This Terraform module creates AWS subnet along with additional configuration options.
To use this module, include it in your Terraform configuration file and provide the required input variables. Below is an example of how to use the module:
module "private-subnets" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
nat_gateway_enabled = true
availability_zones = ["eu-west-1a"]
vpc_id = module.vpc.vpc_id
type = "private"
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
ipv4_private_cidrs = ["10.0.3.0/24"]
public_subnet_ids = ["subnet-07962e9e61ad3bcd3"]
enable_ipv6 = true
}module "subnets" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
nat_gateway_enabled = true
single_nat_gateway = true
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
vpc_id = module.vpc.vpc_id
type = "public-private"
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
enable_ipv6 = true
}
module "subnets" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
nat_gateway_enabled = true
availability_zones = ["us-east-1a", "us-east-1b"]
vpc_id = module.vpc.vpc_id
type = "public-private"
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
enable_ipv6 = true
}module "subnet" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
availability_zones = ["eu-west-1a", "eu-west-1b", ]
type = "public"
vpc_id = module.vpc.vpc_id
cidr_block = module.vpc.vpc_cidr_block
igw_id = module.vpc.igw_id
enable_ipv6 = true
ipv6_cidr_block = module.vpc.ipv6_cidr_block
}module "subnet" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
vpc_id = module.vpc.vpc_id
cidr_block = module.vpc.vpc_cidr_block
type = "database"
enable_ipv6 = true
ipv6_cidr_block = module.vpc.ipv6_cidr_block
}You can customize the input variables according to your specific requirements.
module "subnet" {
source = "https://github.com/opszero/terraform-aws-subnet.git"
name = "app"
environment = "test"
availability_zones = ["eu-west-1a", "eu-west-1b", ]
vpc_id = module.vpc.vpc_id
type = "public-private-database"
nat_gateway_enabled = true
single_nat_gateway = true
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
igw_id = module.vpc.igw_id
}For detailed examples on how to use this module, please refer to the Examples directory within this repository.
Your Name Replace MIT and opszero with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| aws | >=5.67.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| availability_zones | List of Availability Zones (e.g. ['us-east-1a', 'us-east-1b', 'us-east-1c']). |
list(string) |
[] |
no |
| cidr_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). |
string |
null |
no |
| customer_owned_ipv4_pool | The customer-owned IPv4 address pool for the subnet | string |
"" |
no |
| database_inbound_acl_rules | database subnets inbound network ACLs | list(map(string)) |
[ |
no |
| database_ipv6_cidrs | database Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). |
list(any) |
[] |
no |
| database_outbound_acl_rules | database subnets outbound network ACLs | list(map(string)) |
[ |
no |
| database_subnet_assign_ipv6_address_on_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | bool |
false |
no |
| database_subnet_enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
false |
no |
| database_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| database_subnet_enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
false |
no |
| database_subnet_ipv6_native | Indicates whether to create an IPv6-only database subnet. Default: false |
bool |
false |
no |
| database_subnet_private_dns_hostname_type_on_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name |
string |
null |
no |
| delimiter | Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| deliver_cross_account_role | ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. | string |
null |
no |
| enable_database_acl | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| enable_flow_log | Enable subnet_flow_log logs. | bool |
false |
no |
| enable_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | bool |
false |
no |
| enable_lni_at_device_index | Indicates the device position for local network interfaces in this subnet. This is used for AWS Outposts only. | number |
null |
no |
| enable_private_acl | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| enable_public_acl | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| enabled | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| eni_id | Elastic Network Interface ID to attach to. | string |
null |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| extra_database_tags | Additional private subnet tags. | map(any) |
{} |
no |
| extra_private_tags | Additional private subnet tags. | map(any) |
{} |
no |
