Terraform module to setup AWS VPC with required parameters. Based on Hashicorp's VPC module.
These types of resources are supported:
- VPC
- Subnet
- Route
- Route table
- Internet Gateway
- NAT Gateway
- VPN Gateway
- VPC Endpoint:
- Gateway: S3, DynamoDB
- Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR, API Gateway
- RDS DB Subnet Group
- ElastiCache Subnet Group
- Redshift Subnet Group
- DHCP Options Set
- Default VPC
module "core" {
source = "github.com/lean-delivery/tf-module-awscore"
project = "Project"
environment = "dev"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
vpc_cidr = "10.0.0.0/16"
private_subnets = ["10.11.0.0/24", "10.11.1.0/24", "10.11.2.0/24"]
public_subnets = ["10.11.3.0/24", "10.11.4.0/24", "10.11.5.0/24"]
enable_nat_gateway = "true"
}
Sometimes you need to have a way to create VPC resources conditionally but Terraform does not allow to use count
inside module
block, so the solution is to specify argument create_vpc
.
# This VPC will not be created
module "core" {
source = "github.com/lean-delivery/tf-module-awscore"
create_vpc = false
# ... omitted
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
availability_zones | A list of availability zones in the region | list | <list> |
no |
create_route53_zone | Switch to create Route53 zone | string | "false" |
no |
create_vpc | Controls if VPC should be created (it affects almost all resources) | bool | "true" |
no |
enable_dns_hostnames | Should be true to enable DNS hostnames in the VPC | string | "false" |
no |
enable_dns_support | Should be true to enable DNS support in the VPC | string | "true" |
no |
enable_nat_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | "false" |
no |
amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN | string | "64512" |
no |
enable_vpn_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | "false" |
no |
environment | Environment name is used to identify resources | string | "env" |
no |
instance_type | The type of instance to start | string | "t3.nano" |
no |
map_public_ip_on_launch | Should be false if you do not want to auto-assign public IP on launch | string | "true" |
no |
nat_as_ec2_instance | Setup NAT as EC2 instance instead of service | string | "false" |
no |
private_subnets | A list of private subnets inside the VPC | list | <list> |
no |
project | Project name is used to identify resources | string | "project" |
no |
public_subnets | A list of public subnets inside the VPC | list | <list> |
no |
root_domain | Name of Route53 zone (if 'create_route53_zone' = True) | string | "" |
no |
single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | "false" |
no |
tags | Additional tags for resources | map | <map> |
no |
vpc_cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | "0.0.0.0/16" |
no |
Name | Description |
---|---|
database_route_table_ids | List of IDs of database route tables |
database_subnet_group | ID of database subnet group |
database_subnets | List of IDs of database subnets |
database_subnets_cidr_blocks | List of cidr_blocks of database subnets |
default_network_acl_id | The ID of the default network ACL |
default_route_table_id | The ID of the default route table |
default_security_group_id | The ID of the security group created by default on VPC creation |
default_vpc_cidr_block | The CIDR block of the VPC |
default_vpc_default_network_acl_id | The ID of the default network ACL |
default_vpc_default_route_table_id | The ID of the default route table |
default_vpc_default_security_group_id | The ID of the security group created by default on VPC creation |
default_vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support |
default_vpc_enable_dns_support | Whether or not the VPC has DNS support |
default_vpc_id | The ID of the VPC |
default_vpc_instance_tenancy | Tenancy of instances spin up within VPC |
default_vpc_main_route_table_id | The ID of the main route table associated with this VPC |
ec2_nat_ami | EC2 AMI used for NAT instances |
elasticache_route_table_ids | List of IDs of elasticache route tables |
elasticache_subnet_group | ID of elasticache subnet group |
elasticache_subnet_group_name | Name of elasticache subnet group |
elasticache_subnets | List of IDs of elasticache subnets |
elasticache_subnets_cidr_blocks | List of cidr_blocks of elasticache subnets |
environment | Evnironment name |
igw_id | The ID of the Internet Gateway |
intra_route_table_ids | List of IDs of intra route tables |
intra_subnets | List of IDs of intra subnets |
intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets |
nat_ec2_ids | List of NAT instance IDs |
nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway |
natgw_ids | List of NAT Gateway IDs |
private_route_table_ids | List of IDs of private route tables |
private_subnets | List of IDs of private subnets |
private_subnets_cidr_blocks | List of cidr_blocks of private subnets |
project | Project name |
public_route_table_ids | List of IDs of public route tables |
public_subnets | List of IDs of public subnets |
public_subnets_cidr_blocks | List of cidr_blocks of public subnets |
redshift_route_table_ids | List of IDs of redshift route tables |
redshift_subnet_group | ID of redshift subnet group |
redshift_subnets | List of IDs of redshift subnets |
redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets |
route53_zone_id | The ID of created Route53 zone. |
vgw_id | The ID of the VPN Gateway |
vpc_cidr_block | The CIDR block of the VPC |
vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support |
vpc_enable_dns_support | Whether or not the VPC has DNS support |
vpc_endpoint_dynamodb_id | The ID of VPC endpoint for DynamoDB |
vpc_endpoint_dynamodb_pl_id | The prefix list for the DynamoDB VPC endpoint. |
vpc_endpoint_s3_id | The ID of VPC endpoint for S3 |
vpc_endpoint_s3_pl_id | The prefix list for the S3 VPC endpoint. |
vpc_id | The ID of the VPC |
vpc_instance_tenancy | Tenancy of instances spin up within VPC |
vpc_main_route_table_id | The ID of the main route table associated with this VPC |
vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC |
Terraform version 0.11.11 or newer is required for this module to work.
Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.
Apache2.0 Licensed. See LICENSE for full details.
Lean Delivery Team team@lean-delivery.com