/terraform-module-aws-vpc

Opinionated terraform module for deploying a VPC within AWS

Primary LanguageHCL

Overview

This is an opinionated terraform module for provisioning a VPC on AWS for my use case. Before you try it out yourself, please remember it...

  • has been designed for my usage
  • might not work for other people
  • please raise pull requests or issues around the module, but I cannot guarantee when or if I will be able to incorporate them

Here is a visual presentation of what it looks like

AWS VPC Diagram

Util

Applications used within this repo to help with CHANGELOG creation and also checking files within the repo

Subnet Layout

This Module can deploy a 4-tier VPC layout, if you do not wish to have the 4th tier, do not add in the CIDR ranges to private_cidr_blocks03

  • Public Subnet - DMZ
  • Private Subnet 01 - Web Subnet
  • Private Subnet 02 - Application Subnet
  • Private Subnet 03 - Data Subnet

Requirements

Name Version
terraform >= 1.5
aws 5.56.1

Providers

Name Version
aws 5.56.1

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.LogGroup-Accept resource
aws_cloudwatch_log_group.LogGroup-Reject resource
aws_default_security_group.default resource
aws_eip.nat_ip resource
aws_flow_log.VpcFlowLog-Accept resource
aws_flow_log.VpcFlowLog-Reject resource
aws_iam_policy.vpc_flow_log_cloudwatch resource
aws_iam_role.vpc_flow_log_cloudwatch resource
aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch resource
aws_internet_gateway.internet_gw resource
aws_nat_gateway.nat_gw resource
aws_route.private01_ngw resource
aws_route.private02_ngw resource
aws_route.private03_ngw resource
aws_route_table.private01 resource
aws_route_table.private02 resource
aws_route_table.private03 resource
aws_route_table.public resource
aws_route_table_association.private01 resource
aws_route_table_association.private02 resource
aws_route_table_association.private03 resource
aws_route_table_association.public resource
aws_subnet.pm_pro_private01 resource
aws_subnet.pm_pro_private02 resource
aws_subnet.pm_pro_private03 resource
aws_subnet.pm_pro_public resource
aws_vpc.pro resource
aws_vpc_dhcp_options.dhcp_options resource
aws_vpc_dhcp_options_association.dhcp_options resource
aws_vpc_endpoint.s3 resource
aws_vpc_endpoint_route_table_association.private01_s3 resource
aws_vpc_endpoint_route_table_association.private02_s3 resource
aws_vpc_endpoint_route_table_association.private03_s3 resource
aws_vpc_endpoint_route_table_association.public_s3 resource
aws_iam_policy_document.vpc_flow_log_cloudwatch data source
aws_iam_policy_document.vpc_flow_logs_assume_role data source

Inputs

Name Description Type Default Required
availability_zones AWS region to launch servers. list(any)
[
"eu-west-1a",
"eu-west-1b"
]
no
aws_region AWS region to launch servers. string "eu-west-1" no
dhcp_domain_name Enter a domain name (such as example.com). string "" no
dhcp_domain_name_servers Enter up to 4 DNS server IP addresses or AmazonProvidedDNS for AWS Defaults list(any)
[
"AmazonProvidedDNS"
]
no
dhcp_netbios_name_servers Enter up to four NetBIOS name server IP addresses list(any) [] no
dhcp_netbios_node_type Enter the NetBIOS node type, for example, 2 string "" no
dhcp_ntp_servers Enter up to four Network Time Protocol (NTP) server IP addresses list(any) [] no
enable_vpc_s3_endpoint Create VPC S3 Endpoint bool false no
environment_tag Define the type of environment string "" no
k8s_clustername EKS/k8s Cluster Name string null no
master_cidr_block VPC CIDR Block string "" no
nat_gateway Create NAT Gateway bool false no
one_nat_gateway_per_az Should be true if you want one NAT Gateway per availability zone. bool true no
private01_tier_name Tag value for tier subnet string "web" no
private02_tier_name Tag value for tier subnet string "app" no
private03_tier_name Tag value for tier subnet string "data" no
private_cidr_blocks01 CIDR Blocks for Private Subnets list(any) [] no
private_cidr_blocks02 CIDR Blocks for Private Subnets list(any) [] no
private_cidr_blocks03 CIDR Blocks for Private Subnets list(any) [] no
private_routing_tables_tags A map of tags to assign to private routing tables. map(string) {} no
private_subnet_tags A map of tags to assign to private subnets. map(string) {} no
project_tag Project code name or name string "" no
public_cidr_blocks CIDR Blocks for Public Subnets list(any) [] no
public_routing_tables_tags A map of tags to assign to public routing tables. map(string) {} no
public_subnet_tags A map of tags to assign to public subnets. map(string) {} no
public_tier_name Tag value for tier subnet string "dmz" no
single_nat_gateway Should be true if you want to provision for your entire VPC bool false no
tags A map of tags to add to all resources. map(string) {} no
vpc_enable_dns_hostnames Enable VPC DNS hostnames bool true no
vpc_enable_dns_support Enable VPC DNS Support bool true no
vpc_tags A map of tags to add to VPC resource. map(string) {} no
vpcflow_log_accepted_retention How many day's worth of VPC Flow logs to keep for accepted connections string "14" no
vpcflow_log_rejected_retention How many day's worth of VPC Flow logs to keep for rejected connections string "14" no

Outputs

Name Description
all_subnet_ids List all used subnet ids
aws_region AWS Region being used
nat_gw_eips List all NAT Gateway Public IPs
private01_routing_table_ids Routing table ids for private 01 subnets
private01_tier_name Tag being used for describing private subnet 01 tier
private02_routing_table_ids Routing table ids for private 02 subnets
private02_tier_name Tag being used for describing private subnet 02 tier
private03_routing_table_ids Routing table ids for private 03 subnets
private03_tier_name Tag being used for describing private subnet 03 tier
private_subnet01_ids List all used private 01 subnet ids
private_subnet02_ids List all used private 02 subnet ids
private_subnet03_ids List all used private 03 subnet ids
private_subnet_ids List all used private subnet ids
public_routing_table_ids Routing table ids for public subnets
public_subnet_ids List all used public subnet ids
public_tier_name Tag being used for describing public subnet tier
vpc_cidr CIDR Range being used by VPC
vpc_id AWS VPC ID