--- nat_gateway ---+   |   +--- eip ---+   |
|   |   |                   |---|-->|           |   |
|   |   +-------------------+   |   +-----------+   |
|   +---------------------------+                   |
|                                                   |
|   +--- subnet: private ---+                       |
|   |                       |+                      |
|   |                       ||+                     |
|   +-----------------------+||                     |
|    +-----------------------+|                     |
|     +-----------------------+                     |
+---------------------------------------------------+

Routing

+--- route_table: public --------------+      +--- subnet: public ---+
| route: 0.0.0.0/0 -> internet_gateway | ---> |                      |
+--------------------------------------+      +----------------------+

+--- route_table: private --------+        +--- subnet: private ---+
| route: 0.0.0.0/0 -> nat_gateway |+ ----> |                       |+
+---------------------------------+|+ ---> +-----------------------+|+
 +---------------------------------+| --->  +-----------------------+|
  +---------------------------------+        +-----------------------+