{"id":19165333,"url":"https://github.com/skyscrapers/terraform-network","last_synced_at":"2025-10-12T19:39:58.038Z","repository":{"id":37484613,"uuid":"71786619","full_name":"skyscrapers/terraform-network","owner":"skyscrapers","description":"Terraform modules networking related vpc,subnets,route tables..","archived":false,"fork":false,"pushed_at":"2024-10-02T14:07:51.000Z","size":75,"stargazers_count":19,"open_issues_count":0,"forks_count":11,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-19T22:02:27.792Z","etag":null,"topics":["aws","networking","terraform","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skyscrapers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"securitygroups/all/main.tf","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-10-24T12:29:32.000Z","updated_at":"2025-03-04T19:21:48.000Z","dependencies_parsed_at":"2025-04-19T21:44:50.932Z","dependency_job_id":"ba0589eb-a269-450a-bf33-e8ba7daa31ce","html_url":"https://github.com/skyscrapers/terraform-network","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyscrapers%2Fterraform-network","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyscrapers%2Fterraform-network/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyscrapers%2Fterraform-network/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyscrapers%2Fterraform-network/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skyscrapers","download_url":"https://codeload.github.com/skyscrapers/terraform-network/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252874599,"owners_count":21817860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","networking","terraform","terraform-module","terraform-modules"],"created_at":"2024-11-09T09:27:27.975Z","updated_at":"2025-10-12T19:39:58.012Z","avatar_url":"https://github.com/skyscrapers.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-network\n\nTerraform modules networking related vpc,subnets,route tables..\n\n\u003e [!IMPORTANT]\n\u003e These modules are originally designed to be used within Skyscrapers and are tailored mostly to our own needs. They may also be suitable for your own use cases, however in general we recommend using the excellent [terraform-aws-vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest) module instead.\n\n- [terraform-network](#terraform-network)\n  - [vpc](#vpc)\n    - [Requirements](#requirements)\n    - [Providers](#providers)\n    - [Modules](#modules)\n    - [Resources](#resources)\n    - [Inputs](#inputs)\n    - [Outputs](#outputs)\n    - [Example](#example)\n  - [vpc\\_peering](#vpc_peering)\n    - [Requirements](#requirements-1)\n    - [Providers](#providers-1)\n    - [Modules](#modules-1)\n    - [Resources](#resources-1)\n    - [Inputs](#inputs-1)\n    - [Outputs](#outputs-1)\n  - [Breaking changes and migration](#breaking-changes-and-migration)\n    - [From v5 to v6](#from-v5-to-v6)\n    - [From v4 to v5](#from-v4-to-v5)\n    - [From v2 to v3](#from-v2-to-v3)\n\n## vpc\n\nThis module will create a vpc with the option to specify several types of subnets:\n\n- public_lb_subnets\n- private_app_subnets\n- private_db_subnets\n- private_management_subnets\n\nIt will also create the required NAT Gateways (in separate public_nat subnets) and route tables for the private subnets. There's option for either a single NAT gateway or one per Availability Zone (default). The private_app and private_db subnets are private subnets.\n\n### Requirements\n\nNo requirements.\n\n### Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider_aws) | n/a |\n\n### Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_private_app_subnets\"\u003e\u003c/a\u003e [private_app_subnets](#module_private_app_subnets) | ../subnets | n/a |\n| \u003ca name=\"module_private_db_subnets\"\u003e\u003c/a\u003e [private_db_subnets](#module_private_db_subnets) | ../subnets | n/a |\n| \u003ca name=\"module_private_management_subnets\"\u003e\u003c/a\u003e [private_management_subnets](#module_private_management_subnets) | ../subnets | n/a |\n| \u003ca name=\"module_public_lb_subnets\"\u003e\u003c/a\u003e [public_lb_subnets](#module_public_lb_subnets) | ../subnets | n/a |\n| \u003ca name=\"module_public_nat_subnets\"\u003e\u003c/a\u003e [public_nat_subnets](#module_public_nat_subnets) | ../subnets | n/a |\n\n### Resources\n\n| Name | Type |\n|------|------|\n| [aws_eip.nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |\n| [aws_internet_gateway.gw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |\n| [aws_nat_gateway.gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |\n| [aws_route.