Skip to content

schubergphilis/terraform-aws-mcaf-vpc

BranchesTags

Repository files navigation

mcaf-terraform-aws-vpc

This module creates a VPC layout with private, public and lambda subnets. It also sets up by default the necessary networking components like gateways and routers.

All subnets are optional so you can decide which ones make sense for your environment. See the examples directory for reference material.

module "full_vpc" {
  source              = "github.com/schubergphilis/terraform-aws-mcaf-vpc"
  name                = "test"
  cidr_block          = "192.168.0.0/24"
  availability_zones  = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  public_subnet_bits  = 28
  private_subnet_bits = 28

  tags = {
    environment = "test"
  }
}

Requirements

Name Version
terraform >= 0.12.10
aws >= 5.0.0

Providers

Name Version
aws >= 5.0.0

Modules

Name Source Version
flow_logs_role schubergphilis/mcaf-role/aws ~> 0.4.0
log_bucket schubergphilis/mcaf-s3/aws ~> 0.14.1
subnet_sharing github.com/schubergphilis/terraform-aws-mcaf-subnet-sharing v0.3.0

Resources

Name Type
aws_cloudwatch_log_group.flow_logs resource
aws_default_security_group.default resource
aws_eip.nat resource
aws_flow_log.flow_logs resource
aws_flow_log.flow_logs_s3 resource
aws_internet_gateway.default resource
aws_nat_gateway.default resource
aws_route.lambda resource
aws_route.private resource
aws_route.public resource
aws_route_table.lambda resource
aws_route_table.private resource
aws_route_table.public resource
aws_route_table_association.lambda resource
aws_route_table_association.private resource
aws_route_table_association.public resource
aws_subnet.lambda resource
aws_subnet.private resource
aws_subnet.public resource
aws_vpc.default resource
aws_vpc_dhcp_options.default resource
aws_vpc_dhcp_options_association.default resource
aws_vpc_endpoint.codebuild_interface_endpoint resource
aws_vpc_endpoint.dynamodb resource
aws_vpc_endpoint.ebs_endpoint resource
aws_vpc_endpoint.ec2_endpoint resource
aws_vpc_endpoint.ec2messages_endpoint resource
aws_vpc_endpoint.ecr_api_endpoint resource
aws_vpc_endpoint.ecr_dkr_endpoint resource
aws_vpc_endpoint.logs_endpoint resource
aws_vpc_endpoint.mgn_endpoint resource
aws_vpc_endpoint.s3 resource
aws_vpc_endpoint.s3_interface_endpoint resource
aws_vpc_endpoint.ssm_endpoint resource
aws_vpc_endpoint.ssmmessages_endpoint resource
aws_vpc_endpoint.transfer_server resource
aws_caller_identity.current data source
aws_iam_policy_document.log_stream_action data source
aws_region.current data source
aws_vpc_endpoint_service.ebs_endpoint data source
aws_vpc_endpoint_service.ec2_endpoint data source
aws_vpc_endpoint_service.ec2messages_endpoint data source
aws_vpc_endpoint_service.ssm_endpoint data source
aws_vpc_endpoint_service.ssmmessages_endpoint data source
aws_vpc_endpoint_service.transfer_server data source

