{"id":13505687,"url":"https://github.com/terraform-aws-modules/terraform-aws-vpc","last_synced_at":"2026-01-08T21:05:19.675Z","repository":{"id":37335147,"uuid":"101660954","full_name":"terraform-aws-modules/terraform-aws-vpc","owner":"terraform-aws-modules","description":"Terraform module to create AWS VPC resources 🇺🇦","archived":false,"fork":false,"pushed_at":"2025-04-21T23:55:16.000Z","size":1150,"stargazers_count":3081,"open_issues_count":20,"forks_count":4526,"subscribers_count":78,"default_branch":"master","last_synced_at":"2025-04-23T17:09:23.819Z","etag":null,"topics":["aws","aws-vpc","terraform-module","vpc"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-aws-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["antonbabenko"],"custom":"https://www.paypal.me/antonbabenko"}},"created_at":"2017-08-28T16:00:21.000Z","updated_at":"2025-04-22T19:06:50.000Z","dependencies_parsed_at":"2022-07-14T23:30:42.589Z","dependency_job_id":"23cbb117-0563-4c84-ab74-1e5c36651e17","html_url":"https://github.com/terraform-aws-modules/terraform-aws-vpc","commit_stats":{"total_commits":459,"total_committers":139,"mean_commits":3.302158273381295,"dds":0.5577342047930283,"last_synced_commit":"9ffd9c66f3d7eb4b5bc2d7bc7d049f794b127693"},"previous_names":[],"tags_count":229,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-vpc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-vpc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-vpc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-aws-modules%2Fterraform-aws-vpc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-aws-modules","download_url":"https://codeload.github.com/terraform-aws-modules/terraform-aws-vpc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253747784,"owners_count":21957803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-vpc","terraform-module","vpc"],"created_at":"2024-08-01T00:01:11.667Z","updated_at":"2026-01-08T21:05:19.667Z","avatar_url":"https://github.com/terraform-aws-modules.png","language":"HCL","funding_links":["https://github.com/sponsors/antonbabenko","https://www.paypal.me/antonbabenko"],"categories":["Community Modules","Templates \u0026 Boilerplates","HCL"],"sub_categories":["Miscellaneous"],"readme":"# AWS VPC Terraform module\n\nTerraform module which creates VPC resources on AWS.\n\n[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)\n\n## Usage\n\n```hcl\nmodule \"vpc\" {\n  source = \"terraform-aws-modules/vpc/aws\"\n\n  name = \"my-vpc\"\n  cidr = \"10.0.0.0/16\"\n\n  azs             = [\"eu-west-1a\", \"eu-west-1b\", \"eu-west-1c\"]\n  private_subnets = [\"10.0.1.0/24\", \"10.0.2.0/24\", \"10.0.3.0/24\"]\n  public_subnets  = [\"10.0.101.0/24\", \"10.0.102.0/24\", \"10.0.103.0/24\"]\n\n  enable_nat_gateway = true\n  enable_vpn_gateway = true\n\n  tags = {\n    Terraform = \"true\"\n    Environment = \"dev\"\n  }\n}\n```\n\n\u003e [!WARNING]\n\u003e v6.x of the module still supports creating a VPC Flow Log within the root (VPC) module. However, this is deprecated behavior and will be removed in v7.0.0. Please use the [standalone flow log](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/modules/flow-log) module instead.\n\n## External NAT Gateway IPs\n\nBy default this module will provision new Elastic IPs for the VPC's NAT Gateways.\nThis means that when creating a new VPC, new IPs are allocated, and when that VPC is destroyed those IPs are released.\nSometimes it is handy to keep the same IPs even after the VPC is destroyed and re-created.\nTo that end, it is possible to assign existing IPs to the NAT Gateways.\nThis prevents the destruction of the VPC from releasing those IPs, while making it possible that a re-created VPC uses the same IPs.\n\nTo achieve this, allocate the IPs outside the VPC module declaration.\n\n```hcl\nresource \"aws_eip\" \"nat\" {\n  count = 3\n\n  vpc = true\n}\n```\n\nThen, pass the allocated IPs as a parameter to this module.\n\n```hcl\nmodule \"vpc\" {\n  source = \"terraform-aws-modules/vpc/aws\"\n\n  # The rest of arguments are omitted for brevity\n\n  enable_nat_gateway  = true\n  single_nat_gateway  = false\n  reuse_nat_ips       = true                    # \u003c= Skip creation of EIPs for the NAT Gateways\n  external_nat_ip_ids = \"${aws_eip.nat.*.id}\"   # \u003c= IPs specified here as input to the module\n}\n```\n\nNote that in the example we allocate 3 IPs because we will be provisioning 3 NAT Gateways (due to `single_nat_gateway = false` and having 3 subnets).\nIf, on the other hand, `single_nat_gateway = true`, then `aws_eip.nat` would only need to allocate 1 IP.\nPassing the IPs into the module is done by setting two variables `reuse_nat_ips = true` and `external_nat_ip_ids = \"${aws_eip.nat.*.id}\"`.\n\n## NAT Gateway Scenarios\n\nThis module supports three scenarios for creating NAT gateways. Each will be explained in further detail in the corresponding sections.\n\n- One NAT Gateway per subnet (default behavior)\n  - `enable_nat_gateway = true`\n  - `single_nat_gateway = false`\n  - `one_nat_gateway_per_az = false`\n- Single NAT Gateway\n  - `enable_nat_gateway = true`\n  - `single_nat_gateway = true`\n  - `one_nat_gateway_per_az = false`\n- One NAT Gateway per availability zone\n  - `enable_nat_gateway = true`\n  - `single_nat_gateway = false`\n  - `one_nat_gateway_per_az = true`\n\nIf both `single_nat_gateway` and `one_nat_gateway_per_az` are set to `true`, then `single_nat_gateway` takes precedence.\n\n### One NAT Gateway per subnet (default)\n\nBy default, the module will determine the number of NAT Gateways to create based on the `max()` of the private subnet lists (`database_subnets`, `elasticache_subnets`, `private_subnets`, and `redshift_subnets`). The module **does not** take into account the number of `intra_subnets`, since the latter are designed to have no Internet access via NAT Gateway. For example, if your configuration looks like the following:\n\n```hcl\ndatabase_subnets    = [\"10.0.21.0/24\", \"10.0.22.0/24\"]\nelasticache_subnets = [\"10.0.31.0/24\", \"10.0.32.0/24\"]\nprivate_subnets     = [\"10.0.1.0/24\", \"10.0.2.0/24\", \"10.0.3.0/24\", \"10.0.4.0/24\", \"10.0.5.0/24\"]\nredshift_subnets    = [\"10.0.41.0/24\", \"10.0.42.0/24\"]\nintra_subnets       = [\"10.0.51.0/24\", \"10.0.52.0/24\", \"10.0.53.0/24\"]\n```\n\nThen `5` NAT Gateways will be created since `5` private subnet CIDR blocks were specified.\n\n### Single NAT Gateway\n\nIf `single_nat_gateway = true`, then all private subnets will route their Internet traffic through this single NAT gateway. The NAT gateway will be placed in the first public subnet in your `public_subnets` block.\n\n### One NAT Gateway per availability zone\n\nIf `one_nat_gateway_per_az = true` and `single_nat_gateway = false`, then the module will place one NAT gateway in each availability zone you specify in `var.azs`. There are some requirements around using this feature flag:\n\n- The variable `var.azs` **must** be specified.\n- The number of public subnet CIDR blocks specified in `public_subnets` **must** be greater than or equal to the number of availability zones specified in `var.azs`. This is to ensure that each NAT Gateway has a dedicated public subnet to deploy to.\n\n## \"private\" versus \"intra\" subnets\n\nBy default, if NAT Gateways are enabled, private subnets will be configured with routes for Internet traffic that point at the NAT Gateways configured by use of the above options.\n\nIf you need private subnets that should have no Internet routing (in the sense of [RFC1918 Category 1 subnets](https://tools.ietf.org/html/rfc1918)), `intra_subnets` should be specified. An example use case is configuration of AWS Lambda functions within a VPC, where AWS Lambda functions only need to pass traffic to internal resources or VPC endpoints for AWS services.\n\nSince AWS Lambda functions allocate Elastic Network Interfaces in proportion to the traffic received ([read more](https://docs.aws.amazon.com/lambda/latest/dg/vpc.html)), it can be useful to allocate a large private subnet for such allocations, while keeping the traffic they generate entirely internal to the VPC.\n\n## Conditional creation\n\nPrior to Terraform 0.13, you were unable to specify `count` in a module block. If you wish to toggle the creation of the module's resources in an older (pre 0.13) version of Terraform, you can use the `create_vpc` argument.\n\n```hcl\n# This VPC will not be created\nmodule \"vpc\" {\n  source = \"terraform-aws-modules/vpc/aws\"\n\n  create_vpc = false\n  # ... omitted\n}\n```\n\n## Public access to RDS instances\n\nSometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments:\n\n```hcl\n  create_database_subnet_group           = true\n  create_database_subnet_route_table     = true\n  create_database_internet_gateway_route = true\n\n  enable_dns_hostnames = true\n  enable_dns_support   = true\n```\n\n## Network Access Control Lists (ACL or NACL)\n\nThis module can manage network ACL and rules. Once VPC is created, AWS creates the default network ACL, which can be controlled using this module (`manage_default_network_acl = true`).\n\nAlso, each type of subnet may have its own network ACL with custom rules per subnet. Eg, set `public_dedicated_network_acl = true` to use dedicated network ACL for the public subnets; set values of `public_inbound_acl_rules` and `public_outbound_acl_rules` to specify all the NACL rules you need to have on public subnets (see `variables.tf` for default values and structures).\n\nBy default, all subnets are associated with the default network ACL.\n\n## Public access to Redshift cluster\n\nSometimes it is handy to have public access to Redshift clusters (for example if you need to access it by Kinesis - VPC endpoint for Kinesis is not yet supported by Redshift) by specifying these arguments:\n\n```hcl\n  enable_public_redshift = true  # \u003c= By default Redshift subnets will be associated with the private route table\n```\n\n## Transit Gateway (TGW) integration\n\nIt is possible to integrate this VPC module with [terraform-aws-transit-gateway module](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway) which handles the creation of TGW resources and VPC attachments. See [complete example there](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete).\n\n## VPC CIDR from AWS IP Address Manager (IPAM)\n\nIt is possible to have your VPC CIDR assigned from an [AWS IPAM Pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool). However, In order to build subnets within this module Terraform must know subnet CIDRs to properly plan the amount of resources to build. Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. You can get around this by \"previewing\" the CIDR and then using that as the subnet values.\n\n_Note: Due to race conditions with `terraform plan`, it is not possible to use `ipv4_netmask_length` or a pools `allocation_default_netmask_length` within this module. You must explicitly set the CIDRs for a pool to use._\n\n```hcl\n# Find the pool RAM shared to your account\n# Info on RAM sharing pools: https://docs.aws.amazon.com/vpc/latest/ipam/share-pool-ipam.html\ndata \"aws_vpc_ipam_pool\" \"ipv4_example\" {\n  filter {\n    name   = \"description\"\n    values = [\"*mypool*\"]\n  }\n\n  filter {\n    name   = \"address-family\"\n    values = [\"ipv4\"]\n  }\n}\n\n# Preview next CIDR from pool\ndata \"aws_vpc_ipam_preview_next_cidr\" \"previewed_cidr\" {\n  ipam_pool_id   = data.aws_vpc_ipam_pool.ipv4_example.id\n  netmask_length = 24\n}\n\ndata \"aws_region\" \"current\" {}\n\n# Calculate subnet cidrs from previewed IPAM CIDR\nlocals {\n  partition       = cidrsubnets(data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr, 2, 2)\n  private_subnets = cidrsubnets(local.partition[0], 2, 2)\n  public_subnets  = cidrsubnets(local.partition[1], 2, 2)\n  azs             = formatlist(\"${data.aws_region.current.name}%s\", [\"a\", \"b\"])\n}\n\nmodule \"vpc_cidr_from_ipam\" {\n  source            = \"terraform-aws-modules/vpc/aws\"\n  name              = \"vpc-cidr-from-ipam\"\n  ipv4_ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id\n  azs               = local.azs\n  cidr              = data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr\n  private_subnets   = local.private_subnets\n  public_subnets    = local.public_subnets\n}\n```\n\n## Examples\n\n- [Block Public Access](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/block-public-access)\n- [Complete VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete) w/ VPC Endpoints\n- [VPC w/ Flow Log](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/flow-log)\n- [VPC using IPAM](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipam)\n- [Dualstack IPv4/IPv6 VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-dualstack)\n- [IPv6 only subnets VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-only)\n- [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc)\n- [VPC w/ Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls)\n- [VPC w/ Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost)\n- [VPC w/ secondary CIDR blocks](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/secondary-cidr-blocks)\n- [VPC w/ unique route tables](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/separate-route-tables)\n- [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple)\n\n## Contributing\n\nReport issues/questions/feature requests on in the [issues](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/new) section.\n\nFull contributing [guidelines are covered here](.github/contributing.md).\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 6.28 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 6.28 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_customer_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |\n| [aws_db_subnet_group.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |\n| [aws_default_network_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) | resource |\n| [aws_default_route_table.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) | resource |\n| [aws_default_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource |\n| [aws_default_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource |\n| [aws_egress_only_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) | resource |\n| [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |\n| [aws_elasticache_subnet_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |\n| [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |\n| [aws_iam_policy.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |\n| [aws_nat_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |\n| [aws_network_acl.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl_rule.database_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.database_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.elasticache_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.elasticache_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.intra_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.intra_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.outpost_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.outpost_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.private_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.private_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.public_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.public_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.redshift_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.redshift_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_redshift_subnet_group.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_subnet_group) | resource |\n| [aws_route.database_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.database_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.database_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.database_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.private_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.private_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.public_internet_gateway_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route_table.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table_association.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_route_table_association.redshift_public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_subnet.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_subnet.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |\n| [aws_vpc_block_public_access_exclusion.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_block_public_access_exclusion) | resource |\n| [aws_vpc_block_public_access_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_block_public_access_options) | resource |\n| [aws_vpc_dhcp_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options) | resource |\n| [aws_vpc_dhcp_options_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options_association) | resource |\n| [aws_vpc_ipv4_cidr_block_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource |\n| [aws_vpn_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | resource |\n| [aws_vpn_gateway_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment) | resource |\n| [aws_vpn_gateway_route_propagation.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |\n| [aws_vpn_gateway_route_propagation.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |\n| [aws_vpn_gateway_route_propagation.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.flow_log_cloudwatch_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_amazon_side_asn\"\u003e\u003c/a\u003e [amazon\\_side\\_asn](#input\\_amazon\\_side\\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN | `string` | `\"64512\"` | no |\n| \u003ca name=\"input_azs\"\u003e\u003c/a\u003e [azs](#input\\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no |\n| \u003ca name=\"input_cidr\"\u003e\u003c/a\u003e [cidr](#input\\_cidr) | (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` \u0026 `ipv4_ipam_pool_id` | `string` | `\"10.0.0.0/16\"` | no |\n| \u003ca name=\"input_create_database_internet_gateway_route\"\u003e\u003c/a\u003e [create\\_database\\_internet\\_gateway\\_route](#input\\_create\\_database\\_internet\\_gateway\\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_database_nat_gateway_route\"\u003e\u003c/a\u003e [create\\_database\\_nat\\_gateway\\_route](#input\\_create\\_database\\_nat\\_gateway\\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no |\n| \u003ca name=\"input_create_database_subnet_group\"\u003e\u003c/a\u003e [create\\_database\\_subnet\\_group](#input\\_create\\_database\\_subnet\\_group) | Controls if database subnet group should be created (n.b. database\\_subnets must also be set) | `bool` | `true` | no |\n| \u003ca name=\"input_create_database_subnet_route_table\"\u003e\u003c/a\u003e [create\\_database\\_subnet\\_route\\_table](#input\\_create\\_database\\_subnet\\_route\\_table) | Controls if separate route table for database should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_egress_only_igw\"\u003e\u003c/a\u003e [create\\_egress\\_only\\_igw](#input\\_create\\_egress\\_only\\_igw) | Controls if an Egress Only Internet Gateway is created and its related routes | `bool` | `true` | no |\n| \u003ca name=\"input_create_elasticache_subnet_group\"\u003e\u003c/a\u003e [create\\_elasticache\\_subnet\\_group](#input\\_create\\_elasticache\\_subnet\\_group) | Controls if elasticache subnet group should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_elasticache_subnet_route_table\"\u003e\u003c/a\u003e [create\\_elasticache\\_subnet\\_route\\_table](#input\\_create\\_elasticache\\_subnet\\_route\\_table) | Controls if separate route table for elasticache should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_flow_log_cloudwatch_iam_role\"\u003e\u003c/a\u003e [create\\_flow\\_log\\_cloudwatch\\_iam\\_role](#input\\_create\\_flow\\_log\\_cloudwatch\\_iam\\_role) | Whether to create IAM role for VPC Flow Logs | `bool` | `false` | no |\n| \u003ca name=\"input_create_flow_log_cloudwatch_log_group\"\u003e\u003c/a\u003e [create\\_flow\\_log\\_cloudwatch\\_log\\_group](#input\\_create\\_flow\\_log\\_cloudwatch\\_log\\_group) | Whether to create CloudWatch log group for VPC Flow Logs | `bool` | `false` | no |\n| \u003ca name=\"input_create_igw\"\u003e\u003c/a\u003e [create\\_igw](#input\\_create\\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them | `bool` | `true` | no |\n| \u003ca name=\"input_create_multiple_intra_route_tables\"\u003e\u003c/a\u003e [create\\_multiple\\_intra\\_route\\_tables](#input\\_create\\_multiple\\_intra\\_route\\_tables) | Indicates whether to create a separate route table for each intra subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_create_multiple_public_route_tables\"\u003e\u003c/a\u003e [create\\_multiple\\_public\\_route\\_tables](#input\\_create\\_multiple\\_public\\_route\\_tables) | Indicates whether to create a separate route table for each public subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_create_private_nat_gateway_route\"\u003e\u003c/a\u003e [create\\_private\\_nat\\_gateway\\_route](#input\\_create\\_private\\_nat\\_gateway\\_route) | Controls if a nat gateway route should be created to give internet access to the private subnets | `bool` | `true` | no |\n| \u003ca name=\"input_create_redshift_subnet_group\"\u003e\u003c/a\u003e [create\\_redshift\\_subnet\\_group](#input\\_create\\_redshift\\_subnet\\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no |\n| \u003ca name=\"input_create_redshift_subnet_route_table\"\u003e\u003c/a\u003e [create\\_redshift\\_subnet\\_route\\_table](#input\\_create\\_redshift\\_subnet\\_route\\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no |\n| \u003ca name=\"input_create_vpc\"\u003e\u003c/a\u003e [create\\_vpc](#input\\_create\\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no |\n| \u003ca name=\"input_customer_gateway_tags\"\u003e\u003c/a\u003e [customer\\_gateway\\_tags](#input\\_customer\\_gateway\\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no |\n| \u003ca name=\"input_customer_gateways\"\u003e\u003c/a\u003e [customer\\_gateways](#input\\_customer\\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no |\n| \u003ca name=\"input_customer_owned_ipv4_pool\"\u003e\u003c/a\u003e [customer\\_owned\\_ipv4\\_pool](#input\\_customer\\_owned\\_ipv4\\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no |\n| \u003ca name=\"input_database_acl_tags\"\u003e\u003c/a\u003e [database\\_acl\\_tags](#input\\_database\\_acl\\_tags) | Additional tags for the database subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_database_dedicated_network_acl\"\u003e\u003c/a\u003e [database\\_dedicated\\_network\\_acl](#input\\_database\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no |\n| \u003ca name=\"input_database_inbound_acl_rules\"\u003e\u003c/a\u003e [database\\_inbound\\_acl\\_rules](#input\\_database\\_inbound\\_acl\\_rules) | Database subnets inbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_database_outbound_acl_rules\"\u003e\u003c/a\u003e [database\\_outbound\\_acl\\_rules](#input\\_database\\_outbound\\_acl\\_rules) | Database subnets outbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_database_route_table_tags\"\u003e\u003c/a\u003e [database\\_route\\_table\\_tags](#input\\_database\\_route\\_table\\_tags) | Additional tags for the database route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_database_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [database\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_database\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_database_subnet_enable_dns64\"\u003e\u003c/a\u003e [database\\_subnet\\_enable\\_dns64](#input\\_database\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_database_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [database\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_database\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_database_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [database\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_database\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_database_subnet_group_name\"\u003e\u003c/a\u003e [database\\_subnet\\_group\\_name](#input\\_database\\_subnet\\_group\\_name) | Name of database subnet group | `string` | `null` | no |\n| \u003ca name=\"input_database_subnet_group_tags\"\u003e\u003c/a\u003e [database\\_subnet\\_group\\_tags](#input\\_database\\_subnet\\_group\\_tags) | Additional tags for the database subnet group | `map(string)` | `{}` | no |\n| \u003ca name=\"input_database_subnet_ipv6_native\"\u003e\u003c/a\u003e [database\\_subnet\\_ipv6\\_native](#input\\_database\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_database_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [database\\_subnet\\_ipv6\\_prefixes](#input\\_database\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_database_subnet_names\"\u003e\u003c/a\u003e [database\\_subnet\\_names](#input\\_database\\_subnet\\_names) | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_database_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [database\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_database\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_database_subnet_suffix\"\u003e\u003c/a\u003e [database\\_subnet\\_suffix](#input\\_database\\_subnet\\_suffix) | Suffix to append to database subnets name | `string` | `\"db\"` | no |\n| \u003ca name=\"input_database_subnet_tags\"\u003e\u003c/a\u003e [database\\_subnet\\_tags](#input\\_database\\_subnet\\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_database_subnets\"\u003e\u003c/a\u003e [database\\_subnets](#input\\_database\\_subnets) | A list of database subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_default_network_acl_egress\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_egress](#input\\_default\\_network\\_acl\\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"action\": \"allow\",\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_no\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  },\u003cbr/\u003e  {\u003cbr/\u003e    \"action\": \"allow\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"ipv6_cidr_block\": \"::/0\",\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_no\": 101,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_default_network_acl_ingress\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_ingress](#input\\_default\\_network\\_acl\\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"action\": \"allow\",\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_no\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  },\u003cbr/\u003e  {\u003cbr/\u003e    \"action\": \"allow\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"ipv6_cidr_block\": \"::/0\",\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_no\": 101,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_default_network_acl_name\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_name](#input\\_default\\_network\\_acl\\_name) | Name to be used on the Default Network ACL | `string` | `null` | no |\n| \u003ca name=\"input_default_network_acl_tags\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_tags](#input\\_default\\_network\\_acl\\_tags) | Additional tags for the Default Network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_default_route_table_name\"\u003e\u003c/a\u003e [default\\_route\\_table\\_name](#input\\_default\\_route\\_table\\_name) | Name to be used on the default route table | `string` | `null` | no |\n| \u003ca name=\"input_default_route_table_propagating_vgws\"\u003e\u003c/a\u003e [default\\_route\\_table\\_propagating\\_vgws](#input\\_default\\_route\\_table\\_propagating\\_vgws) | List of virtual gateways for propagation | `list(string)` | `[]` | no |\n| \u003ca name=\"input_default_route_table_routes\"\u003e\u003c/a\u003e [default\\_route\\_table\\_routes](#input\\_default\\_route\\_table\\_routes) | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_default_route_table_tags\"\u003e\u003c/a\u003e [default\\_route\\_table\\_tags](#input\\_default\\_route\\_table\\_tags) | Additional tags for the default route table | `map(string)` | `{}` | no |\n| \u003ca name=\"input_default_security_group_egress\"\u003e\u003c/a\u003e [default\\_security\\_group\\_egress](#input\\_default\\_security\\_group\\_egress) | List of maps of egress rules to set on the default security group | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_default_security_group_ingress\"\u003e\u003c/a\u003e [default\\_security\\_group\\_ingress](#input\\_default\\_security\\_group\\_ingress) | List of maps of ingress rules to set on the default security group | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_default_security_group_name\"\u003e\u003c/a\u003e [default\\_security\\_group\\_name](#input\\_default\\_security\\_group\\_name) | Name to be used on the default security group | `string` | `null` | no |\n| \u003ca name=\"input_default_security_group_tags\"\u003e\u003c/a\u003e [default\\_security\\_group\\_tags](#input\\_default\\_security\\_group\\_tags) | Additional tags for the default security group | `map(string)` | `{}` | no |\n| \u003ca name=\"input_default_vpc_enable_dns_hostnames\"\u003e\u003c/a\u003e [default\\_vpc\\_enable\\_dns\\_hostnames](#input\\_default\\_vpc\\_enable\\_dns\\_hostnames) | Should be true to enable DNS hostnames in the Default VPC | `bool` | `true` | no |\n| \u003ca name=\"input_default_vpc_enable_dns_support\"\u003e\u003c/a\u003e [default\\_vpc\\_enable\\_dns\\_support](#input\\_default\\_vpc\\_enable\\_dns\\_support) | Should be true to enable DNS support in the Default VPC | `bool` | `true` | no |\n| \u003ca name=\"input_default_vpc_name\"\u003e\u003c/a\u003e [default\\_vpc\\_name](#input\\_default\\_vpc\\_name) | Name to be used on the Default VPC | `string` | `null` | no |\n| \u003ca name=\"input_default_vpc_tags\"\u003e\u003c/a\u003e [default\\_vpc\\_tags](#input\\_default\\_vpc\\_tags) | Additional tags for the Default VPC | `map(string)` | `{}` | no |\n| \u003ca name=\"input_dhcp_options_domain_name\"\u003e\u003c/a\u003e [dhcp\\_options\\_domain\\_name](#input\\_dhcp\\_options\\_domain\\_name) | Specifies DNS name for DHCP options set (requires enable\\_dhcp\\_options set to true) | `string` | `\"\"` | no |\n| \u003ca name=\"input_dhcp_options_domain_name_servers\"\u003e\u003c/a\u003e [dhcp\\_options\\_domain\\_name\\_servers](#input\\_dhcp\\_options\\_domain\\_name\\_servers) | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\\_dhcp\\_options set to true) | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"AmazonProvidedDNS\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_dhcp_options_ipv6_address_preferred_lease_time\"\u003e\u003c/a\u003e [dhcp\\_options\\_ipv6\\_address\\_preferred\\_lease\\_time](#input\\_dhcp\\_options\\_ipv6\\_address\\_preferred\\_lease\\_time) | How frequently, in