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_availability_zones\"\u003e\u003c/a\u003e [availability_zones](#input_availability_zones) | List of AZs to use for the subnets. In general we recommend specifying 3 AZs | `list(string)` | n/a | yes |\n| \u003ca name=\"input_cidr_block\"\u003e\u003c/a\u003e [cidr_block](#input_cidr_block) | CIDR block you want to have in your VPC | `any` | n/a | yes |\n| \u003ca name=\"input_enable_nat_gateway\"\u003e\u003c/a\u003e [enable_nat_gateway](#input_enable_nat_gateway) | Whether to deploy NAT Gateways | `bool` | `true` | no |\n| \u003ca name=\"input_enable_private_app_subnets\"\u003e\u003c/a\u003e [enable_private_app_subnets](#input_enable_private_app_subnets) | Whether to deploy private 'App' subnets | `bool` | `true` | no |\n| \u003ca name=\"input_enable_private_db_subnets\"\u003e\u003c/a\u003e [enable_private_db_subnets](#input_enable_private_db_subnets) | Whether to deploy private 'Database' subnets | `bool` | `true` | no |\n| \u003ca name=\"input_enable_private_management_subnets\"\u003e\u003c/a\u003e [enable_private_management_subnets](#input_enable_private_management_subnets) | Whether to deploy private 'Management' subnets | `bool` | `false` | no |\n| \u003ca name=\"input_enable_public_lb_subnets\"\u003e\u003c/a\u003e [enable_public_lb_subnets](#input_enable_public_lb_subnets) | Whether to deploy the public 'Load Balancer' subnets | `bool` | `true` | no |\n| \u003ca name=\"input_extra_tags_private_app\"\u003e\u003c/a\u003e [extra_tags_private_app](#input_extra_tags_private_app) | Private app subnets extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_extra_tags_private_db\"\u003e\u003c/a\u003e [extra_tags_private_db](#input_extra_tags_private_db) | Private database subnets extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_extra_tags_private_management\"\u003e\u003c/a\u003e [extra_tags_private_management](#input_extra_tags_private_management) | Private management subnets extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_extra_tags_public_lb\"\u003e\u003c/a\u003e [extra_tags_public_lb](#input_extra_tags_public_lb) | Public load balancer subnets extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_extra_tags_public_nat\"\u003e\u003c/a\u003e [extra_tags_public_nat](#input_extra_tags_public_nat) | Public nat subnets extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_extra_tags_vpc\"\u003e\u003c/a\u003e [extra_tags_vpc](#input_extra_tags_vpc) | VPC extra tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input_name) | Main name for your your VPC, subnets, etc. | `string` | `\"production\"` | no |\n| \u003ca name=\"input_netnum_private_app\"\u003e\u003c/a\u003e [netnum_private_app](#input_netnum_private_app) | First number of subnet to start of for private_app subnets | `string` | `\"20\"` | no |\n| \u003ca name=\"input_netnum_private_db\"\u003e\u003c/a\u003e [netnum_private_db](#input_netnum_private_db) | First number of subnet to start of for private_db subnets | `string` | `\"30\"` | no |\n| \u003ca name=\"input_netnum_private_management\"\u003e\u003c/a\u003e [netnum_private_management](#input_netnum_private_management) | First number of subnet to start of for private_management subnets | `string` | `\"200\"` | no |\n| \u003ca name=\"input_netnum_public_lb\"\u003e\u003c/a\u003e [netnum_public_lb](#input_netnum_public_lb) | First number of subnet to start of for public_lb subnets | `string` | `\"10\"` | no |\n| \u003ca name=\"input_netnum_public_nat\"\u003e\u003c/a\u003e [netnum_public_nat](#input_netnum_public_nat) | First number of subnet to start of for public_nat subnets | `string` | `\"0\"` | no |\n| \u003ca name=\"input_single_nat_gateway\"\u003e\u003c/a\u003e [single_nat_gateway](#input_single_nat_gateway) | Whether to use a single NAT Gateway or one per enabled Availability Zone. The number of NAT Gateways also determines the number of private route tables created | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input_tags) | Optional Tags | `map(string)` | `{}` | no |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_default_network_acl_id\"\u003e\u003c/a\u003e [default_network_acl_id](#output_default_network_acl_id) | Id of the default network acl |\n| \u003ca name=\"output_nat_gateway_ids\"\u003e\u003c/a\u003e [nat_gateway_ids](#output_nat_gateway_ids) | n/a |\n| \u003ca name=\"output_nat_gateway_ips\"\u003e\u003c/a\u003e [nat_gateway_ips](#output_nat_gateway_ips) | n/a |\n| \u003ca name=\"output_private_app_subnets\"\u003e\u003c/a\u003e [private_app_subnets](#output_private_app_subnets) | List of the private_app subnets id created |\n| \u003ca name=\"output_private_db_subnets\"\u003e\u003c/a\u003e [private_db_subnets](#output_private_db_subnets) | List of the private_db subnets id created |\n| \u003ca name=\"output_private_management_subnets\"\u003e\u003c/a\u003e [private_management_subnets](#output_private_management_subnets) | List of the private_management subnets id created |\n| \u003ca name=\"output_private_rts\"\u003e\u003c/a\u003e [private_rts](#output_private_rts) | List of the ids of the private route tables created |\n| \u003ca name=\"output_public_lb_subnets\"\u003e\u003c/a\u003e [public_lb_subnets](#output_public_lb_subnets) | List