{"id":22347714,"url":"https://github.com/wearetechnative/terraform-aws-network","last_synced_at":"2026-03-19T22:29:44.583Z","repository":{"id":258505049,"uuid":"706723166","full_name":"wearetechnative/terraform-aws-network","owner":"wearetechnative","description":"Terraform module to create AWS network resources - VPC, public / private networks, NAT and  has advanced network configuration via .json","archived":false,"fork":false,"pushed_at":"2025-01-14T12:23:33.000Z","size":189,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-31T12:12:35.280Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wearetechnative.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-18T13:50:12.000Z","updated_at":"2025-01-14T12:23:36.000Z","dependencies_parsed_at":"2024-10-19T10:12:55.956Z","dependency_job_id":"6b0b0aa0-b04f-4b28-8683-0d7e40b10842","html_url":"https://github.com/wearetechnative/terraform-aws-network","commit_stats":null,"previous_names":["wearetechnative/terraform-aws-network"],"tags_count":0,"template":false,"template_full_name":"TechNative-B-V/terraform-aws-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wearetechnative%2Fterraform-aws-network","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wearetechnative%2Fterraform-aws-network/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wearetechnative%2Fterraform-aws-network/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wearetechnative%2Fterraform-aws-network/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wearetechnative","download_url":"https://codeload.github.com/wearetechnative/terraform-aws-network/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245641317,"owners_count":20648637,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-04T10:10:38.262Z","updated_at":"2026-01-05T23:08:10.134Z","avatar_url":"https://github.com/wearetechnative.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform AWS [Network] ![](https://img.shields.io/github/actions/workflow/status/wearetechnative/terraform-aws-network/tflint.yaml?branch=main\u0026style=plastic)\nhttps://img.shields.io/github/actions/workflow/status/\u003cuser\u003e/\u003crepo\u003e/test.yml?branch=main\n\nTechNative's VPC boilerplate module.\n\n[![](we-are-technative.png)](https://www.technative.nl)\n\n## Design goals\n\n- Standard 'Module guidelines' from https://docs-mcs.technative.eu/infra-as-code/terraform-code-organization/.\n- Any network specific design goals are listed below.\n- Do not implement security controls. Security is handled in the security groups.\n- Reset and control any default resources as much as possible.\n\n## Features\n\n- create VPC\n- advanced subnet configuration in JSON\n- cheap NAT's (see `input_use_nat_instances`)\n\n## Usage\n\nUse the network.example.json to create your own network. Any users must use the\noutputs subnet_groups and be configured to use an entire subnet_group. Any\nadditions on the network will then be automatically propagated to its users\n(e.g. ASG, ALB).\n\nThis module defines subnet_groups as collection of subnets that can easily be\nextended and must be used as an single entity. Each user of subnets must have\nits subnet_group key configured and fetch any corresponding subnets from the\noutput.subnet_groups. This allows any additionally subnets to be automatically\npicked up by the users.\n\nBeware: The subnets map key must be added in ascending order and removing any\nexisting subnet must happen by setting is_provisioned to false. The reasoning\nfor this is that we use hashicorp/subnets/cidr which calculates the CIDR blocks\nfor us. These CIDR blocks don't have gaps and are consecutive. Only when the\nsubnets map is extended then this mapping will remain stable.\n\nAny subnet.subnet_group must refer to an existing key in the subnet_groups map.\nUse networkaddress_bits to define the amount of addresses provisioned for the\nsubnet. This number must be higher than 3.\n\nnetworkaddress_bits = 4 -\u003e 12 available addresses\nnetworkaddress_bits = 8 -\u003e 251 available addresses\n\n## Future work / ideas\n\nPossibility of automatically adding subnet groups when new availability zones\narrive. A downside to this is the fact that if many new azs are added then we\noverflow the available CIDR block. So it's not included for now. Each subnet\nstill requires some manual configuration.\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e=5.22.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_nat_instances\"\u003e\u003c/a\u003e [nat\\_instances](#module\\_nat\\_instances) | ./nat_instances | n/a |\n| \u003ca name=\"module_s3_flow_logs\"\u003e\u003c/a\u003e [s3\\_flow\\_logs](#module\\_s3\\_flow\\_logs) | git@github.com:wearetechnative/terraform-aws-s3 | 73aa13eeb59184ce88cd9e925e9dc1504cc18940 |\n| \u003ca name=\"module_subnet_addrs\"\u003e\u003c/a\u003e [subnet\\_addrs](#module\\_subnet\\_addrs) | hashicorp/subnets/cidr | 1.0.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_default_network_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) | resource |\n| [aws_default_route_table.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) | resource |\n| [aws_default_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource |\n| [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |\n| [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |\n| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |\n| [aws_nat_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |\n| [aws_network_acl.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |\n| [aws_network_acl_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_association) | resource |\n| [aws_network_acl_rule.allow_all_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_network_acl_rule.allow_all_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |\n| [aws_route.internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route.nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |\n| [aws_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |\n| [aws_route_table_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |\n| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |\n| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |\n| [aws_vpc_dhcp_options.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options) | resource |\n| [aws_vpc_dhcp_options_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options_association) | resource |\n| [aws_vpc_endpoint.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.vpc_flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_configuration\"\u003e\u003c/a\u003e [configuration](#input\\_configuration) | Configuration object indicating required setup. | \u003cpre\u003eobject({\u003cbr\u003e    subnet_groups : map(object({\u003cbr\u003e      nat_gateway : bool\u003cbr\u003e      internet_gateway : bool\u003cbr\u003e    }))\u003cbr\u003e    subnets : map(object({\u003cbr\u003e      name : string\u003cbr\u003e      is_provisioned : bool\u003cbr\u003e      availability_zone : string\u003cbr\u003e      networkaddress_bits : number\u003cbr\u003e      subnet_group : string\u003cbr\u003e    }))\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#input\\_kms\\_key\\_arn) | KMS key to use for VPC Flow logs. | `string` | n/a | yes |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | VPC name | `string` | n/a | yes |\n| \u003ca name=\"input_sqs_dlq_arn\"\u003e\u003c/a\u003e [sqs\\_dlq\\_arn](#input\\_sqs\\_dlq\\_arn) | SQS DLQ Arn to transfer unprocessed / failed infra messages into. | `string` | n/a | yes |\n| \u003ca name=\"input_use_nat_instances\"\u003e\u003c/a\u003e [use\\_nat\\_instances](#input\\_use\\_nat\\_instances) | Use cheap (t4g.nano) instances to save cost. | `bool` | `false` | no |\n| \u003ca name=\"input_vpc_cidr_partition_id\"\u003e\u003c/a\u003e [vpc\\_cidr\\_partition\\_id](#input\\_vpc\\_cidr\\_partition\\_id) | A number between 0 and 255 to prevent overlapping CIDR ranges. | `number` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_subnet_groups\"\u003e\u003c/a\u003e [subnet\\_groups](#output\\_subnet\\_groups) | n/a |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id) | n/a |\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwearetechnative%2Fterraform-aws-network","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwearetechnative%2Fterraform-aws-network","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwearetechnative%2Fterraform-aws-network/lists"}