{"id":46189744,"url":"https://github.com/squareops/terraform-aws-vpc","last_synced_at":"2026-03-03T00:01:48.176Z","repository":{"id":145594733,"uuid":"595124119","full_name":"squareops/terraform-aws-vpc","owner":"squareops","description":"Terraform Module to create an AWS VPC network with VPN and configure Peering b/w multiple VPCs","archived":false,"fork":false,"pushed_at":"2024-08-20T08:58:21.000Z","size":208,"stargazers_count":26,"open_issues_count":7,"forks_count":37,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-13T09:54:01.198Z","etag":null,"topics":["aws","terraform","terraform-modules","vpc","vpc-peering","vpn","vpn-server"],"latest_commit_sha":null,"homepage":"https://squareops.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/squareops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-30T12:55:38.000Z","updated_at":"2024-08-20T08:56:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"fa59de29-5399-4533-b4d0-1bcdbdb69181","html_url":"https://github.com/squareops/terraform-aws-vpc","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/squareops/terraform-aws-vpc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-vpc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-vpc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-vpc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-vpc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/squareops","download_url":"https://codeload.github.com/squareops/terraform-aws-vpc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareops%2Fterraform-aws-vpc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29967935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T10:55:55.490Z","status":"ssl_error","status_checked_at":"2026-03-01T10:55:55.175Z","response_time":124,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","terraform","terraform-modules","vpc","vpc-peering","vpn","vpn-server"],"created_at":"2026-03-03T00:01:47.361Z","updated_at":"2026-03-03T00:01:48.157Z","avatar_url":"https://github.com/squareops.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Network Terraform module\n\n![squareops_avatar]\n\n[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png\n\n### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.\n\n\u003cbr\u003e\nTerraform module to create Networking resources with IPv4 or dual stack IP mode enabled for workload deployment on AWS Cloud.\n\n## Usage Example\n\n```hcl\n\nmodule \"key_pair_vpn\" {\n  source             = \"squareops/keypair/aws\"\n  environment        = \"production\"\n  key_name           = format(\"%s-%s-vpn\", \"production\", \"skaf\")\n  ssm_parameter_path = format(\"%s-%s-vpn\", \"production\", \"skaf\")\n}\n\n\nmodule \"vpc\" {\n  source = \"squareops/vpc/aws\"\n  name                                            = \"skaf\"\n  vpc_cidr                                        = \"10.0.0.0/16\"\n  environment                                     = \"production\"\n  ipv6_enabled                                    = true\n  create_ipam_pool                                = false\n  ipam_enabled                                    = false\n  flow_log_enabled                                = true\n  vpn_key_pair_name                               = module.key_pair_vpn.key_pair_name\n  availability_zones                              = [\"us-east-1a\", \"us-east-1b\"]\n  vpn_server_enabled                              = false\n  intra_subnet_enabled                            = true\n  auto_assign_public_ip                           = true\n  public_subnet_enabled                           = true\n  private_subnet_enabled                          = true\n  one_nat_gateway_per_az                          = true\n  database_subnet_enabled                         = true\n  vpn_server_instance_type                        = \"t3a.small\"\n  vpc_s3_endpoint_enabled                         = true\n  vpc_ecr_endpoint_enabled                        = true\n  flow_log_max_aggregation_interval               = 60\n  flow_log_cloudwatch_log_group_skip_destroy      = true\n  flow_log_cloudwatch_log_group_retention_in_days = 90\n  flow_log_cloudwatch_log_group_kms_key_arn       = \"arn:aws:kms:us-east-2:222222222222:key/kms_key_arn\" #Enter your kms key arn\n}\n```\nRefer [this](https://github.com/squareops/terraform-aws-vpc/tree/main/examples) for more examples.