of the public_lb subnets id created |\n| \u003ca name=\"output_public_nat_subnets\"\u003e\u003c/a\u003e [public_nat_subnets](#output_public_nat_subnets) | List of the public_nat subnets id created |\n| \u003ca name=\"output_public_rts\"\u003e\u003c/a\u003e [public_rts](#output_public_rts) | List of the ids of the public route tables created |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc_id](#output_vpc_id) | The id of the vpc created |\n\n### Example\n\n```hcl\ndata \"aws_availability_zones\" \"available\" {\n  state = \"available\"\n}\n\nmodule \"vpc\" {\n  source             = \"github.com/skyscrapers/terraform-network//vpc?ref=6.0.0\"\n\n  cidr_block         = \"172.16.0.0/16\"\n  name               = \"test\"\n  availability_zones = slice(data.aws_availability_zones.available.names, 0, 3)\n  enable_nat_gateway = true\n  single_nat_gateway = false\n\n  extra_tags_public_lb = {\n    \"kubernetes.io/role/elb\" = \"1\"\n  }\n}\n```\n\n## vpc_peering\n\nModule to create a VPC peering connection between two VPCs. It creates the needed resources on both ends of the peering connection, thus it requires two different AWS providers.\n\nIt also creates the routing between the two VPCs if the route tables are provided.\n\n### Requirements\n\nNo requirements.\n\n### Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws.source\"\u003e\u003c/a\u003e [aws.source](#provider_aws.source) | n/a |\n| \u003ca name=\"provider_aws.target\"\u003e\u003c/a\u003e [aws.target](#provider_aws.target) | n/a |\n\n### Modules\n\nNo modules.\n\n### Resources\n\n| Name | Type |\n|------|------|\n| [aws_route.source_to_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.target_to_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_vpc_peering_connection.peering](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource |\n| [aws_vpc_peering_connection_accepter.peering](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource |\n| [aws_vpc_peering_connection_options.peering_accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource |\n| [aws_vpc_peering_connection_options.peering_requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource |\n| [aws_vpc.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |\n| [aws_vpc.target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_source_name\"\u003e\u003c/a\u003e [source_name](#input_source_name) | Name of the source VPC | `string` | n/a | yes |\n| \u003ca name=\"input_source_route_table_ids\"\u003e\u003c/a\u003e [source_route_table_ids](#input_source_route_table_ids) | List of route table IDs from the source VPC that should be routable to the target VPC | `list(string)` | n/a | yes |\n| \u003ca name=\"input_source_vpc_id\"\u003e\u003c/a\u003e [source_vpc_id](#input_source_vpc_id) | ID of the source VPC | `string` | n/a | yes |\n| \u003ca name=\"input_target_account_id\"\u003e\u003c/a\u003e [target_account_id](#input_target_account_id) | AWS account id of the target VPC | `string` | n/a | yes |\n| \u003ca name=\"input_target_name\"\u003e\u003c/a\u003e [target_name](#input_target_name) | Name of the target VPC | `string` | n/a | yes |\n| \u003ca name=\"input_target_route_table_ids\"\u003e\u003c/a\u003e [target_route_table_ids](#input_target_route_table_ids) | List of route table IDs from the target VPC that should be routable to the source VPC | `list(string)` | n/a | yes |\n| \u003ca name=\"input_target_vpc_id\"\u003e\u003c/a\u003e [target_vpc_id](#input_target_vpc_id) | ID of the target VPC | `string` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input_tags) | AWS tags to apply to the created resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_target_region\"\u003e\u003c/a\u003e [target_region](#input_target_region) | AWS region of the target VPC (optional) | `string` | `null` | no |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_vpc_peering_id\"\u003e\u003c/a\u003e [vpc_peering_id](#output_vpc_peering_id) | ID of the VPC peering connection |\n\n## Breaking changes and migration\n\n### From v5 to v6\n\nIn v6 of this module we have made several changes to simplify the VPC module and its usage. The main changes are:\n\n1. removed the `securitygroups` submodules and removed the nat_gateway module\n2. required to specify `availability_zones` and removed `amount_*_subnets` variables. This will be used to determine the amount of subnets to create for each group, so you can no longer specify the amount of subnets per group directly. It also determines several other things, most importantly the amount of NAT Gateways to deploy\n3. integrated creation of NAT gateways into the main `vpc` module itself\n4. renamed the `public_nat-bastion` subnets to `public_nat` subnets\n\nRelated to this change, we have simplified the inputs for the `vpc` module.