/terraform-aws-vpc

Terraform module which creates VPC resources on AWS

Primary LanguageHCLOtherNOASSERTION

AWS VPC Terraform module

Help Contribute to Open Source

Terraform module which creates VPC resources on AWS.

These types of resources are supported:

Usage

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  tags = {
    Terraform = "true"
    Environment = "dev"
  }
}

External NAT Gateway IPs

By default this module will provision new Elastic IPs for the VPC's NAT Gateways. This means that when creating a new VPC, new IPs are allocated, and when that VPC is destroyed those IPs are released. Sometimes it is handy to keep the same IPs even after the VPC is destroyed and re-created. To that end, it is possible to assign existing IPs to the NAT Gateways. This prevents the destruction of the VPC from releasing those IPs, while making it possible that a re-created VPC uses the same IPs.

To achieve this, allocate the IPs outside the VPC module declaration.

resource "aws_eip" "nat" {
  count = 3

  vpc = true
}

Then, pass the allocated IPs as a parameter to this module.

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  # The rest of arguments are omitted for brevity

  enable_nat_gateway  = true
  single_nat_gateway  = false
  reuse_nat_ips       = true                      # <= Skip creation of EIPs for the NAT Gateways
  external_nat_ip_ids = ["${aws_eip.nat.*.id}"]   # <= IPs specified here as input to the module
}

Note that in the example we allocate 3 IPs because we will be provisioning 3 NAT Gateways (due to single_nat_gateway = false and having 3 subnets). If, on the other hand, single_nat_gateway = true, then aws_eip.nat would only need to allocate 1 IP. Passing the IPs into the module is done by setting two variables reuse_nat_ips = true and external_nat_ip_ids = ["${aws_eip.nat.*.id}"].

Conditional creation

Sometimes you need to have a way to create VPC resources conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_vpc.

# This VPC will not be created
module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  create_vpc = false
  # ... omitted
}

Terraform version

Terraform version 0.10.3 or newer is required for this module to work.

Examples

Tests

This module has been packaged with awspec tests through test kitchen. To run them:

  1. Install rvm and the ruby version specified in the Gemfile.
  2. Install bundler and the gems from our Gemfile:
gem install bundler; bundle install
  1. Test using bundle exec kitchen test from the root of the repo.

Authors

Migrated from terraform-community-modules/tf_aws_vpc, where it was maintained by these awesome contributors. Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.