Giters

chris24walsh / terraform-aws-mcaf-vpc

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

mcaf-terraform-aws-vpc

This module creates a VPC layout with private, public and lambda subnets. It also sets up by default the necessary networking components like gateways and routers.

All subnets are optional so you can decide which ones make sense for your environment. See the examples directory for reference material.

module "full_vpc" {
  source              = "github.com/schubergphilis/terraform-aws-mcaf-vpc"
  name                = "test"
  cidr_block          = "192.168.0.0/24"
  availability_zones  = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  public_subnet_bits  = 28
  private_subnet_bits = 28

  tags = {
    environment = "test"
  }
}

Requirements

Name Version
terraform >= 0.12.10

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
availability_zones A list of availability zones for the subnets list(string) n/a yes
cidr_block The CIDR block for the VPC string n/a yes
name Used as part of the resource names to indicate they are created and used within a specific name string n/a yes
tags A mapping of tags to assign to all resources map(string) n/a yes
dhcp_options DHCP options to assign to the VPC 
object({
    domain_name          = string
    domain_name_servers  = list(string)
    netbios_name_servers = list(string)
    netbios_node_type    = number
    ntp_servers          = list(string)
  })
 null no
ebs_endpoint Variables to provision an EBS endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ec2_endpoint Variables to provision an EC2 endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ec2messages_endpoint Variables to provision an EC2 messages endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ecr_api_endpoint Variables to provision a ECR endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
enable_nat_gateway Set to true to provision a NAT Gateway for each private subnet bool true no
flow_logs Variables to enable flow logs for the VPC 
object({
    iam_role_name     = string
    log_group_name    = string
    retention_in_days = number
    traffic_type      = string
  })
 null no
internet_gateway_tags Additional tags to set on the internet gateway map(string) {} no
lambda_subnet_bits The number of bits used for the subnet mask number null no
logs_endpoint Variables to provision a Log endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
postfix Postfix the role and policy names with Role and Policy bool false no
prepend_resource_type If set it will prepend the resource type on the name of the resource. bool false no
private_dynamodb_endpoint Deploy a DynamoDB endpoint for your private subnets bool false no
private_s3_endpoint Deploy an S3 endpoint for your private subnets bool false no
private_subnet_bits The number of bits used for the subnet mask number null no
private_subnet_tags Additional tags to set on the private subnets map(string) {} no
public_subnet_bits The number of bits used for the subnet mask number null no
public_subnet_tags Additional tags to set on the public subnets map(string) {} no
restrict_default_security_group Set to true to remove all rules from the default security group bool true no
s3_route_table_ids Custom route table IDs for the S3 endpoint list(string) null no
share_private_subnets If set it will share the private subnets through resource access manager bool false no
share_public_subnets If set it will share the public subnets through resource access manager bool false no
ssm_endpoint Variables to provision an SSM endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
ssmmessages_endpoint Variables to provision an SSM messages endpoint to the VPC 
object({
    private_dns_enabled = bool
    security_group_ids  = list(string)
    subnet_ids          = list(string)
  })
 null no
subnet_sharing_custom_tags Custom tags to be added to a resource share for subnets map(string) {} no
transfer_server Variables to provision a Transfer Server endpoint to the VPC 
object({
    security_group_ids  = list(string)
    subnet_ids          = list(string)
    private_dns_enabled = bool
  })
 null no
vpc_tags Additional tags to set on the VPC map(string) {} no

Outputs

Name Description
cidr_block CIDR block of the VPC
id ID of the VPC
igw_id ID of the Internet Gateway
lambda_route_table_ids IDs of the Lambda route tables
lambda_subnet_arns ARNs of the Lambda subnets
lambda_subnet_cidr_blocks CIDR blocks of the Lambda subnets
lambda_subnet_ids IDs of the Lambda subnets
name The name provided for the VPC
nat_gateway_ids IDs of the NAT gateways
private_route_table_ids IDs of the private route tables
private_subnet_arns ARNs of the private subnets
private_subnet_cidr_blocks CIDR blocks of the private subnets
private_subnet_ids IDs of the private subnets
public_route_table_id ID of the public route table
public_subnet_arns ARNs of the public subnets
public_subnet_cidr_blocks CIDR blocks of the public subnets
public_subnet_ids IDs of the public subnets
subnet_share_arn The ARN of the subnet share in resource access manager if any
subnet_share_id The ID of the subnet share in resource access manager if any
vpc_endpoint_ids An object containing the ID of each created VPC endpoint

About

License:Apache License 2.0

Languages

Language:HCL 100.0%