Skip to content
/ terraform-aws-vpc Public

A Terraform module for an AWS Virtual Private Cloud (VPC), with included subnets, route tables, NACLs, and internet/ nat gateways

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cbfield/terraform-aws-vpc

BranchesTags

Repository files navigation

terraform-aws-vpc

A Terraform module for an AWS Virtual Private Cloud (VPC), with included subnets, route tables, NACLs, and internet/ nat gateways

Requirements

Name Version
terraform ~>1.3
aws ~>3.6
tls ~>4.0

Providers

Name Version
aws ~>3.6
tls ~>4.0

Resources

Name Type
aws_ec2_transit_gateway_vpc_attachment.attachment resource
aws_eip.ngw_eip resource
aws_instance.bastion resource
aws_internet_gateway.igw resource
aws_key_pair.bastion_ec2_key resource
aws_nat_gateway.ngw resource
aws_network_acl.endpoint_nacl resource
aws_network_acl.nacl resource
aws_network_acl.ngw_nacl resource
aws_network_acl.tgw_nacl resource
aws_network_acl_rule.ngw_egress resource
aws_network_acl_rule.ngw_ephemeral_ingress resource
aws_network_acl_rule.ngw_subnet_ingress resource
aws_network_acl_rule.rule resource
aws_network_acl_rule.rule_by_group resource
aws_route.igw_route resource
aws_route.ngw_route resource
aws_route.route resource
aws_route.tgw_route resource
aws_route53_resolver_rule_association.rule resource
aws_route_table.endpoint_route_table resource
aws_route_table.ngw_route_table resource
aws_route_table.route_table resource
aws_route_table.tgw_route_table resource
aws_route_table_association.association resource
aws_route_table_association.endpoint resource
aws_route_table_association.ngw resource
aws_route_table_association.tgw resource
aws_security_group.bastion resource
aws_security_group.endpoint resource
aws_security_group_rule.bastion_cidr_ingress resource
aws_security_group_rule.bastion_egress resource
aws_security_group_rule.bastion_self_ingress resource
aws_security_group_rule.bastion_sg_ingress resource
aws_security_group_rule.endpoint_egress resource
aws_security_group_rule.endpoint_ingress resource
aws_subnet.endpoint_subnet resource
aws_subnet.ngw_subnet resource
aws_subnet.subnet resource
aws_subnet.tgw_subnet resource
aws_vpc.vpc resource
aws_vpc_dhcp_options.dhcp_options resource
aws_vpc_dhcp_options_association.dhcp_options_association resource
aws_vpc_endpoint.endpoint resource
aws_vpc_ipv4_cidr_block_association.secondary_cidr resource
aws_vpc_peering_connection.peer resource
aws_vpc_peering_connection_accepter.peer_accepter resource
tls_private_key.bastion_ssh_key resource
aws_ami.al2 data source
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
assign_generated_ipv6_cidr_block Whether to request a /56 IPv6 CIDR block for the VPC bool false no
availability_zones Availability zones to distribute resources within list(string) n/a yes
bastion Configurations for bastion hosts in this VPC 
object({
    ami        = optional(string)
    public_key = optional(string)
    subnets = list(object({
      subnet_group = string
      azs          = optional(list(string))
    }))
    ingress = optional(object({
      cidr_blocks     = optional(list(string), [])
      security_groups = optional(list(string), [])
    }))
  })
 
{
  "subnets": []
}
 no
cidr_block A CIDR block to assign to the VPC string n/a yes
dhcp Configurations for DHCP options for this VPC 
object({
    domain_name          = optional(string)
    domain_name_servers  = optional(list(string), ["AmazonProvidedDNS"])
    ntp_servers          = optional(list(string))
    netbios_name_servers = optional(list(string))
    netbios_node_type    = optional(number)
    tags                 = optional(map(string))
  })
 {} no
enable_classiclink Whether or not to enable ClassicLink for the VPC bool false no
enable_classiclink_dns_support Whether or not to enable ClassicLink DNS support for the VPC bool false no
enable_dns_hostnames Whether or not to enable internal DNS hostnames within the VPC bool true no
enable_dns_support Whether or not to enable internal DNS support within the VPC bool true no
instance_tenancy default, dedicated, or host. Determines tenancy of instances launched within the VPC string "default" no
internet_gateway Configurations for the internet gateway used by this VPC 
object({
    tags = optional(map(string))
  })
 {} no
name The name of the VPC, and the prefix for resources created within the VPC string n/a yes
nat_gateway_subnets Configuration options for the subnets created to house Nat Gateway attachment network interfaces 
object({
    newbits      = optional(number)
    first_netnum = optional(number)
  })
 
