/terraform-aws-vpc

Repository for provisioning AWS VPC with Terraform

Primary LanguageHCLMIT LicenseMIT

README

Purpose of this Module

Although one can find various terraform modules to provision AWS VPC. This module mainly concentrate on

  • How to avoid providing cumbersome vpcid, subnet id when creating various AWS resources?
  • Make AWS resources more readable when navigating in AWS console. This became more useful when your AWS account has lot of resources.
  • Apply simple strategies for creating resources and improve security. e.g. enforce RDS in private subnet, compute resources like ECS, EKS in private subnet.This become very useful when this module used by novice developer.
  • Attach predefined tags to AWS resources. These tags play major role in tracking resources for
    • Monitoring. tools like Datadog depends heavily on tags
    • Cost

Dependencies and Prerequisites

  • Terraform version 0.12 and higher
  • AWS account
  • AWS CLI

Important Variables

variable name is required Default Value Type Notes
vpc_cidr_block Y String Valid CIDR Range
public_subnet_cidr_list N empty list list Valid list of CIDR range inline with vpc_cidr_block
private_app_subnet_list N empty list list Valid list of CIDR range inline with vpc_cidr_block
private_db_subnet_list N empty list list Valid list of CIDR range inline with vpc_cidr_block
region N eu-west-1 string Valid AWS Region
region_id N euw1 string Region Identifier. for more information about this please refer following sections
az_list N eu-west-1a,eu-west-1b, eu-west-1c list Define Az in which subnet to be get created. Availability zone inline with region.it's count must be same as cidr ranges define for subnets.
vpc_seq_id N 001 string Define sequence for combination of regionId,cost_centre and environment. one can define any random string,but it is better if is sequential number
seq_id N 001 string usually some sequential number. in this case it should be same as vpc_seq_id
environment N dev string indicates name of our environment.it can be anything. Possible values dev,cit,sit,uat,pprod,prod,n. for more information refer following sections.
cost_centre N na string A part of an organization to which bill might be charged.e.g. finance/it/hr/wholesale/retail/investment etc...

for complete list of variables please refer variables.tf of this module.

region

region_id

  • short indicator for region
  • it can be max 5 char.
  • for eu-west-1 it is euw1
  • for ap-southeast-1, singapore i.e. apse1
  • please note these are indicator for ideal region_id. one can use its own standard if needed.

cost_centre

  • It represents an entity which will own cost for resources created in this VPC .
  • Any org can have multiple departments wfollowing cost centres. following values are indicative.one can use their own indicator,but one need to follow same throughout.
  • all small case letters
  • length 1 to 4 chars
Possible Cost Centres value
admin admn
infrastructure infra
techsupport tsup
hr hr
it it
legal lgl
finance fin
wholesale whsl
retail rtl
manufacturing mfg
banking bank
investment inv
marketing mkt

environment

  • It represents the environment for which this VPC created for.
  • length 1 to 3 chars
  • all small case letters
  • Possible values
Value Important Note
dev for Development environment
cit specific to Component Integration Testing
sit specific to System Integration Testing
uat specific to User Acceptance Testing
pre specific to Preprod environment
n VPC which is not for production env
p VPC for Production environment

Important Notes for Tags

This module add/override following tags to various resources created.

Tag Key Variable Notes
RegionId region_id Represent indicator for region in which resource present
Environment environment Represent Environment.
CostCentre cost_centre some predefined, unique identifier across org for identifying entity responsible for cost.
VPCSeqId vpc_seq_id Indicator for VPC
VersionId version_id it is less signficant,but if anyone want to track it is good idea
BuildDate build_date it is less signficant,but if someone wants to track date(predefine date format defined in your org) then it is good indicator for date on which this component/resource created/updated
AppRole it is constant with value network for various resources created by this module.

