This repository contains Terraform configuration files to create a production-ready AWS Virtual Private Cloud (VPC) infrastructure with comprehensive networking components.
This Terraform configuration deploys a highly available, secure AWS VPC infrastructure across multiple availability zones with the following components:
- VPC: Production-grade Virtual Private Cloud with DNS support
- Subnets: Both public and private subnets across multiple availability zones
- NAT Gateways: Internet connectivity for private subnets
- Internet Gateway: Direct internet access for public subnets
- Route Tables: Separate routing for public and private traffic
- Security Groups: Default security group with permissive rules
- VPC Endpoints: Gateway endpoints for S3 and DynamoDB services
- Network ACLs: Additional network-level security
- Flow Logs: VPC traffic monitoring and logging
.
βββ main.tf # Main infrastructure resources
βββ variables.tf # Input variables and defaults
βββ outputs.tf # Output values
βββ providers.tf # Terraform and AWS provider configuration
- Terraform >= 1.0
- AWS CLI configured with appropriate credentials
- AWS account with necessary permissions
-
Clone the repository
git clone https://github.com/manishpcp/aws-vpc-terraform.git cd aws-vpc-terraform -
Initialize Terraform
terraform init
-
Review the plan
terraform plan
-
Apply the configuration
terraform apply
-
Verify deployment
terraform output
| Variable | Description | Type | Default |
|---|---|---|---|
region |
AWS region for the VPC | string | us-east-1 |
vpc_cidr |
CIDR block for the VPC | string | 10.0.0.0/16 |
public_subnets |
List of CIDR blocks for public subnets | list(string) | ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] |
private_subnets |
List of CIDR blocks for private subnets | list(string) | ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] |
availability_zones |
List of availability zones | list(string) | ["us-east-1a", "us-east-1b", "us-east-1c"] |
tags |
Common tags for all resources | map(string) | See variables.tf |
Create a terraform.tfvars file to customize your deployment:
region = "us-west-2"
vpc_cidr = "10.1.0.0/16"
public_subnets = ["10.1.1.0/24", "10.1.2.0/24"]
private_subnets = ["10.1.10.0/24", "10.1.20.0/24"]
availability_zones = ["us-west-2a", "us-west-2b"]
tags = {
Environment = "Staging"
Project = "MyApp"
Owner = "DevOps Team"
ManagedBy = "Terraform"
}After successful deployment, the following outputs will be available:
| Output | Description |
|---|---|
vpc_id |
ID of the created VPC |
public_subnets |
List of public subnet IDs |
private_subnets |
List of private subnet IDs |
nat_gateways |
List of NAT Gateway IDs |
internet_gateway |
Internet Gateway ID |
vpc_cidr |
CIDR block of the VPC |
- Public Subnets: Host resources that need direct internet access (load balancers, bastion hosts)
- Private Subnets: Host internal resources (application servers, databases)
- Multi-AZ Deployment: Resources span multiple availability zones for high availability
- Network ACLs: Additional layer of security at the subnet level
- Security Groups: Instance-level firewall rules
- Flow Logs: Monitor and log VPC traffic for security analysis
- VPC Endpoints: Secure access to AWS services without internet routing
- Public Route Table: Routes internet traffic through Internet Gateway
- Private Route Tables: Routes internet traffic through NAT Gateways (one per AZ)
-
Default Security Group: The current configuration creates a security group with open rules (0.0.0.0/0). Modify this before production use.
-
Network ACLs: Review and customize the Network ACL rules based on your security requirements.
-
Flow Logs: Logs are retained for 30 days. Adjust retention period as needed.
# Example: More restrictive security group
resource "aws_security_group" "web" {
name_prefix = "web-"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}This infrastructure includes cost-optimized features:
- NAT Gateways: One per availability zone (consider NAT instances for development)
- VPC Endpoints: Reduce data transfer costs for S3 and DynamoDB access
- Flow Logs: 30-day retention to balance monitoring and costs
terraform show
terraform state listterraform plan
terraform applyterraform destroyterraform fmt -recursiveterraform validate- Fork the repository
- Create a feature branch
- Make your changes
- Run
terraform fmtandterraform validate - Submit a pull request
- AWS CLI installed and configured
- Terraform installed (version >= 1.0)
- AWS account with VPC creation permissions
- Understanding of AWS networking concepts
- Review of security group and NACL rules
Issue: Error creating VPC: UnauthorizedOperation
Solution: Ensure your AWS credentials have VPC creation permissions
Issue: Error creating NAT Gateway: InsufficientFreeAddressesInSubnet
Solution: Ensure your public subnets have available IP addresses
Issue: Error creating subnet: AvailabilityZoneNotAvailable
Solution: Verify availability zones exist in your selected region
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and questions:
- Create an issue in this repository
- Check AWS documentation for service-specific questions
- Review Terraform documentation for configuration questions