\n\n\n## Important Note\nTo prevent destruction interruptions, any resources that have been created outside of Terraform and attached to the resources provisioned by Terraform must be deleted before the module is destroyed.\n\nThe private key generated by Keypair module will be stored in AWS Systems Manager Parameter Store. For more details refer [this](https://registry.terraform.io/modules/squareops/keypair/aws)\n\nFor encrypting vpc flow log cloudwatch log group please use this kms key policy. Change the account id and region.\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Id\": \"allow-cloudwatch-logs-encryption\",\n    \"Statement\": [\n        {\n            \"Sid\": \"AllowRootFullPermissions\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"AWS\": \"arn:aws:iam::12345678:root\"\n            },\n            \"Action\": \"kms:*\",\n            \"Resource\": \"*\"\n        },\n        {\n            \"Sid\": \"AllowCloudWatchLogsEncryption\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"Service\": \"logs.us-east-2.amazonaws.com\"\n            },\n            \"Action\": [\n                \"kms:Encrypt*\",\n                \"kms:Decrypt*\",\n                \"kms:ReEncrypt*\",\n                \"kms:GenerateDataKey*\",\n                \"kms:Describe*\"\n            ],\n            \"Resource\": \"*\"\n        }\n    ]\n}\n```\n\n\n## Network Scenarios\n\nUsers need to declare `vpc_cidr` and subnets are calculated with the help of in-built functions.\n\nThis module supports three scenarios to create Network resource on AWS. Each will be explained in brief in the corresponding sections.\n\n- **simple-vpc (default behavior):** To create a VPC with public subnets and IGW.\n  - `vpc_cidr       = \"\"`\n  - `public_subnet_enabled = true`\n  - `auto_assign_public_ip = true`\n- **vpc-with-private-sub:** To create a VPC with public subnets, private subnets, IGW gateway and NAT gateway.\n  - `vpc_cidr              = \"\"`\n  - `public_subnet_enabled  = true`\n  - `private_subnet_enabled = true`\n  - `auto_assign_public_ip = true`\n\n- **complete-vpc-with-vpn:** To create a VPC with public, private, database and intra subnets along with an IGW and NAT gateway. Jump server/Bastion Host is also configured.\n  - `vpc_cidr                = \"\"`\n  - `public_subnet_enabled   = true`\n  - `private_subnet_enabled  = true`\n  - `database_subnet_enabled = true`\n  - `intra_subnet_enabled    = true`\n  - `auto_assign_public_ip  = true`\n  - `one_nat_gateway_per_az = true`\n  - `vpn_server_enabled     = true`\n  - `vpn_server_instance_type = \"t3a.small\"`\n  - `vpn_key_pair_name         = \"\"`\n  - `availability_zones        = 2`\n  - `flow_log_enabled          = true`\n  - `flow_log_max_aggregation_interval               = 60`\n  - `flow_log_cloudwatch_log_group_retention_in_days = 90`\n  - `flow_log_cloudwatch_log_group_kms_key_arn       = \"arn:aws:kms:us-east-2:222222222222:key/kms_key_arn\"`\n\n- **vpc-peering:** VPC peering support is available using submodule `vpc_peering`. Refer [Peering Docs](https://github.com/squareops/terraform-aws-vpc/tree/main/modules/vpc_peering) for more information\n  - `accepter_name          = \"\"`\n  - `accepter_vpc_id        = \"\"`\n  - `accepter_vpc_region    = \"\"`\n  - `requester_name         = \"\"`\n  - `requester_vpc_id       = \"\"`\n  - `requester_vpc_region   = \"\"`\n  - `auto_assign_public_ip  = true`\n  - `one_nat_gateway_per_az = true`\n\n- **vpc-with-ipv6:** To create VPC with IPv6 support, you only need to enable the parameter `ipv6_enabled`. Rest all the configurations will be taken care by module. Refer for example [vpc-with-ipv6](https://github.com/squareops/terraform-aws-vpc/tree/main/examples/vpc-with-ipv6) for more information.