Actualiser tp-cloud/terraform/modules/network/main.tf

2024-12-06 15:02:06 +01:00
parent ba3ed7673f
commit 776ff0b901
1 changed files with 34 additions and 19 deletions
--- a/tp-cloud/terraform/modules/network/main.tf
+++ b/tp-cloud/terraform/modules/network/main.tf
@@ -1,40 +1,56 @@
 resource "google_compute_network" "vpc" {
-  name                    = "nom2"
+  name                    = "myvpc"
  auto_create_subnetworks = false
 }

-resource "google_compute_subnetwork" "frontend" {
-  name          = "frontend"
+# Sous-réseau
+resource "google_compute_subnetwork" "frontend_subnet" {
+  name          = "frontend-subnet"
  network       = google_compute_network.vpc.id
  ip_cidr_range = var.frontend_cidr
  region        = var.region
 }

-resource "google_compute_subnetwork" "backend" {
-  name          = "backend"
+# Sous-réseau
+resource "google_compute_subnetwork" "backend_subnet" {
+  name          = "backend-subnet"
  network       = google_compute_network.vpc.id
-  ip_cidr_range =  var.backend_cidr
+  ip_cidr_range = var.backend_cidr
  region        = var.region
 }

-resource "google_compute_subnetwork" "db" {
-  name          = "db"
+# Sous-réseau
+resource "google_compute_subnetwork" "database_subnet" {
+  name          = "database-subnet"
  network       = google_compute_network.vpc.id
  ip_cidr_range = var.database_cidr
  region        = var.region
 }

-resource "google_compute_firewall" "allow_http-https" {
-  name    = "allow-http-https"
+resource "google_compute_firewall" "allow_http" {
+  name    = "allow-http"
  network = google_compute_network.vpc.id

  allow {
    protocol = "tcp"
-    ports    = ["80", "443"]
+    ports    = ["80"]
  }

  source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["web"]
+  target_tags   = ["frontend"]
+}
+
+resource "google_compute_firewall" "allow_https" {
+  name    = "allow-https"
+  network = google_compute_network.vpc.id
+
+  allow {
+    protocol = "tcp"
+    ports    = ["443"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["frontend"]
 }

 resource "google_compute_firewall" "allow_ssh" {
@@ -47,12 +63,11 @@ resource "google_compute_firewall" "allow_ssh" {
  }

  source_ranges = [var.ssh_source_ranges]
-  target_tags   = ["web"]
+  target_tags   = ["ssh"]
 }

-
-resource "google_compute_firewall" "front-to-back" {
-  name    = "front-to-back"
+resource "google_compute_firewall" "allow_frontend_to_backend" {
+  name    = "allow-frontend-to-backend"
  network = google_compute_network.vpc.id

  allow {
@@ -64,13 +79,13 @@ resource "google_compute_firewall" "front-to-back" {
  target_tags   = ["backend"]
 }

-resource "google_compute_firewall" "back-to-db" {
-  name    = "front-to-back"
+resource "google_compute_firewall" "allow-sql" {
+  name    = "allow-sql"
  network = google_compute_network.vpc.id

  allow {
    protocol = "tcp"
-    ports    = ["8000"]
+    ports    = ["3306"]
  }

  source_ranges = [var.backend_cidr]