/root/terraformation/a2g$ terraform apply -var 'air_gap=true' ...
Not just for web applications, but for any systems with public Internet facing entry points, there is always an ultimate security need to pull out the cable between a router and switch to take an entire public subnet and all the instances within it, offline on demand, which in the vast majority of cases where cloud service providers are used, means implementing the virtual equivalent of this - that's what REVVOPS Air GAP does, but it does far more than that and because of it's declarative nature it can accomplish this and many other desirably useful operations in a much more elegant way than an imperatively programmed equivalent.
Using Air GAP to Create a VPC
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -auto-approve
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -auto-approve
Using Air GAP to Create a Public Subnet in a Specific Availability Zone
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'public_subnets=[\"192.168.2.0/24\"]' -var 'public_subnets_availability_zones=[0]'-auto-approve
Using Air GAP to Create a Private Subnet in a Specific Availability Zone
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'private_subnets=[\"192.168.1.0/24\"]' -var 'private_subnets_availability_zones=[0]'-auto-approve
Using Air GAP to Layout Multiple Public Subnets Across Specific Availability Zones
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'public_subnets=[\"192.168.2.0/24\", \"192.168.4.0/24\"]' -var 'public_subnets_availability_zones=[0, 1]' -auto-approve
Using Air GAP to Layout Multiple Private Subnets Across Specific Availability Zones
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'private_subnets=[\"192.168.1.0/24\", \"192.168.3.0/24\"]' -var 'private_subnets_availability_zones=[0, 1]' -auto-approve
Using Air GAP to Layout Multiple Public and Private Subnets Across Specific Availability Zones
.../a2g> terraform apply -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'public_subnets_tag_base_name=SuperSaasCoPublicSubnet-' -var 'public_subnets=[\"192.168.2.0/24\", \"192.168.4.0/24\"]' -var 'public_subnets_availability_zones=[0, 1]' -var 'private_subnets_tag_base_name=SuperSaasCoPrivateSubnet-' -var 'private_subnets=[\"192.168.1.0/24\", \"192.168.3.0/24\"]' -var 'private_subnets_availability_zones=[0, 1]' -auto-approve
How to Air GAP All Your Public Subnets and Instances Inside them, Then Put Them Back Online
.../a2g> terraform apply -var 'air_gap=true' -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'public_subnets_tag_base_name=SuperSaasCoPublicSubnet-' -var 'public_subnets=[\"192.168.2.0/24\", \"192.168.4.0/24\"]' -var 'public_subnets_availability_zones=[0, 1]' -var 'private_subnets_tag_base_name=SuperSaasCoPrivateSubnet-' -var 'private_subnets=[\"192.168.1.0/24\", \"192.168.3.0/24\"]' -var 'private_subnets_availability_zones=[0, 1]' -auto-approve
.../a2g> terraform apply -var 'air_gap=false' -var 'region=...' -var 'access_key=...' -var 'secret_key=...' -var 'a2g_vpc_cidr=192.168.0.0/16' -var 'a2g_vpc_tag_name=Super SaaS Co VPC' -var 'public_subnets_tag_base_name=SuperSaasCoPublicSubnet-' -var 'public_subnets=[\"192.168.2.0/24\", \"192.168.4.0/24\"]' -var 'public_subnets_availability_zones=[0, 1]' -var 'private_subnets_tag_base_name=SuperSaasCoPrivateSubnet-' -var 'private_subnets=[\"192.168.1.0/24\", \"192.168.3.0/24\"]' -var 'private_subnets_availability_zones=[0, 1]' -auto-approve
Revvops Air GAP SV … can perform virtual firewall level switching with matched security groups and network ACLs. … can setup your VPC for statically or dynamically routed site-to-site VPN connections. … offers ephemeral multi-hop jump boxing for incredibly tight instance access security. … comes with all the source code, to learn from, customize, extend, or integrate with an existing infrastructure automation solution. You gain the ability to access one hundred percent of the AWS VPC configuration surface - so you can make it an even better fit for your security as code infrastructure automation needs. … comes with OpenStack and CloudStack ports to run in your own facility, supporting a private or hybrid cloud migration strategy. … is built into Revvops Redline.