\n\nRemoved vars:\n\n- `amount_public_nat_bastion_subnets`: this will be determind by the amount of NAT Gateways to deploy\n- `number_private_rt`: this will be determind by the amount of NAT Gateways to deploy\n- `number_nat_gateways`: this is now controlled by the new `enable_nat_gateway` and `single_nat_gateway` variables\n- `amount_public_lb_subnets`: this will be determind by the amount of Availability Zones\n- `amount_private_app_subnets`: this will be determind by the amount of Availability Zones\n- `amount_private_db_subnets`: this will be determind by the amount of Availability Zones\n- `amount_private_management_subnets`: this will be determind by the amount of Availability Zones\n\nNew vars:\n\n- `enable_nat_gateway` (default: true): Whether to deploy NAT Gateways\n- `single_nat_gateway` (default: false): Whether to deploy a single NAT Gateway or one per AZ\n- `enable_public_lb_subnets` (default: true): Whether to deploy public LB subnets\n- `enable_private_app_subnets` (default: true): Whether to deploy private app subnets\n- `enable_private_db_subnets` (default: true): Whether to deploy private DB subnets\n- `enable_private_management_subnets` (default: false): Whether to deploy private management subnets\n\nRemaned:\n\n- `netnum_public_nat-bastion` -\u003e `netnum_public_nat`\n\nIf you deployed the `vpc` and `nat_gateway` modules separately, you will need to remove the `nat_gateway` module from your code and update the `vpc` module to use the new `*_nat_gateway` variables. You can use `moved` blocks to migrate the NAT Gateway resources to the new `vpc` module:\n\n```hcl\nmoved {\n  from = module.nat_gateway.aws_eip.nat_gateway\n  to   = module.vpc.aws_eip.nat_gateway\n}\n\nmoved {\n  from = module.nat_gateway.aws_nat_gateway.gateway\n  to   = module.vpc.aws_nat_gateway.gateway\n}\n\nmoved {\n  from = module.nat_gateway.aws_route.r\n  to   = module.vpc.aws_route.private\n}\n```\n\n### From v4 to v5\n\nStarting with v5, we've changed how naming and tagging of resources happen within the modules. In earlier versions, a resource's name was derived from the `project` and `environment` variables.\n\nStarting with v5, we only provide a `name` variable, so make sure to update your code accordingly. In most cases this shouldn't be a breaking change: names for VPCs, subnets, route tables etc can be changed without a destroy/recreate of the resources.\n\n**Important**: The exception is for Security Groups, so eg. in case of the `securitygroups/all` module, you should specify `name = \"sg_all_myproject_myenv\"` to keep the old name.\n\nWe've also removed our default, hardcoded tags for `Project` and `Environment`. You can still re-add these via the respective `tags` variables, or [use the `default_tags` parameter from the AWS provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags).\n\n### From v2 to v3\n\nThe Terraform state migration commands to migrate from VPC module v2.x to v3.0 and up.\n\n```hcl\nterraform state mv module.vpc.aws_route_table_association.public_nat-bastion_hosts module.vpc.module.public_nat-bastion_subnets.aws_route_table_association.subnet_association\nterraform state mv module.vpc.aws_route_table_association.private_app[0] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[0]\nterraform state mv module.vpc.aws_route_table_association.private_app[1] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[1]\nterraform state mv module.vpc.aws_route_table_association.private_app[2] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[2]\nterraform state mv module.vpc.aws_route_table_association.private_management[0] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[0]\nterraform state mv module.vpc.aws_route_table_association.private_management[1] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[1]\nterraform state mv module.vpc.aws_route_table_association.private_management[2] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[2]\nterraform state mv module.vpc.aws_route_table_association.public_lb_hosts[0] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[0]\nterraform state mv module.vpc.aws_route_table_association.public_lb_hosts[1] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[1]\nterraform state mv module.vpc.aws_route_table_association.public_lb_hosts[2] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[2]\nterraform state mv module.vpc.aws_route_table_association.private_db[0] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[0]\nterraform state mv module.vpc.aws_route_table_association.private_db[1] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[1]\nterraform state mv module.vpc.aws_route_table_association.private_db[2] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[2]\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyscrapers%2Fterraform-network","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskyscrapers%2Fterraform-network","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyscrapers%2Fterraform-network/lists"}