terraform-aws-vpc

This vpc module enables the dynamic creation of subnets and vpc endpoints.

The module design was inspired by the excellent module cloudposse/terraform-aws-multi-az-subnets.

Example configuration

data "aws_availability_zones" "available" {}

locals {
  namespace            = "fraajad"
  stage                = "dev"
  name                 = "main"
  account_network_cidr = "10.128.0.0/16"
}

module "vpc" {
  source = "git::https://github.com/fraajad/terraform-aws-vpc.git?ref=master"

  namespace           = local.namespace
  stage               = local.stage
  name                = local.name
  availability_zones  = slice(data.aws_availability_zones.available.names, 0, 3)
  cidr_block          = local.account_network_cidr
  network = {
    public = {
      cidr_block = cidrsubnet(local.account_network_cidr, 2, 0)
      type       = "public"
    }
    private = {
      cidr_block = cidrsubnet(local.account_network_cidr, 2, 1)
      type       = "private"
    }
  }
  public_subnets_additional_tags = {
    "kubernetes.io/cluster/${local.namespace}-${local.stage}-eks-cluster" = "shared"
    "kubernetes.io/role/elb"                                              = "1"
  }
  private_subnets_additional_tags = {
    "kubernetes.io/cluster/${local.namespace}-${local.stage}-eks-cluster" = "shared"
    "kubernetes.io/role/internal-elb"                                     = "1"
  }
  vpc_endpoints_enabled     = true
  vpc_endpoints             = [
    "ec2",
    "ecr-api",
    "ecr.dkr",
    "s3",
    "logs",
    "sts",
    "elasticloadbalancing",
    "autoscaling"
  ]
}

Outputs:

vpcs = {
  "main" = {
    "availability_zones" = [
      "us-west-2a",
      "us-west-2b",
      "us-west-2c",
    ]
    "cidr_block" = "10.128.0.0/16"
    "default_security_group_id" = "sg-xxxxxxxxxxxxx"
    "igw_id" = "igw-xxxxxxxxxxxxx"
    "nat_gateway_ips" = [
      "xx.xx.xx.xx",
      "xx.xx.xx.xx",
      "xx.xx.xx.xx",
    ]
    "networks" = {
      "private" = {
        "cidr_block" = "10.128.64.0/18"
        "route_table_ids" = [
          "rtb-xxxxxxxxxxxxx",
          "rtb-xxxxxxxxxxxxx",
          "rtb-xxxxxxxxxxxxx",
        ]
        "subnet_ids" = [
          "subnet-xxxxxxxxxxxxx",
          "subnet-xxxxxxxxxxxxx",
          "subnet-xxxxxxxxxxxxx",
        ]
        "type" = "private"
      }
      "public" = {
        "cidr_block" = "10.128.0.0/20"
        "route_table_ids" = [
          "rtb-xxxxxxxxxxxxx",
          "rtb-xxxxxxxxxxxxx",
          "rtb-xxxxxxxxxxxxx",
        ]
        "subnet_ids" = [
          "subnet-xxxxxxxxxxxxx",
          "subnet-xxxxxxxxxxxxx",
          "subnet-xxxxxxxxxxxxx",
        ]
        "type" = "public"
      }
    }
    "vpc_id" = "vpc-xxxxxxxxxxxxx"
  }
}

Requirements

No requirements.

Providers

Name	Version
aws	n/a

Inputs

Name	Description	Type	Default	Required
availability_zones	List of Availability Zones (e.g. ['us-east-1a', 'us-east-1b', 'us-east-1c'])	list(string)	n/a	yes
namespace	Namespace (e.g. eg)	string	n/a	yes
stage	Stage (e.g. prod, dev, staging)	string	n/a	yes
attributes	Additional attributes (e.g. 1)	list(string)	[ "vpc" ]	no
cidr_block	n/a	string	"10.0.0.0/16"	no
delimiter	Delimiter to be used between namespace, environment, stage, name and attributes	string	"-"	no
environment	Environment, e.g. 'prod', 'staging', 'dev'	string	""	no
name	VPC name	string	"main"	no
nat_gateway_enabled	A boolean flag to enable/disable NAT gateway as the default route for private subnets	bool	true	no
network	n/a	map(map(string))	{ "private": { "cidr_block": "10.0.64.0/18", "type": "private" }, "public": { "cidr_block": "10.0.0.0/18", "type": "public" } }	no
private_network_acl_egress	Egress network ACL rules	list(map(string))	[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 } ]	no
private_network_acl_ingress	Egress network ACL rules	list(map(string))	[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 } ]	no
private_subnets_additional_tags	Additional tags to be added to private subnets	map(string)	{}	no
public_network_acl_egress	Egress network ACL rules	list(map(string))	[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 } ]	no
public_network_acl_ingress	Egress network ACL rules	list(map(string))	[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 } ]	no
public_subnets_additional_tags	Additional tags to be added to public subnets	map(string)	{}	no
tags	Additional tags (e.g. map(BusinessUnit,XYZ)	map(string)	{}	no
vpc_endpoint_interface_network	n/a	string	"private"	no
vpc_endpoints	n/a	list(string)	[]	no
vpc_endpoints_enabled	n/a	bool	false	no
vpc_flow_logs_bucket_name	n/a	string	""	no

Outputs

Name	Description
availability_zones	List of Availability Zones where subnets were created
cidr_block	The CIDR block of the VPC
default_security_group_id	The ID of the security group created by default on VPC creation
igw_id	The ID of the Internet Gateway
nat_gateway_ips	IP addresses of the NAT Gateways
network	Map of network attributes
vpc_endpoint_interface_network	n/a
vpc_id	The ID of the VPC