Skip to content

Terraform module for creating basic network resources: VPC, subnets and NAT.

License

Notifications You must be signed in to change notification settings

ambiata/terraform-aws-network

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

terraform-aws-network

Lint Status LICENSE

This module creates the basic network resources for a region.

The following resources will be created:

  • Virtual Private Cloud (VPC)
    • Enable DNS Hostname - A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
  • VPC Flow Logs
  • AWS Cloudwatch log groups
  • Subnets
    • Public
    • Private
    • Secure
    • Transit
  • Internet Gateway
  • Route tables for the Public, Private, Secure and Transit subnets
  • Associate all Route Tables created to the correct subnet
  • Nat Gateway
  • Network Access Control List (NACL) for all subnets
  • Database Subnet group - Provides an RDS DB subnet group resources
  • S3 VPC endpoint

Usage

module "network" {
  source = "git::https://github.com/DNXLabs/terraform-aws-network.git?ref=0.0.3"

  vpc_cidr              = "10.1.0.0/16"
  newbits               = 8             # will create /24 subnets
  name                  = "MyVPC"
  multi_nat             = false
}

Requirements

Name Version
terraform >= 0.14.0

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
byoip Enable module to use your own Elastic IPs (Bring Your Own IP) bool false no
cf_export_name Name prefix for the export resources of the cloud formation output string "" no
eip_allocation_ids User-specified primary or secondary private IP address to associate with the Elastic IP address list(string) [] no
enable_firewall_default_rule Enable or disable the default stateful rule. bool true no
firewall_custom_rule_arn The stateful rule group arn created outside the module list(string) [] no
firewall_custom_rules The stateful rule group rules specifications in Suricata file format, with one rule per line list(string) [] no
firewall_domain_list List the domain names you want to take action on. list(any)
[
".amazonaws.com",
".git.luolix.top"
]
no
firewall_netnum_offset Start with this subnet for secure ones, plus number of AZs number 14 no
kubernetes_clusters List of kubernetes cluster names to creates tags in public and private subnets of this VPC list(string) [] no
kubernetes_clusters_secure List of kubernetes cluster names to creates tags in secure subnets of this VPC list(string) [] no
kubernetes_clusters_type Use either 'owned' or 'shared' for kubernetes cluster tags string "shared" no
max_az Max number of AZs number 3 no
multi_nat Number of NAT Instances, 'true' will yield one per AZ while 'false' creates one NAT bool false no
name Name prefix for the resources of this stack any n/a yes
name_pattern Name pattern to use for resources. Options: default, kebab string "default" no
name_suffix Adds a name suffix to all resources created string "" no
nat Deploy NAT instance(s) bool true no
network_firewall Enable or disable VPC Network Firewall bool false no
newbits Number of bits to add to the vpc cidr when building subnets number 5 no
private_netnum_offset Start with this subnet for private ones, plus number of AZs number 5 no
public_nacl_icmp Allows ICMP traffic to and from the public subnet bool true no
public_nacl_inbound_tcp_ports TCP Ports to allow inbound on public subnet via NACLs (this list cannot be empty) list(string)
[
"80",
"443",
"22",
"1194"
]
no
public_nacl_inbound_udp_ports UDP Ports to allow inbound on public subnet via NACLs (this list cannot be empty) list(string) [] no
public_nacl_outbound_tcp_ports TCP Ports to allow outbound to external services (use [0] to allow all ports) list(string)
[
"0"
]
no
public_nacl_outbound_udp_ports UDP Ports to allow outbound to external services (use [0] to allow all ports) list(string)
[
"0"
]
no
public_netnum_offset Start with this subnet for public ones, plus number of AZs number 0 no
secure_netnum_offset Start with this subnet for secure ones, plus number of AZs number 10 no
tags Extra tags to attach to resources map(string) {} no
transit_nacl_inbound_tcp_ports TCP Ports to allow inbound on transit subnet via NACLs (this list cannot be empty) list(string)
[
"1194"
]
no
transit_nacl_inbound_udp_ports UDP Ports to allow inbound on transit subnet via NACLs (this list cannot be empty) list(string)
[
"1194"
]
no
transit_netnum_offset Start with this subnet for secure ones, plus number of AZs number 15 no
transit_subnet Create a transit subnet for VPC peering (only central account) bool false no
vpc_cidr Network CIDR for the VPC any n/a yes
vpc_cidr_summ Define cidr used to summarize subnets by tier string "/0" no
vpc_cidr_transit Network CIDR for Transit subnets string "10.255.255.0/24" no
vpc_endpoint_dynamodb_gateway Enable or disable VPC Endpoint for DynamoDB (Gateway) bool true no
vpc_endpoint_dynamodb_policy A policy to attach to the endpoint that controls access to the service string `" {
    \"Statement\": [
        {
            \"Action\": \"*\",\"Effect\": \"Allow\",\"Resource\": \"*\",\"Principal\": \"*\"
        }
    ]
}

"| no | | vpc\_endpoint\_s3\_gateway | Enable or disable VPC Endpoint for S3 Gateway |bool|true| no | | vpc\_endpoint\_s3\_policy | A policy to attach to the endpoint that controls access to the service |string|" { "Statement": [ { "Action": "","Effect": "Allow","Resource": "","Principal": "*" } ] } "| no | | vpc\_endpoints | AWS services to create a VPC endpoint on private subnets for (e.g: ssm, ec2, ecr.dkr) | <pre>list(object(<br> {<br> name = string<br> policy = optional(string)<br> allowed_cidrs = optional(list(string))<br> }<br> ))</pre> |[]| no | | vpc\_flow\_logs | Enable or disable VPC Flow Logs |bool|true| no | | vpc\_flow\_logs\_retention | Retention in days for VPC Flow Logs CloudWatch Log Group |number|365` | no |

Outputs

Name Description
cidr_block CIDR for VPC created
db_subnet_group_id n/a
firewall_subnet_cidrs List of firewall subnet CIDRs
firewall_subnet_ids List of firewall subnet IDs
internet_gateway_id ID of Internet Gateway created
nat_gateway n/a
nat_gateway_ids List of NAT Gateway IDs
private_nacl_id n/a
private_nacls n/a
private_route_table_id n/a
private_subnet_cidrs List of private subnet CIDRs
private_subnet_ids List of private subnet IDs
private_subnets n/a
public_nacl_id n/a
public_nacls n/a
public_route_table_id n/a
public_subnet_cidrs List of public subnet CIDRs
public_subnet_ids List of public subnet IDs
public_subnets n/a
secure_db_subnet n/a
secure_nacl_id n/a
secure_nacls n/a
secure_route_table_id n/a
secure_subnet_cidrs List of secure subnet CIDRs
secure_subnet_ids List of secure subnet IDs
secure_subnets n/a
transit_nacl_id n/a
transit_route_table_id n/a
transit_subnets n/a
vpc_id ID for VPC created

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform module for creating basic network resources: VPC, subnets and NAT.

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 100.0%