This module responsible for creating

Subnets Notes
Public Subnet Ideal for running Load Balancers (Application, Classic, Network), API Gateway....
Private subnet for Computing Ideal for running Compute resources like AWS lambda, ElasticBeanstalk, EC2, ECS, EKS......
Private subnet for Persistence layer A place for running RDS, NoSQL, Elastic search ....
Gateways Notes
Nat Gateway Responsible for Instances(EC2/Containers etc) in private subnet to communicate with the Internet but the reverse is not true. Associate public/Elastic IP with each Nat Gateway
Internet Gateway Provide a target in your VPC route tables for internet-routable traffic. Perform network address translation (NAT) for instances that have been assigned public IPv4 addresses
VPN Gateway Enable the on-premises network to connect to this VPC
AWS Resource Notes
Single VPC
Route and Route tables

Example

module "vpc" {
source="git::https://github.com/polganesh/terraform-aws-vpc.git"
vpc_cidr_block = "10.10.0.0/16"
public_subnet_cidr_list = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
private_app_subnet_list = ["10.10.4.0/24", "10.10.5.0/24", "10.10.6.0/24"]
private_db_subnet_list = ["10.10.7.0/24", "10.10.8.0/24", "10.10.9.0/24"]
region = "eu-central-1"
region_id = "euc1"
az_list = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]
vpc_seq_id = "001"
seq_id = "001"
environment = "n"
cost_centre = "tech"
build_date = "30092019"
version_id = "001"
}

AWS Resources created by this script

VPC
VPC name format vpc-{region-id}-{environment}-{cost_centre}-{vpc_seq_id}
Example vpc-euc1-n-tech-001
Important Notes helpful for anyone to identify this VPC created in eu-central-1, for non prod account, cost for any resources created in this VPC will be managed by tech business unit in organization, it is first VPC in this AWS account with remaining combination
Subnets
Subnet name format sub-{region-id}-{environment}-{cost_centre}-vpc{vpc_seq_id}-{pub,privApp,privDb}-{az-indicator}-{seq_id}
Example for public subnets sub-euc1-n-tech-vpc001-pub-1a-001
sub-euc1-n-tech-vpc001-pub-1b-001
sub-euc1-n-tech-vpc001-pub-1c-001
Example for private App subnets sub-euc1-n-tech-vpc001-privApp-1a-001
sub-euc1-n-tech-vpc001-privApp-1b-001
sub-euc1-n-tech-vpc001-privApp-1c-001
Example for private Db subnets sub-euc1-n-tech-vpc001-privDb-1a-001
sub-euc1-n-tech-vpc001-privDb-1b-001
sub-euc1-n-tech-vpc001-privDb-1c-001
Route Tables
Route table format rtb-{region-id}-{environment}-{cost_centre}-vpc{vpc_seq_id}-{pub,privApp,privDb}-{az-indicator}-{seq_id}
Example for route tables rtb-euc1-n-tech-vpc001-pub-1a-001
rtb-euc1-n-tech-vpc001-pub-1b-001
rtb-euc1-n-tech-vpc001-pub-1c-001
rtb-euc1-n-tech-vpc001-privApp-1a-001
rtb-euc1-n-tech-vpc001-privApp-1b-001
rtb-euc1-n-tech-vpc001-privApp-1c-001
rtb-euc1-n-tech-vpc001-privDb-1a-001
rtb-euc1-n-tech-vpc001-privDb-1b-001
rtb-euc1-n-tech-vpc001-privDb-1c-001
Nat Gateways
Nat Gateway format ngw-{region-id}-{environment}-{cost_centre}-vpc{vpc_seq_id}-{az-indicator}-{seq_id}
ngw-euc1-n-tech-vpc001-1a-001
ngw-euc1-n-tech-vpc001-1b-001
ngw-euc1-n-tech-vpc001-1c-001
VPN Gateway
VPN Gateway format vpngw-{region-id}-{environment}-{cost_centre}-{seq_id}
vpngw-euc1-n-tech-001
Internet Gateway
Internet Gateway format igw-{region-id}-{environment}-{cost_centre}-{seq_id}
igw-euc1-n-tech-001