{"id":22472974,"url":"https://github.com/truefoundry/terraform-aws-truefoundry-network","last_synced_at":"2026-03-19T23:00:20.218Z","repository":{"id":178950835,"uuid":"662596829","full_name":"truefoundry/terraform-aws-truefoundry-network","owner":"truefoundry","description":"Truefoundry AWS Network Module","archived":false,"fork":false,"pushed_at":"2025-12-15T11:07:15.000Z","size":70,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-13T08:05:10.593Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/truefoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-05T13:24:08.000Z","updated_at":"2025-12-15T11:06:43.000Z","dependencies_parsed_at":"2025-02-12T23:23:15.156Z","dependency_job_id":"9c3f04bc-7006-48a5-af62-a85b2db38ea9","html_url":"https://github.com/truefoundry/terraform-aws-truefoundry-network","commit_stats":null,"previous_names":["truefoundry/terraform-aws-truefoundry-network"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/truefoundry/terraform-aws-truefoundry-network","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-network","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-network/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-network/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-network/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/truefoundry","download_url":"https://codeload.github.com/truefoundry/terraform-aws-truefoundry-network/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-network/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29811590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-25T05:36:42.804Z","status":"ssl_error","status_checked_at":"2026-02-25T05:36:31.934Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-06T12:18:15.829Z","updated_at":"2026-02-25T05:39:45.118Z","avatar_url":"https://github.com/truefoundry.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-truefoundry-network\n\nTruefoundry AWS Network Module\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.4 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.57 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 5.57 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_aws-vpc-module\"\u003e\u003c/a\u003e [aws-vpc-module](#module\\_aws-vpc-module) | terraform-aws-modules/vpc/aws | 5.19.0 |\n| \u003ca name=\"module_vpc_flow_logs_bucket\"\u003e\u003c/a\u003e [vpc\\_flow\\_logs\\_bucket](#module\\_vpc\\_flow\\_logs\\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.15.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_iam_policy_document.flow_logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_subnet.private_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |\n| [aws_subnet.public_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aws_account_id\"\u003e\u003c/a\u003e [aws\\_account\\_id](#input\\_aws\\_account\\_id) | AWS account ID | `string` | n/a | yes |\n| \u003ca name=\"input_aws_region\"\u003e\u003c/a\u003e [aws\\_region](#input\\_aws\\_region) | VPC region | `string` | n/a | yes |\n| \u003ca name=\"input_azs\"\u003e\u003c/a\u003e [azs](#input\\_azs) | Availability Zones | `list(string)` | n/a | yes |\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | AWS EKS cluster name needed for Shared cluster | `string` | `\"\"` | no |\n| \u003ca name=\"input_enable_nat_gateway\"\u003e\u003c/a\u003e [enable\\_nat\\_gateway](#input\\_enable\\_nat\\_gateway) | Enable NAT Gateway - This is necessary for the cluster to work | `bool` | `true` | no |\n| \u003ca name=\"input_external_nat_ip_ids\"\u003e\u003c/a\u003e [external\\_nat\\_ip\\_ids](#input\\_external\\_nat\\_ip\\_ids) | External NAT IPs IDs | `list(string)` | `[]` | no |\n| \u003ca name=\"input_flow_logs_bucket_attach_deny_insecure_transport_policy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_attach\\_deny\\_insecure\\_transport\\_policy](#input\\_flow\\_logs\\_bucket\\_attach\\_deny\\_insecure\\_transport\\_policy) | Flag to attach deny insecure transport policy to