Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kunduso/terraform-aws-vpc

This repository contains a Terraform module that automates the creation of Amazon Virtual Private Cloud (VPC) resources on AWS.
https://github.com/kunduso/terraform-aws-vpc

aws-vpc azure-pipelines checkov

Last synced: about 1 month ago
JSON representation

This repository contains a Terraform module that automates the creation of Amazon Virtual Private Cloud (VPC) resources on AWS.

Awesome Lists containing this project

README 

        

[![Build Status](https://littlecoding.visualstudio.com/Open-Project/_apis/build/status%2Fkunduso.terraform-aws-vpc?branchName=main)](https://littlecoding.visualstudio.com/Open-Project/_build/latest?definitionId=37&branchName=main) [![checkov-static-analysis-scan](https://github.com/kunduso/terraform-aws-vpc/actions/workflows/code-scan.yml/badge.svg?branch=main)](https://github.com/kunduso/terraform-aws-vpc/actions/workflows/code-scan.yml) [![Generate terraform docs](https://github.com/kunduso/terraform-aws-vpc/actions/workflows/documentation.yml/badge.svg)](https://github.com/kunduso/terraform-aws-vpc/actions/workflows/documentation.yml)

# Terraform Module for Amazon Virtual Private Cloud resources

This repository contains a Terraform module that automates the creation of Amazon Virtual Private Cloud (VPC) resources on AWS.



## Overview

This module provides foundation for setting up secure, isolated environments in AWS, including:

- Automated VPC creation with customizable CIDR blocks

- Public and private subnet configuration

- Network traffic logging and monitoring capabilities

- Built-in security best practices

- Configurable NAT gateways for private subnet access



## Requirements



| Name | Version |

|------|---------|

|  [aws](#requirement_aws) | >= 5.0.0 |

|  [random](#requirement_random) | >= 3.0.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider_aws) | >= 5.0.0 |

|  [random](#provider_random) | >= 3.0.0 |



## Resources



| Name | Type |

|------|------|

| [aws_cloudwatch_log_group.network_flow_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |

| [aws_default_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | resource |

| [aws_eip.nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |

| [aws_flow_log.network_flow_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |

| [aws_iam_role.vpc_flow_log_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy.vpc_flow_log_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_internet_gateway.this_igw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |

| [aws_kms_alias.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |

| [aws_kms_key.custom_kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |

| [aws_kms_key_policy.encrypt_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy) | resource |

| [aws_nat_gateway.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |

| [aws_route.internet_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |

| [aws_route.private_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |

| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |

| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |

| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |

| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |

| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |

| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |

| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |

| [random_string.vpc_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [region](#input_region) | The AWS region to provision resources. | `string` | n/a | yes |

|  [vpc_cidr](#input_vpc_cidr) | The CIDR block for the VPC | `string` | n/a | yes |

|  [enable_dns_hostnames](#input_enable_dns_hostnames) | Enable DNS hostnames for VPC. | `bool` | `false` | no |

|  [enable_dns_support](#input_enable_dns_support) | Enable DNS support for VPC. | `bool` | `false` | no |

|  [enable_flow_log](#input_enable_flow_log) | Enable VPC flow logs | `bool` | `true` | no |

|  [enable_internet_gateway](#input_enable_internet_gateway) | Enable internet gateway for VPC. | `bool` | `false` | no |

|  [enable_nat_gateway](#input_enable_nat_gateway) | Enable nat gateway for VPC. | `bool` | `false` | no |

|  [subnet_cidr_private](#input_subnet_cidr_private) | CIDR blocks for the private subnets. | `list(any)` | `[]` | no |

|  [subnet_cidr_public](#input_subnet_cidr_public) | CIDR blocks for the public subnets. | `list(any)` | `[]` | no |

|  [tags](#input_tags) | AWS Cloud resource tags. | `map(string)` | 
{
  "Module": "https://github.com/kunduso/terraform-aws-vpc"
}
 | no |

|  [vpc_name](#input_vpc_name) | Name of the VPC. | `string` | `""` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [aws_cloudwatch_log_group](#output_aws_cloudwatch_log_group) | The CloudWatch Log Group (if enabled). |

|  [aws_iam_role](#output_aws_iam_role) | The IAM Role (if enabled). |

|  [flow_log](#output_flow_log) | The flow log (if enabled). |

|  [iam_policy](#output_iam_policy) | The IAM Policy (if enabled). |

|  [internet_gateway](#output_internet_gateway) | The Internet Gateway (if enabled). |

|  [internet_route](#output_internet_route) | The Internet Gateway route (if enabled). |

|  [kms_key](#output_kms_key) | The KMS Key to encrypt the AWS CloudWatch Logs (if enabled). |

|  [kms_key_alias](#output_kms_key_alias) | The alias of the KMS key (if enabled). |

|  [kms_key_policy](#output_kms_key_policy) | The IAM policy for the KMS key (if enabled). |

|  [nat_gateway](#output_nat_gateway) | The NAT Gateway (if enabled). |

|  [nat_gateway_public_ips](#output_nat_gateway_public_ips) | List of public Elastic IPs created for NAT Gateway (if enabled). |

|  [private_route](#output_private_route) | The private route. |

|  [private_route_table](#output_private_route_table) | The priavte route tables created in this module. |

|  [private_route_table_association](#output_private_route_table_association) | The private route table association. |

|  [private_subnets](#output_private_subnets) | List of private subnets. |

|  [public_route_table](#output_public_route_table) | The public route table. |

|  [public_route_table_association](#output_public_route_table_association) | The public route table association. |

|  [public_subnets](#output_public_subnets) | List of public subnets. |

|  [vpc](#output_vpc) | The VPC created via this module. |



## Usage

To use this module in your Terraform configuration, include the following module block:



```hcl

module "vpc" {

  source                  = "kunduso/vpc/aws"

  version                 = "1.0.3"

  region                  = var.region

  enable_internet_gateway = true

  enable_nat_gateway      = true

  vpc_cidr                = "10.20.30.0/24"

  subnet_cidr_public      = ["10.20.30.0/27", "10.20.30.32/27", "10.20.30.64/27"]

  subnet_cidr_private     = ["10.20.30.128/27", "10.20.30.160/27", "10.20.30.192/27"]

  tags = {

    Application_ID = "12345"

    Environment    = "dev"

    Source         = "https://github.com/kunduso/terraform-aws-vpc"

  }

  #CKV_TF_1: Ensure Terraform module sources use a commit hash

  #checkov:skip=CKV_TF_1: This is a self hosted module where the version number is tagged rather than the commit hash.

}

```

## Example Implementation

A complete example implementation of this module can be found in the [example directory](https://github.com/kunduso/terraform-aws-vpc/tree/main/example). The example demonstrates how to:



- Set up the AWS provider

- Configure the VPC module

- Define required variables

- Set up backend configuration



You can use this example as a reference for implementing the module in your own infrastructure code.

 Additionally, the repository includes [Azure Pipelines](https://github.com/kunduso/terraform-aws-vpc/blob/main/pipeline/azure-pipelines.yaml) to automate the deployment of this infrastructure as part of a CI/CD pipeline. This makes it easy to apply your Terraform configurations directly from the pipeline.



Note: Ensure you have appropriate AWS credentials configured before running the example.



## Contributing

If you find any issues or have suggestions for improvement, feel free to open an [issue](https://github.com/kunduso/terraform-aws-vpc/issues/new) or submit a pull request. Contributions are always welcome!

## License

This code is released under the Unlicense License. See [LICENSE](https://github.com/kunduso/terraform-aws-vpc/blob/main/LICENSE).