Terraform Module
GitLab Repository: https://gitlab.com/miquido/terraform/terraform-vpc
module "vpc" {
source = "git::ssh://git@gitlab.com:miquido/terraform/terraform-vpc.git?ref=master"
name = "main"
project = "example"
environment = "dev"
tags = var.tags
azs = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]
nat_type = "gateway-single"
enable_ecs_fargate_private_link = false
}You can also deploy VPC without NAT, with NAT instance or NAT gateway per AZ by modyfing value of nat_type variable.
Available targets:
help Help screen
help/all Display help for all targets
help/short This help short screen
lint Lint Terraform code
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | ~> 4.1 |
| Name | Version |
|---|---|
| aws | ~> 4.1 |
| Name | Source | Version |
|---|---|---|
| dynamic-subnets | git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git | 1.0.0 |
| label | git::https://github.com/cloudposse/terraform-terraform-label | 0.8.0 |
| vpc | git::https://github.com/cloudposse/terraform-aws-vpc.git | 0.28.1 |
| Name | Type |
|---|---|
| aws_eip.single-nat | resource |
| aws_nat_gateway.single-nat | resource |
| aws_route.default | resource |
| aws_security_group.main | resource |
| aws_security_group_rule.default-sg-allow-all-egress | resource |
| aws_security_group_rule.default-sg-allow-self-ingress | resource |
| aws_vpc_endpoint.cloudwatch | resource |
| aws_vpc_endpoint.ecr-api | resource |
| aws_vpc_endpoint.ecr-dkr | resource |
| aws_vpc_endpoint.s3 | resource |
| aws_vpc_endpoint_service.cloudwatch | data source |
| aws_vpc_endpoint_service.ecr-api | data source |
| aws_vpc_endpoint_service.ecr-dkr | data source |
| aws_vpc_endpoint_service.s3 | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azs | List of Availability Zones where subnets will be created | list(string) |
[] |
no |
| cidr | CIDR for the VPC | string |
"10.0.0.0/16" |
no |
| enable_ecs_fargate_private_link | Controls whether to create VPC Endpoints regarding AWS ECS with Fargate services in managed VPC | bool |
false |
no |
| environment | Environment name | string |
"" |
no |
| instance_tenancy | A tenancy option for instances launched into the VPC | string |
"default" |
no |
| map_public_ip_on_launch | Instances launched into a public subnet should be assigned a public IP address | bool |
true |
no |
| max_subnet_count | Sets the maximum amount of subnets to deploy. 0 will deploy a subnet for every provided availablility zone (in availability_zones variable) within the region |
number |
0 |
no |
| name | Resource common name | string |
n/a | yes |
| nat_instance_type | NAT Instance type | string |
"t3.micro" |
no |
| nat_type | Configure deployment of NAT instances/gateways for private subnets. Possible values are: gateway-per-az, gateway-single, instance-per-az and off. | string |
"gateway-per-az" |
no |
| private_network_acl_id | Network ACL ID that will be added to private subnets. If empty, a new ACL will be created | string |
"" |
no |
| private_subnets_additional_tags | Additional tags to be added to private subnets | map(string) |
{} |
no |
| project | Account/Project Name | string |
n/a | yes |
| public_network_acl_id | Network ACL ID that will be added to public subnets. If empty, a new ACL will be created | string |
"" |
no |
| public_subnets_additional_tags | Additional tags to be added to public subnets | map(string) |
{} |
no |
| subnet_type_tag_key | Key for subnet type tag to provide information about the type of subnets, e.g. cpco.io/subnet/type=private or cpco.io/subnet/type=public |
string |
"miquido.com/subnet/type" |
no |
| subnet_type_tag_value_format | This is using the format interpolation symbols to allow the value of the subnet_type_tag_key to be modified. | string |
"%s" |
no |
| tags | Tags to apply on repository | map(string) |
{} |
no |
| vpc_main_security_group_allow_all_egress | Add rule to main security group that allows all egress traffic | bool |
true |
no |
| vpc_main_security_group_allow_self_ingress | Add rule to main security group that allows all ingress traffic from the same group | bool |
true |
no |
| Name | Description |
|---|---|
| availability_zones | List of Availability Zones where subnets were created |
| igw_id | n/a |
| nat_gateway_ids | IDs of the NAT Gateways created |
| nat_instance_ids | IDs of the NAT Instances created |
| private_route_table_ids | IDs of the created private route tables |
| private_subnet_cidrs | CIDR blocks of the created private subnets |
| private_subnet_ids | IDs of the created private subnets |
| public_route_table_ids | IDs of the created public route tables |
| public_subnet_cidrs | CIDR blocks of the created public subnets |
| public_subnet_ids | IDs of the created public subnets |
| vpc_cidr | n/a |
| vpc_default_network_acl_id | The ID of the network ACL created by default on VPC creation |
| vpc_default_route_table_id | The ID of the route table created by default on VPC creation |
| vpc_default_security_group_id | The ID of the security group created by default on VPC creation |
| vpc_id | n/a |
| vpc_ipv6_association_id | The association ID for the IPv6 CIDR block |
| vpc_ipv6_cidr | The IPv6 CIDR block |
| vpc_main_route_table_id | The ID of the main route table associated with this VPC |
| vpc_main_security_group_id | The ID of the main security group associated with this VPC |
-
Make changes in terraform files
-
Regenerate documentation
bash <(git archive --remote=git@gitlab.com:miquido/terraform/terraform-readme-update.git master update.sh | tar -xO) -
Run lint
make lint
Copyright © 2017-2022 Miquido
 Konrad Obal |
|---|