From 208583d20397173356c4c70af00c8759f090817a Mon Sep 17 00:00:00 2001 From: Pmoranga Date: Wed, 14 Sep 2022 14:10:17 -0300 Subject: [PATCH] improvement: Allow to create VPC with custom CIDR --- modules/vpc/README.md | 47 +++++++++++++++++++++++++--------------- modules/vpc/main.tf | 8 +++---- modules/vpc/variables.tf | 6 +++++ 3 files changed, 40 insertions(+), 21 deletions(-) diff --git a/modules/vpc/README.md b/modules/vpc/README.md index 4903b65..e846c8b 100644 --- a/modules/vpc/README.md +++ b/modules/vpc/README.md @@ -9,36 +9,49 @@ Create a VPC for a specific environment, all other resources will be created ins | Name | Version | |------|---------| -| terraform | >= 0.13 | +| [terraform](#requirement\_terraform) | >= 0.13 | ## Providers | Name | Version | |------|---------| -| aws | n/a | +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [nat\_instance](#module\_nat\_instance) | int128/nat-instance/aws | 2.0.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 2.70.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_eip.nat_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| enable\_nat\_gateway | Create NAT gateway(s) to allow private subnets to route traffic out to the public internet. If this is set to false, it will create a NAT instance instead. This can be useful in non-production environments to reduce cost, though in some cases it may lead to network instability or lower throughput. | `bool` | n/a | yes | -| environment | The environment (stage/prod) | `any` | n/a | yes | -| kubernetes\_cluster\_name | Kubernetes cluster name used to associate with subnets for auto LB placement | `any` | n/a | yes | -| nat\_instance\_types | Candidates of instance type for the NAT instance | `list(any)` | 
[
  "t3.nano",
  "t3a.nano"
]
| no | -| project | The name of the project, mostly for tagging | `any` | n/a | yes | -| region | The AWS region to create resources in | `any` | n/a | yes | -| single\_nat\_gateway | Use single nat-gateway instead of nat-gateway per subnet | `bool` | n/a | yes | +| [cidr](#input\_cidr) | The CIDR for the VPC, must be a /16 at least | `string` | `"10.10.0.0/16"` | no | +| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Create NAT gateway(s) to allow private subnets to route traffic out to the public internet. If this is set to false, it will create a NAT instance instead. This can be useful in non-production environments to reduce cost, though in some cases it may lead to network instability or lower throughput. | `bool` | n/a | yes | +| [environment](#input\_environment) | The environment (stage/prod) | `any` | n/a | yes | +| [kubernetes\_cluster\_name](#input\_kubernetes\_cluster\_name) | Kubernetes cluster name used to associate with subnets for auto LB placement | `any` | n/a | yes | +| [nat\_instance\_types](#input\_nat\_instance\_types) | Candidates of instance type for the NAT instance | `list(any)` | 
[
  "t3.nano",
  "t3a.nano"
]
| no | +| [project](#input\_project) | The name of the project, mostly for tagging | `any` | n/a | yes | +| [region](#input\_region) | The AWS region to create resources in | `any` | n/a | yes | +| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Use single nat-gateway instead of nat-gateway per subnet | `bool` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| azs | Availability zones for the VPC | -| database\_subnet\_group | List of subnet groups | -| database\_subnets | List of public subnets | -| private\_subnets | List of private subnets | -| public\_subnets | List of public subnets | -| vpc\_cidr\_block | The CIDR block of the VPC | -| vpc\_id | The ID of the created VPC | - +| [azs](#output\_azs) | Availability zones for the VPC | +| [database\_subnet\_group](#output\_database\_subnet\_group) | List of subnet groups | +| [database\_subnets](#output\_database\_subnets) | List of public subnets | +| [private\_subnets](#output\_private\_subnets) | List of private subnets | +| [public\_subnets](#output\_public\_subnets) | List of public subnets | +| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | +| [vpc\_id](#output\_vpc\_id) | The ID of the created VPC | diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index e846456..c44343a 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -3,12 +3,12 @@ module "vpc" { version = "2.70.0" name = "${var.project}-${var.environment}-vpc" - cidr = "10.10.0.0/16" + cidr = var.cidr azs = ["${var.region}a", "${var.region}b"] # Most regions have 3+ azs - private_subnets = ["10.10.32.0/19", "10.10.64.0/19"] - public_subnets = ["10.10.1.0/24", "10.10.2.0/24"] - database_subnets = ["10.10.10.0/24", "10.10.11.0/24"] + private_subnets = [cidrsubnet(var.cidr, 3, 1), cidrsubnet(var.cidr, 3, 2)] + public_subnets = [cidrsubnet(var.cidr, 8, 1), cidrsubnet(var.cidr, 8, 2)] + database_subnets = [cidrsubnet(var.cidr, 8, 10), cidrsubnet(var.cidr, 8, 11)] # Allow kubernetes ALB ingress controller to auto-detect private_subnet_tags = { diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf index 9037cbe..545c690 100644 --- a/modules/vpc/variables.tf +++ b/modules/vpc/variables.tf @@ -30,3 +30,9 @@ variable "nat_instance_types" { default = ["t3.nano", "t3a.nano"] } + +variable "cidr" { + description = "The CIDR for the VPC, must be a /16 at least" + type = string + default = "10.10.0.0/16" +} \ No newline at end of file