A simple VPC deployment pattern which includes a simple configuration that has been tested and can be used to build a new infrastructure from. It uses Terraform and uses local state storage (within a directory called “state_data”), for production uses it is mandated to use some form of remote state storage.
The pattern within the template includes the following infrastructure components, it is set to use the eu-west-2 (London) region, it is highly available and components are spread over two availability zones.
The EC2 instances within the private subnets (A, B, C and D) are able to communicate with each other across their subnets, however they can only reach the Internet via the NATGW (in Public Subnet A and B), there is no inbound access (from the Internet) permitted.
- VPC
- IGW (Internet Gateway)
- 2 x NATGW (NAT Gateways) in Availablity Zone A and B
- 2 x EIP (Elastic IP Addresses v4) attached to NATGWs
- 6 x Subnets
- 2 x Public Subnets (A & B)
- 2 x Private Subnets (A & B) with EC2 Instance A and EC2 Instance B
- 2 x Private Subnets (C & D) with EC2 Instance C and EC2 Instance D
- 6 x Route Tables (one per Subnet)
- IAM Role(s) and SSM Configuration
https://github.com/tristanhself/general/tree/master/aws/vpc-subnets-nat-igw