Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/miquido/terraform-vpc
https://github.com/miquido/terraform-vpc
Last synced: 5 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/miquido/terraform-vpc
- Owner: miquido
- Created: 2023-09-13T06:22:08.000Z (about 1 year ago)
- Default Branch: dependabot-terraform-vpc-1.1.0
- Last Pushed: 2024-06-19T12:53:56.000Z (5 months ago)
- Last Synced: 2024-06-20T20:43:33.676Z (5 months ago)
- Language: HCL
- Size: 109 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[![Miquido][logo]](https://www.miquido.com/)
# terraform-vpc
Provides AWS VPC with Private Subnets and optional NAT Gateways.
---
**Terraform Module**
GitLab Repository: https://gitlab.com/miquido/terraform/terraform-vpc
## Usage
### With single NAT gateway
```hcl
module "vpc" {
source = "git::ssh://[email protected]:miquido/terraform/terraform-vpc.git?ref=master"
name = "main"
project = "example"
environment = "dev"
tags = var.tags
azs = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]
nat_type = "gateway-single"
enable_ecs_fargate_private_link = false
}
```
You can also deploy VPC without NAT, with NAT instance or NAT gateway per AZ by modyfing value of `nat_type` variable.
## Makefile Targets
```text
Available targets:
help Help screen
help/all Display help for all targets
help/short This help short screen
lint Lint Terraform code
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13 |
| [aws](#requirement\_aws) | ~> 4.1 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | ~> 4.1 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [dynamic-subnets](#module\_dynamic-subnets) | git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git | 1.0.0 |
| [label](#module\_label) | git::https://github.com/cloudposse/terraform-terraform-label | 0.8.0 |
| [vpc](#module\_vpc) | git::https://github.com/cloudposse/terraform-aws-vpc.git | 0.28.1 |
## Resources
| Name | Type |
|------|------|
| [aws_eip.single-nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_nat_gateway.single-nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |
| [aws_route.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_security_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.default-sg-allow-all-egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.default-sg-allow-self-ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_vpc_endpoint.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint.ecr-api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint.ecr-dkr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint_service.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
| [aws_vpc_endpoint_service.ecr-api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
| [aws_vpc_endpoint_service.ecr-dkr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
| [aws_vpc_endpoint_service.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [azs](#input\_azs) | List of Availability Zones where subnets will be created | `list(string)` | `[]` | no |
| [cidr](#input\_cidr) | CIDR for the VPC | `string` | `"10.0.0.0/16"` | no |
| [enable\_ecs\_fargate\_private\_link](#input\_enable\_ecs\_fargate\_private\_link) | Controls whether to create VPC Endpoints regarding AWS ECS with Fargate services in managed VPC | `bool` | `false` | no |
| [environment](#input\_environment) | Environment name | `string` | `""` | no |
| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Instances launched into a public subnet should be assigned a public IP address | `bool` | `true` | no |
| [max\_subnet\_count](#input\_max\_subnet\_count) | Sets the maximum amount of subnets to deploy. 0 will deploy a subnet for every provided availablility zone (in `availability_zones` variable) within the region | `number` | `0` | no |
| [name](#input\_name) | Resource common name | `string` | n/a | yes |
| [nat\_instance\_type](#input\_nat\_instance\_type) | NAT Instance type | `string` | `"t3.micro"` | no |
| [nat\_type](#input\_nat\_type) | Configure deployment of NAT instances/gateways for private subnets. Possible values are: gateway-per-az, gateway-single, instance-per-az and off. | `string` | `"gateway-per-az"` | no |