{
  "first_netnum": null,
  "newbits": null
}
 no
route53_resolver_rule_associations Route 53 Resolver rules to associate with this VPC list(string) [] no
secondary_ipv4_cidr_blocks Additional IPv4 CIDR blocks to assign to the VPC 
list(object({
    cidr_block          = optional(string)
    ipv4_ipam_pool_id   = optional(string)
    ipv4_netmask_length = optional(number)
  }))
 [] no
subnet_groups Configurations for groups of subnets. For each group, one subnet will be created in each availability zone.
Each subnet in a group will share a common network ACL. If the subnet group type is 'private', routes to a
nat gateway will be created. If the subnet group type is 'public', routes to an internet gateway will be created.
If the subnet group type is 'airgapped', neither will be created.		 
list(object({
    assign_ipv6_address_on_creation = optional(bool)
    customer_owned_ipv4_pool        = optional(string)
    first_netnum                    = number
    ipv6_first_netnum               = optional(number)
    ipv6_newbits                    = optional(number)
    ipv6_prefix                     = optional(string)
    map_customer_owned_ip_on_launch = optional(bool)
    map_public_ip_on_launch         = optional(bool)
    nacl = optional(list(object({
      cidr_block      = optional(string)
      from_port       = number
      egress          = optional(bool, false)
      ipv6_cidr_block = optional(string)
      protocol        = string
      action          = string
      rule_no         = number
      subnet_group    = optional(string)
      to_port         = number
      tags            = optional(map(string))
    })), [])
    name             = string
    newbits          = number
    outpost_arn      = optional(string)
    route_table_tags = optional(map(string))
    routes = optional(list(object({
      carrier_gateway_id        = optional(string)
      cidr_block                = optional(string)
      ipv6_cidr_block           = optional(string)
      prefix_list_id            = optional(string)
      egress_only_gateway_id    = optional(string)
      gateway_id                = optional(string)
      instance_id               = optional(string)
      local_gateway_id          = optional(string)
      nat_gateway_id            = optional(string)
      network_interface_id      = optional(string)
      transit_gateway_id        = optional(string)
      vpc_endpoint_id           = optional(string)
      vpc_peering_connection_id = optional(string)
    })))
    tags = optional(map(string))
    type = string
  }))
 [] no
tags Tags to assign to the VPC map(string) {} no
transit_gateway_attachments Attachments to transit gateways from this VPC 
list(object({
    appliance_mode_support                          = optional(string)
    dns_support                                     = optional(string)
    ipv6_support                                    = optional(string)
    tags                                            = optional(map(string))
    transit_gateway_id                              = string
    transit_gateway_default_route_table_association = optional(bool)
    transit_gateway_default_route_table_propagation = optional(bool)
  }))
 [] no
transit_gateway_subnets Configuration options for the subnets created to house Transit Gateway attachment network interfaces 
object({
    newbits      = optional(number)
    first_netnum = optional(number)
  })
 {} no
vpc_endpoint_subnets Configuration options for the subnets created to house VPC endpoints 
object({
    newbits      = optional(number)
    first_netnum = optional(number)
  })
 {} no
vpc_endpoints VPC endpoints to create within this VPC 
list(object({
    auto_accept         = optional(bool)
    policy              = optional(string)
    private_dns_enabled = optional(bool)
    route_tables = optional(list(object({
      subnet_group = string
      azs          = optional(list(string))
    })))
    service_name      = string
    tags              = optional(map(string))
    vpc_endpoint_type = optional(string)
  }))
 [] no
vpc_peering_connection_accepters Accepters for vpc peering connections that originate elsewhere 
list(object({
    auto_accept               = optional(bool)
    tags                      = optional(map(string))
    vpc_peering_connection_id = string
  }))
 [] no
vpc_peering_connections Peering connections to make to VPCs elsewhere from this VPC 
list(object({
    accepter = optional(object({
      allow_classic_link_to_remote_vpc = optional(bool)
      allow_remote_vpc_dns_resolution  = optional(bool)
      allow_vpc_to_remote_classic_link = optional(bool)
    }))
    auto_accept   = optional(bool)
    peer_owner_id = optional(string)
    peer_region   = optional(string)
    peer_vpc_id   = string
    requester = optional(object({
      allow_classic_link_to_remote_vpc = optional(bool)
      allow_remote_vpc_dns_resolution  = optional(bool)
      allow_vpc_to_remote_classic_link = optional(bool)
    }))
    tags = optional(map(string))
  }))
 [] no