Inputs

Name Description Type Default Required
availability_zones A list of availability zones for the subnets list(string) n/a yes
name Used as part of the resource names to indicate they are created and used within a specific name string n/a yes
tags A mapping of tags to assign to all resources map(string) n/a yes
cidr_block The CIDR block for the VPC string null no
codebuild_interface_endpoint Variables to provision a CodeBuild endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
dhcp_options DHCP options to assign to the VPC 
object({
    domain_name          = string
    domain_name_servers  = list(string)
    netbios_name_servers = list(string)
    netbios_node_type    = number
    ntp_servers          = list(string)
  })
 null no
ebs_endpoint Variables to provision an EBS endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ec2_endpoint Variables to provision an EC2 endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ec2messages_endpoint Variables to provision an EC2 messages endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ecr_api_endpoint Variables to provision an ECR endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
enable_nat_gateway Set to true to provision a NAT Gateway for each private subnet bool true no
enable_private_default_route Set to true to add a default route to the NAT gateway for each private subnet bool true no
flow_logs Variables to enable flow logs for the VPC 
object({
    iam_role_name                = string
    iam_role_permission_boundary = optional(string, null)
    log_format                   = optional(string, null)
    log_group_name               = string
    retention_in_days            = number
    traffic_type                 = string
  })
 null no
flow_logs_s3 Variables to enable flow logs stored in S3 for the VPC. When bucket_arn is specified, it will not create a new bucket. 
object({
    bucket_name       = optional(string, null)
    bucket_arn        = optional(string, null)
    log_format        = optional(string, null)
    retention_in_days = number
    traffic_type      = string
  })
 null no
internet_gateway_tags Additional tags to set on the internet gateway map(string) {} no
ipv4_ipam The IPv4 IPAM configuration to use for the VPC 
object({
    pool_id        = string
    netmask_length = number
  })
 null no
lambda_subnet_bits The number of bits used for the subnet mask number null no
logs_endpoint Variables to provision a log endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
map_public_ip_on_launch Whether public IP addresses are assigned on instance launch bool false no
mgn_endpoint Variables to provision an MGN endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
postfix Postfix the role and policy names with Role and Policy bool false no
prepend_resource_type If set it will prepend the resource type on the name of the resource. bool false no
private_dynamodb_endpoint Deploy a DynamoDB endpoint for your private subnets bool false no
private_s3_endpoint Deploy an S3 endpoint for your private subnets bool false no
private_subnet_bits The number of bits used for the subnet mask number null no
private_subnet_tags Additional tags to set on the private subnets map(string) {} no
public_subnet_bits The number of bits used for the subnet mask number null no
public_subnet_tags Additional tags to set on the public subnets map(string) {} no
restrict_default_security_group Set to true to remove all rules from the default security group bool true no
s3_interface_endpoint Variables to provision an S3 interface endpoint to the VPC 
object({
    security_group_ids = list(string)
    subnet_ids         = list(string)
  })
 null no
s3_route_table_ids Custom route table IDs for the S3 endpoint list(string) null no
share_private_subnets If set it will share the private subnets through resource access manager bool false no
share_public_subnets If set it will share the public subnets through resource access manager bool false no
shared_public_route_table Determines weather to use a single route table for all public networks bool true no
ssm_endpoint Variables to provision an SSM endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ssmmessages_endpoint Variables to provision an SSM messages endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
subnet_sharing_custom_tags Custom tags to be added to a resource share for subnets map(string) {} no
transfer_server Variables to provision a Transfer Server endpoint to the VPC 
object({
    security_group_ids  = list(string)
    subnet_ids          = list(string)
    private_dns_enabled = bool
  })
 null no
vpc_tags Additional tags to set on the VPC map(string) {} no

Outputs

Name Description
cidr_block CIDR block of the VPC
id ID of the VPC
igw_id ID of the Internet Gateway
lambda_route_table_ids IDs of the Lambda route tables
lambda_subnet_arns ARNs of the Lambda subnets
lambda_subnet_cidr_blocks CIDR blocks of the Lambda subnets
lambda_subnet_ids IDs of the Lambda subnets
name The name provided for the VPC
nat_gateway_ids IDs of the NAT gateways
private_route_table_ids IDs of the private route tables
private_subnet_arns ARNs of the private subnets
private_subnet_cidr_blocks CIDR blocks of the private subnets
private_subnet_ids IDs of the private subnets
public_route_table_id ID of the single public route table when a shared public route table is used
public_route_table_ids IDs of the public route tables when a shared public route table is not used
public_subnet_arns ARNs of the public subnets
public_subnet_cidr_blocks CIDR blocks of the public subnets
public_subnet_ids IDs of the public subnets
subnet_share_arn The ARN of the subnet share in resource access manager if any
subnet_share_id The ID of the subnet share in resource access manager if any
vpc_endpoint_ids An object containing the ID of each created VPC endpoint

About

Terraform module to manage an AWS VPC

registry.terraform.io/modules/schubergphilis/mcaf-vpc/aws/latest

Topics

aws terraform terraform-module

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

25 watching

Forks

10 forks
Report repository

Releases 2

v1.22.1 Latest
Sep 6, 2024
+ 1 release

Packages

No packages published

Contributors 16
+ 2 contributors

Languages