/tf-aws-vpc

Terrafrom module to set up a VPC

Primary LanguageHCLMIT LicenseMIT

tf-aws-vpc

Terraform module to set up a VPC

This module has the following functionality:

  • uses terraform-aws-vpc
  • enable basic VPC endpoints for S3 and DynamoDB
  • set up VPC flow logs using an S3 bucket (uses the AWS account alias eg ori012 for bucket naming)
  • set up public, private and database subnet tiers
  • subnet tag 'subnet_type' eg subnet_type = private for filtering
  • subnet tags for EKS/kubernetes usage
  • low cost NAT instance VPC...$3.35/month using t4g.nano

Usage

module "vpc" {
  source = "git@github.com:bmacauley/tf-aws-vpc.git//?ref=main"
  create_vpc = true

  name = "vpc-test"
  cidr = "10.1.0.0/16"
  azs  = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]

  public_subnets    = ["10.1.0.0/24", "10.1.1.0/24", "10.1.2.0/24"]
  private_subnets   = ["10.1.3.0/24", "10.1.4.0/24", "10.1.5.0/24"]
  database_subnets  = ["10.1.6.0/24", "10.1.7.0/24", "10.1.8.0/24"]

  create_database_subnet_group           = true
  create_database_subnet_route_table     = true
  create_database_internet_gateway_route = true

  enable_nat_gateway     = true
  single_nat_gateway     = true
  one_nat_gateway_per_az = false

  enable_vpc_endpoints = {
    s3       = true
    dynamodb = true
  }
  enable_flow_log = true
  tags = local.tags

}

Requirements

Name Version
terraform >= 1
aws >= 4.2.0
random >=3.2.0

Providers

Name Version
aws >= 4.2.0

Modules

Name Source Version
nat_instance ./modules/nat-instance n/a
s3_vpc_flow_log terraform-aws-modules/s3-bucket/aws 3.6.0
vpc terraform-aws-modules/vpc/aws 3.18.1
vpc_endpoints terraform-aws-modules/vpc/aws//modules/vpc-endpoints 3.14.2

Resources

Name Type
aws_availability_zones.available data source
aws_iam_account_alias.current data source
aws_iam_policy_document.flow_log_s3 data source
aws_region.current data source
aws_security_group.default data source

Inputs

Name Description Type Default Required
azs A list of availability zones names or ids in the region. If empty, defaults to first three available zones. list(string) [] no
cidr The CIDR block for the VPC. string "172.16.0.0/16" no
create_database_internet_gateway_route Controls if an internet gateway route for public database access should be created bool false no
create_database_subnet_group Controls if database subnet group should be created (n.b. database_subnets must also be set) bool true no
create_database_subnet_route_table Controls if separate route table for database should be created bool true no
create_nat_instance Set to true if you want your private networks to reach the internet bool false no
create_vpc Controls if VPC should be created (it affects almost all resources) bool true no
database_subnets List of database subnets inside the VPC list(string) [] no
dhcp_options_domain_name Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true) string "" no
enable_dhcp_options Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type bool false no
enable_dns_hostnames Should be true to enable DNS hostnames in the VPC bool false no
enable_dns_support Should be true to enable DNS support in the VPC bool true no
enable_flow_log enable vpc flow logs bool false no
enable_nat_gateway Should be true if you want to provision NAT Gateways for each of your private networks bool true no
enable_vpc_endpoints enable vpc endpoints map(any) 
{
  "dynamodb": true,
  "s3": true
}
 no
map_public_ip_on_launch Should be true if you want to auto-assign public IP on launch bool false no
name Name of the vpc, to be used on all the resources as identifier string n/a yes
nat_instance_type Amazon linux instance type for NAT instance. The instance type affects the network performace (and cost). See the link in vpc.tf string "t3.nano" no
one_nat_gateway_per_az Should be true if you want only one NAT Gateway per availability zone. Requires var.azs to be set, and the number of public_subnets created to be greater than or equal to the number of availability zones specified in var.azs. bool false no
private_subnets List of private subnets inside the VPC list(string) [] no
public_subnets List of public subnets inside the VPC list(string) [] no
single_nat_gateway Should be true if you want to provision a single shared NAT Gateway across all of your private networks bool true no
tags Common set of tags. map(string) {} no

Outputs

Name Description
azs A list of availability zones specified as argument to this module
database_subnets List of IDs of database subnets
igw_id The ID of the Internet Gateway
natgw_ids List of NAT Gateway IDs
private_subnets List of IDs of private subnets
public_subnets List of IDs of public subnets
vpc_cidr_block The CIDR block of the VPC
vpc_id The ID of the VPC

Examples

Authors

License

MIT