{"id":20901571,"url":"https://github.com/willfarrell/terraform-vpc-module","last_synced_at":"2025-12-27T08:35:18.960Z","repository":{"id":142528802,"uuid":"192244707","full_name":"willfarrell/terraform-vpc-module","owner":"willfarrell","description":"VPC w/ NATs","archived":false,"fork":false,"pushed_at":"2024-08-02T03:02:50.000Z","size":97,"stargazers_count":1,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-19T13:27:11.910Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willfarrell.png","metadata":{"files":{"readme":"docs/README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-16T23:03:54.000Z","updated_at":"2023-03-08T03:06:30.000Z","dependencies_parsed_at":"2024-11-21T01:15:41.930Z","dependency_job_id":null,"html_url":"https://github.com/willfarrell/terraform-vpc-module","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-vpc-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-vpc-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-vpc-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-vpc-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willfarrell","download_url":"https://codeload.github.com/willfarrell/terraform-vpc-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243292833,"owners_count":20268126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T11:36:03.785Z","updated_at":"2025-12-27T08:35:18.889Z","avatar_url":"https://github.com/willfarrell.png","language":"HCL","readme":"# VPC\nCreates a VPC over two AZ w/ NAT in each AZ.\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"http://gordonfoundation.ca\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/tesera/terraform-modules/master/vpc/diagram.png?token=\u0026sanitize=true\" alt=\"Module Diagram\" width=\"200\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n## Features\n- 1 region\n- 2+ availability zones (AZ)\n- 1 public, 1 private subnet per AZ\n- 1 NAT per public subnet\n- ACL - Allow http, https, dns, ephemeral ports, easy to extend\n\n## Setup\n\n### Module\n\n```hcl-terraform\nmodule \"vpc\" {\n  source = \"git@github.com:willfarrell/terraform-vpc-module//vpc?ref=v0.0.1\"\n  name           = local.workspace[\"name\"]\n  az_count       = local.workspace[\"az_count\"]\n  cidr_block     = local.workspace[\"cidr_block\"]\n  nat_type       = local.workspace[\"nat_type\"]\n  ami_account_id = data.terraform_remote_state.master.outputs.account_id\n}\n```\n\n## Outputs\n```hcl-terraform\noutput \"nat_ips\" {\n  value = module.vpc.public_ips\n}\n\noutput \"nat_billing_suggestion\" {\n  value = module.vpc.billing_suggestion\n}\n\n# Output config information to SSM Paramstore for use from Serverless, Lambda or other components\nresource \"aws_ssm_parameter\" \"vpc_id\" {\n  name        = \"/infrastructure/vpc/id\"\n  description = \"VPC ID\"\n  type        = \"String\"\n  value       = module.vpc.id\n}\n\nresource \"aws_ssm_parameter\" \"vpc_public_subnets\" {\n  name        = \"/infrastructure/vpc/public_subnets\"\n  description = \"VPC public subnets\"\n  type        = \"StringList\"\n  value       = join(\",\", module.vpc.public_subnet_ids)\n}\n\nresource \"aws_ssm_parameter\" \"vpc_private_subnets\" {\n  name        = \"/infrastructure/vpc/private_subnets\"\n  description = \"VPC private subnets\"\n  type        = \"StringList\"\n  value       = join(\",\", module.vpc.private_subnet_ids)\n}\n\nresource \"aws_ssm_parameter\" \"vpc_secuirty_group\" {\n  name        = \"/infrastructure/vpc/security_group\"\n  description = \"VPC security group\"\n  type        = \"String\"\n  value       = module.vpc.security_group_id\n}\n```\n\n### Add Gateway Endpoints\n```hcl-terraform\nresource \"aws_vpc_endpoint\" \"s3\" {\n  vpc_id            = module.vpc.id\n  service_name      = \"com.amazonaws.