{"id":20656317,"url":"https://github.com/flaconi/terraform-aws-vpc","last_synced_at":"2025-08-14T08:19:01.017Z","repository":{"id":38241462,"uuid":"153642189","full_name":"Flaconi/terraform-aws-vpc","owner":"Flaconi","description":"A Terraform module that creates a customizable VPC and a privately deployed bastion host in an ASG behind an ELB with optionally a CNAME for it.","archived":false,"fork":false,"pushed_at":"2024-06-03T10:34:24.000Z","size":136,"stargazers_count":3,"open_issues_count":0,"forks_count":2,"subscribers_count":20,"default_branch":"master","last_synced_at":"2024-06-03T12:41:12.556Z","etag":null,"topics":["aws","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Flaconi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-18T14:57:26.000Z","updated_at":"2024-06-03T10:31:34.000Z","dependencies_parsed_at":"2024-03-25T10:26:19.205Z","dependency_job_id":"e7d20ad8-e0cf-4062-a3e5-3fe7a19f6e7e","html_url":"https://github.com/Flaconi/terraform-aws-vpc","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Flaconi%2Fterraform-aws-vpc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Flaconi%2Fterraform-aws-vpc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Flaconi%2Fterraform-aws-vpc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Flaconi%2Fterraform-aws-vpc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Flaconi","download_url":"https://codeload.github.com/Flaconi/terraform-aws-vpc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224951615,"owners_count":17397425,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","terraform","terraform-module"],"created_at":"2024-11-16T18:14:47.794Z","updated_at":"2025-04-19T12:24:12.013Z","avatar_url":"https://github.com/Flaconi.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Module VPC\n\n[![lint](https://github.com/flaconi/terraform-aws-vpc/workflows/lint/badge.svg)](https://github.com/flaconi/terraform-aws-vpc/actions?query=workflow%3Alint)\n[![test](https://github.com/flaconi/terraform-aws-vpc/workflows/test/badge.svg)](https://github.com/flaconi/terraform-aws-vpc/actions?query=workflow%3Atest)\n[![Tag](https://img.shields.io/github/tag/flaconi/terraform-aws-vpc.svg)](https://github.com/flaconi/terraform-aws-vpc/releases)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nA Terraform module that creates a customizable VPC (based on the official [VPC module](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws)) and optionally allows to provision a ELB protected bastion host with route53 controlled DNS name and unlimited number of SSH keys.\n\n## Usage example\n\n```hcl\nmodule \"vpc\" {\n  source  = \"github.com/Flaconi/terraform-modules-vpc?ref=v2.1.0\"\n\n  vpc_cidr            = \"12.0.0.0/16\"\n  vpc_subnet_azs      = [\"eu-central-1a\", \"eu-central-1b\", \"eu-central-1c\"]\n  vpc_private_subnets = [\"12.0.1.0/24\", \"12.0.2.0/24\", \"12.0.3.0/24\"]\n  vpc_public_subnets  = [\"12.0.101.0/24\", \"12.0.102.0/24\", \"12.0.103.0/24\"]\n\n  vpc_enable_nat_gateway  = true\n  vpc_enable_vpn_gateway  = false\n  vpc_enable_bastion_host = true\n\n  name = \"my-project\"\n\n  bastion_ssh_keys                = [\"ssh-ed25519 AAAAC3Nznte5aaCdi1a1Lzaai/tX6Mc2E+S6g3lrClL09iBZ5cW2OZdSIqomcMko 2 mysshkey\"]\n  bastion_route53_public_dns_name = \"my-project.example.com\"\n  bastion_subdomain               = \"bastion-host\"\n}\n```\n\n## Examples\n\n* [VPC with bastion](examples/vpc-with-bastion/)\n* [VPC without bastion and only public subnets](examples/vpc-public-without-bastion/)\n\n\u003c!-- TFDOCS_HEADER_START --\u003e\n\n\n\u003c!-- TFDOCS_HEADER_END --\u003e\n\n\u003c!-- TFDOCS_PROVIDER_START --\u003e\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 5 |\n| \u003ca name=\"provider_null\"\u003e\u003c/a\u003e [null](#provider\\_null) | \u003e= 3 |\n\n\u003c!-- TFDOCS_PROVIDER_END --\u003e\n\n\u003c!-- TFDOCS_REQUIREMENTS_START --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5 |\n| \u003ca name=\"requirement_null\"\u003e\u003c/a\u003e [null](#requirement\\_null) | \u003e= 3 |\n\n\u003c!