\n  - `vpc_cidr                = \"\"`\n  - `public_subnet_enabled   = true`\n  - `private_subnet_enabled  = true`\n  - `database_subnet_enabled = true`\n  - `intra_subnet_enabled    = true`\n  - `auto_assign_public_ip  = true`\n  - `ipv6_enabled = true`\n  - `public_subnet_assign_ipv6_address_on_creation   = true`\n  - `private_subnet_assign_ipv6_address_on_creation  = true`\n  - `database_subnet_assign_ipv6_address_on_creation = true`\n  - `intra_subnet_assign_ipv6_address_on_creation    = true`\n\n# IAM Permissions\nThe required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-vpc/blob/main/IAM.md)\n\n\n# VPN setup-\nWe are using Pritunl as VPN. It is using Ubuntu 22.04 image as underlying OS.\nTo configure Pritunl VPN:\n\n      1. Access the Pritunl UI over HTTPS using the public IP of EC2 instance in browser\n      2. Retrieve the initial key, user and password for setting up Pritunl from AWS Secrets Manager and log in to Pritunl.\n      3. Create a DNS record mapping to the EC2 instance's public IP\n      4. After login, in the Initial setup window, add the record created in the 'Lets Encrypt Domain' field.\n      5. Pritunl will automatically configure a signed SSL certificate from Lets Encrypt.\n      6. Add organization and user to pritunl.\n      7. Add server and set port as 10150 which is already allowed from security group while creating instance for VPN server.\n      8. Attach organization to the server and Start the server.\n      9. Copy or download user profile link or file.\n     10. Import the profile in Pritunl client.\n\n\n## CIS COMPLIANCE [\u003cimg src=\"\thttps://prowler.pro/wp-content/themes/prowler-pro/assets/img/logo.svg\" width=\"250\" align=\"right\" /\u003e](https://prowler.pro/)\n\nSecurity scanning is graciously provided by Prowler. Prowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.\n\nIn this module, we have implemented the following CIS Compliance checks for VPC:\n\n| Benchmark | Description | Status |\n|-----------|-------------|--------|\n| Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 | No Security Groups open to 0.0.0.0/0 | \u0026#x2714; |\n| Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | For all VPCs created using this module | \u0026#x2714; |\n| Ensure the default security group of every VPC restricts all traffic | For all VPCs created using this module | \u0026#x2714; |\n| Ensure VPC flow logging is enabled in all VPCs | No Default Security Groups open to 0.0.0.0/0 | \u0026#x2714; |\n| Ensure IAM instance roles are used for AWS resource access from instances |For VPN server created using this module | \u0026#x2714; |\n| Ensure EBS volume encryption is enabled   | For VPN server created using this module | \u0026#x2714; |\n\n\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.23 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.23 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_vpc\"\u003e\u003c/a\u003e [vpc](#module\\_vpc) | terraform-aws-modules/vpc/aws | 5.9.0 |\n| \u003ca name=\"module_vpn_server\"\u003e\u003c/a\u003e [vpn\\_server](#module\\_vpn\\_server) | ./modules/vpn | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_security_group.vpc_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_vpc_endpoint.private-ecr-api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.private-ecr-dkr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.private-s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_ipam.ipam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource |\n| [aws_vpc_ipam_pool.ipam_pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |\n| [aws_vpc_ipam_pool_cidr.ipam_pool_cidr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |\n| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |\n| [aws_ec2_instance_type.arch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_instance_type) | data source |\n| [aws_route_tables.aws_private_routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_auto_assign_public_ip\"\u003e\u003c/a\u003e [auto\\_assign\\_public\\_ip](#input\\_auto\\_assign\\_public\\_ip) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. | `bool` | `false` | no |\n| \u003ca name=\"input_availability_zones\"\u003e\u003c/a\u003e [availability\\_zones](#input\\_availability\\_zones) | Number of Availability Zone to be used by VPC Subnets | `list(any)` | `[]` | no |\n| \u003ca name=\"input_create_ipam_pool\"\u003e\u003c/a\u003e [create\\_ipam\\_pool](#input\\_create\\_ipam\\_pool) | Whether create new IPAM pool | `bool` | `true` | no |\n| \u003ca