The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/main/terraform/globals.tf

101 lines
3.7 KiB

provider "aws" {
region = var.aws_region # Set the AWS region for the provider
}
resource "aws_ecs_cluster" "validator_cluster" {
name = "hyperlane-validator-cluster" # Name of the ECS cluster for the validator
}
resource "aws_vpc" "validator_vpc" {
cidr_block = "10.0.0.0/16" # Define the IP range for the VPC
enable_dns_support = true # Enable DNS support in the VPC
enable_dns_hostnames = true # Enable DNS hostnames in the VPC
}
data "aws_availability_zones" "available" {} # Fetch the list of available AZs
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.validator_vpc.id # Associate with the VPC
cidr_block = "10.0.2.0/24" # Define the IP range for the public subnet
availability_zone = data.aws_availability_zones.available.names[0] # Use the first available AZ
map_public_ip_on_launch = true # Automatically assign public IP on instance launch
}
resource "aws_subnet" "validator_subnet" {
vpc_id = aws_vpc.validator_vpc.id # Associate with the VPC
cidr_block = "10.0.1.0/24" # Define the IP range for the validator subnet
availability_zone = data.aws_availability_zones.available.names[0] # Use the first available AZ
map_public_ip_on_launch = false # Do not assign public IP on instance launch
}
resource "aws_internet_gateway" "vpc_igw" {
vpc_id = aws_vpc.validator_vpc.id # Attach the internet gateway to the VPC
}
resource "aws_eip" "nat_gateway_eip" {
domain = "vpc" # Allocate an Elastic IP in the VPC domain
}
resource "aws_nat_gateway" "validator_nat_gateway" {
allocation_id = aws_eip.nat_gateway_eip.id # Associate the EIP with the NAT gateway
subnet_id = aws_subnet.public_subnet.id # Place the NAT gateway in the public subnet
depends_on = [aws_internet_gateway.vpc_igw] # Ensure IGW is created before the NAT gateway
}
resource "aws_route_table" "public_route_table" {
vpc_id = aws_vpc.validator_vpc.id # Associate the route table with the VPC
route {
cidr_block = "0.0.0.0/0" # Route all traffic
gateway_id = aws_internet_gateway.vpc_igw.id # Through the internet gateway
}
}
resource "aws_route_table" "private_route_table" {
vpc_id = aws_vpc.validator_vpc.id # Associate the route table with the VPC
route {
cidr_block = "0.0.0.0/0" # Route all traffic
nat_gateway_id = aws_nat_gateway.validator_nat_gateway.id # Through the NAT gateway
}
}
resource "aws_route_table_association" "public_subnet_association" {
subnet_id = aws_subnet.public_subnet.id # Associate the public subnet
route_table_id = aws_route_table.public_route_table.id # With the public route table
}
resource "aws_route_table_association" "private_subnet_association" {
subnet_id = aws_subnet.validator_subnet.id # Associate the validator subnet
route_table_id = aws_route_table.private_route_table.id # With the private route table
}
resource "aws_security_group" "validator_sg" {
name = "validator-sg" # Name of the security group for the validator
vpc_id = aws_vpc.validator_vpc.id # Associate with the VPC
# prometheus
ingress {
from_port = 9090 # Prometheus metrics port
to_port = 9090
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Allow traffic from any IP
}
# efs mounting
ingress {
from_port = 2049 # NFS port for EFS
to_port = 2049
protocol = "tcp"
cidr_blocks = [aws_subnet.validator_subnet.cidr_block] # Allow traffic from the validator subnet
}
# all egress
egress {
from_port = 0 # Allow all outbound traffic
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"] # To any IP
}
}