/terraform-aws-subnets

Terraform module which creates subnets and routing tables in an existing VPC on AWS

Primary LanguageHCL

AWS subnets Terraform module

Terraform module which creates subnets, routing tables and ACLs in an existing VPC on AWS.

Terraform versions

Terraform 0.12 and newer.

Usage

module "subnets" {
  source                 = "/path/to/module/terraform-aws-subnets"

  create_subnets         = true

  name                   = var.name
  azs                    = var.azs
  vpc_id                 = var.vpc_id
  internet_gateway_id    = var.internet_gateway_id
  nat_gateway_ids        = var.nat_gateway_ids
  enable_nat_gateway     = var.enable_nat_gateway
  single_nat_gateway     = var.single_nat_gateway
  one_nat_gateway_per_az = var.one_nat_gateway_per_az

  public_subnet_suffix   = "public"
  public_subnets         = var.public_subnets
  public_subnet_tags     = {
    Type = "public"
  }
  private_subnet_suffix  = "private"
  private_subnets        = var.private_subnets
  private_subnet_tags    = {
    Type = "private"
  }
  database_subnet_suffix = "database"
  database_subnets       = var.database_subnets
  database_subnet_tags   = {
    Type = "database"
  }

  tags                   = {
    Environment = var.environment,
    Project     = var.project
  }
}

Requirements

Name Version
terraform >= 0.12.6
aws >= 2.65

Providers

Name Version
aws >= 2.65

Modules

No modules.

Resources

Name Type
aws_db_subnet_group.database resource
aws_network_acl.database resource
aws_network_acl.private resource
aws_network_acl.public resource
aws_network_acl_rule.database_inbound resource
aws_network_acl_rule.database_outbound resource
aws_network_acl_rule.private_inbound resource
aws_network_acl_rule.private_outbound resource
aws_network_acl_rule.public_inbound resource
aws_network_acl_rule.public_outbound resource
aws_route.private_nat_gateway resource
aws_route.public_internet_gateway resource
aws_route.public_internet_gateway_ipv6 resource
aws_route_table.database resource
aws_route_table.private resource
aws_route_table.private_without_nat_gateway resource
aws_route_table.public resource
aws_route_table_association.database resource
aws_route_table_association.private resource
aws_route_table_association.private_without_nat_gateway resource
aws_route_table_association.public resource
aws_subnet.database resource
aws_subnet.private resource
aws_subnet.public resource

Inputs

Name Description Type Default Required
assign_ipv6_address_on_creation Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch bool false no
azs A list of availability zones in the region list(string) [] no
create_database_internet_gateway_route Controls if an internet gateway route for public database access should be created bool false no
create_database_subnet_group Controls if database subnet group should be created (n.b. database_subnets must also be set) bool true no
create_database_subnet_route_table Controls if separate route table for database should be created bool false no
create_subnets Controls if subnets should be created (it affects almost all resources) bool true no
database_acl_tags Additional tags for the database subnets network ACL map(string) {} no
database_inbound_acl_rules Database subnets inbound network ACL rules list(map(string)) 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
database_outbound_acl_rules Database subnets outbound network ACL rules list(map(string)) 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
database_route_table_tags Additional tags for the database route tables map(string) {} no
database_subnet_assign_ipv6_address_on_creation Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch bool null no
database_subnet_group_name Name of database subnet group string null no
database_subnet_group_tags Additional tags for the database subnet group map(string) {} no
database_subnet_ipv6_prefixes Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
database_subnet_suffix Suffix to append to database subnets name string "db" no
database_subnet_tags Additional tags for the database subnets map(string) {} no
database_subnets A list of database subnets list(string) [] no
enable_ipv6 Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. bool false no
enable_nat_gateway Should be true if you want to provision NAT Gateways for each of your private networks bool false no
enable_private_route_table_without_nat_gateway Should be true if you want to provision a dedicated route table for each of your private networks without a NAT Gateway bool false no
internet_gateway_id ID of internet gateway string null no
map_public_ip_on_launch Should be false if you do not want to auto-assign public IP on launch bool true no
name Name to be used on all the resources as identifier string n/a yes
nat_gateway_ids List of nat gateway ids list(string) [] no
one_nat_gateway_per_az Should be true if you want only one NAT Gateway per availability zone. Requires var.azs to be set, and the number of public_subnets created to be greater than or equal to the number of availability zones specified in var.azs. bool false no
private_acl_tags Additional tags for the private subnets network ACL map(string) {} no
private_inbound_acl_rules Private subnets inbound network ACLs list(map(string)) 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
private_outbound_acl_rules Private subnets outbound network ACLs list(map(string)) 
[
  {
  "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
private_route_table_tags Additional tags for the private route tables map(string) {} no
private_subnet_assign_ipv6_address_on_creation Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch bool null no
private_subnet_ipv6_prefixes Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list [] no
private_subnet_suffix Suffix to append to private subnets name string "private" no
private_subnet_tags Additional tags for the private subnets map(string) {} no
private_subnets A list of private subnets inside the VPC list(string) [] no
public_acl_tags Additional tags for the public subnets network ACL map(string) {} no
public_inbound_acl_rules Public subnets inbound network ACLs list(map(string)) 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
public_outbound_acl_rules Public subnets outbound network ACLs list(map(string)) 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
 no
public_route_table_tags Additional tags for the public route tables map(string) {} no
public_subnet_assign_ipv6_address_on_creation Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch bool null no
public_subnet_ipv6_prefixes Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list [] no
public_subnet_suffix Suffix to append to public subnets name string "public" no
public_subnet_tags Additional tags for the public subnets map(string) {} no
public_subnets A list of public subnets inside the VPC list(string) [] no
single_nat_gateway Should be true if you want to provision a single shared NAT Gateway across all of your private networks bool false no
tags A map of tags to add to all resources map(string) {} no
vpc_id ID of vpc string n/a yes

Outputs

Name Description
database_route_table_ids List of IDs of database route tables
database_subnet_arns List of database subnet arns
database_subnets List of database subnet ids
private_route_table_ids List of IDs of private route tables
private_subnet_arns List of private subnet arns
private_subnets List of private subnet ids
private_without_nat_gateway_route_table_ids List of IDs of private route tables without NAT Gateway
public_route_table_ids List of IDs of public route tables
public_subnet_arns List of public subnet arns
public_subnets List of public subnet ids

Authors

Module managed by Marcel Emmert.

License

Apache 2 Licensed. See LICENSE for full details.