https://github.com/obytes/terraform-aws-vpc
A Terraform Module for Creation of VPC and subnets
https://github.com/obytes/terraform-aws-vpc
Last synced: 4 months ago
JSON representation
A Terraform Module for Creation of VPC and subnets
- Host: GitHub
- URL: https://github.com/obytes/terraform-aws-vpc
- Owner: obytes
- License: mit
- Created: 2021-04-13T21:49:32.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2022-10-13T20:27:31.000Z (over 3 years ago)
- Last Synced: 2025-02-28T23:36:56.476Z (11 months ago)
- Language: HCL
- Size: 136 KB
- Stars: 0
- Watchers: 10
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS VPC
## SUMMARY
A Terraform module to create AWS VPC along with its resources:
- VPC Default Security Group
- VPC Default Routing Table
- NAT Gateway(s) and Internet Gateways
- Public and Private Subnets
### Example
Below is an example how to call and use the module, kindly check the example folder for more detailed output
```hcl
module "label" {
source = "github.com/obytes/terraform-aws-tag.git?ref=v1.0.8"
project_name = "pto"
region = "eu-west-2"
environment = "qa"
prefix_length_limit = 12
}
module "example1" {
source = "github.com/obytes/terraform-aws-vpc.git?ref=v1.0.9"
enabled = true
prefix = module.label.id
name = "vpc"
additional_tags = module.label.tags
cidr_block = "172.16.0.0/18"
enable_dns_hostnames = true
enable_nat_gateway = true
enable_internet_gateway = true
create_public_subnets = true
max_subnet_count = 3
single_nat_gateway = true
additional_default_route_table_tags = {
Managed = "Terraform"
Default = "Yes"
}
additional_public_subnet_tags = {
"kubernetes.io/cluster/cluster-name" = "shared"
"kubernetes.io/role/elb" = 1
}
additional_private_subnet_tags = {
"kubernetes.io/cluster/cluster-name" = "shared"
"kubernetes.io/role/internal-elb" = 1
}
}
```
### Validation
This Module Supports the following validation on Inputs:
- `cidr_blocks` : A validation to verify the CIDR Block based don AWS requirements, The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).
### Subnet Naming Convention
A shortcode of the availability group will be appended to the subnet name
### Scenarios
- NAT Gateways
- Single NAT Gateway - Default Scenario
- `enable_nat_gateway` is set tot true
- `single_nat_gateway` is set to true
- `nat_gateway_per_az` is set to false
- NAT Gateway per AZ
- `enable_nat_gateway` is set to true
- `single_nat_gateway` is set to false
- `nat_gateway_per_az` is set to true
>Note: if `single_nat_gateway` and `nat_gateway_per_az` are both set to true, `single_nat_gateway` takes precedence.
- AWS EIPs (Elastic_IPs)
- Create New EIPs - Default Scenario
- `var.nat_eips_list` is empty
- Re-use Existing EIPs
- `var.nat_eips_list` is populated with alist of elastic_ips from your AWS account.
- Subnet Count
- Subnet / AZ - Default Scenario
- `enable_private_subnet` or `var.enable_public_subnet` is set to true
- `var.max_subnet_count` is set to 0
- Limited Subnets
- `var.max_subnet_count` is not 0 e.g. 1, 4
- VPC Default Security Group
- Create custom security group - default scenario
- `var.create_custom_security_group` is set to true
- the security group has no ingress rules
- the security group allow all egress traffic
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >=0.13.0 |
| [aws](#requirement\_aws) | 3.35.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 3.35.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [label](#module\_label) | github.com/obytes/terraform-aws-tag.git?ref=v1.0.1 | |
| [nat\_label](#module\_nat\_label) | github.com/obytes/terraform-aws-tag.git?ref=v1.0.1 | |
| [private\_label](#module\_private\_label) | github.com/obytes/terraform-aws-tag.git?ref=v1.0.1 | |
| [public\_label](#module\_public\_label) | github.com/obytes/terraform-aws-tag.git?ref=v1.0.1 | |
| [vpc\_label](#module\_vpc\_label) | github.com/obytes/terraform-aws-tag.git?ref=v1.0.1 | |
## Resources
| Name | Type |
|------|------|
| [aws_default_route_table._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/default_route_table) | resource |
| [aws_default_security_group._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/default_security_group) | resource |
| [aws_eip._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/eip) | resource |
| [aws_internet_gateway._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/internet_gateway) | resource |
| [aws_nat_gateway._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/nat_gateway) | resource |
| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route) | resource |
| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route) | resource |
| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route_table) | resource |
| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route_table) | resource |
| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route_table_association) | resource |
| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/route_table_association) | resource |
| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/subnet) | resource |
| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/subnet) | resource |
| [aws_vpc._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/vpc) | resource |
| [aws_vpc_dhcp_options._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/vpc_dhcp_options) | resource |
| [aws_vpc_dhcp_options_association.dhcp-assoc](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/resources/vpc_dhcp_options_association) | resource |
| [aws_availability_zones.azs](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/data-sources/availability_zones) | data source |
| [aws_eip._](https://registry.terraform.io/providers/hashicorp/aws/3.35.0/docs/data-sources/eip) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_default\_route\_table\_routes](#input\_additional\_default\_route\_table\_routes) | List, of routes to be added to the default route table ID
Example,
[
{
cidr\_block = "172.17.18.19/30" # Required
ipv6\_cidr\_block = "::/0" # Optional
destination\_prefix\_list\_id = "pl-0570a1d2d725c16be" # Optional
#One of the following target arguments must be supplied:
egress\_only\_gateway\_id = ""
gateway\_id = ""
instance\_id = ""
nat\_gateway\_id = ""
vpc\_peering\_connection\_id = ""
vpc\_endpoint\_id = ""
transit\_gateway\_id = ""
network\_interface\_id = ""
}
] | `list(map(string))` | `[]` | no |
| [additional\_default\_route\_table\_tags](#input\_additional\_default\_route\_table\_tags) | Additional, map of tags to be added to the `default_route_table` tags | `map(string)` | `null` | no |
| [additional\_private\_route\_tags](#input\_additional\_private\_route\_tags) | Additional, map of tags to be added to the private `aws_route_table` tags | `map(string)` | `null` | no |
| [additional\_private\_subnet\_tags](#input\_additional\_private\_subnet\_tags) | Additional, map of tags to be added to the private `aws_subnet` resources | `map(string)` | `null` | no |
| [additional\_public\_route\_tags](#input\_additional\_public\_route\_tags) | Additional, map of tags to be added to the public `aws_route_table` tags | `map(string)` | `null` | no |
| [additional\_public\_subnet\_tags](#input\_additional\_public\_subnet\_tags) | Additional, map of tags to be added to the private `aws_subnets` resources | `map(string)` | `null` | no |
| [additional\_tags](#input\_additional\_tags) | Additional Tags, tags which can be accessed by module..tags\_as\_list not added to .. | `map(string)` | `{}` | no |
| [azs\_list\_names](#input\_azs\_list\_names) | A list to include all the AZs you would like to configure such as `us-east-1a`, `us-east-1b` | `list(string)` | `[]` | no |
| [cidr\_block](#input\_cidr\_block) | VPC CIDR Block, The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses). | `string` | `null` | no |
| [create\_custom\_security\_group](#input\_create\_custom\_security\_group) | Boolean, to enable the creation of a custom default\_security\_group
if set to `false` the AWS default VPC security rule will be applied, for more reference https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#DefaultSecurityGroup
if set to `true` a new default security group will be created with only `egress` traffic allowed | `bool` | `true` | no |
| [create\_private\_subnets](#input\_create\_private\_subnets) | Ability to create private subnets in all configured AZs | `bool` | `true` | no |
| [create\_public\_subnets](#input\_create\_public\_subnets) | Ability to create private subnets in all configured AZs, if this set to true
the `enable_internet_gateway` should also be true for the subnets to be associated to IGW | `bool` | `false` | no |
| [default\_security\_group\_egress](#input\_default\_security\_group\_egress) | Egress Rules, List of maps of ingress rules to set on the default security group
Default egress rule is to allow all outgoing connections on any protocol.
Example
[
{
from\_port = 80
to\_port = 80
protocol = "tcp" #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group#protocol
cidr\_blocks = ["0.0.0.0/0"]
description = "Ingress Rule to Allow port 80 protocol TCP from Anywhere"
self = true\|false # Whether the security group itself will be added as a source to this egress rule.
}
] | `list(map(string))` |
[
{
"cidr_blocks": "0.0.0.0/0",
"from_port": "0",
"protocol": "-1",
"to_port": "0"
}
]
| no |
| [default\_security\_group\_ingress](#input\_default\_security\_group\_ingress) | Ingress Rules, List of maps of ingress rules to set on the default security group
Example
[
{
from\_port = 80
to\_port = 80
protocol = "tcp" #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group#protocol
cidr\_blocks = ["0.0.0.0/0"]
description = "Ingress Rule to Allow port 80 protocol TCP from Anywhere"
self = true\|false # Whether the security group itself will be added as a source to this egress rule.
