Configure and test HA VPN tunnels with OpenTofu

.gitignore

@@ -30,3 +30,5 @@ go.work
 # Secret files
 *credential*
 project-gcp.txt
+
+aws

README.md

@@ -3,6 +3,30 @@
 We will explore the functions and necessary properties such as creation, diary, update, and deletion of resources/services for configuring a multi-cloud network.
 
 
+### Installing OpenTofu
+
+See [Installing OpenTofu](https://opentofu.org/docs/intro/install/)
+
+#### Installing using the installer
+
+```bash
+# Download the installer script:
+curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
+# Alternatively: wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh
+
+# Give it execution permissions:
+chmod +x install-opentofu.sh
+
+# Please inspect the downloaded script
+
+# Run the installer:
+./install-opentofu.sh --install-method deb
+
+# Remove the installer:
+rm install-opentofu.sh
+```
+
+
 ### How to use this ?
 
-TBD
+TBD

ha-vpn-tunnels/aws-instance.tf

@@ -0,0 +1,13 @@
+
+resource "aws_instance" "my-aws-instance" {
+  ami           = "ami-0f3a440bbcff3d043" # Ubuntu Server 22.04 LTS (HVM), SSD Volume Type
+  instance_type = "t2.micro"
+
+  vpc_security_group_ids = [aws_security_group.my-aws-sg.id]
+
+  subnet_id = aws_subnet.my-aws-subnet-2.id
+
+  tags = {
+    Name = "my-aws-instance"
+  }
+}

ha-vpn-tunnels/aws-networking.tf

@@ -0,0 +1,98 @@
+# Define the VPC resource block
+resource "aws_vpc" "my-aws-vpc" {
+  cidr_block = "192.168.64.0/18"
+
+  tags = {
+    Name = "my-aws-vpc-name"
+  }
+}
+
+# Define the subnets resource blocks with the desired CIDR blocks and associate them with the route table
+resource "aws_subnet" "my-aws-subnet-1" {
+  vpc_id                  = aws_vpc.my-aws-vpc.id
+  cidr_block              = "192.168.64.0/24"
+  map_public_ip_on_launch = true
+  tags = {
+    Name = "my-aws-subnet-1-name"
+  }
+}
+
+resource "aws_subnet" "my-aws-subnet-2" {
+  vpc_id                  = aws_vpc.my-aws-vpc.id
+  cidr_block              = "192.168.65.0/24"
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "my-aws-subnet-2-name"
+  }
+}
+
+##################################################################
+
+// Create a VPN Gateway
+resource "aws_vpn_gateway" "my-aws-vpn-gateway" {
+  tags = {
+    Name = "my-aws-vpn-gateway-name"
+  }
+  vpc_id = aws_vpc.my-aws-vpc.id
+}
+
+// Create a Customer Gateway
+resource "aws_customer_gateway" "my-aws-cgw-1" {
+  tags = {
+    Name = "my-aws-cgw-1-name"
+  }
+  bgp_asn    = google_compute_router.my-gcp-router-main.bgp[0].asn
+  ip_address = google_compute_ha_vpn_gateway.my-gcp-ha-vpn-gateway.vpn_interfaces[0].ip_address
+  type       = "ipsec.1"
+}
+
+// Create a Customer Gateway
+resource "aws_customer_gateway" "my-aws-cgw-2" {
+  tags = {
+    Name = "my-aws-cgw-2-name"
+  }
+  bgp_asn    = google_compute_router.my-gcp-router-main.bgp[0].asn
+  ip_address = google_compute_ha_vpn_gateway.my-gcp-ha-vpn-gateway.vpn_interfaces[1].ip_address
+  type       = "ipsec.1"
+}
+
+##################################################################
+
+// Create a VPN Connection between the VPN Gateway and the Customer Gateway
+resource "aws_vpn_connection" "my-aws-cx-1" {
+  tags = {
+    Name = "my-aws-cx-1-name"
+  }
+  vpn_gateway_id      = aws_vpn_gateway.my-aws-vpn-gateway.id
+  customer_gateway_id = aws_customer_gateway.my-aws-cgw-1.id
+  type                = "ipsec.1"
+}
+
+resource "aws_vpn_connection" "my-aws-cx-2" {
+  tags = {
+    Name = "my-aws-cx-2-name"
+  }
+  vpn_gateway_id      = aws_vpn_gateway.my-aws-vpn-gateway.id
+  customer_gateway_id = aws_customer_gateway.my-aws-cgw-2.id
+  type                = "ipsec.1"
+}
+
+##################################################################
+
+// Create a Route Table and add a route to the VPN Connection
+resource "aws_route_table" "my-aws-rt" {
+  tags = {
+    Name = "my-aws-rt-name"
+  }
+
+  vpc_id = aws_vpc.my-aws-vpc.id
+  propagating_vgws = [aws_vpn_gateway.my-aws-vpn-gateway.id]
+}
+
+// Create a Route Table Association between the Route Table and the Subnet
+resource "aws_route_table_association" "my-aws-rta-1" {
+  # count = 3
+  # subnet_id = element(aws_subnet.main.*.id, count.index)
+  subnet_id = aws_subnet.my-aws-subnet-2.id
+  route_table_id = aws_route_table.my-aws-rt.id
+}

ha-vpn-tunnels/aws-security-groups.tf

@@ -0,0 +1,27 @@
+# Security Group
+# Private EC2 SG
+resource "aws_security_group" "my-aws-sg"{
+  name        = "my-aws-sg"
+  description = "for private ec2"
+  vpc_id      = aws_vpc.my-aws-vpc.id
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "my-aws-private-sg"
+  }
+}
+
+resource "aws_vpc_security_group_ingress_rule" "allow-icmp" {  
+  security_group_id = aws_security_group.my-aws-sg.id  
+  cidr_ipv4 = "0.0.0.0/0"
+  from_port = -1
+  to_port = -1
+  ip_protocol = "icmp"
+  description = "Allow all incoming ICMP"
+}

ha-vpn-tunnels/gcp-firewall.tf

@@ -0,0 +1,21 @@
+resource "google_compute_firewall" "my-gcp-firewall" {
+  name    = "my-gcp-firewall"
+  network = google_compute_network.my-gcp-vpc-network.name
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22", "80", "8080", "1000-2000"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+
+  # source_tags = ["web"]
+}
+
+# resource "google_compute_network" "default" {
+#   name = "test-network"
+# }

ha-vpn-tunnels/gcp-instance.tf

@@ -0,0 +1,20 @@
+resource "google_compute_instance" "my-gcp-vm-instance" {
+  name         = "my-gcp-vm-instance"
+  machine_type = "f1-micro"
+
+  boot_disk {
+    auto_delete = true
+    initialize_params {
+      image = "projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20240126"
+      labels = {
+        my_label = "value"
+      }
+    }
+  }
+
+  network_interface {
+    network = google_compute_network.my-gcp-vpc-network.self_link
+    subnetwork = google_compute_subnetwork.my-gcp-subnet-2.self_link  
+
+  }
+}