-- TFDOCS_REQUIREMENTS_END --\u003e\n\n\u003c!-- TFDOCS_INPUTS_START --\u003e\n## Required Inputs\n\nThe following input variables are required:\n\n### \u003ca name=\"input_vpc_cidr\"\u003e\u003c/a\u003e [vpc\\_cidr](#input\\_vpc\\_cidr)\n\nDescription: The VPC CIDR to use for this VPC.\n\nType: `string`\n\n### \u003ca name=\"input_vpc_subnet_azs\"\u003e\u003c/a\u003e [vpc\\_subnet\\_azs](#input\\_vpc\\_subnet\\_azs)\n\nDescription: A list of AZ's to use to spawn subnets over\n\nType: `list(string)`\n\n### \u003ca name=\"input_vpc_private_subnets\"\u003e\u003c/a\u003e [vpc\\_private\\_subnets](#input\\_vpc\\_private\\_subnets)\n\nDescription: A list of private subnet CIDR's\n\nType: `list(string)`\n\n### \u003ca name=\"input_vpc_public_subnets\"\u003e\u003c/a\u003e [vpc\\_public\\_subnets](#input\\_vpc\\_public\\_subnets)\n\nDescription: A list of public subnet CIDR's\n\nType: `list(string)`\n\n### \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name)\n\nDescription: The name(-prefix) to prepend/apply to all Name tags on all VPC resources\n\nType: `string`\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### \u003ca name=\"input_vpc_enable_nat_gateway\"\u003e\u003c/a\u003e [vpc\\_enable\\_nat\\_gateway](#input\\_vpc\\_enable\\_nat\\_gateway)\n\nDescription: A boolean that enables or disables NAT gateways for private subnets\n\nType: `bool`\n\nDefault: `true`\n\n### \u003ca name=\"input_vpc_one_nat_gateway_per_az\"\u003e\u003c/a\u003e [vpc\\_one\\_nat\\_gateway\\_per\\_az](#input\\_vpc\\_one\\_nat\\_gateway\\_per\\_az)\n\nDescription: Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`\n\nType: `bool`\n\nDefault: `true`\n\n### \u003ca name=\"input_vpc_reuse_nat_ips\"\u003e\u003c/a\u003e [vpc\\_reuse\\_nat\\_ips](#input\\_vpc\\_reuse\\_nat\\_ips)\n\nDescription: Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\\_nat\\_ip\\_ids' variable\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_vpc_external_nat_ip_names\"\u003e\u003c/a\u003e [vpc\\_external\\_nat\\_ip\\_names](#input\\_vpc\\_external\\_nat\\_ip\\_names)\n\nDescription: \"List of names used to select the allocated EIP(s) that will be associated with the NAT GW(s). These EIPs can be managed outside of this module but they should be with Terraform and should be part of the same state as this module's resources. In case you have an uneven distribution of subnets in your AZs (i.e. you use 2 AZs but create 3 private subnets) and you want to use externally managed EIPs with one NAT GW per AZ, you have to provide as many EIPs as NAT GWs. Otherwise you will see this in the EIPs state message: Elastic IP address [eipalloc-xxx] is already associated.\"\n\nType: `list(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_vpc_enable_dns_hostnames\"\u003e\u003c/a\u003e [vpc\\_enable\\_dns\\_hostnames](#input\\_vpc\\_enable\\_dns\\_hostnames)\n\nDescription: Should be true to enable DNS hostnames in the VPC\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_vpc_enable_dns_support\"\u003e\u003c/a\u003e [vpc\\_enable\\_dns\\_support](#input\\_vpc\\_enable\\_dns\\_support)\n\nDescription: Should be true to enable DNS support in the VPC\n\nType: `bool`\n\nDefault: `true`\n\n### \u003ca name=\"input_vpc_enable_vpn_gateway\"\u003e\u003c/a\u003e [vpc\\_enable\\_vpn\\_gateway](#input\\_vpc\\_enable\\_vpn\\_gateway)\n\nDescription: A boolean that enables or disables a VPN gateways for the VPC\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_vpc_customer_gateways\"\u003e\u003c/a\u003e [vpc\\_customer\\_gateways](#input\\_vpc\\_customer\\_gateways)\n\nDescription: Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)\n\nType: `map(map(any))`\n\nDefault: `{}`\n\n### \u003ca name=\"input_vpc_enable_bastion_host\"\u003e\u003c/a\u003e [vpc\\_enable\\_bastion\\_host](#input\\_vpc\\_enable\\_bastion\\_host)\n\nDescription: A boolean that enables or disables the deployment of a bastion host in the private subnet with an ELB in front of it\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_vpc_secondary_cidr_blocks\"\u003e\u003c/a\u003e [vpc\\_secondary\\_cidr\\_blocks](#input\\_vpc\\_secondary\\_cidr\\_blocks)\n\nDescription: List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool\n\nType: `list(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags)\n\nDescription: A map of additional tags to apply to all VPC resources\n\nType: `map(string)`\n\nDefault: `{}`\n\n### \u003ca name=\"input_vpc_tags\"\u003e\u003c/a\u003e [vpc\\_tags](#input\\_vpc\\_tags)\n\nDescription: A map of additional tags to apply to the VPC\n\nType: `map(string)`\n\nDefault: `{}`\n\n### \u003ca name=\"input_public_subnet_tags\"\u003e\u003c/a\u003e [public\\_subnet\\_tags](#input\\_public\\_subnet\\_tags)\n\nDescription: A map of additional tags to apply to all public subnets\n\nType: `map(string)`\n\nDefault:\n\n```json\n{\n  \"Visibility\": \"public\"\n}\n```\n\n### \u003ca name=\"input_private_subnet_tags\"\u003e\u003c/a\u003e [private\\_subnet\\_tags](#input\\_private\\_subnet\\_tags)\n\nDescription: A map of additional tags to apply to all private subnets\n\nType: `map(string)`\n\nDefault:\n\n```json\n{\n  \"Visibility\": \"private\"\n}\n```\n\n### \u003ca name=\"input_bastion_name\"\u003e\u003c/a\u003e [bastion\\_name](#input\\_bastion\\_name)\n\nDescription: If not empty will overwrite the bastion host name specified by 'name'\n\nType: `string`\n\nDefault: `\"\"`\n\n### \u003ca name=\"input_bastion_ssh_user\"\u003e\u003c/a\u003e [bastion\\_ssh\\_user](#input\\_bastion\\_ssh\\_user)\n\nDescription: User name used for SSH-connections.\n\nType: `string`\n\nDefault: `\"ec2-user\"`\n\n### \u003ca name=\"input_bastion_ssh_keys\"\u003e\u003c/a\u003e [bastion\\_ssh\\_keys](#input\\_bastion\\_ssh\\_keys)\n\nDescription: A list of public ssh keys to add to authorized\\_keys file\n\nType: `list(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_bastion_ssh_cidr_blocks\"\u003e\u003c/a\u003e [bastion\\_ssh\\_cidr\\_blocks](#input\\_bastion\\_ssh\\_cidr\\_blocks)\n\nDescription: A list of CIDR's from which one can connect to the bastion host ELB\n\nType: `list(string)`\n\nDefault:\n\n```json\n[\n  \"0.0.0.0/0\"\n]\n```\n\n### \u003ca name=\"input_bastion_security_group_names\"\u003e\u003c/a\u003e [bastion\\_security\\_group\\_names](#input\\_bastion\\_security\\_group\\_names)\n\nDescription: List of one or more security groups to be added to the load balancer\n\nType: `list(string)`\n\nDefault: `[]`\n\n### \u003ca name=\"input_bastion_route53_public_dns_name\"\u003e\u003c/a\u003e [bastion\\_route53\\_public\\_dns\\_name](#input\\_bastion\\_route53\\_public\\_dns\\_name)\n\nDescription: If set, the bastion ELB will be assigned this public DNS name via Route53.\n\nType: `string`\n\nDefault: `\"\"`\n\n### \u003ca name=\"input_bastion_ami\"\u003e\u003c/a\u003e [bastion\\_ami](#input\\_bastion\\_ami)\n\nDescription: EC2 AMI ID for bastion host.\n\nType: `string`\n\nDefault: `null`\n\n### \u003ca name=\"input_bastion_instance_type\"\u003e\u003c/a\u003e [bastion\\_instance\\_type](#input\\_bastion\\_instance\\_type)\n\nDescription: EC2 instance type of bastion host.\n\nType: `string`\n\nDefault: `\"t2.micro\"`\n\n### \u003ca name=\"input_bastion_cluster_size\"\u003e\u003c/a\u003e [bastion\\_cluster\\_size](#input\\_bastion\\_cluster\\_size)\n\nDescription: The number of Bastion host server nodes to deploy.\n\nType: `number`\n\nDefault: `1`\n\n### \u003ca name=\"input_manage_default_security_group\"\u003e\u003c/a\u003e [manage\\_default\\_security\\_group](#input\\_manage\\_default\\_security\\_group)\n\nDescription: Should be true to adopt and manage default security group\n\nType: `bool`\n\nDefault: `true`\n\n### \u003ca name=\"input_default_security_group_name\"\u003e\u003c/a\u003e [default\\_security\\_group\\_name](#input\\_default\\_security\\_group\\_name)\n\nDescription: Name to be used on the default security group\n\nType: `string`\n\nDefault: `null`\n\n### \u003ca name=\"input_default_security_group_ingress\"\u003e\u003c/a\u003e [default\\_security\\_group\\_ingress](#input\\_default\\_security\\_group\\_ingress)\n\nDescription: List of maps of ingress rules to set on the default security group\n\nType: `list(map(string))`\n\nDefault:\n\n```json\n[\n  {\n    \"from_port\": 0,\n    \"protocol\": -1,\n    \"self\": true,\n    \"to_port\": 0\n  }\n]\n```\n\n### \u003ca name=\"input_default_security_group_egress\"\u003e\u003c/a\u003e [default\\_security\\_group\\_egress](#input\\_default\\_security\\_group\\_egress)\n\nDescription: List of maps of egress rules to set on the default security group\n\nType: `list(map(string))`\n\nDefault:\n\n```json\n[\n  {\n    \"from_port\": 0,\n    \"protocol\": \"-1\",\n    \"self\": true,\n    \"to_port\": 0\n  }\n]\n```\n\n\u003c!-- TFDOCS_INPUTS_END --\u003e\n\n\u003c!-- TFDOCS_OUTPUTS_START --\u003e\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_bastion_asg_name\"\u003e\u003c/a\u003e [bastion\\_asg\\_name](#output\\_bastion\\_asg\\_name) | Autoscaling group name of the bastion host. (or empty string if bastion host is disabled) |\n| \u003ca name=\"output_bastion_elb_fqdn\"\u003e\u003c/a\u003e [bastion\\_elb\\_fqdn](#output\\_bastion\\_elb\\_fqdn) | The auto-generated FQDN of the bastion ELB. |\n| \u003ca name=\"output_bastion_elb_security_group_id\"\u003e\u003c/a\u003e [bastion\\_elb\\_security\\_group\\_id](#output\\_bastion\\_elb\\_security\\_group\\_id) | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) |\n| \u003ca name=\"output_bastion_launch_template_name\"\u003e\u003c/a\u003e [bastion\\_launch\\_template\\_name](#output\\_bastion\\_launch\\_template\\_name) | Launch template name of the bastion host. (or empty string if bastion host is disabled) |\n| \u003ca name=\"output_bastion_route53_public_dns_name\"\u003e\u003c/a\u003e [bastion\\_route53\\_public\\_dns\\_name](#output\\_bastion\\_route53\\_public\\_dns\\_name) | The route53 public dns name of the bastion ELB if set. |\n| \u003ca name=\"output_bastion_security_group_id\"\u003e\u003c/a\u003e [bastion\\_security\\_group\\_id](#output\\_bastion\\_security\\_group\\_id) | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) |\n| \u003ca name=\"output_cgw_ids\"\u003e\u003c/a\u003e [cgw\\_ids](#output\\_cgw\\_ids) | List of IDs of Customer Gateway |\n| \u003ca name=\"output_name\"\u003e\u003c/a\u003e [name](#output\\_name) | The name of the VPC |\n| \u003ca name=\"output_private_route_table_ids\"\u003e\u003c/a\u003e [private\\_route\\_table\\_ids](#output\\_private\\_route\\_table\\_ids) | List of IDs of private route tables |\n| \u003ca name=\"output_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#output\\_private\\_subnets) | List of IDs of private subnets |\n| \u003ca name=\"output_private_subnets_cidr_blocks\"\u003e\u003c/a\u003e [private\\_subnets\\_cidr\\_blocks](#output\\_private\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of private subnets |\n| \u003ca name=\"output_public_route_table_ids\"\u003e\u003c/a\u003e [public\\_route\\_table\\_ids](#output\\_public\\_route\\_table\\_ids) | List of IDs of public route tables |\n| \u003ca name=\"output_public_subnets\"\u003e\u003c/a\u003e [public\\_subnets](#output\\_public\\_subnets) | List of IDs of public subnets |\n| \u003ca name=\"output_public_subnets_cidr_blocks\"\u003e\u003c/a\u003e [public\\_subnets\\_cidr\\_blocks](#output\\_public\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of public subnets |\n| \u003ca name=\"output_vgw_id\"\u003e\u003c/a\u003e [vgw\\_id](#output\\_vgw\\_id) | The ID of the VPN Gateway |\n| \u003ca name=\"output_vpc_cidr_block\"\u003e\u003c/a\u003e [vpc\\_cidr\\_block](#output\\_vpc\\_cidr\\_block) | The CIDR block of the VPC |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id) | The ID of the VPC |\n\n\u003c!-- TFDOCS_OUTPUTS_END --\u003e\n\n## License\n\n[Apache 2.0](LICENSE)\n\nCopyright (c) 2018-2021 [Flaconi GmbH](https://github.com/Flaconi)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflaconi%2Fterraform-aws-vpc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflaconi%2Fterraform-aws-vpc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflaconi%2Fterraform-aws-vpc/lists"}