}
] | `list(map(string))` | `[]` | no |
| [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false. | `bool` | `false` | no |
| [enable\_dns\_support](#input\_enable\_dns\_support) | A boolean flag to enable/disable DNS support in the VPC. Defaults true. | `bool` | `true` | no |
| [enable\_internet\_gateway](#input\_enable\_internet\_gateway) | IGW, This boolean variables controls the creation of Internet Gateway
For IGW to be created this variable and var.create\_public\_subnets should set to true | `bool` | `false` | no |
| [enable\_ipv6\_cidr\_block](#input\_enable\_ipv6\_cidr\_block) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses,
or the size of the CIDR block. Default is `false` | `bool` | `false` | no |
| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `true` | no |
| [enabled](#input\_enabled) | A boolean to enable or disable creation of VPC resources | `string` | `true` | no |
| [include\_all\_azs](#input\_include\_all\_azs) | Boolean, weather to include all Availability Zones in the region where the provider is running
Default is `true`, set this to `false` if you would like to have specific azs | `bool` | `true` | no |
| [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true, to manage the default route table | `bool` | `true` | no |
| [map\_public\_ip\_on\_lunch](#input\_map\_public\_ip\_on\_lunch) | (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false. | `bool` | `false` | no |
| [max\_subnet\_count](#input\_max\_subnet\_count) | A Number to indicate the max subnets to be created, if not set it will create one subnet/az | `number` | `0` | no |
| [name](#input\_name) | The name of the service/solution such as vpc, ec2 that would be append to the prefix | `string` | `null` | no |
| [nat\_eips\_list](#input\_nat\_eips\_list) | A List, of NAT IPs to be used by the NAT\_GW | `list(string)` | `[]` | no |
| [nat\_gateway\_per\_az](#input\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. | `bool` | `false` | no |
| [prefix](#input\_prefix) | String or prefix that would be used to tag/Name all the resources created by this module, this prefix will be generated
by obytes/terraform-aws-tag public module | `string` | n/a | yes |
| [route\_create\_timeout](#input\_route\_create\_timeout) | A timeout for the aws\_route\_table creation, default is 5m | `string` | `"5m"` | no |
| [route\_delete\_timeout](#input\_route\_delete\_timeout) | A timeout for the aws\_route\_table deletion, default is 5m | `string` | `"5m"` | no |
| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `true` | no |
| [tgw\_route\_table\_id](#input\_tgw\_route\_table\_id) | Transit GW route table ID to be added as a destination for the VPC route tables | `string` | `null` | no |
| [transit\_routes](#input\_transit\_routes) | The destination prefixes (CIDR blocks) that should be forwarded to transit gateway | `list(string)` | `[]` | no |
| [vpc\_dhcp\_domain\_name](#input\_vpc\_dhcp\_domain\_name) | (Optional) the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the search value in the /etc/resolv.conf file. | `string` | `null` | no |
| [vpc\_dhcp\_netbios\_name\_servers](#input\_vpc\_dhcp\_netbios\_name\_servers) | (Optional) List of NETBIOS name servers. | `list(string)` | `[]` | no |
| [vpc\_dhcp\_netbios\_node\_type](#input\_vpc\_dhcp\_netbios\_node\_type) | (Optional) The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132. | `number` | `null` | no |
| [vpc\_dhcp\_ntp\_servers](#input\_vpc\_dhcp\_ntp\_servers) | (Optional) List of NTP servers to configure. | `list(string)` | `[]` | no |
| [vpc\_domain\_name\_servers](#input\_vpc\_domain\_name\_servers) | (Optional) List of name servers to configure in /etc/resolv.conf. If you want to use the default AWS nameservers you should set this to AmazonProvidedDNS. | `list(string)` | [
"AmazonProvidedDNS"
]
| no |
## Outputs
| Name | Description |
|------|-------------|
| [availability\_zones](#output\_availability\_zones) | List of Availability Zones where subnets were created |
| [elastc\_ips](#output\_elastc\_ips) | AWS eip public ips |
| [nat\_gw\_ids](#output\_nat\_gw\_ids) | aws nat gateway id(s) |
| [nat\_ips](#output\_nat\_ips) | IP Addresses in use for NAT |
| [prv\_route\_table\_ids](#output\_prv\_route\_table\_ids) | private route table ids |
| [prv\_subnet\_cidrs](#output\_prv\_subnet\_cidrs) | Private Subnet cidr\_blocks |
| [prv\_subnet\_ids](#output\_prv\_subnet\_ids) | Private Subnet IDs |
| [pub\_route\_table\_ids](#output\_pub\_route\_table\_ids) | Public route table ids |
| [pub\_subnet\_cidrs](#output\_pub\_subnet\_cidrs) | Public Subnet cidr\_blocks |
| [pub\_subnet\_ids](#output\_pub\_subnet\_ids) | Public Subnet IDs |
| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | CIDR Block of the VPC |
| [vpc\_dhcp\_dns\_list](#output\_vpc\_dhcp\_dns\_list) | n/a |
| [vpc\_id](#output\_vpc\_id) | VPC ID |
| [vpc\_sg\_id](#output\_vpc\_sg\_id) | Default VPC Security Group |
| [vpc\_name](#output\_vpc\_sg\_id) | VPC Name |