tetrateio · psinghal20 · Jun 12, 2025 · Jun 19, 2025
diff --git a/cloud/aws/asg.tf b/cloud/aws/asg.tf
@@ -6,7 +6,7 @@ resource "random_pet" "asg_suffix" {
 resource "aws_security_group" "asg_self" {
   name        = "asg-self-group-${random_pet.asg_suffix.id}"
   description = "Allow all traffic within this security group"
-  vpc_id      = var.vpc_id
+  vpc_id      = aws_vpc.main.id
 
   # Allow all traffic from same SG
   ingress {
@@ -56,7 +56,7 @@ resource "aws_launch_template" "asg" {
   }
 
   vpc_security_group_ids = [aws_security_group.asg_self.id]
-   iam_instance_profile {
+  iam_instance_profile {
     name = aws_iam_instance_profile.asg_profile.name
   }
 
@@ -89,7 +89,7 @@ resource "aws_autoscaling_group" "asg" {
   min_size            = 4
   max_size            = 4
   desired_capacity    = 4
-  vpc_zone_identifier = [var.subnet_id]
+  vpc_zone_identifier = [aws_subnet.public.id]
   wait_for_capacity_timeout    = "10m"   # Wait up to 10 minutes for desired_capacity
   health_check_type            = "EC2"
   force_delete                 = true
@@ -113,7 +113,7 @@ resource "aws_autoscaling_group" "asg" {
 resource "aws_iam_policy" "disable_src_dst_check" {
   name        = "DisableSourceDestCheck-${random_pet.asg_suffix.id}"
   description = "Allow disabling source/destination check on own instance"
-  policy      = jsonencode({
+  policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
       {
@@ -159,8 +159,8 @@ data "external" "asg_private_ips" {
   program = ["${path.module}/wait-for-asg-ips.sh"]
 
   query = {
-    asg_name      = aws_autoscaling_group.asg.name
+    asg_name       = aws_autoscaling_group.asg.name
     expected_count = 4
-    region        = var.region
+    region         = var.region
   }
-}
+}
diff --git a/cloud/aws/frr.tf b/cloud/aws/frr.tf
@@ -1,8 +1,8 @@
 # If ssh_key_name is not set, generate one
 resource "tls_private_key" "generated" {
-  count      = var.ssh_key_name == "" ? 1 : 0
-  algorithm  = "RSA"
-  rsa_bits   = 4096
+  count     = var.ssh_key_name == "" ? 1 : 0
+  algorithm = "RSA"
+  rsa_bits  = 4096
 }
 
 resource "aws_key_pair" "generated" {
@@ -12,14 +12,14 @@ resource "aws_key_pair" "generated" {
 }
 
 resource "random_id" "suffix" {
-  count = var.ssh_key_name == "" ? 1 : 0
+  count       = var.ssh_key_name == "" ? 1 : 0
   byte_length = 4
 }
 
 # Pick the key name to use
 locals {
-  final_key_name = var.ssh_key_name != "" ? var.ssh_key_name : aws_key_pair.generated[0].key_name
-  private_key    = var.ssh_key_name != "" ? file(var.private_key_path) : tls_private_key.generated[0].private_key_pem
+  final_key_name            = var.ssh_key_name != "" ? var.ssh_key_name : aws_key_pair.generated[0].key_name
+  private_key               = var.ssh_key_name != "" ? file(var.private_key_path) : tls_private_key.generated[0].private_key_pem
   private_key_path_for_copy = var.ssh_key_name != "" ? var.private_key_path : "${path.module}/auto-generated-key.pem"
   config_yaml = templatefile("${path.module}/config.yaml.tpl", {
     bgpPeerAddress      = aws_instance.frr_router.private_ip # this gets the new FRR private IP
@@ -30,7 +30,7 @@ locals {
 resource "aws_instance" "frr_router" {
   ami                         = var.frr_ami_id
   instance_type               = var.instance_type
-  subnet_id                   = var.subnet_id
+  subnet_id                   = aws_subnet.public.id
   vpc_security_group_ids      = [aws_security_group.asg_self.id]
   key_name                    = local.final_key_name
   associate_public_ip_address = true
@@ -109,17 +109,17 @@ resource "aws_instance" "frr_router" {
     destination = "/home/ubuntu/ssh_key.pem"
 