${local.workspace[\"region\"]}.s3\"\n  route_table_ids   = module.vpc.private_route_table_ids\n  policy            = \u003c\u003cPOLICY\n{\n  \"Statement\": [\n      {\n          \"Sid\":\"\",\n          \"Effect\": \"Allow\",\n          \"Action\": \"s3:*\",\n          \"Resource\": [\n            \"arn:aws:s3:::*\",\n            \"arn:aws:s3:::*/*\"\n          ],\n          \"Principal\": \"*\",\n          \"Condition\": {\n            \"StringEquals\": {\n              \"aws:SourceVpce\": \"${module.vpc.id}\"\n            }\n          }\n      }\n  ]\n}\nPOLICY\n}\n\nresource \"aws_vpc_endpoint\" \"dynamodb\" {\n  vpc_id          = module.vpc.id\n  service_name    = \"com.amazonaws.${local.workspace[\"region\"]}.dynamodb\"\n  route_table_ids = module.vpc.private_route_table_ids\n  policy          = \u003c\u003cPOLICY\n{\n    \"Statement\": [\n        {\n            \"Sid\":\"\",\n            \"Effect\": \"Allow\",\n            \"Action\": \"dynamodb:*\",\n            \"Resource\": \"arn:aws:dynamodb:::${module.dynamodb.id}/*\",\n            \"Principal\": \"*\",\n            \"Condition\": {\n              \"StringEquals\": {\n                \"aws:SourceVpce\": \"${module.vpc.id}\"\n              }\n            }\n        }\n    ]\n}\nPOLICY\n}\n\n# See https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/main.tf#L827-L1456 for more examples\n\n```\n\n### Extra ACL Rules\n```hcl-terraform\n# Postgres\nresource \"aws_network_acl_rule\" \"ingress_postgres\" {\n  network_acl_id = module.vpc.network_acl_id\n  rule_number    = 5432\n  egress         = false\n  protocol       = \"tcp\"\n  rule_action    = \"allow\"\n  cidr_block     = \"::/0\"\n  from_port      = 5432\n  to_port        = 5432\n}\n\nresource \"aws_network_acl_rule\" \"egress_postgres\" {\n  network_acl_id = module.vpc.network_acl_id\n  rule_number    = 5432\n  egress         = true\n  protocol       = \"tcp\"\n  rule_action    = \"allow\"\n  cidr_block     = \"0.0.0.0/0\"\n  from_port      = 5432\n  to_port        = 5432\n}\n```\n\n## Input\nName           | Type        | Default       | Required | Description\n---------------|-------------|---------------|----------|-------------\nname           | string      | ``            | No       | Application Name\ndefault_tags   | map(string) | `{}`          | No       | Tag to apply to all resources\ncidr_block     | string      | `10.0.0.0/16` | No       | Custom CIDR block, must end with `.0.0/16`\naz_count       | string      | `2`           | No       | Number on AZs to initialize. Note: RDS/EKS requires min of 2. See [Map](https://aws.amazon.com/about-aws/global-infrastructure/) for AZ count for each region.\nnat_type       | string      | `none`        | No       | Type of NAT to use `gateway`, `instance` or `none`. See [Comparison](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html).\ninstance_type  | string      | `t3.micro`    | No       | When `nat_type == instance`. override the instance type\nami_account_id | string      | `self`        | No       | When `nat_type == instance`. account id where the AMI resides. See [Packer NAT](https://github.com/willfarrell/terraform-ec-modules/tree/master/packer/nat).\n\n## Output\n- **id:** vpc id\n- **public_ips:** array of ips attached to NATs\n- **public_subnet_ids:** array of public subnet ids\n- **private_subnet_ids:** array of private subnet ids\n- **private_route_table_ids:** array of private route tables for aws_vpc_endpoints\n- **network_acl_id:** ACL id so additional rules can be added\n\n\n## Configurations\n\nName       | `development` | `production`\n-----------|---------------|------------\n`az_count` | 2             | \\\u003e=2\n`nat_type` | `instance`    | `gateway`\n\n## Known Issues:\n- Unable to increase `az_count` when using a NAT instance\n\n## Related\n- https://github.com/terraform-aws-modules/terraform-aws-vpc\n\n## TODO\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fterraform-vpc-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillfarrell%2Fterraform-vpc-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fterraform-vpc-module/lists"}