name=\"input_database_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [database\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_database\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\\_public\\_ip\\_on\\_launch | `bool` | `null` | no |\n| \u003ca name=\"input_database_subnet_cidrs\"\u003e\u003c/a\u003e [database\\_subnet\\_cidrs](#input\\_database\\_subnet\\_cidrs) | Database Tier subnet CIDRs to be created | `list(any)` | `[]` | no |\n| \u003ca name=\"input_database_subnet_enabled\"\u003e\u003c/a\u003e [database\\_subnet\\_enabled](#input\\_database\\_subnet\\_enabled) | Set true to enable database subnets | `bool` | `false` | no |\n| \u003ca name=\"input_default_network_acl_ingress\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_ingress](#input\\_default\\_network\\_acl\\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | \u003cpre\u003e[\u003cbr\u003e  {\u003cbr\u003e    \"action\": \"deny\",\u003cbr\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr\u003e    \"from_port\": 22,\u003cbr\u003e    \"protocol\": \"tcp\",\u003cbr\u003e    \"rule_no\": 98,\u003cbr\u003e    \"to_port\": 22\u003cbr\u003e  },\u003cbr\u003e  {\u003cbr\u003e    \"action\": \"deny\",\u003cbr\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr\u003e    \"from_port\": 3389,\u003cbr\u003e    \"protocol\": \"tcp\",\u003cbr\u003e    \"rule_no\": 99,\u003cbr\u003e    \"to_port\": 3389\u003cbr\u003e  },\u003cbr\u003e  {\u003cbr\u003e    \"action\": \"allow\",\u003cbr\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr\u003e    \"from_port\": 0,\u003cbr\u003e    \"protocol\": \"-1\",\u003cbr\u003e    \"rule_no\": 100,\u003cbr\u003e    \"to_port\": 0\u003cbr\u003e  },\u003cbr\u003e  {\u003cbr\u003e    \"action\": \"allow\",\u003cbr\u003e    \"from_port\": 0,\u003cbr\u003e    \"ipv6_cidr_block\": \"::/0\",\u003cbr\u003e    \"protocol\": \"-1\",\u003cbr\u003e    \"rule_no\": 101,\u003cbr\u003e    \"to_port\": 0\u003cbr\u003e  }\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_enable_database_subnet_group\"\u003e\u003c/a\u003e [enable\\_database\\_subnet\\_group](#input\\_enable\\_database\\_subnet\\_group) | Whether create database subnet groups | `bool` | `false` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | Specify the environment indentifier for the VPC | `string` | `\"\"` | no |\n| \u003ca name=\"input_existing_ipam_managed_cidr\"\u003e\u003c/a\u003e [existing\\_ipam\\_managed\\_cidr](#input\\_existing\\_ipam\\_managed\\_cidr) | The existing IPAM pool CIDR | `string` | `\"\"` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_kms_key_arn\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_kms\\_key\\_arn](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_kms\\_key\\_arn) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_skip_destroy\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_skip\\_destroy](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_skip\\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `false` | no |\n| \u003ca name=\"input_flow_log_enabled\"\u003e\u003c/a\u003e [flow\\_log\\_enabled](#input\\_flow\\_log\\_enabled) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no |\n| \u003ca name=\"input_flow_log_max_aggregation_interval\"\u003e\u003c/a\u003e [flow\\_log\\_max\\_aggregation\\_interval](#input\\_flow\\_log\\_max\\_aggregation\\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `60` | no |\n| \u003ca name=\"input_intra_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [intra\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_intra\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\\_public\\_ip\\_on\\_launch | `bool` | `null` | no |\n| \u003ca name=\"input_intra_subnet_cidrs\"\u003e\u003c/a\u003e [intra\\_subnet\\_cidrs](#input\\_intra\\_subnet\\_cidrs) | A list of intra subnets CIDR to be created | `list(any)` | `[]` | no |\n| \u003ca name=\"input_intra_subnet_enabled\"\u003e\u003c/a\u003e [intra\\_subnet\\_enabled](#input\\_intra\\_subnet\\_enabled) | Set true to enable intra subnets | `bool` | `false` | no |\n| \u003ca name=\"input_ipam_enabled\"\u003e\u003c/a\u003e [ipam\\_enabled](#input\\_ipam\\_enabled) | Whether enable IPAM managed VPC or not | `bool` | `false` | no |\n| \u003ca name=\"input_ipam_pool_id\"\u003e\u003c/a\u003e [ipam\\_pool\\_id](#input\\_ipam\\_pool\\_id) | The existing IPAM pool id if any | `string` | `null` | no |\n| \u003ca name=\"input_ipv4_netmask_length\"\u003e\u003c/a\u003e [ipv4\\_netmask\\_length](#input\\_ipv4\\_netmask\\_length) | The netmask length for IPAM managed VPC | `number` | `16` | no |\n| \u003ca name=\"input_ipv6_enabled\"\u003e\u003c/a\u003e [ipv6\\_enabled](#input\\_ipv6\\_enabled) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no |\n| \u003ca name=\"input_ipv6_only\"\u003e\u003c/a\u003e [ipv6\\_only](#input\\_ipv6\\_only) | Enable it for deploying native IPv6 network | `bool` | `false` | no |\n| \u003ca name=\"input_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#input\\_kms\\_key\\_arn) | ARN of the KMS key to encrypt VPN server EBS volume | `string` | `\"\"` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Specify the name of the VPC | `string` | `\"\"` | no |\n| \u003ca name=\"input_one_nat_gateway_per_az\"\u003e\u003c/a\u003e [one\\_nat\\_gateway\\_per\\_az](#input\\_one\\_nat\\_gateway\\_per\\_az) | Set to true if a NAT Gateway is required per availability zone for Private Subnet Tier | `bool` | `false` | no |\n| \u003ca name=\"input_private_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [private\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_private\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\\_public\\_ip\\_on\\_launch | `bool` | `null` | no |\n| \u003ca name=\"input_private_subnet_cidrs\"\u003e\u003c/a\u003e [private\\_subnet\\_cidrs](#input\\_private\\_subnet\\_cidrs) | A list of private subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |\n| \u003ca name=\"input_private_subnet_enabled\"\u003e\u003c/a\u003e [private\\_subnet\\_enabled](#input\\_private\\_subnet\\_enabled) | Set true to enable private subnets | `bool` | `false` | no |\n| \u003ca name=\"input_public_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [public\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_public\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\\_public\\_ip\\_on\\_launch | `bool` | `null` | no |\n| \u003ca name=\"input_public_subnet_cidrs\"\u003e\u003c/a\u003e [public\\_subnet\\_cidrs](#input\\_public\\_subnet\\_cidrs) | A list of public subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |\n| \u003ca name=\"input_public_subnet_enabled\"\u003e\u003c/a\u003e [public\\_subnet\\_enabled](#input\\_public\\_subnet\\_enabled) | Set true to enable public subnets | `bool` | `false` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | The AWS region name | `string` | `null` | no |\n| \u003ca name=\"input_secondary_cidr_blocks\"\u003e\u003c/a\u003e [secondary\\_cidr\\_blocks](#input\\_secondary\\_cidr\\_blocks) | List of the secondary CIDR blocks which can be at most 5 | `list(string)` | `[]` | no |\n| \u003ca name=\"input_secondry_cidr_enabled\"\u003e\u003c/a\u003e [secondry\\_cidr\\_enabled](#input\\_secondry\\_cidr\\_enabled) | Whether enable secondary CIDR with VPC | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_cidr\"\u003e\u003c/a\u003e [vpc\\_cidr](#input\\_vpc\\_cidr) | The CIDR block of the VPC | `string` | `\"10.0.0.0/16\"` | no |\n| \u003ca name=\"input_vpc_ecr_endpoint_enabled\"\u003e\u003c/a\u003e [vpc\\_ecr\\_endpoint\\_enabled](#input\\_vpc\\_ecr\\_endpoint\\_enabled) | Set to true if you want to enable vpc ecr endpoints | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_s3_endpoint_enabled\"\u003e\u003c/a\u003e [vpc\\_s3\\_endpoint\\_enabled](#input\\_vpc\\_s3\\_endpoint\\_enabled) | Set to true if you want to enable vpc S3 endpoints | `bool` | `false` | no |\n| \u003ca name=\"input_vpn_key_pair_name\"\u003e\u003c/a\u003e [vpn\\_key\\_pair\\_name](#input\\_vpn\\_key\\_pair\\_name) | Specify the name of AWS Keypair to be used for VPN Server | `string` | `\"\"` | no |\n| \u003ca name=\"input_vpn_server_enabled\"\u003e\u003c/a\u003e [vpn\\_server\\_enabled](#input\\_vpn\\_server\\_enabled) | Set to true if you want to deploy VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |\n| \u003ca name=\"input_vpn_server_instance_type\"\u003e\u003c/a\u003e [vpn\\_server\\_instance\\_type](#input\\_vpn\\_server\\_instance\\_type) | EC2 instance Type for VPN Server, Only amd64 based instance type are supported eg. t2.medium, t3.micro, c5a.large etc. | `string` | `\"t3a.small\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_database_subnets\"\u003e\u003c/a\u003e [database\\_subnets](#output\\_database\\_subnets) | List of IDs of database subnets |\n| \u003ca name=\"output_intra_subnets\"\u003e\u003c/a\u003e [intra\\_subnets](#output\\_intra\\_subnets) | List of IDs of Intra subnets |\n| \u003ca name=\"output_ipv6_vpc_cidr_block\"\u003e\u003c/a\u003e [ipv6\\_vpc\\_cidr\\_block](#output\\_ipv6\\_vpc\\_cidr\\_block) | The IPv6 CIDR block |\n| \u003ca name=\"output_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#output\\_private\\_subnets) | List of IDs of private subnets |\n| \u003ca name=\"output_public_subnets\"\u003e\u003c/a\u003e [public\\_subnets](#output\\_public\\_subnets) | List of IDs of public subnets |\n| \u003ca name=\"output_vpc_cidr_block\"\u003e\u003c/a\u003e [vpc\\_cidr\\_block](#output\\_vpc\\_cidr\\_block) | IPV4 CIDR Block for this VPC |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id) | The ID of the VPC |\n| \u003ca name=\"output_vpc_ipv6_association_id\"\u003e\u003c/a\u003e [vpc\\_ipv6\\_association\\_id](#output\\_vpc\\_ipv6\\_association\\_id) | The association ID for the IPv6 CIDR block |\n| \u003ca name=\"output_vpc_secondary_cidr_blocks\"\u003e\u003c/a\u003e [vpc\\_secondary\\_cidr\\_blocks](#output\\_vpc\\_secondary\\_cidr\\_blocks) | List of secondary CIDR blocks of the VPC |\n| \u003ca name=\"output_vpn_host_public_ip\"\u003e\u003c/a\u003e [vpn\\_host\\_public\\_ip](#output\\_vpn\\_host\\_public\\_ip) | IP Address of VPN Server |\n| \u003ca name=\"output_vpn_port_description\"\u003e\u003c/a\u003e [vpn\\_port\\_description](#output\\_vpn\\_port\\_description) | Description of VPN server port |\n| \u003ca name=\"output_vpn_security_group\"\u003e\u003c/a\u003e [vpn\\_security\\_group](#output\\_vpn\\_security\\_group) | Security Group ID of VPN Server |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Contribute \u0026 Issue Report\n\nTo report an issue with a project:\n\n  1. Check the repository's [issue tracker](https://github.com/squareops/terraform-aws-vpc/issues) on GitHub\n  2. Search to check if the issue has already been reported\n  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.\n\n## License\n\nApache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)\n\n## Support Us\n\nTo support our GitHub project by liking it, you can follow these steps:\n\n  1. Visit the repository: Navigate to the [GitHub repository](https://github.com/squareops/terraform-aws-vpc)\n\n  2. Click the \"Star\" button: On the repository page, you'll see a \"Star\" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.\n\n  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.\n\nStaring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.\n\n## Who we are\n\nWe believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps \u0026 Cloud services designed to help your organization optimize its systems \u0026 Processes for speed and agility.\n\n  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.\n  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.\n  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.\n  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.\n  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.\n  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.\n\nWe provide [support](https://squareops.com/contact-us/) on all of our projects, no matter how small or large they may be.\n\nTo find more information about our company, visit [squareops.com](https://squareops.com/), follow us on [Linkedin](https://www.linkedin.com/company/squareops-technologies-pvt-ltd/), or fill out a [job application](https://squareops.com/careers/). If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to [contact us](https://squareops.com/contact-us/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareops%2Fterraform-aws-vpc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquareops%2Fterraform-aws-vpc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareops%2Fterraform-aws-vpc/lists"}