Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bocan/odin

This is the Opentofu code used to build my docker compose powered webserver on an AWS SPOT instance.
https://github.com/bocan/odin

aws docker opentofu spot terraform webserver

Last synced: about 1 month ago
JSON representation

This is the Opentofu code used to build my docker compose powered webserver on an AWS SPOT instance.

Awesome Lists containing this project

README

        

## About

This Tofu / Terraform repo builds an a single AWS instance for my containerised platform running in a single Spot instance. AWS can stop it, delete it, whatever - because the user_data sets everything up from scratch and any important data is kept on an external volume.

It basically looks like this:

* A dedicated VPC, and [EC2 Spot instance](https://aws.amazon.com/ec2/spot/) spun up with [Terraform](https://www.terraform.io/) / ([OpenTofu](https://opentofu.org/)) running a [Debian Sid](https://www.debian.org/releases/sid/) AMI that I've encrypted with a customer managed key.
* The root volume is small (8G) and remains mostly untouched with only enough changes to the root volume to enable it to reboot without needing any configuration changes.
* All important persistent data and configuration lives on a separate encrypted volume mounted at /volume. This terraform project connects the instance to it, but doesn't manage it directly.

* Everything important is running as a Docker container via Docker Compose. There are 5 major Docker containers that need to remain up:

* [certbot](https://certbot.eff.org/): Mostly sleeping for 12 hours at a time but then checking for certs that need to be renewed
* [nginx](https://www.nginx.com/): Powers all the static and tool sites.
* [php](https://www.php.net/releases/8.0/en.php): Has the same mounts as nginx and runs any PHP needed. I self compile this as PHP's a monstrocity.
* [mariadb](https://mariadb.org/): Powers any needed mysql/mariadb databases.
* [gitea](https://about.gitea.com/): A place I intend to move most of my private repos into. Kind of like Gitlab, but not as bloated with crap.

* I also have a fully monitoring / metrics / observability stack running:

* [prometheus](https://prometheus.io/): The metrics engine.
* [grafana](https://grafana.com/) : A virtual pane of glass to view all the metrics.
* [cadvisor](https://github.com/google/cadvisor): Analyzes resource usage and performance characteristics of running containers.
* [node-exporter](https://github.com/prometheus/node_exporter) : Scrapes and exports my instance's metrics.

* All Powering These Sites:

* [My home page](https://chris.funderburg.me), a static site built every 5 minutes from Git via [Hugo](https://gohugo.io/).
* A Wordpress site powering a personal archive. (nginx and php)
* [bocan.dev](https://bocan.dev) - A 1 page CV site. (just nginx)
* [cfunder.me](https://cfunder.me/) - A personal URL shortener. (nginx and php)
* My personal blog (nginx and hugo), and tooling hidden underneath:
* A personal photo gallery powered by [Piwigo](https://piwigo.org/).
* A [webapp](https://chris.funderburg.me/advice) that gives quotes and advice.
* My self hosted [Nextcloud](https://nextcloud.com/) engine.
* A [time dashboard](https://chris.funderburg.me/time.php) I built to amuse myself.
* My [business site](https://cloudcauldron.io) (just nginx) - but soon to be my business blog (nginx and hugo)
* My [family tree site](https://tree.funderburg.me/) (just nginx)

* There are 3 crontab jobs executing commands inside the docker containers:

* Every 15 minutes, exec into php and update my [TTRSS](https://tt-rss.org/) site to get check RSS feeds.
* Every 31 minutes, exec into php and run the Nextcloud cron processing.
* Every 5 minutes, use Git to pull all configuration from Github, then exec into the [Hugo](https://gohugo.io/) container and generate the static blogs.

* Issues I still need to fix:

* I'd like to swap the AMI and disk encryption to use a CMK.
* The Github repo that controls all of it stores the web certificates so I can't make it public yet. I need to split that piece out.
* The big external volume only has 1 snapshot and it's not automated yet.