seconds, a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal (requires enable\\_dhcp\\_options set to true) | `number` | `null` | no |\n| \u003ca name=\"input_dhcp_options_netbios_name_servers\"\u003e\u003c/a\u003e [dhcp\\_options\\_netbios\\_name\\_servers](#input\\_dhcp\\_options\\_netbios\\_name\\_servers) | Specify a list of netbios servers for DHCP options set (requires enable\\_dhcp\\_options set to true) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_dhcp_options_netbios_node_type\"\u003e\u003c/a\u003e [dhcp\\_options\\_netbios\\_node\\_type](#input\\_dhcp\\_options\\_netbios\\_node\\_type) | Specify netbios node\\_type for DHCP options set (requires enable\\_dhcp\\_options set to true) | `string` | `\"\"` | no |\n| \u003ca name=\"input_dhcp_options_ntp_servers\"\u003e\u003c/a\u003e [dhcp\\_options\\_ntp\\_servers](#input\\_dhcp\\_options\\_ntp\\_servers) | Specify a list of NTP servers for DHCP options set (requires enable\\_dhcp\\_options set to true) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_dhcp_options_tags\"\u003e\u003c/a\u003e [dhcp\\_options\\_tags](#input\\_dhcp\\_options\\_tags) | Additional tags for the DHCP option set (requires enable\\_dhcp\\_options set to true) | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elasticache_acl_tags\"\u003e\u003c/a\u003e [elasticache\\_acl\\_tags](#input\\_elasticache\\_acl\\_tags) | Additional tags for the elasticache subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elasticache_dedicated_network_acl\"\u003e\u003c/a\u003e [elasticache\\_dedicated\\_network\\_acl](#input\\_elasticache\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | `bool` | `false` | no |\n| \u003ca name=\"input_elasticache_inbound_acl_rules\"\u003e\u003c/a\u003e [elasticache\\_inbound\\_acl\\_rules](#input\\_elasticache\\_inbound\\_acl\\_rules) | Elasticache subnets inbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_elasticache_outbound_acl_rules\"\u003e\u003c/a\u003e [elasticache\\_outbound\\_acl\\_rules](#input\\_elasticache\\_outbound\\_acl\\_rules) | Elasticache subnets outbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_elasticache_route_table_tags\"\u003e\u003c/a\u003e [elasticache\\_route\\_table\\_tags](#input\\_elasticache\\_route\\_table\\_tags) | Additional tags for the elasticache route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elasticache_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_elasticache\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_elasticache_subnet_enable_dns64\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_enable\\_dns64](#input\\_elasticache\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_elasticache_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_elasticache\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_elasticache\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_elasticache_subnet_group_name\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_group\\_name](#input\\_elasticache\\_subnet\\_group\\_name) | Name of elasticache subnet group | `string` | `null` | no |\n| \u003ca name=\"input_elasticache_subnet_group_tags\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_group\\_tags](#input\\_elasticache\\_subnet\\_group\\_tags) | Additional tags for the elasticache subnet group | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elasticache_subnet_ipv6_native\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_ipv6\\_native](#input\\_elasticache\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_elasticache_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_ipv6\\_prefixes](#input\\_elasticache\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_elasticache_subnet_names\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_names](#input\\_elasticache\\_subnet\\_names) | Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_elasticache_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_elasticache\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_elasticache_subnet_suffix\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_suffix](#input\\_elasticache\\_subnet\\_suffix) | Suffix to append to elasticache subnets name | `string` | `\"elasticache\"` | no |\n| \u003ca name=\"input_elasticache_subnet_tags\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_tags](#input\\_elasticache\\_subnet\\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elasticache_subnets\"\u003e\u003c/a\u003e [elasticache\\_subnets](#input\\_elasticache\\_subnets) | A list of elasticache subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_enable_dhcp_options\"\u003e\u003c/a\u003e [enable\\_dhcp\\_options](#input\\_enable\\_dhcp\\_options) | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no |\n| \u003ca name=\"input_enable_dns_hostnames\"\u003e\u003c/a\u003e [enable\\_dns\\_hostnames](#input\\_enable\\_dns\\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `true` | no |\n| \u003ca name=\"input_enable_dns_support\"\u003e\u003c/a\u003e [enable\\_dns\\_support](#input\\_enable\\_dns\\_support) | Should be true to enable DNS support in the VPC | `bool` | `true` | no |\n| \u003ca name=\"input_enable_flow_log\"\u003e\u003c/a\u003e [enable\\_flow\\_log](#input\\_enable\\_flow\\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no |\n| \u003ca name=\"input_enable_ipv6\"\u003e\u003c/a\u003e [enable\\_ipv6](#input\\_enable\\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | `bool` | `false` | no |\n| \u003ca name=\"input_enable_nat_gateway\"\u003e\u003c/a\u003e [enable\\_nat\\_gateway](#input\\_enable\\_nat\\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no |\n| \u003ca name=\"input_enable_network_address_usage_metrics\"\u003e\u003c/a\u003e [enable\\_network\\_address\\_usage\\_metrics](#input\\_enable\\_network\\_address\\_usage\\_metrics) | Determines whether network address usage metrics are enabled for the VPC | `bool` | `null` | no |\n| \u003ca name=\"input_enable_public_redshift\"\u003e\u003c/a\u003e [enable\\_public\\_redshift](#input\\_enable\\_public\\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no |\n| \u003ca name=\"input_enable_vpn_gateway\"\u003e\u003c/a\u003e [enable\\_vpn\\_gateway](#input\\_enable\\_vpn\\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |\n| \u003ca name=\"input_external_nat_ip_ids\"\u003e\u003c/a\u003e [external\\_nat\\_ip\\_ids](#input\\_external\\_nat\\_ip\\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\\_nat\\_ips) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_external_nat_ips\"\u003e\u003c/a\u003e [external\\_nat\\_ips](#input\\_external\\_nat\\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\\_nat\\_ips and external\\_nat\\_ip\\_ids) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_iam_role_arn\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_iam\\_role\\_arn](#input\\_flow\\_log\\_cloudwatch\\_iam\\_role\\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\\_log\\_destination\\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `\"\"` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_iam_role_conditions\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_iam\\_role\\_conditions](#input\\_flow\\_log\\_cloudwatch\\_iam\\_role\\_conditions) | Additional conditions of the CloudWatch role assumption policy | \u003cpre\u003elist(object({\u003cbr/\u003e    test     = string\u003cbr/\u003e    variable = string\u003cbr/\u003e    values   = list(string)\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_class\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_class](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\\_ACCESS | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_kms_key_id\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_kms\\_key\\_id](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_kms\\_key\\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_name_prefix\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_name\\_prefix](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_name\\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs | `string` | `\"/aws/vpc-flow-log/\"` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_name_suffix\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_name\\_suffix](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_name\\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `\"\"` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_retention_in_days\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_retention\\_in\\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | `number` | `null` | no |\n| \u003ca name=\"input_flow_log_cloudwatch_log_group_skip_destroy\"\u003e\u003c/a\u003e [flow\\_log\\_cloudwatch\\_log\\_group\\_skip\\_destroy](#input\\_flow\\_log\\_cloudwatch\\_log\\_group\\_skip\\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `false` | no |\n| \u003ca name=\"input_flow_log_deliver_cross_account_role\"\u003e\u003c/a\u003e [flow\\_log\\_deliver\\_cross\\_account\\_role](#input\\_flow\\_log\\_deliver\\_cross\\_account\\_role) | (Optional) ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_destination_arn\"\u003e\u003c/a\u003e [flow\\_log\\_destination\\_arn](#input\\_flow\\_log\\_destination\\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\\_flow\\_log\\_cloudwatch\\_log\\_group is set to false this argument must be provided | `string` | `\"\"` | no |\n| \u003ca name=\"input_flow_log_destination_type\"\u003e\u003c/a\u003e [flow\\_log\\_destination\\_type](#input\\_flow\\_log\\_destination\\_type) | Type of flow log destination. Can be s3, kinesis-data-firehose or cloud-watch-logs | `string` | `\"cloud-watch-logs\"` | no |\n| \u003ca name=\"input_flow_log_file_format\"\u003e\u003c/a\u003e [flow\\_log\\_file\\_format](#input\\_flow\\_log\\_file\\_format) | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_hive_compatible_partitions\"\u003e\u003c/a\u003e [flow\\_log\\_hive\\_compatible\\_partitions](#input\\_flow\\_log\\_hive\\_compatible\\_partitions) | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no |\n| \u003ca name=\"input_flow_log_log_format\"\u003e\u003c/a\u003e [flow\\_log\\_log\\_format](#input\\_flow\\_log\\_log\\_format) | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no |\n| \u003ca name=\"input_flow_log_max_aggregation_interval\"\u003e\u003c/a\u003e [flow\\_log\\_max\\_aggregation\\_interval](#input\\_flow\\_log\\_max\\_aggregation\\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds | `number` | `600` | no |\n| \u003ca name=\"input_flow_log_per_hour_partition\"\u003e\u003c/a\u003e [flow\\_log\\_per\\_hour\\_partition](#input\\_flow\\_log\\_per\\_hour\\_partition) | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | `bool` | `false` | no |\n| \u003ca name=\"input_flow_log_traffic_type\"\u003e\u003c/a\u003e [flow\\_log\\_traffic\\_type](#input\\_flow\\_log\\_traffic\\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL | `string` | `\"ALL\"` | no |\n| \u003ca name=\"input_igw_tags\"\u003e\u003c/a\u003e [igw\\_tags](#input\\_igw\\_tags) | Additional tags for the internet gateway | `map(string)` | `{}` | no |\n| \u003ca name=\"input_instance_tenancy\"\u003e\u003c/a\u003e [instance\\_tenancy](#input\\_instance\\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `\"default\"` | no |\n| \u003ca name=\"input_intra_acl_tags\"\u003e\u003c/a\u003e [intra\\_acl\\_tags](#input\\_intra\\_acl\\_tags) | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_intra_dedicated_network_acl\"\u003e\u003c/a\u003e [intra\\_dedicated\\_network\\_acl](#input\\_intra\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for intra subnets | `bool` | `false` | no |\n| \u003ca name=\"input_intra_inbound_acl_rules\"\u003e\u003c/a\u003e [intra\\_inbound\\_acl\\_rules](#input\\_intra\\_inbound\\_acl\\_rules) | Intra subnets inbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_intra_outbound_acl_rules\"\u003e\u003c/a\u003e [intra\\_outbound\\_acl\\_rules](#input\\_intra\\_outbound\\_acl\\_rules) | Intra subnets outbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_intra_route_table_tags\"\u003e\u003c/a\u003e [intra\\_route\\_table\\_tags](#input\\_intra\\_route\\_table\\_tags) | Additional tags for the intra route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_intra_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [intra\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_intra\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_intra_subnet_enable_dns64\"\u003e\u003c/a\u003e [intra\\_subnet\\_enable\\_dns64](#input\\_intra\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_intra_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [intra\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_intra\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_intra_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [intra\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_intra\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_intra_subnet_ipv6_native\"\u003e\u003c/a\u003e [intra\\_subnet\\_ipv6\\_native](#input\\_intra\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_intra_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [intra\\_subnet\\_ipv6\\_prefixes](#input\\_intra\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_intra_subnet_names\"\u003e\u003c/a\u003e [intra\\_subnet\\_names](#input\\_intra\\_subnet\\_names) | Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_intra_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [intra\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_intra\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_intra_subnet_suffix\"\u003e\u003c/a\u003e [intra\\_subnet\\_suffix](#input\\_intra\\_subnet\\_suffix) | Suffix to append to intra subnets name | `string` | `\"intra\"` | no |\n| \u003ca name=\"input_intra_subnet_tags\"\u003e\u003c/a\u003e [intra\\_subnet\\_tags](#input\\_intra\\_subnet\\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_intra_subnets\"\u003e\u003c/a\u003e [intra\\_subnets](#input\\_intra\\_subnets) | A list of intra subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_ipv4_ipam_pool_id\"\u003e\u003c/a\u003e [ipv4\\_ipam\\_pool\\_id](#input\\_ipv4\\_ipam\\_pool\\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR | `string` | `null` | no |\n| \u003ca name=\"input_ipv4_netmask_length\"\u003e\u003c/a\u003e [ipv4\\_netmask\\_length](#input\\_ipv4\\_netmask\\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\\_ipam\\_pool\\_id | `number` | `null` | no |\n| \u003ca name=\"input_ipv6_cidr\"\u003e\u003c/a\u003e [ipv6\\_cidr](#input\\_ipv6\\_cidr) | (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length` | `string` | `null` | no |\n| \u003ca name=\"input_ipv6_cidr_block_network_border_group\"\u003e\u003c/a\u003e [ipv6\\_cidr\\_block\\_network\\_border\\_group](#input\\_ipv6\\_cidr\\_block\\_network\\_border\\_group) | By default when an IPv6 CIDR is assigned to a VPC a default ipv6\\_cidr\\_block\\_network\\_border\\_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones | `string` | `null` | no |\n| \u003ca name=\"input_ipv6_ipam_pool_id\"\u003e\u003c/a\u003e [ipv6\\_ipam\\_pool\\_id](#input\\_ipv6\\_ipam\\_pool\\_id) | (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block` | `string` | `null` | no |\n| \u003ca name=\"input_ipv6_netmask_length\"\u003e\u003c/a\u003e [ipv6\\_netmask\\_length](#input\\_ipv6\\_netmask\\_length) | (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56` | `number` | `null` | no |\n| \u003ca name=\"input_manage_default_network_acl\"\u003e\u003c/a\u003e [manage\\_default\\_network\\_acl](#input\\_manage\\_default\\_network\\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `true` | no |\n| \u003ca name=\"input_manage_default_route_table\"\u003e\u003c/a\u003e [manage\\_default\\_route\\_table](#input\\_manage\\_default\\_route\\_table) | Should be true to manage default route table | `bool` | `true` | no |\n| \u003ca name=\"input_manage_default_security_group\"\u003e\u003c/a\u003e [manage\\_default\\_security\\_group](#input\\_manage\\_default\\_security\\_group) | Should be true to adopt and manage default security group | `bool` | `true` | no |\n| \u003ca name=\"input_manage_default_vpc\"\u003e\u003c/a\u003e [manage\\_default\\_vpc](#input\\_manage\\_default\\_vpc) | Should be true to adopt and manage Default VPC | `bool` | `false` | no |\n| \u003ca name=\"input_map_customer_owned_ip_on_launch\"\u003e\u003c/a\u003e [map\\_customer\\_owned\\_ip\\_on\\_launch](#input\\_map\\_customer\\_owned\\_ip\\_on\\_launch) | Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_map_public_ip_on_launch\"\u003e\u003c/a\u003e [map\\_public\\_ip\\_on\\_launch](#input\\_map\\_public\\_ip\\_on\\_launch) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name to be used on all the resources as identifier | `string` | `\"\"` | no |\n| \u003ca name=\"input_nat_eip_tags\"\u003e\u003c/a\u003e [nat\\_eip\\_tags](#input\\_nat\\_eip\\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no |\n| \u003ca name=\"input_nat_gateway_destination_cidr_block\"\u003e\u003c/a\u003e [nat\\_gateway\\_destination\\_cidr\\_block](#input\\_nat\\_gateway\\_destination\\_cidr\\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `\"0.0.0.0/0\"` | no |\n| \u003ca name=\"input_nat_gateway_tags\"\u003e\u003c/a\u003e [nat\\_gateway\\_tags](#input\\_nat\\_gateway\\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no |\n| \u003ca name=\"input_one_nat_gateway_per_az\"\u003e\u003c/a\u003e [one\\_nat\\_gateway\\_per\\_az](#input\\_one\\_nat\\_gateway\\_per\\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no |\n| \u003ca name=\"input_outpost_acl_tags\"\u003e\u003c/a\u003e [outpost\\_acl\\_tags](#input\\_outpost\\_acl\\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_outpost_arn\"\u003e\u003c/a\u003e [outpost\\_arn](#input\\_outpost\\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no |\n| \u003ca name=\"input_outpost_az\"\u003e\u003c/a\u003e [outpost\\_az](#input\\_outpost\\_az) | AZ where Outpost is anchored | `string` | `null` | no |\n| \u003ca name=\"input_outpost_dedicated_network_acl\"\u003e\u003c/a\u003e [outpost\\_dedicated\\_network\\_acl](#input\\_outpost\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for outpost subnets | `bool` | `false` | no |\n| \u003ca name=\"input_outpost_inbound_acl_rules\"\u003e\u003c/a\u003e [outpost\\_inbound\\_acl\\_rules](#input\\_outpost\\_inbound\\_acl\\_rules) | Outpost subnets inbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_outpost_outbound_acl_rules\"\u003e\u003c/a\u003e [outpost\\_outbound\\_acl\\_rules](#input\\_outpost\\_outbound\\_acl\\_rules) | Outpost subnets outbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_outpost_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [outpost\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_outpost\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_outpost_subnet_enable_dns64\"\u003e\u003c/a\u003e [outpost\\_subnet\\_enable\\_dns64](#input\\_outpost\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_outpost_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [outpost\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_outpost\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [outpost\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_outpost\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_outpost_subnet_ipv6_native\"\u003e\u003c/a\u003e [outpost\\_subnet\\_ipv6\\_native](#input\\_outpost\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_outpost_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [outpost\\_subnet\\_ipv6\\_prefixes](#input\\_outpost\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_outpost_subnet_names\"\u003e\u003c/a\u003e [outpost\\_subnet\\_names](#input\\_outpost\\_subnet\\_names) | Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_outpost_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [outpost\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_outpost\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_outpost_subnet_suffix\"\u003e\u003c/a\u003e [outpost\\_subnet\\_suffix](#input\\_outpost\\_subnet\\_suffix) | Suffix to append to outpost subnets name | `string` | `\"outpost\"` | no |\n| \u003ca name=\"input_outpost_subnet_tags\"\u003e\u003c/a\u003e [outpost\\_subnet\\_tags](#input\\_outpost\\_subnet\\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_outpost_subnets\"\u003e\u003c/a\u003e [outpost\\_subnets](#input\\_outpost\\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_private_acl_tags\"\u003e\u003c/a\u003e [private\\_acl\\_tags](#input\\_private\\_acl\\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_private_dedicated_network_acl\"\u003e\u003c/a\u003e [private\\_dedicated\\_network\\_acl](#input\\_private\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no |\n| \u003ca name=\"input_private_inbound_acl_rules\"\u003e\u003c/a\u003e [private\\_inbound\\_acl\\_rules](#input\\_private\\_inbound\\_acl\\_rules) | Private subnets inbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_private_outbound_acl_rules\"\u003e\u003c/a\u003e [private\\_outbound\\_acl\\_rules](#input\\_private\\_outbound\\_acl\\_rules) | Private subnets outbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_private_route_table_tags\"\u003e\u003c/a\u003e [private\\_route\\_table\\_tags](#input\\_private\\_route\\_table\\_tags) | Additional tags for the private route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_private_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [private\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_private\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_private_subnet_enable_dns64\"\u003e\u003c/a\u003e [private\\_subnet\\_enable\\_dns64](#input\\_private\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_private_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [private\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_private\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_private_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [private\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_private\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_private_subnet_ipv6_native\"\u003e\u003c/a\u003e [private\\_subnet\\_ipv6\\_native](#input\\_private\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_private_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [private\\_subnet\\_ipv6\\_prefixes](#input\\_private\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_private_subnet_names\"\u003e\u003c/a\u003e [private\\_subnet\\_names](#input\\_private\\_subnet\\_names) | Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_private_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [private\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_private\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_private_subnet_suffix\"\u003e\u003c/a\u003e [private\\_subnet\\_suffix](#input\\_private\\_subnet\\_suffix) | Suffix to append to private subnets name | `string` | `\"private\"` | no |\n| \u003ca name=\"input_private_subnet_tags\"\u003e\u003c/a\u003e [private\\_subnet\\_tags](#input\\_private\\_subnet\\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_private_subnet_tags_per_az\"\u003e\u003c/a\u003e [private\\_subnet\\_tags\\_per\\_az](#input\\_private\\_subnet\\_tags\\_per\\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |\n| \u003ca name=\"input_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#input\\_private\\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_propagate_intra_route_tables_vgw\"\u003e\u003c/a\u003e [propagate\\_intra\\_route\\_tables\\_vgw](#input\\_propagate\\_intra\\_route\\_tables\\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |\n| \u003ca name=\"input_propagate_private_route_tables_vgw\"\u003e\u003c/a\u003e [propagate\\_private\\_route\\_tables\\_vgw](#input\\_propagate\\_private\\_route\\_tables\\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |\n| \u003ca name=\"input_propagate_public_route_tables_vgw\"\u003e\u003c/a\u003e [propagate\\_public\\_route\\_tables\\_vgw](#input\\_propagate\\_public\\_route\\_tables\\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |\n| \u003ca name=\"input_public_acl_tags\"\u003e\u003c/a\u003e [public\\_acl\\_tags](#input\\_public\\_acl\\_tags) | Additional tags for the public subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_public_dedicated_network_acl\"\u003e\u003c/a\u003e [public\\_dedicated\\_network\\_acl](#input\\_public\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for public subnets | `bool` | `false` | no |\n| \u003ca name=\"input_public_inbound_acl_rules\"\u003e\u003c/a\u003e [public\\_inbound\\_acl\\_rules](#input\\_public\\_inbound\\_acl\\_rules) | Public subnets inbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_public_outbound_acl_rules\"\u003e\u003c/a\u003e [public\\_outbound\\_acl\\_rules](#input\\_public\\_outbound\\_acl\\_rules) | Public subnets outbound network ACLs | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_public_route_table_tags\"\u003e\u003c/a\u003e [public\\_route\\_table\\_tags](#input\\_public\\_route\\_table\\_tags) | Additional tags for the public route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_public_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [public\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_public\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_public_subnet_enable_dns64\"\u003e\u003c/a\u003e [public\\_subnet\\_enable\\_dns64](#input\\_public\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_public_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [public\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_public\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_public_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [public\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_public\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_public_subnet_ipv6_native\"\u003e\u003c/a\u003e [public\\_subnet\\_ipv6\\_native](#input\\_public\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_public_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [public\\_subnet\\_ipv6\\_prefixes](#input\\_public\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_public_subnet_names\"\u003e\u003c/a\u003e [public\\_subnet\\_names](#input\\_public\\_subnet\\_names) | Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_public_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [public\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_public\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_public_subnet_suffix\"\u003e\u003c/a\u003e [public\\_subnet\\_suffix](#input\\_public\\_subnet\\_suffix) | Suffix to append to public subnets name | `string` | `\"public\"` | no |\n| \u003ca name=\"input_public_subnet_tags\"\u003e\u003c/a\u003e [public\\_subnet\\_tags](#input\\_public\\_subnet\\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_public_subnet_tags_per_az\"\u003e\u003c/a\u003e [public\\_subnet\\_tags\\_per\\_az](#input\\_public\\_subnet\\_tags\\_per\\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |\n| \u003ca name=\"input_public_subnets\"\u003e\u003c/a\u003e [public\\_subnets](#input\\_public\\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_putin_khuylo\"\u003e\u003c/a\u003e [putin\\_khuylo](#input\\_putin\\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |\n| \u003ca name=\"input_redshift_acl_tags\"\u003e\u003c/a\u003e [redshift\\_acl\\_tags](#input\\_redshift\\_acl\\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |\n| \u003ca name=\"input_redshift_dedicated_network_acl\"\u003e\u003c/a\u003e [redshift\\_dedicated\\_network\\_acl](#input\\_redshift\\_dedicated\\_network\\_acl) | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no |\n| \u003ca name=\"input_redshift_inbound_acl_rules\"\u003e\u003c/a\u003e [redshift\\_inbound\\_acl\\_rules](#input\\_redshift\\_inbound\\_acl\\_rules) | Redshift subnets inbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_redshift_outbound_acl_rules\"\u003e\u003c/a\u003e [redshift\\_outbound\\_acl\\_rules](#input\\_redshift\\_outbound\\_acl\\_rules) | Redshift subnets outbound network ACL rules | `list(map(string))` | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"cidr_block\": \"0.0.0.0/0\",\u003cbr/\u003e    \"from_port\": 0,\u003cbr/\u003e    \"protocol\": \"-1\",\u003cbr/\u003e    \"rule_action\": \"allow\",\u003cbr/\u003e    \"rule_number\": 100,\u003cbr/\u003e    \"to_port\": 0\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_redshift_route_table_tags\"\u003e\u003c/a\u003e [redshift\\_route\\_table\\_tags](#input\\_redshift\\_route\\_table\\_tags) | Additional tags for the redshift route tables | `map(string)` | `{}` | no |\n| \u003ca name=\"input_redshift_subnet_assign_ipv6_address_on_creation\"\u003e\u003c/a\u003e [redshift\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation](#input\\_redshift\\_subnet\\_assign\\_ipv6\\_address\\_on\\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |\n| \u003ca name=\"input_redshift_subnet_enable_dns64\"\u003e\u003c/a\u003e [redshift\\_subnet\\_enable\\_dns64](#input\\_redshift\\_subnet\\_enable\\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_redshift_subnet_enable_resource_name_dns_a_record_on_launch\"\u003e\u003c/a\u003e [redshift\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch](#input\\_redshift\\_subnet\\_enable\\_resource\\_name\\_dns\\_a\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch\"\u003e\u003c/a\u003e [redshift\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch](#input\\_redshift\\_subnet\\_enable\\_resource\\_name\\_dns\\_aaaa\\_record\\_on\\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |\n| \u003ca name=\"input_redshift_subnet_group_name\"\u003e\u003c/a\u003e [redshift\\_subnet\\_group\\_name](#input\\_redshift\\_subnet\\_group\\_name) | Name of redshift subnet group | `string` | `null` | no |\n| \u003ca name=\"input_redshift_subnet_group_tags\"\u003e\u003c/a\u003e [redshift\\_subnet\\_group\\_tags](#input\\_redshift\\_subnet\\_group\\_tags) | Additional tags for the redshift subnet group | `map(string)` | `{}` | no |\n| \u003ca name=\"input_redshift_subnet_ipv6_native\"\u003e\u003c/a\u003e [redshift\\_subnet\\_ipv6\\_native](#input\\_redshift\\_subnet\\_ipv6\\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |\n| \u003ca name=\"input_redshift_subnet_ipv6_prefixes\"\u003e\u003c/a\u003e [redshift\\_subnet\\_ipv6\\_prefixes](#input\\_redshift\\_subnet\\_ipv6\\_prefixes) | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_redshift_subnet_names\"\u003e\u003c/a\u003e [redshift\\_subnet\\_names](#input\\_redshift\\_subnet\\_names) | Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |\n| \u003ca name=\"input_redshift_subnet_private_dns_hostname_type_on_launch\"\u003e\u003c/a\u003e [redshift\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch](#input\\_redshift\\_subnet\\_private\\_dns\\_hostname\\_type\\_on\\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |\n| \u003ca name=\"input_redshift_subnet_suffix\"\u003e\u003c/a\u003e [redshift\\_subnet\\_suffix](#input\\_redshift\\_subnet\\_suffix) | Suffix to append to redshift subnets name | `string` | `\"redshift\"` | no |\n| \u003ca name=\"input_redshift_subnet_tags\"\u003e\u003c/a\u003e [redshift\\_subnet\\_tags](#input\\_redshift\\_subnet\\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_redshift_subnets\"\u003e\u003c/a\u003e [redshift\\_subnets](#input\\_redshift\\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |\n| \u003ca name=\"input_reuse_nat_ips\"\u003e\u003c/a\u003e [reuse\\_nat\\_ips](#input\\_reuse\\_nat\\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\\_nat\\_ip\\_ids' variable | `bool` | `false` | no |\n| \u003ca name=\"input_secondary_cidr_blocks\"\u003e\u003c/a\u003e [secondary\\_cidr\\_blocks](#input\\_secondary\\_cidr\\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |\n| \u003ca name=\"input_single_nat_gateway\"\u003e\u003c/a\u003e [single\\_nat\\_gateway](#input\\_single\\_nat\\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_use_ipam_pool\"\u003e\u003c/a\u003e [use\\_ipam\\_pool](#input\\_use\\_ipam\\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_block_public_access_exclusions\"\u003e\u003c/a\u003e [vpc\\_block\\_public\\_access\\_exclusions](#input\\_vpc\\_block\\_public\\_access\\_exclusions) | A map of VPC block public access exclusions | `map(any)` | `{}` | no |\n| \u003ca name=\"input_vpc_block_public_access_options\"\u003e\u003c/a\u003e [vpc\\_block\\_public\\_access\\_options](#input\\_vpc\\_block\\_public\\_access\\_options) | A map of VPC block public access options | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpc_flow_log_iam_policy_name\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_iam\\_policy\\_name](#input\\_vpc\\_flow\\_log\\_iam\\_policy\\_name) | Name of the IAM policy | `string` | `\"vpc-flow-log-to-cloudwatch\"` | no |\n| \u003ca name=\"input_vpc_flow_log_iam_policy_use_name_prefix\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_iam\\_policy\\_use\\_name\\_prefix](#input\\_vpc\\_flow\\_log\\_iam\\_policy\\_use\\_name\\_prefix) | Determines whether the name of the IAM policy (`vpc_flow_log_iam_policy_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_vpc_flow_log_iam_role_name\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_iam\\_role\\_name](#input\\_vpc\\_flow\\_log\\_iam\\_role\\_name) | Name to use on the VPC Flow Log IAM role created | `string` | `\"vpc-flow-log-role\"` | no |\n| \u003ca name=\"input_vpc_flow_log_iam_role_path\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_iam\\_role\\_path](#input\\_vpc\\_flow\\_log\\_iam\\_role\\_path) | The path for the VPC Flow Log IAM Role | `string` | `null` | no |\n| \u003ca name=\"input_vpc_flow_log_iam_role_use_name_prefix\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_iam\\_role\\_use\\_name\\_prefix](#input\\_vpc\\_flow\\_log\\_iam\\_role\\_use\\_name\\_prefix) | Determines whether the IAM role name (`vpc_flow_log_iam_role_name_name`) is used as a prefix | `bool` | `true` | no |\n| \u003ca name=\"input_vpc_flow_log_permissions_boundary\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_permissions\\_boundary](#input\\_vpc\\_flow\\_log\\_permissions\\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no |\n| \u003ca name=\"input_vpc_flow_log_tags\"\u003e\u003c/a\u003e [vpc\\_flow\\_log\\_tags](#input\\_vpc\\_flow\\_log\\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpc_tags\"\u003e\u003c/a\u003e [vpc\\_tags](#input\\_vpc\\_tags) | Additional tags for the VPC | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpn_gateway_az\"\u003e\u003c/a\u003e [vpn\\_gateway\\_az](#input\\_vpn\\_gateway\\_az) | The Availability Zone for the VPN Gateway | `string` | `null` | no |\n| \u003ca name=\"input_vpn_gateway_id\"\u003e\u003c/a\u003e [vpn\\_gateway\\_id](#input\\_vpn\\_gateway\\_id) | ID of VPN Gateway to attach to the VPC | `string` | `\"\"` | no |\n| \u003ca name=\"input_vpn_gateway_tags\"\u003e\u003c/a\u003e [vpn\\_gateway\\_tags](#input\\_vpn\\_gateway\\_tags) | Additional tags for the VPN gateway | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_azs\"\u003e\u003c/a\u003e [azs](#output\\_azs) | A list of availability zones specified as argument to this module |\n| \u003ca name=\"output_cgw_arns\"\u003e\u003c/a\u003e [cgw\\_arns](#output\\_cgw\\_arns) | List of ARNs of Customer Gateway |\n| \u003ca name=\"output_cgw_ids\"\u003e\u003c/a\u003e [cgw\\_ids](#output\\_cgw\\_ids) | List of IDs of Customer Gateway |\n| \u003ca name=\"output_database_internet_gateway_route_id\"\u003e\u003c/a\u003e [database\\_internet\\_gateway\\_route\\_id](#output\\_database\\_internet\\_gateway\\_route\\_id) | ID of the database internet gateway route |\n| \u003ca name=\"output_database_ipv6_egress_route_id\"\u003e\u003c/a\u003e [database\\_ipv6\\_egress\\_route\\_id](#output\\_database\\_ipv6\\_egress\\_route\\_id) | ID of the database IPv6 egress route |\n| \u003ca name=\"output_database_nat_gateway_route_ids\"\u003e\u003c/a\u003e [database\\_nat\\_gateway\\_route\\_ids](#output\\_database\\_nat\\_gateway\\_route\\_ids) | List of IDs of the database nat gateway route |\n| \u003ca name=\"output_database_network_acl_arn\"\u003e\u003c/a\u003e [database\\_network\\_acl\\_arn](#output\\_database\\_network\\_acl\\_arn) | ARN of the database network ACL |\n| \u003ca name=\"output_database_network_acl_id\"\u003e\u003c/a\u003e [database\\_network\\_acl\\_id](#output\\_database\\_network\\_acl\\_id) | ID of the database network ACL |\n| \u003ca name=\"output_database_route_table_association_ids\"\u003e\u003c/a\u003e [database\\_route\\_table\\_association\\_ids](#output\\_database\\_route\\_table\\_association\\_ids) | List of IDs of the database route table association |\n| \u003ca name=\"output_database_route_table_ids\"\u003e\u003c/a\u003e [database\\_route\\_table\\_ids](#output\\_database\\_route\\_table\\_ids) | List of IDs of database route tables |\n| \u003ca name=\"output_database_subnet_arns\"\u003e\u003c/a\u003e [database\\_subnet\\_arns](#output\\_database\\_subnet\\_arns) | List of ARNs of database subnets |\n| \u003ca name=\"output_database_subnet_group\"\u003e\u003c/a\u003e [database\\_subnet\\_group](#output\\_database\\_subnet\\_group) | ID of database subnet group |\n| \u003ca name=\"output_database_subnet_group_name\"\u003e\u003c/a\u003e [database\\_subnet\\_group\\_name](#output\\_database\\_subnet\\_group\\_name) | Name of database subnet group |\n| \u003ca name=\"output_database_subnet_objects\"\u003e\u003c/a\u003e [database\\_subnet\\_objects](#output\\_database\\_subnet\\_objects) | A list of all database subnets, containing the full objects. |\n| \u003ca name=\"output_database_subnets\"\u003e\u003c/a\u003e [database\\_subnets](#output\\_database\\_subnets) | List of IDs of database subnets |\n| \u003ca name=\"output_database_subnets_cidr_blocks\"\u003e\u003c/a\u003e [database\\_subnets\\_cidr\\_blocks](#output\\_database\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of database subnets |\n| \u003ca name=\"output_database_subnets_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [database\\_subnets\\_ipv6\\_cidr\\_blocks](#output\\_database\\_subnets\\_ipv6\\_cidr\\_blocks) | List of IPv6 cidr\\_blocks of database subnets in an IPv6 enabled VPC |\n| \u003ca name=\"output_default_network_acl_id\"\u003e\u003c/a\u003e [default\\_network\\_acl\\_id](#output\\_default\\_network\\_acl\\_id) | The ID of the default network ACL |\n| \u003ca name=\"output_default_route_table_id\"\u003e\u003c/a\u003e [default\\_route\\_table\\_id](#output\\_default\\_route\\_table\\_id) | The ID of the default route table |\n| \u003ca name=\"output_default_security_group_id\"\u003e\u003c/a\u003e [default\\_security\\_group\\_id](#output\\_default\\_security\\_group\\_id) | The ID of the security group created by default on VPC creation |\n| \u003ca name=\"output_default_vpc_arn\"\u003e\u003c/a\u003e [default\\_vpc\\_arn](#output\\_default\\_vpc\\_arn) | The ARN of the Default VPC |\n| \u003ca name=\"output_default_vpc_cidr_block\"\u003e\u003c/a\u003e [default\\_vpc\\_cidr\\_block](#output\\_default\\_vpc\\_cidr\\_block) | The CIDR block of the Default VPC |\n| \u003ca name=\"output_default_vpc_default_network_acl_id\"\u003e\u003c/a\u003e [default\\_vpc\\_default\\_network\\_acl\\_id](#output\\_default\\_vpc\\_default\\_network\\_acl\\_id) | The ID of the default network ACL of the Default VPC |\n| \u003ca name=\"output_default_vpc_default_route_table_id\"\u003e\u003c/a\u003e [default\\_vpc\\_default\\_route\\_table\\_id](#output\\_default\\_vpc\\_default\\_route\\_table\\_id) | The ID of the default route table of the Default VPC |\n| \u003ca name=\"output_default_vpc_default_security_group_id\"\u003e\u003c/a\u003e [default\\_vpc\\_default\\_security\\_group\\_id](#output\\_default\\_vpc\\_default\\_security\\_group\\_id) | The ID of the security group created by default on Default VPC creation |\n| \u003ca name=\"output_default_vpc_enable_dns_hostnames\"\u003e\u003c/a\u003e [default\\_vpc\\_enable\\_dns\\_hostnames](#output\\_default\\_vpc\\_enable\\_dns\\_hostnames) | Whether or not the Default VPC has DNS hostname support |\n| \u003ca name=\"output_default_vpc_enable_dns_support\"\u003e\u003c/a\u003e [default\\_vpc\\_enable\\_dns\\_support](#output\\_default\\_vpc\\_enable\\_dns\\_support) | Whether or not the Default VPC has DNS support |\n| \u003ca name=\"output_default_vpc_id\"\u003e\u003c/a\u003e [default\\_vpc\\_id](#output\\_default\\_vpc\\_id) | The ID of the Default VPC |\n| \u003ca name=\"output_default_vpc_instance_tenancy\"\u003e\u003c/a\u003e [default\\_vpc\\_instance\\_tenancy](#output\\_default\\_vpc\\_instance\\_tenancy) | Tenancy of instances spin up within Default VPC |\n| \u003ca name=\"output_default_vpc_main_route_table_id\"\u003e\u003c/a\u003e [default\\_vpc\\_main\\_route\\_table\\_id](#output\\_default\\_vpc\\_main\\_route\\_table\\_id) | The ID of the main route table associated with the Default VPC |\n| \u003ca name=\"output_dhcp_options_id\"\u003e\u003c/a\u003e [dhcp\\_options\\_id](#output\\_dhcp\\_options\\_id) | The ID of the DHCP options |\n| \u003ca name=\"output_egress_only_internet_gateway_id\"\u003e\u003c/a\u003e [egress\\_only\\_internet\\_gateway\\_id](#output\\_egress\\_only\\_internet\\_gateway\\_id) | The ID of the egress only Internet Gateway |\n| \u003ca name=\"output_elasticache_network_acl_arn\"\u003e\u003c/a\u003e [elasticache\\_network\\_acl\\_arn](#output\\_elasticache\\_network\\_acl\\_arn) | ARN of the elasticache network ACL |\n| \u003ca name=\"output_elasticache_network_acl_id\"\u003e\u003c/a\u003e [elasticache\\_network\\_acl\\_id](#output\\_elasticache\\_network\\_acl\\_id) | ID of the elasticache network ACL |\n| \u003ca name=\"output_elasticache_route_table_association_ids\"\u003e\u003c/a\u003e [elasticache\\_route\\_table\\_association\\_ids](#output\\_elasticache\\_route\\_table\\_association\\_ids) | List of IDs of the elasticache route table association |\n| \u003ca name=\"output_elasticache_route_table_ids\"\u003e\u003c/a\u003e [elasticache\\_route\\_table\\_ids](#output\\_elasticache\\_route\\_table\\_ids) | List of IDs of elasticache route tables |\n| \u003ca name=\"output_elasticache_subnet_arns\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_arns](#output\\_elasticache\\_subnet\\_arns) | List of ARNs of elasticache subnets |\n| \u003ca name=\"output_elasticache_subnet_group\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_group](#output\\_elasticache\\_subnet\\_group) | ID of elasticache subnet group |\n| \u003ca name=\"output_elasticache_subnet_group_name\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_group\\_name](#output\\_elasticache\\_subnet\\_group\\_name) | Name of elasticache subnet group |\n| \u003ca name=\"output_elasticache_subnet_objects\"\u003e\u003c/a\u003e [elasticache\\_subnet\\_objects](#output\\_elasticache\\_subnet\\_objects) | A list of all elasticache subnets, containing the full objects. |\n| \u003ca name=\"output_elasticache_subnets\"\u003e\u003c/a\u003e [elasticache\\_subnets](#output\\_elasticache\\_subnets) | List of IDs of elasticache subnets |\n| \u003ca name=\"output_elasticache_subnets_cidr_blocks\"\u003e\u003c/a\u003e [elasticache\\_subnets\\_cidr\\_blocks](#output\\_elasticache\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of elasticache subnets |\n| \u003ca name=\"output_elasticache_subnets_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [elasticache\\_subnets\\_ipv6\\_cidr\\_blocks](#output\\_elasticache\\_subnets\\_ipv6\\_cidr\\_blocks) | List of IPv6 cidr\\_blocks of elasticache subnets in an IPv6 enabled VPC |\n| \u003ca name=\"output_igw_arn\"\u003e\u003c/a\u003e [igw\\_arn](#output\\_igw\\_arn) | The ARN of the Internet Gateway |\n| \u003ca name=\"output_igw_id\"\u003e\u003c/a\u003e [igw\\_id](#output\\_igw\\_id) | The ID of the Internet Gateway |\n| \u003ca name=\"output_intra_network_acl_arn\"\u003e\u003c/a\u003e [intra\\_network\\_acl\\_arn](#output\\_intra\\_network\\_acl\\_arn) | ARN of the intra network ACL |\n| \u003ca name=\"output_intra_network_acl_id\"\u003e\u003c/a\u003e [intra\\_network\\_acl\\_id](#output\\_intra\\_network\\_acl\\_id) | ID of the intra network ACL |\n| \u003ca name=\"output_intra_route_table_association_ids\"\u003e\u003c/a\u003e [intra\\_route\\_table\\_association\\_ids](#output\\_intra\\_route\\_table\\_association\\_ids) | List of IDs of the intra route table association |\n| \u003ca name=\"output_intra_route_table_ids\"\u003e\u003c/a\u003e [intra\\_route\\_table\\_ids](#output\\_intra\\_route\\_table\\_ids) | List of IDs of intra route tables |\n| \u003ca name=\"output_intra_subnet_arns\"\u003e\u003c/a\u003e [intra\\_subnet\\_arns](#output\\_intra\\_subnet\\_arns) | List of ARNs of intra subnets |\n| \u003ca name=\"output_intra_subnet_objects\"\u003e\u003c/a\u003e [intra\\_subnet\\_objects](#output\\_intra\\_subnet\\_objects) | A list of all intra subnets, containing the full objects. |\n| \u003ca name=\"output_intra_subnets\"\u003e\u003c/a\u003e [intra\\_subnets](#output\\_intra\\_subnets) | List of IDs of intra subnets |\n| \u003ca name=\"output_intra_subnets_cidr_blocks\"\u003e\u003c/a\u003e [intra\\_subnets\\_cidr\\_blocks](#output\\_intra\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of intra subnets |\n| \u003ca name=\"output_intra_subnets_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [intra\\_subnets\\_ipv6\\_cidr\\_blocks](#output\\_intra\\_subnets\\_ipv6\\_cidr\\_blocks) | List of IPv6 cidr\\_blocks of intra subnets in an IPv6 enabled VPC |\n| \u003ca name=\"output_name\"\u003e\u003c/a\u003e [name](#output\\_name) | The name of the VPC specified as argument to this module |\n| \u003ca name=\"output_nat_ids\"\u003e\u003c/a\u003e [nat\\_ids](#output\\_nat\\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |\n| \u003ca name=\"output_nat_public_ips\"\u003e\u003c/a\u003e [nat\\_public\\_ips](#output\\_nat\\_public\\_ips) | List of public Elastic IPs created for AWS NAT Gateway |\n| \u003ca name=\"output_natgw_ids\"\u003e\u003c/a\u003e [natgw\\_ids](#output\\_natgw\\_ids) | List of NAT Gateway IDs |\n| \u003ca name=\"output_natgw_interface_ids\"\u003e\u003c/a\u003e [natgw\\_interface\\_ids](#output\\_natgw\\_interface\\_ids) | List of Network Interface IDs assigned to NAT Gateways |\n| \u003ca name=\"output_outpost_network_acl_arn\"\u003e\u003c/a\u003e [outpost\\_network\\_acl\\_arn](#output\\_outpost\\_network\\_acl\\_arn) | ARN of the outpost network ACL |\n| \u003ca name=\"output_outpost_network_acl_id\"\u003e\u003c/a\u003e [outpost\\_network\\_acl\\_id](#output\\_outpost\\_network\\_acl\\_id) | ID of the outpost network ACL |\n| \u003ca name=\"output_outpost_subnet_arns\"\u003e\u003c/a\u003e [outpost\\_subnet\\_arns](#output\\_outpost\\_subnet\\_arns) | List of ARNs of outpost subnets |\n| \u003ca name=\"output_outpost_subnet_objects\"\u003e\u003c/a\u003e [outpost\\_subnet\\_objects](#output\\_outpost\\_subnet\\_objects) | A list of all outpost subnets, containing the full objects. |\n| \u003ca name=\"output_outpost_subnets\"\u003e\u003c/a\u003e [outpost\\_subnets](#output\\_outpost\\_subnets) | List of IDs of outpost subnets |\n| \u003ca name=\"output_outpost_subnets_cidr_blocks\"\u003e\u003c/a\u003e [outpost\\_subnets\\_cidr\\_blocks](#output\\_outpost\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of outpost subnets |\n| \u003ca name=\"output_outpost_subnets_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [outpost\\_subnets\\_ipv6\\_cidr\\_blocks](#output\\_outpost\\_subnets\\_ipv6\\_cidr\\_blocks) | List of IPv6 cidr\\_blocks of outpost subnets in an IPv6 enabled VPC |\n| \u003ca name=\"output_private_ipv6_egress_route_ids\"\u003e\u003c/a\u003e [private\\_ipv6\\_egress\\_route\\_ids](#output\\_private\\_ipv6\\_egress\\_route\\_ids) | List of IDs of the ipv6 egress route |\n| \u003ca name=\"output_private_nat_gateway_route_ids\"\u003e\u003c/a\u003e [private\\_nat\\_gateway\\_route\\_ids](#output\\_private\\_nat\\_gateway\\_route\\_ids) | List of IDs of the private nat gateway route |\n| \u003ca name=\"output_private_network_acl_arn\"\u003e\u003c/a\u003e [private\\_network\\_acl\\_arn](#output\\_private\\_network\\_acl\\_arn) | ARN of the private network ACL |\n| \u003ca name=\"output_private_network_acl_id\"\u003e\u003c/a\u003e [private\\_network\\_acl\\_id](#output\\_private\\_network\\_acl\\_id) | ID of the private network ACL |\n| \u003ca name=\"output_private_route_table_association_ids\"\u003e\u003c/a\u003e [private\\_route\\_table\\_association\\_ids](#output\\_private\\_route\\_table\\_association\\_ids) | List of IDs of the private route table association |\n| \u003ca name=\"output_private_route_table_ids\"\u003e\u003c/a\u003e [private\\_route\\_table\\_ids](#output\\_private\\_route\\_table\\_ids) | List of IDs of private route tables |\n| \u003ca name=\"output_private_subnet_arns\"\u003e\u003c/a\u003e [private\\_subnet\\_arns](#output\\_private\\_subnet\\_arns) | List of ARNs of private subnets |\n| \u003ca name=\"output_private_subnet_objects\"\u003e\u003c/a\u003e [private\\_subnet\\_objects](#output\\_private\\_subnet\\_objects) | A list of all private subnets, containing the full objects. |\n| \u003ca name=\"output_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#output\\_private\\_subnets) | List of IDs of private subnets |\n| \u003ca name=\"output_private_subnets_cidr_blocks\"\u003e\u003c/a\u003e [private\\_subnets\\_cidr\\_blocks](#output\\_private\\_subnets\\_cidr\\_blocks) | List of cidr\\_blocks of private subnets |\n| \u003ca name=\"output_private_subnets_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [private\\_subnets\\_ipv6\\_cidr\\_blocks](#output\\_private\\_subnets\\_ipv6\\_cidr\\_blocks) | List of IPv6 cidr\\_blocks of private subnets in an IPv6 enabled VPC |\n| \u003ca name=\"output_public_internet_gateway_ipv6_route_id\"\u003e\u003c/a\u003e [public\\_internet\\_gateway\\_ipv6\\_route\\_id](#output\\_public\\_internet\\_gateway\\_ipv6\\_route\\_id) | ID of the IPv6 internet gateway route |\n| \u003ca name=\"output_public_internet_gateway_route_id\"\u003e\u003c/a\u003e [public\\_internet\\_gateway\\_route\\_id](#output\\_public\\_internet\\_gateway\\_route\\_id) | ID of the internet gateway route |\n| \u003ca name=\"output_public_network_acl_arn\"\u003e\u003c/a\u003e [public\\_network\\_acl\\_arn](#output\\_public\\_network\\_acl\\_arn) | ARN of the public network ACL |\n| \u003ca name=\"output_public_network_acl_id\"\u003e\u003c/a\u003e [public\\_network\\_acl\\_id](#output\\_public\\_network\\_acl\\_id) | ID of the public network ACL |\n| \u003ca name=\"output_public_route_table_association_ids\"\u003e\u003c/a\u003e [public\\_route\\_table\\_association\\_ids](#output\\_public\\_route\\_table\\_association\\_ids) | List of IDs of the public route table association |\n| \u003ca name=\"output_public_route_table_ids\"\u003e\u003c/a\u003e [public\\_route\\_table\\_ids](#output\\_public\\_route\\_table\\_ids) | List of IDs of public route tables |\n| \u003ca name=\"output_public_subnet_arns\"\u003e\u003c/a\u003e [public\\_subnet\\_arns](#output\\_public\\_subnet\\_arns) | List of ARNs of public subnets |\n| \u003ca name=\"output_public_subnet_objects\"\u003e\u003c/a\u003e [public\\_subnet\\_objects](#output\\_public\\_subnet\\_objects) | A list of all public subnets, containing the full objects. |\n| \u003ca name=\"output_public_subnets\"\u003e\u003c/a\u003e [public\\_subnets](#output\\_public\\_subnets) | List of IDs of public subnets |\n| \u003ca name=\"output_public_subnets_cidr_blo","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-vpc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-vpc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-aws-modules%2Fterraform-aws-vpc/lists"}