| extra_public_tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| flow_log_deliver_cross_account_role | The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. | string |
null |
no |
| flow_log_destination_arn | ARN of resource in which flow log will be sent. | string |
null |
no |
| flow_log_destination_type | Type of flow log destination. Can be s3 or cloud-watch-logs | string |
"cloud-watch-logs" |
no |
| flow_log_eni_id | Elastic Network Interface ID to attach to. | string |
null |
no |
| flow_log_file_format | (Optional) The format for the flow log. Valid values: plain-text, parquet |
string |
null |
no |
| flow_log_hive_compatible_partitions | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | bool |
false |
no |
| flow_log_iam_role_arn | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | string |
null |
no |
| flow_log_log_format | The fields to include in the flow log record, in the order in which they should appear | string |
null |
no |
| flow_log_max_aggregation_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds or 600 seconds |
number |
600 |
no |
| flow_log_per_hour_partition | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | bool |
false |
no |
| flow_log_traffic_type | Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL. | string |
"ALL" |
no |
| flow_log_transit_gateway_attachment_id | Transit Gateway Attachment ID to attach to. | string |
null |
no |
| flow_log_transit_gateway_id | Transit Gateway ID to attach to. | string |
null |
no |
| flow_log_vpc_id | VPC ID to attach to. | string |
null |
no |
| igw_id | Internet Gateway ID that is used as a default route when creating public subnets (e.g. igw-9c26a123). |
string |
"" |
no |
| ipv4_database_cidrs | Subnet CIDR blocks (e.g. 10.0.0.0/16). |
list(any) |
[] |
no |
| ipv4_private_cidrs | Subnet CIDR blocks (e.g. 10.0.0.0/16). |
list(any) |
[] |
no |
| ipv4_public_cidrs | Subnet CIDR blocks (e.g. 10.0.0.0/16). |
list(any) |
[] |
no |
| ipv6_cidr_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). |
string |
null |
no |
| managedby | ManagedBy, eg '[email protected]' | string |
"[email protected]" |
no |
| map_customer_owned_ip_on_launch | Whether to map customer-owned IPs on launch | bool |
false |
no |
| map_database_ip_on_launch | Specify true to indicate that instances launched into the database subnet should be assigned a public IP address. | bool |
false |
no |
| map_public_ip_on_launch | Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. | bool |
false |
no |
| name | Name (e.g. prod-subnet or subnet). |
string |
"" |
no |
| nat_gateway_destination_cidr_block | The CIDR block for the NAT gateway route. | string |
"0.0.0.0/0" |
no |
| nat_gateway_enabled | Flag to enable/disable NAT Gateways creation in public subnets. | bool |
false |
no |
| outpost_arn | The ARN of the Outpost to create the subnet in | string |
"" |
no |
| private_inbound_acl_rules | Private subnets inbound network ACLs | list(map(string)) |
[ |
no |
| private_ipv6_cidrs | Private Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). |
list(any) |
[] |
no |
| private_outbound_acl_rules | Private subnets outbound network ACLs | list(map(string)) |
[ |
no |
| private_subnet_assign_ipv6_address_on_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | bool |
false |
no |
| private_subnet_enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
false |
no |
| private_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| private_subnet_enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
false |
no |
| private_subnet_ipv6_native | Indicates whether to create an IPv6-only private subnet. Default: false |
bool |
false |
no |
| private_subnet_private_dns_hostname_type_on_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name |
string |
null |
no |
| public_inbound_acl_rules | Public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| public_ipv6_cidrs | Public Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). |
list(any) |
[] |
no |
| public_outbound_acl_rules | Public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| public_rt_ipv4_destination_cidr | The destination ipv4 CIDR block. | string |
"0.0.0.0/0" |
no |
| public_rt_ipv6_destination_cidr | The destination ipv6 CIDR block. | string |
"::/0" |
no |
| public_subnet_assign_ipv6_address_on_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | bool |
false |
no |
| public_subnet_enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
false |
no |
| public_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| public_subnet_enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
false |
no |
| public_subnet_ids | A list of public subnet ids. | list(string) |
[] |
no |
| public_subnet_ipv6_native | Indicates whether to create an IPv6-only public subnet. Default: false |