## Requirements

| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.8.0 |
| [aws](#requirement\_aws) | >= 5.0 |

## Providers

| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 5.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| [ec2\_instance](#module\_ec2\_instance) | terraform-aws-modules/ec2-instance/aws | 5.7.1 |
| [ec2\_instance\_freyja](#module\_ec2\_instance\_freyja) | terraform-aws-modules/ec2-instance/aws | 5.7.1 |
| [kms](#module\_kms) | terraform-aws-modules/kms/aws | 3.1.1 |
| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | 5.2.0 |
| [security\_group\_freyja](#module\_security\_group\_freyja) | terraform-aws-modules/security-group/aws | 5.2.0 |
| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.15.0 |

## Resources

| Name | Type |
|------|------|
| [aws_ami_copy.debian_encrypted_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami_copy) | resource |
| [aws_dlm_lifecycle_policy.odin_dlm_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dlm_lifecycle_policy) | resource |
| [aws_dlm_lifecycle_policy.odin_dlm_policy_monthly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dlm_lifecycle_policy) | resource |
| [aws_eip.bar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_eip.foo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_iam_instance_profile.ec2_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_policy.ec2_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.dlm_lifecycle_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.ec2_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.dlm_lifecycle](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_route53_record.mailserverA](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_volume_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
| [aws_volume_attachment.this2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
| [aws_ami.debian](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_ami.encrypted-ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_ebs_volume.ebs_volume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_volume) | data source |
| [aws_ebs_volume.ebs_volume_freyja](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_volume) | data source |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.dlm_lifecycle](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [ami\_override](#input\_ami\_override) | The Debian Sid AMI can be updated too fast. Set this if you don't want to update it. | `string` | `null` | no |
| [github\_token](#input\_github\_token) | The github token I use to let Hugo write back to Github. | `string` | n/a | yes |
| [github\_user](#input\_github\_user) | The github user I use to let Hugo write back to Github. | `string` | n/a | yes |
| [passphrase](#input\_passphrase) | Password to encrypt state | `string` | n/a | yes |
| [users\_for\_key](#input\_users\_for\_key) | The users or sts roles to give access to the customer managed key | `list(string)` | `null` | no |

## Outputs

| Name | Description |
|------|-------------|
| [ami\_details](#output\_ami\_details) | n/a |
| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
| [ec2\_instance\_arn](#output\_ec2\_instance\_arn) | The ARN of the instance |
| [ec2\_instance\_availability\_zone](#output\_ec2\_instance\_availability\_zone) | The availability zone of the created instance |
| [ec2\_instance\_capacity\_reservation\_specification](#output\_ec2\_instance\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
| [ec2\_instance\_ebs\_block\_device](#output\_ec2\_instance\_ebs\_block\_device) | EBS block device information |
| [ec2\_instance\_ephemeral\_block\_device](#output\_ec2\_instance\_ephemeral\_block\_device) | Ephemeral block device information |
| [ec2\_instance\_iam\_instance\_profile\_arn](#output\_ec2\_instance\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
| [ec2\_instance\_iam\_instance\_profile\_id](#output\_ec2\_instance\_iam\_instance\_profile\_id) | Instance profile's ID |
| [ec2\_instance\_iam\_instance\_profile\_unique](#output\_ec2\_instance\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
| [ec2\_instance\_iam\_role\_arn](#output\_ec2\_instance\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
| [ec2\_instance\_iam\_role\_name](#output\_ec2\_instance\_iam\_role\_name) | The name of the IAM role |
| [ec2\_instance\_iam\_role\_unique\_id](#output\_ec2\_instance\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
| [ec2\_instance\_id](#output\_ec2\_instance\_id) | The ID of the instance |
| [ec2\_instance\_instance\_state](#output\_ec2\_instance\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
| [ec2\_instance\_primary\_network\_interface\_id](#output\_ec2\_instance\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
| [ec2\_instance\_private\_dns](#output\_ec2\_instance\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
| [ec2\_instance\_public\_dns](#output\_ec2\_instance\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
| [ec2\_instance\_public\_ip](#output\_ec2\_instance\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
| [ec2\_instance\_root\_block\_device](#output\_ec2\_instance\_root\_block\_device) | Root block device information |
| [ec2\_instance\_tags\_all](#output\_ec2\_instance\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
| [ptr\_record](#output\_ptr\_record) | public dns |
| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |