Replace complex VPC module with simple Terraform configuration for testing

Author: catherinevee

infrastructure/dev/us-east-2/networking/vpc/main.tf

@@ -1,116 +1,173 @@
-# Security Group for VPC Endpoints
-resource "aws_security_group" "vpc_endpoints" {
-  name_prefix = "hpc-${var.environment}-vpc-endpoints-"
-  vpc_id      = module.vpc.vpc_id
-  description = "Security group for VPC endpoints"
-  
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = [var.vpc_cidr]
-    description = "HTTPS from VPC"
-  }
-  
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-    description = "All outbound traffic"
-  }
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-vpc-endpoints-sg"
-    Type = "VPC-Endpoints-SecurityGroup"
+# Simple VPC Configuration for Testing
+resource "aws_vpc" "main" {
+  cidr_block           = var.cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = merge(var.tags, {
+    Name = var.name
   })
-  
-  lifecycle {
-    create_before_destroy = true
-  }
 }
 
-# VPC Endpoints for AWS services
-resource "aws_vpc_endpoint" "ec2" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.ec2"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-ec2-endpoint"
-    Type = "VPC-Endpoint"
+# Internet Gateway
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-igw"
   })
 }
 
-resource "aws_vpc_endpoint" "ec2messages" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.ec2messages"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-ec2messages-endpoint"
-    Type = "VPC-Endpoint"
+# Public Subnets
+resource "aws_subnet" "public" {
+  count = length(var.public_subnets)
+
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = var.public_subnets[count.index]
+  availability_zone       = var.azs[count.index]
+  map_public_ip_on_launch = true
+
+  tags = merge(var.public_subnet_tags, {
+    Name = "${var.name}-public-${count.index + 1}"
+  })
+}
+
+# Private Subnets
+resource "aws_subnet" "private" {
+  count = length(var.private_subnets)
+
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = var.private_subnets[count.index]
+  availability_zone = var.azs[count.index]
+
+  tags = merge(var.private_subnet_tags, {
+    Name = "${var.name}-private-${count.index + 1}"
   })
 }
 
-resource "aws_vpc_endpoint" "ssm" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.ssm"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-ssm-endpoint"
-    Type = "VPC-Endpoint"
+# Database Subnets
+resource "aws_subnet" "database" {
+  count = length(var.database_subnets)
+
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = var.database_subnets[count.index]
+  availability_zone = var.azs[count.index]
+
+  tags = merge(var.database_subnet_tags, {
+    Name = "${var.name}-database-${count.index + 1}"
   })
 }
 
-resource "aws_vpc_endpoint" "ssmmessages" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.ssmmessages"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-ssmmessages-endpoint"
-    Type = "VPC-Endpoint"
+# Compute Subnets
+resource "aws_subnet" "compute" {
+  count = length(var.compute_subnets)
+
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = var.compute_subnets[count.index]
+  availability_zone = var.azs[count.index]
+
+  tags = merge(var.compute_subnet_tags, {
+    Name = "${var.name}-compute-${count.index + 1}"
   })
 }
 
-resource "aws_vpc_endpoint" "cloudwatch" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.monitoring"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-cloudwatch-endpoint"
-    Type = "VPC-Endpoint"
+# Route Table for Public Subnets
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-public-rt"
   })
 }
 
-resource "aws_vpc_endpoint" "cloudwatchlogs" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = "com.amazonaws.${var.region}.logs"
-  vpc_endpoint_type   = "Interface"
-  subnet_ids          = module.vpc.private_subnets
-  security_group_ids  = [aws_security_group.vpc_endpoints.id]
-  private_dns_enabled = true
-  
-  tags = merge(var.common_tags, {
-    Name = "hpc-${var.environment}-cloudwatchlogs-endpoint"
-    Type = "VPC-Endpoint"
+# Route Table Associations for Public Subnets
+resource "aws_route_table_association" "public" {
+  count = length(aws_subnet.public)
+
+  subnet_id      = aws_subnet.public[count.index].id
+  route_table_id = aws_route_table.public.id
+}
+
+# NAT Gateway (single for dev)
+resource "aws_eip" "nat" {
+  count = var.enable_nat_gateway ? 1 : 0
+
+  domain = "vpc"
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-nat-eip"
   })
 }
+
+resource "aws_nat_gateway" "main" {
+  count = var.enable_nat_gateway ? 1 : 0
+
+  allocation_id = aws_eip.nat[0].id
+  subnet_id     = aws_subnet.public[0].id
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-nat-gateway"
+  })
+
+  depends_on = [aws_internet_gateway.main]
+}
+
+# Route Table for Private Subnets
+resource "aws_route_table" "private" {
+  count = var.enable_nat_gateway ? 1 : 0
+
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.main[0].id
+  }
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-private-rt"
+  })
+}
+
+# Route Table Associations for Private Subnets
+resource "aws_route_table_association" "private" {
+  count = var.enable_nat_gateway ? length(aws_subnet.private) : 0
+
+  subnet_id      = aws_subnet.private[count.index].id
+  route_table_id = aws_route_table.private[0].id
+}
+
+# Security Group for VPC Endpoints
+resource "aws_security_group" "vpc_endpoints" {
+  name_prefix = "${var.name}-vpc-endpoints-"
+  vpc_id      = aws_vpc.main.id
+  description = "Security group for VPC endpoints"
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [var.cidr]
+    description = "HTTPS from VPC"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "All outbound traffic"
+  }
+
+  tags = merge(var.tags, {
+    Name = "${var.name}-vpc-endpoints-sg"
+  })
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}