| [private\_network\_acl\_id](#input\_private\_network\_acl\_id) | Network ACL ID that will be added to private subnets. If empty, a new ACL will be created | `string` | `""` | no |
| [private\_subnets\_additional\_tags](#input\_private\_subnets\_additional\_tags) | Additional tags to be added to private subnets | `map(string)` | `{}` | no |
| [project](#input\_project) | Account/Project Name | `string` | n/a | yes |
| [public\_network\_acl\_id](#input\_public\_network\_acl\_id) | Network ACL ID that will be added to public subnets. If empty, a new ACL will be created | `string` | `""` | no |
| [public\_subnets\_additional\_tags](#input\_public\_subnets\_additional\_tags) | Additional tags to be added to public subnets | `map(string)` | `{}` | no |
| [subnet\_type\_tag\_key](#input\_subnet\_type\_tag\_key) | Key for subnet type tag to provide information about the type of subnets, e.g. `cpco.io/subnet/type=private` or `cpco.io/subnet/type=public` | `string` | `"miquido.com/subnet/type"` | no |
| [subnet\_type\_tag\_value\_format](#input\_subnet\_type\_tag\_value\_format) | This is using the format interpolation symbols to allow the value of the subnet\_type\_tag\_key to be modified. | `string` | `"%s"` | no |
| [tags](#input\_tags) | Tags to apply on repository | `map(string)` | `{}` | no |
| [vpc\_main\_security\_group\_allow\_all\_egress](#input\_vpc\_main\_security\_group\_allow\_all\_egress) | Add rule to main security group that allows all egress traffic | `bool` | `true` | no |
| [vpc\_main\_security\_group\_allow\_self\_ingress](#input\_vpc\_main\_security\_group\_allow\_self\_ingress) | Add rule to main security group that allows all ingress traffic from the same group | `bool` | `true` | no |
## Outputs
| Name | Description |
|------|-------------|
| [availability\_zones](#output\_availability\_zones) | List of Availability Zones where subnets were created |
| [igw\_id](#output\_igw\_id) | n/a |
| [nat\_gateway\_ids](#output\_nat\_gateway\_ids) | IDs of the NAT Gateways created |
| [nat\_instance\_ids](#output\_nat\_instance\_ids) | IDs of the NAT Instances created |
| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | IDs of the created private route tables |
| [private\_subnet\_cidrs](#output\_private\_subnet\_cidrs) | CIDR blocks of the created private subnets |
| [private\_subnet\_ids](#output\_private\_subnet\_ids) | IDs of the created private subnets |
| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | IDs of the created public route tables |
| [public\_subnet\_cidrs](#output\_public\_subnet\_cidrs) | CIDR blocks of the created public subnets |
| [public\_subnet\_ids](#output\_public\_subnet\_ids) | IDs of the created public subnets |
| [vpc\_cidr](#output\_vpc\_cidr) | n/a |
| [vpc\_default\_network\_acl\_id](#output\_vpc\_default\_network\_acl\_id) | The ID of the network ACL created by default on VPC creation |
| [vpc\_default\_route\_table\_id](#output\_vpc\_default\_route\_table\_id) | The ID of the route table created by default on VPC creation |
| [vpc\_default\_security\_group\_id](#output\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
| [vpc\_id](#output\_vpc\_id) | n/a |
| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
| [vpc\_ipv6\_cidr](#output\_vpc\_ipv6\_cidr) | The IPv6 CIDR block |
| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
| [vpc\_main\_security\_group\_id](#output\_vpc\_main\_security\_group\_id) | The ID of the main security group associated with this VPC |
## Developing
1. Make changes in terraform files
2. Regenerate documentation
```bash
bash <(git archive [email protected]:miquido/terraform/terraform-readme-update.git master update.sh | tar -xO)
```
3. Run lint
```
make lint
```
## Copyright
Copyright © 2017-2022 [Miquido](https://miquido.com)
### Contributors
| [![Konrad Obal][k911_avatar]][k911_homepage]
[Konrad Obal][k911_homepage] |
|---|
[k911_homepage]: https://github.com/k911
[k911_avatar]: https://github.com/k911.png?size=150
[logo]: https://www.miquido.com/img/logos/logo__miquido.svg
[website]: https://www.miquido.com/
[gitlab]: https://gitlab.com/miquido
[github]: https://github.com/miquido
[bitbucket]: https://bitbucket.org/miquido