This vpc
module enables the dynamic creation of subnets and vpc endpoints.
The module design was inspired by the excellent module cloudposse/terraform-aws-multi-az-subnets.
data "aws_availability_zones" "available" {}
locals {
namespace = "fraajad"
stage = "dev"
name = "main"
account_network_cidr = "10.128.0.0/16"
}
module "vpc" {
source = "git::https://github.com/fraajad/terraform-aws-vpc.git?ref=master"
namespace = local.namespace
stage = local.stage
name = local.name
availability_zones = slice(data.aws_availability_zones.available.names, 0, 3)
cidr_block = local.account_network_cidr
network = {
public = {
cidr_block = cidrsubnet(local.account_network_cidr, 2, 0)
type = "public"
}
private = {
cidr_block = cidrsubnet(local.account_network_cidr, 2, 1)
type = "private"
}
}
public_subnets_additional_tags = {
"kubernetes.io/cluster/${local.namespace}-${local.stage}-eks-cluster" = "shared"
"kubernetes.io/role/elb" = "1"
}
private_subnets_additional_tags = {
"kubernetes.io/cluster/${local.namespace}-${local.stage}-eks-cluster" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
vpc_endpoints_enabled = true
vpc_endpoints = [
"ec2",
"ecr-api",
"ecr.dkr",
"s3",
"logs",
"sts",
"elasticloadbalancing",
"autoscaling"
]
}
Outputs:
vpcs = {
"main" = {
"availability_zones" = [
"us-west-2a",
"us-west-2b",
"us-west-2c",
]
"cidr_block" = "10.128.0.0/16"
"default_security_group_id" = "sg-xxxxxxxxxxxxx"
"igw_id" = "igw-xxxxxxxxxxxxx"
"nat_gateway_ips" = [
"xx.xx.xx.xx",
"xx.xx.xx.xx",
"xx.xx.xx.xx",
]
"networks" = {
"private" = {
"cidr_block" = "10.128.64.0/18"
"route_table_ids" = [
"rtb-xxxxxxxxxxxxx",
"rtb-xxxxxxxxxxxxx",
"rtb-xxxxxxxxxxxxx",
]
"subnet_ids" = [
"subnet-xxxxxxxxxxxxx",
"subnet-xxxxxxxxxxxxx",
"subnet-xxxxxxxxxxxxx",
]
"type" = "private"
}
"public" = {
"cidr_block" = "10.128.0.0/20"
"route_table_ids" = [
"rtb-xxxxxxxxxxxxx",
"rtb-xxxxxxxxxxxxx",
"rtb-xxxxxxxxxxxxx",
]
"subnet_ids" = [
"subnet-xxxxxxxxxxxxx",
"subnet-xxxxxxxxxxxxx",
"subnet-xxxxxxxxxxxxx",
]
"type" = "public"
}
}
"vpc_id" = "vpc-xxxxxxxxxxxxx"
}
}
No requirements.
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
availability_zones | List of Availability Zones (e.g. ['us-east-1a', 'us-east-1b', 'us-east-1c'] ) |
list(string) |
n/a | yes |
namespace | Namespace (e.g. eg ) |
string |
n/a | yes |
stage | Stage (e.g. prod , dev , staging ) |
string |
n/a | yes |
attributes | Additional attributes (e.g. 1 ) |
list(string) |
[ |
no |
cidr_block | n/a | string |
"10.0.0.0/16" |
no |
delimiter | Delimiter to be used between namespace , environment , stage , name and attributes |
string |
"-" |
no |
environment | Environment, e.g. 'prod', 'staging', 'dev' | string |
"" |
no |
name | VPC name | string |
"main" |
no |
nat_gateway_enabled | A boolean flag to enable/disable NAT gateway as the default route for private subnets | bool |
true |
no |
network | n/a | map(map(string)) |
{ |
no |
private_network_acl_egress | Egress network ACL rules | list(map(string)) |
[ |
no |
private_network_acl_ingress | Egress network ACL rules | list(map(string)) |
[ |
no |
private_subnets_additional_tags | Additional tags to be added to private subnets | map(string) |
{} |
no |
public_network_acl_egress | Egress network ACL rules | list(map(string)) |
[ |
no |
public_network_acl_ingress | Egress network ACL rules | list(map(string)) |
[ |
no |
public_subnets_additional_tags | Additional tags to be added to public subnets | map(string) |
{} |
no |
tags | Additional tags (e.g. map(BusinessUnit ,XYZ ) |
map(string) |
{} |
no |
vpc_endpoint_interface_network | n/a | string |
"private" |
no |
vpc_endpoints | n/a | list(string) |
[] |
no |
vpc_endpoints_enabled | n/a | bool |
false |
no |
vpc_flow_logs_bucket_name | n/a | string |
"" |
no |
Name | Description |
---|---|
availability_zones | List of Availability Zones where subnets were created |
cidr_block | The CIDR block of the VPC |
default_security_group_id | The ID of the security group created by default on VPC creation |
igw_id | The ID of the Internet Gateway |
nat_gateway_ips | IP addresses of the NAT Gateways |
network | Map of network attributes |
vpc_endpoint_interface_network | n/a |
vpc_id | The ID of the VPC |