This is an opinionated Terraform Module for provisioning a VPC on AWS. It makes use of the community provided (extensive) module to provision a VPC on AWS.
In particular, it does the following:
- Provisions (optional) public, private, database, intra and redshift subnets
- One NAT gateway per AZ
- Removes all default security group and ACL rules
- Provides sane ACL rules for network access
Name | Version |
---|---|
aws | >= 2.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_allowed_cidr_blocks | Additional 'safe' CIDR blocks for internal traffic | list(string) |
[] |
no |
database_subnets | List of CIDRs for database subnets | list(string) |
[] |
no |
eip_count | Number of EIP for the gateways. This should be eqaual to the number of AZs if you have any private subnets | number |
3 |
no |
elasticache_subnets | List of CIDRs for Elasticache subnets | list(string) |
[] |
no |
enable_dynamodb_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | bool |
false |
no |
enable_s3_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | bool |
false |
no |
ephemeral_from | Lower end of the port range for ephemeral traffic | number |
1024 |
no |
ephemeral_to | Lower end of the port range for ephemeral traffic | number |
65535 |
no |
intra_subnets | List of CIDRs for intra subnets | list(string) |
[] |
no |
private_subnets | List of CIDRs for private subnets | list(string) |
[] |
no |
public_subnets | List of CIDRs for public subnets | list(string) |
[] |
no |
redshift_subnets | List of CIDRs for Redshift subnets | list(string) |
[] |
no |
tags | A map of tags to add to all resources | map(string) |
{ |
no |
vpc_cidr | CIDR for the VPC | string |
n/a | yes |
vpc_name | Name of the VPC | string |
n/a | yes |
Name | Description |
---|---|
database_acl_id | ACL ID of the database subnets |
elasticache_route_table_ids | List of IDs of elasticache route tables |
elasticache_subnet_group | ID of elasticache subnet group |
elasticache_subnet_group_name | Name of elasticache subnet group |
elasticache_subnets | List of IDs of elasticache subnets |
elasticache_subnets_cidr_blocks | List of cidr_blocks of elasticache subnets |
intra_acl_id | ACL ID of the intra subnets |
intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets |
private_acl_id | ACL ID of the private subnets |
private_subnets_cidr_blocks | List of cidr_blocks of private subnets |
public_acl_id | ACL ID of the public subnets |
public_subnets_cidr_blocks | List of cidr_blocks of public subnets |
redshift_route_table_ids | List of IDs of redshift route tables |
redshift_subnet_group | ID of redshift subnet group |
redshift_subnets | List of IDs of redshift subnets |
redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets |
vpc_azs | The AZs in the region the VPC belongs to |
vpc_cidr_block | The CIDR block of the VPC |
vpc_database_subnet_group | ID of database subnet group |
vpc_database_subnets | List of IDs of database subnets |
vpc_database_subnets_cidr_blocks | List of cidr_blocks of database subnets |
vpc_id | The ID of the VPC |
vpc_intra_subnets | 'Intra' subnets for the VPC |
vpc_nat_eip_ids | EIP for the NAT gateway in the VPC |
vpc_nat_eip_public | Public address for the EIP on the NAT Gateway |
vpc_private_route_table_ids | List of IDs of private route tables |
vpc_private_subnets | Private subnets for the VPC |
vpc_public_route_table_ids | The IDs of the public route tables |
vpc_public_subnets | Public subnets for the VPC |
vpc_region | The region the VPC belongs to |