infrastructure/dev/us-east-2/networking/vpc/outputs.tf

@@ -1,40 +1,44 @@
-# VPC outputs
 output "vpc_id" {
   description = "ID of the VPC"
-  value       = module.vpc.vpc_id
+  value       = aws_vpc.main.id
 }
 
 output "vpc_cidr_block" {
   description = "CIDR block of the VPC"
-  value       = module.vpc.vpc_cidr_block
+  value       = aws_vpc.main.cidr_block
 }
 
-output "private_subnets" {
-  description = "List of IDs of private subnets"
-  value       = module.vpc.private_subnets
+output "public_subnets" {
+  description = "IDs of the public subnets"
+  value       = aws_subnet.public[*].id
 }
 
-output "public_subnets" {
-  description = "List of IDs of public subnets"
-  value       = module.vpc.public_subnets
+output "private_subnets" {
+  description = "IDs of the private subnets"
+  value       = aws_subnet.private[*].id
 }
 
 output "database_subnets" {
-  description = "List of IDs of database subnets"
-  value       = module.vpc.database_subnets
+  description = "IDs of the database subnets"
+  value       = aws_subnet.database[*].id
 }
 
 output "compute_subnets" {
-  description = "List of IDs of compute subnets"
-  value       = module.vpc.compute_subnets
+  description = "IDs of the compute subnets"
+  value       = aws_subnet.compute[*].id
+}
+
+output "internet_gateway_id" {
+  description = "ID of the Internet Gateway"
+  value       = aws_internet_gateway.main.id
 }
 
 output "nat_gateway_ids" {
-  description = "List of IDs of the NAT Gateways"
-  value       = module.vpc.natgw_ids
+  description = "IDs of the NAT Gateways"
+  value       = aws_nat_gateway.main[*].id
 }
 
 output "vpc_endpoints_security_group_id" {
-  description = "ID of the VPC endpoints security group"
+  description = "ID of the security group for VPC endpoints"
   value       = aws_security_group.vpc_endpoints.id
-}
+}

infrastructure/dev/us-east-2/networking/vpc/terragrunt.hcl

@@ -9,11 +9,11 @@ include "region" {
 }
 
 terraform {
-  source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=v5.1.2"
+  source = "."
 }
 
 inputs = {
-  # VPC Module inputs
+  # VPC Configuration
   name = "hpc-dev-vpc"
   cidr = "10.0.0.0/16"
 
@@ -25,19 +25,8 @@ inputs = {
   database_subnets = ["10.0.200.0/24", "10.0.201.0/24", "10.0.202.0/24"]
   compute_subnets  = ["10.0.100.0/22", "10.0.104.0/22", "10.0.108.0/22"]
 
-  # Enable DNS
-  enable_dns_hostnames = true
-  enable_dns_support   = true
-  
   # Enable NAT Gateway (single for dev)
   enable_nat_gateway = true
-  single_nat_gateway = true  # Cost optimization for dev
-  
-  # Disable VPC Flow Logs for now to simplify configuration
-  enable_flow_log = false
-  
-  # VPC Endpoints for AWS services
-  enable_s3_endpoint = true
 
   # Tags
   tags = {
@@ -90,17 +79,5 @@ inputs = {
     Type = "Compute-Subnet"
     Tier = "HPC-Compute"
   }
-  
-  # Additional variables for local Terraform resources
-  environment = "dev"
-  region      = "us-east-2"
-  vpc_cidr    = "10.0.0.0/16"
-  common_tags = {
-    Environment = "dev"
-    Region = "us-east-2"
-    Project = "HPC-Networking"
-    ManagedBy = "Terragrunt"
-    Owner = "DevOps-Team"
-  }
 }