Outputs

Name Description
assign_generated_ipv6_cidr_block The value provided for var.assign_generated_ipv6_cidr_block
aws_caller_id The AWS caller identity used to build the module
bastion The value provided for var.bastion
bastion_ec2_key The EC2 keypair created to provide access to the bastion hosts in this VPC
bastion_instances The ec2 instaces created as bastion hosts in this VPC
bastion_security_group The security group created for the bastion hosts in this VPC
bastion_ssh_key The tls key created to provide access to the bastions, if one was not provided
cidr_block The value provided for var.cidr_block
dhcp The value provided for var.dhcp
dhcp_options The DHCP options configured for the VPC
enable_classiclink The provided value for var.enable_classiclink
enable_classiclink_dns_support The provided value for var.enable_classiclink_dns_support
enable_dns_hostnames The provided value for var.enable_dns_hostnames
enable_dns_support The provided value for var.enable_dns_support
instance_tenancy The provided value for var.instance_tenancy
internet_gateway The internet gateway created for this VPC
nacls Network ACLs created for subnet groups in this VPC
nacls_by_group Network ACLs created for subnet groups in this VPC, nested by group (ex. module.my_vpc.nacls_by_group["my-group"].arn)
name The value provided for var.name
nat_gateway The nat gateways used by this VPC
nat_gateway_eip The elastic IP addresses used by the nat gateways in this VPC
nat_gateway_nacl The NACL that manages ingress and egress to the nat gateways for this VPC
nat_gateway_route_table The route table used by the nat gateways in this VPC
nat_gateway_subnets The subnets containing the nat gateways in this VPC
region The region containing the vpc
route53_resolver_rule_associations The value provided for var.route53_resolver_rule_associations
route_tables Route tables created for this VPC
route_tables_by_group Route tables created for this VPC. Nested by group and AZ (ex. module.my_vpc.route_tables_by_group["my-group"]["us-west-1a"].arn) for private subnet groups,
and nested by group (ex. module.my_vpc.route_tables_by_group["my-group"].arn) for public and airgapped subnet groups
secondary_ipv4_cidr_blocks The value provided for var.secondary_ipv4_cidr_blocks
subnet_groups The provided value for var.subnet_groups
subnets Subnets created in this VPC
subnets_by_group Subnets created in this VPC, nested by group and AZ (ex. module.my_vpc.subnets_by_group["my-group"]["us-west-1a"].arn)
tags Tags assigned to the VPC
transit_gateway_attachments Attachments to transit gateways from this VPC
transit_gateway_nacl The NACL used by the transit gateway subnets
transit_gateway_route_table The route table for the transit gateway subnets
transit_gateway_subnets The subnets created for Transit Gateway attachment network interfaces
vpc The VPC resource object
vpc_endpoint_nacl The NACL used by the VPC endpoint subnets
vpc_endpoint_route_table The route table used by the VPC endpoint subnets
vpc_endpoint_security_group The security group used by the VPC endpoints in this VPC
vpc_endpoint_subnets The subnets that house VPC endpoints in this VPC
vpc_endpoints VPC endpoints created within this VPC
vpc_peering_connection_accepters VPC peering connections accepted by this VPC
vpc_peering_connections VPC peering connections originating from this VPC

About

A Terraform module for an AWS Virtual Private Cloud (VPC), with included subnets, route tables, NACLs, and internet/ nat gateways

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 20

v4.0.2 Latest
Mar 6, 2024
+ 19 releases

Packages

No packages published

Languages