     connection {
-        type        = "ssh"
-        user        = "ubuntu"
-        private_key = local.private_key
-        host        = self.public_ip
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = local.private_key
+      host        = self.public_ip
     }
   }
 
   provisioner "remote-exec" {
     inline = [
-        "chown ubuntu:ubuntu /home/ubuntu/l4env_amd64",
-        "chmod +x /home/ubuntu/l4env_amd64"
+      "chown ubuntu:ubuntu /home/ubuntu/l4env_amd64",
+      "chmod +x /home/ubuntu/l4env_amd64"
     ]
     connection {
       type        = "ssh"
@@ -136,13 +136,13 @@ resource "aws_instance" "frr_router" {
 
 resource "null_resource" "frr_config_upload" {
   triggers = {
-    instance_id = aws_instance.frr_router.id   # Ensures this waits until instance is ready
-    private_ip  = aws_instance.frr_router.private_ip
+    instance_id            = aws_instance.frr_router.id # Ensures this waits until instance is ready
+    private_ip             = aws_instance.frr_router.private_ip
     image_pull_secret_data = var.image_pull_secret_data
   }
 
   provisioner "file" {
-    content     = templatefile("${path.module}/config.yaml.tpl", {
+    content = templatefile("${path.module}/config.yaml.tpl", {
       bgpPeerAddress      = aws_instance.frr_router.private_ip
       imagePullSecretData = var.image_pull_secret_data
     })
@@ -159,8 +159,8 @@ resource "null_resource" "frr_config_upload" {
 
 # Write the generated private key to a local file (for your own SSH use)
 resource "local_file" "private_key" {
-  count    = var.ssh_key_name == "" ? 1 : 0
-  content  = tls_private_key.generated[0].private_key_pem
-  filename = "${path.module}/auto-generated-key.pem"
+  count           = var.ssh_key_name == "" ? 1 : 0
+  content         = tls_private_key.generated[0].private_key_pem
+  filename        = "${path.module}/auto-generated-key.pem"
   file_permission = "0600"
 }
diff --git a/cloud/aws/inputs.tf b/cloud/aws/inputs.tf
@@ -2,14 +2,6 @@ variable "region" {
   default = "us-east-1"
 }
 
-variable "vpc_id" {
-    type = string
-}
-
-variable "subnet_id" {
-  type = string
-}
-
 variable "frr_ami_id" {
   description = "AMI ID for the instance"
   type        = string
@@ -44,14 +36,27 @@ variable "private_key_path" {
 variable "bgp_listen_range" {
   description = "The CIDR range for BGP listen command."
   type        = string
-  default     = "172.31.0.0/16"
+  default     = "10.0.0.0/16"
 }
 
 variable "mitm_vip" {
-    type = string
+  type = string
 }
 
 variable "image_pull_secret_data" {
   description = "Secret data for image pull"
   type        = string
 }
+
+variable "vpc_cidr_block" {
+  description = "CIDR block for the VPC"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "subnet_cidr_block" {
+  description = "CIDR block for the subnet"
+  type        = string
+  default     = "10.0.1.0/24"
+}

diff --git a/cloud/aws/outputs.tf b/cloud/aws/outputs.tf
@@ -1,10 +1,10 @@
 output "ssh_private_key_path" {
-  value = var.ssh_key_name == "" ? local_file.private_key[0].filename : var.private_key_path
+  value       = var.ssh_key_name == "" ? local_file.private_key[0].filename : var.private_key_path
   description = "Path to the private key you can use to ssh to the instance"
 }
 
 output "asg_name" {
-  value = aws_autoscaling_group.asg.name
+  value       = aws_autoscaling_group.asg.name
   description = "The name of the Auto Scaling Group"
 }
 
@@ -21,3 +21,13 @@ output "frr_instance_private_ip" {
 output "asg_instance_private_ips" {
   value = jsondecode(data.external.asg_private_ips.result.private_ips)
 }
+
+output "vpc_id" {
+  value       = aws_vpc.main.id
+  description = "ID of the created VPC"
+}
+
+output "subnet_id" {
+  value       = aws_subnet.public.id
+  description = "ID of the created public subnet"
+}