the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_attach_policy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_attach\\_policy](#input\\_flow\\_logs\\_bucket\\_attach\\_policy) | Flag to attach policy to the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_attach_public_policy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_attach\\_public\\_policy](#input\\_flow\\_logs\\_bucket\\_attach\\_public\\_policy) | Flag to attach public policy to the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_attach_require_latest_tls_policy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_attach\\_require\\_latest\\_tls\\_policy](#input\\_flow\\_logs\\_bucket\\_attach\\_require\\_latest\\_tls\\_policy) | Flag to attach require latest TLS policy to the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_block_public_acls\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_block\\_public\\_acls](#input\\_flow\\_logs\\_bucket\\_block\\_public\\_acls) | Flag to block public ACLs on the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_block_public_policy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_block\\_public\\_policy](#input\\_flow\\_logs\\_bucket\\_block\\_public\\_policy) | Flag to block public policy on the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_enable_override\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_enable\\_override](#input\\_flow\\_logs\\_bucket\\_enable\\_override) | Enable override for s3 bucket name. You must pass flow\\_logs\\_bucket\\_override\\_name | `bool` | `false` | no |\n| \u003ca name=\"input_flow_logs_bucket_encryption_algorithm\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_encryption\\_algorithm](#input\\_flow\\_logs\\_bucket\\_encryption\\_algorithm) | Algorithm used for encrypting the default bucket. | `string` | `\"AES256\"` | no |\n| \u003ca name=\"input_flow_logs_bucket_encryption_key_arn\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_encryption\\_key\\_arn](#input\\_flow\\_logs\\_bucket\\_encryption\\_key\\_arn) | ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm. | `string` | `null` | no |\n| \u003ca name=\"input_flow_logs_bucket_force_destroy\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_force\\_destroy](#input\\_flow\\_logs\\_bucket\\_force\\_destroy) | Force destroy for the default bucket. | `bool` | `false` | no |\n| \u003ca name=\"input_flow_logs_bucket_ignore_public_acls\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_ignore\\_public\\_acls](#input\\_flow\\_logs\\_bucket\\_ignore\\_public\\_acls) | Flag to ignore public ACLs on the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_bucket_override_name\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_override\\_name](#input\\_flow\\_logs\\_bucket\\_override\\_name) | Override name for s3 bucket. flow\\_logs\\_bucket\\_enable\\_override must be set true | `string` | `\"\"` | no |\n| \u003ca name=\"input_flow_logs_bucket_restrict_public_buckets\"\u003e\u003c/a\u003e [flow\\_logs\\_bucket\\_restrict\\_public\\_buckets](#input\\_flow\\_logs\\_bucket\\_restrict\\_public\\_buckets) | Flag to restrict public buckets on the bucket | `bool` | `true` | no |\n| \u003ca name=\"input_flow_logs_enable\"\u003e\u003c/a\u003e [flow\\_logs\\_enable](#input\\_flow\\_logs\\_enable) | Enable VPC flow logs | `bool` | `false` | no |\n| \u003ca name=\"input_one_nat_gateway_per_az\"\u003e\u003c/a\u003e [one\\_nat\\_gateway\\_per\\_az](#input\\_one\\_nat\\_gateway\\_per\\_az) | One NAT Gateway for each AZ. | `bool` | `false` | no |\n| \u003ca name=\"input_private_subnet_extra_tags\"\u003e\u003c/a\u003e [private\\_subnet\\_extra\\_tags](#input\\_private\\_subnet\\_extra\\_tags) | Extra tags for VPC private subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_private_subnets_cidrs\"\u003e\u003c/a\u003e [private\\_subnets\\_cidrs](#input\\_private\\_subnets\\_cidrs) | Assigns IPv4 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_private_subnets_ids\"\u003e\u003c/a\u003e [private\\_subnets\\_ids](#input\\_private\\_subnets\\_ids) | SHIM: Private Subnets IDs | `list(string)` | `[]` | no |\n| \u003ca