bool |
false |
no |
| public_subnet_private_dns_hostname_type_on_launch | The type of private DNS hostname to assign to instances in this subnet at launch. Must be either 'ip-name' or 'resource-name'. | string |
"ip-name" |
no |
| single_nat_gateway | Enable for only single NAT Gateway in one Availability Zone | bool |
false |
no |
| tags | Global tags to apply to resources. | map(string) |
{ |
no |
| transit_gateway_id | Transit Gateway ID to attach to. | string |
null |
no |
| type | Type of subnets to create (private or public). |
string |
"" |
no |
| vpc_id | The VPC ID where the public and private subnets will be created. | string |
n/a | yes |
| Name | Type |
|---|---|
| aws_eip.private | resource |
| aws_flow_log.database_subnet_flow_log | resource |
| aws_flow_log.private_subnet_flow_log | resource |
| aws_flow_log.public_subnet_flow_log | resource |
| aws_nat_gateway.private | resource |
| aws_network_acl.database | resource |
| aws_network_acl.private | resource |
| aws_network_acl.public | resource |
| aws_network_acl_rule.database_inbound | resource |
| aws_network_acl_rule.database_outbound | resource |
| aws_network_acl_rule.private_inbound | resource |
| aws_network_acl_rule.private_outbound | resource |
| aws_network_acl_rule.public_inbound | resource |
| aws_network_acl_rule.public_outbound | resource |
| aws_route.nat_gateway | resource |
| aws_route.public | resource |
| aws_route.public_ipv6 | resource |
| aws_route_table.database | resource |
| aws_route_table.private | resource |
| aws_route_table.public | resource |
| aws_route_table_association.database | resource |
| aws_route_table_association.private | resource |
| aws_route_table_association.public | resource |
| aws_subnet.database | resource |
| aws_subnet.private | resource |
| aws_subnet.public | resource |
| Name | Description |
|---|---|
| created_subnet_ids | The IDs of the subnets created in the public availability zones. |
| database_acl | The ID of the network ACL. |
| database_route_tables_id | The ID of the routing table. |
| database_subnet_arn | ARNs of all database subnets |
| database_subnet_cidrs | CIDR blocks of the created database subnets. |
| database_subnet_cidrs_ipv6 | CIDR blocks of the created database subnets. |
| database_subnet_id | The ID of the subnet. |
| database_subnet_ipv6_cidr_block_association_id | IPv6 CIDR block association IDs for database subnets |
| database_subnet_owner_id | Owner IDs of all database subnets |
| database_subnet_tags_all | All tags for database subnets |
| database_tags | A mapping of public tags to assign to the resource. |
| flow_log_arn | The ARN of the Flow Log. |
| flow_log_id | The Flow Log ID. |
| flow_log_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| nat_gateway_ids | IDs of all NAT gateways |
| nat_gateway_subnet_id | Subnet IDs for all NAT gateways |
| private_acl | The ID of the network ACL. |
| private_route_tables_id | The ID of the routing table. |
| private_subnet_arn | ARNs of all private subnets |
| private_subnet_cidrs | CIDR blocks of the created private subnets. |
| private_subnet_cidrs_ipv6 | CIDR blocks of the created private subnets. |
| private_subnet_id | The ID of the private subnet. |
| private_subnet_owner_id | Owner ID of the first private subnet, if it exists |
| private_subnet_tags_all | All tags for the first private subnet, if it exists |
| private_subnet_vpc_id | VPC IDs of all private subnets |
| private_tags | A mapping of private tags to assign to the resource. |
| public_acl | The ID of the network ACL. |
| public_private_subnet_arn | ARNs of all public/private subnets |
| public_private_subnet_id | ID of the first private subnet, if it exists |
| public_private_subnet_ipv6_cidr_block_association_id | IPv6 CIDR block association IDs for public/private subnets |
| public_private_subnet_owner_id | Owner IDs of all public/private subnets |
| public_private_subnet_tags_all | All tags for public/private subnets |
| public_route_tables_id | The ID of the routing table. |
| public_subnet_arn | ARNs of all public subnets |
| public_subnet_cidrs | CIDR blocks of the created public subnets. |
| public_subnet_cidrs_ipv6 | CIDR blocks of the created public subnets. |
| public_subnet_id | The ID of the subnet. |
| public_subnet_ids | IDs of all public subnets |
| public_subnet_ipv6_cidr_block_association_id | IPv6 CIDR block association IDs for public subnets |
| public_subnet_owner_id | Owner IDs of all public subnets |
| public_subnet_tags_all | All tags for public subnets |
| public_tags | A mapping of public tags to assign to the resource. |
| route_table_vpc_id | VPC IDs of all private route tables |
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