name=\"input_public_subnet_extra_tags\"\u003e\u003c/a\u003e [public\\_subnet\\_extra\\_tags](#input\\_public\\_subnet\\_extra\\_tags) | Extra tags for VPC public subnets | `map(string)` | `{}` | no |\n| \u003ca name=\"input_public_subnets_cidrs\"\u003e\u003c/a\u003e [public\\_subnets\\_cidrs](#input\\_public\\_subnets\\_cidrs) | Assigns IPv4 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |\n| \u003ca name=\"input_public_subnets_ids\"\u003e\u003c/a\u003e [public\\_subnets\\_ids](#input\\_public\\_subnets\\_ids) | SHIM: Public Subnets IDs | `list(string)` | `[]` | no |\n| \u003ca name=\"input_shim\"\u003e\u003c/a\u003e [shim](#input\\_shim) | If true will not create the network and forward the input values to the same outputs. | `bool` | `false` | no |\n| \u003ca name=\"input_single_nat_gateway\"\u003e\u003c/a\u003e [single\\_nat\\_gateway](#input\\_single\\_nat\\_gateway) | Single NAT Gateway, shared for all AZ and subnets | `bool` | `true` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | AWS Tags common to all the resources created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_use_external_elastic_ips\"\u003e\u003c/a\u003e [use\\_external\\_elastic\\_ips](#input\\_use\\_external\\_elastic\\_ips) | Use external elastic IPs | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_cidr\"\u003e\u003c/a\u003e [vpc\\_cidr](#input\\_vpc\\_cidr) | The CIDR block for the VPC. | `string` | `\"\"` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | SHIM: VPC Id | `string` | `\"\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_availability_zones\"\u003e\u003c/a\u003e [availability\\_zones](#output\\_availability\\_zones) | List of availability zones for VPC |\n| \u003ca name=\"output_private_subnets_cidrs\"\u003e\u003c/a\u003e [private\\_subnets\\_cidrs](#output\\_private\\_subnets\\_cidrs) | List of private subnet CIDRs in the VPC |\n| \u003ca name=\"output_private_subnets_id\"\u003e\u003c/a\u003e [private\\_subnets\\_id](#output\\_private\\_subnets\\_id) | List of private subnet IDs in the VPC |\n| \u003ca name=\"output_public_subnets_cidrs\"\u003e\u003c/a\u003e [public\\_subnets\\_cidrs](#output\\_public\\_subnets\\_cidrs) | List of public subnet CIDRs in the VPC |\n| \u003ca name=\"output_public_subnets_id\"\u003e\u003c/a\u003e [public\\_subnets\\_id](#output\\_public\\_subnets\\_id) | List of public subnet IDs in the VPC |\n| \u003ca name=\"output_region\"\u003e\u003c/a\u003e [region](#output\\_region) | AWS region of VPC |\n| \u003ca name=\"output_validate_private_subnet_tags\"\u003e\u003c/a\u003e [validate\\_private\\_subnet\\_tags](#output\\_validate\\_private\\_subnet\\_tags) | Validates that all private subnets have the required Kubernetes tags for proper ELB and cluster integration |\n| \u003ca name=\"output_validate_public_subnet_tags\"\u003e\u003c/a\u003e [validate\\_public\\_subnet\\_tags](#output\\_validate\\_public\\_subnet\\_tags) | Validates that all public subnets have the required Kubernetes tags for proper ELB and cluster integration |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id) | VPC ID of the network |\n\u003c!-- END_TF_DOCS --\u003e\n## Subnet Tag Validation (Shim Mode)\n\nWhen using the module in shim mode (with existing subnets), the following outputs are available:\n\n- `private_subnets_tags`: List of tag maps for each private subnet\n- `public_subnets_tags`: List of tag maps for each public subnet\n\nYou should check these outputs to ensure your subnets have the required tags:\n\n**Private Subnets:**\n\n- `kubernetes.io/cluster/$CLUSTER_NAME`: \"shared\"\n- `subnet`: \"private\"\n- `kubernetes.io/role/internal-elb`: \"1\"\n\n**Public Subnets:**\n\n- `kubernetes.io/cluster/$CLUSTER_NAME`: \"shared\"\n- `subnet`: \"public\"\n- `kubernetes.io/role/elb`: \"1\"\n\nIf any subnet is missing these tags, you must add them manually in the AWS console or via CLI.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-network","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-network","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-network/lists"}