AWS VPC Terraform Module

Terraform module with create vpc and subnet resources on AWS.

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 5.0.0

Providers

Name	Version
aws	5.3.0

Modules

Name	Source	Version
flow_log	./modules/flow-log	n/a

Resources

Name	Type
aws_default_security_group.this	resource
aws_eip.nat	resource
aws_internet_gateway.this	resource
aws_nat_gateway.nat	resource
aws_nat_gateway.secondary_nat	resource
aws_route.database_nat_gateway	resource
aws_route.database_nat_gateway_ipv6	resource
aws_route.private_nat_gateway	resource
aws_route.private_nat_gateway_ipv6	resource
aws_route.public_internet_gateway	resource
aws_route.public_internet_gateway_ipv6	resource
aws_route.secondary_nat_gateway	resource
aws_route.secondary_nat_gateway_ipv6	resource
aws_route_table.database	resource
aws_route_table.private	resource
aws_route_table.public	resource
aws_route_table.secondary	resource
aws_route_table_association.database	resource
aws_route_table_association.private	resource
aws_route_table_association.public	resource
aws_route_table_association.secondary	resource
aws_subnet.database	resource
aws_subnet.private	resource
aws_subnet.public	resource
aws_subnet.secondary	resource
aws_vpc.this	resource
aws_vpc_dhcp_options.this	resource
aws_vpc_dhcp_options_association.this	resource
aws_vpc_ipv4_cidr_block_association.secondary_cidr	resource

Inputs

Name	Description	Type	Default	Required
account_mode	Account mode for provision cloudtrail, if account_mode is hub, will provision S3, KMS, CloudTrail. if account_mode is spoke, will provision only CloudTrail	string	n/a	yes
availability_zone	A list of availability zones names or ids in the region	list(string)	n/a	yes
centralize_flow_log_bucket_lifecycle_rule	List of lifecycle rules to transition the data. Leave empty to disable this feature. storage_class can be STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE	list(object({ id = string transition = list(object({ days = number storage_class = string })) expiration_days = number }))	[]	no
centralize_flow_log_bucket_name	S3 bucket for store Cloudtrail log (long terms), leave this default if account_mode is hub. If account_mode is spoke, please provide centrailize flow log S3 bucket name (hub).	string	""	no
centralize_flow_log_kms_key_id	The ARN for the KMS encryption key. Leave this default if account_mode is hub. If account_mode is spoke, please provide centrailize kms key arn (hub).	string	""	no
cidr	The CIDR block for the VPC	string	n/a	yes
database_subnets	The CIDR block for the database subnets.	list(string)	[]	no
dhcp_options_domain_name	Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)	string	""	no
dhcp_options_domain_name_servers	Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)	list(string)	[ "AmazonProvidedDNS" ]	no
dhcp_options_netbios_name_servers	Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)	list(string)	[]	no
dhcp_options_netbios_node_type	Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)	string	""	no
dhcp_options_ntp_servers	Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)	list(string)	[]	no
environment	Environment Variable used as a prefix	string	n/a	yes
flow_log_retention_in_days	Specifies the number of days you want to retain log events in the specified log group for VPC flow logs.	number	90	no
instance_tenancy	A tenancy option for instances launched into the VPC	string	"default"	no
is_create_database_subnet_route_table	Whether to create database subnet or not	bool	true	no
is_create_flow_log	Whether to create flow log.	bool	true	no
is_create_internet_gateway	Whether to create igw or not	bool	true	no
is_create_nat_gateway	Whether to create nat gatewat or not	bool	false	no
is_create_secondary_nat_gateway	Whether to create private secondary nat gatewat or not	bool	false	no
is_create_vpc	Whether to create vpc or not	bool	true	no
is_enable_dhcp_options	Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type	bool	false	no
is_enable_dns_hostnames	Should be true to enable DNS hostnames in the VPC	bool	false	no
is_enable_dns_support	Should be true to enable DNS support in the VPC	bool	true	no
is_enable_eks_auto_discovery	Tags public, private subnet to auto discovery	bool	true	no
is_enable_flow_log_s3_integration	Whether to enable flow log S3 integration.	bool	true	no
is_enable_ipv6	Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.	bool	false	no
is_enable_single_nat_gateway	Should be true if you want to provision a single shared NAT Gateway across all of your private networks	bool	false	no
is_map_public_ip_on_launch_public_subnet	Specify true to indicate that instances launched into public subnets will be assigned a public IP address	bool	false	no
is_one_nat_gateway_per_az	Enable multiple Nat gateway and public subnets with Multi-AZ	bool	false	no
prefix	The prefix name of customer to be displayed in AWS console and resource	string	n/a	yes
private_subnets	The CIDR block for the private subnets.	list(string)	n/a	yes
public_subnets	The CIDR block for the public subnets.	list(string)	n/a	yes
secondary_cidr	The Secondary CIDR block for the VPC	string	""	no
secondary_subnets	The CIDR block for the secondary subnets.	list(string)	[]	no
spoke_account_ids	Spoke account Ids, if mode is hub.	list(string)	[]	no
tags	Tags to add more; default tags contian {terraform=true, environment=var.environment}	map(string)	{}	no

Outputs

Name	Description
centralize_flow_log_bucket_arn	S3 Centralize Flow log Bucket ARN
centralize_flow_log_bucket_name	S3 Centralize Flow log Bucket Name
centralize_flow_log_key_arn	KMS Centralize Flow log key arn
centralize_flow_log_key_id	KMS Centralize Flow log key id
database_subnet_arns	List of ARNs of database subnets
database_subnet_cidr_blocks	List of cidr_blocks of database subnets
database_subnet_ids	List of IDs of database subnets
database_subnet_ipv6_cidr_blocks	List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC
default_security_gruop_id	The ID of the security group created by default on VPC creation
flow_log_cloudwatch_dest_arn	Flow log CloudWatch ARN
flow_log_cloudwatch_dest_id	Flow log CloudWatch Id
flow_log_s3_dest_arn	Flow log S3 ARN
flow_log_s3_dest_id	Flow log S3 Id
igw_arn	The ARN of the Internet Gateway
igw_id	The ARN of the Internet Gateway
natgw_ids	List of NAT Gateway IDs
private_subnet_arns	List of ARNs of private subnets
private_subnet_cidrs_blocks	List if cidr_blocks of private subnets
private_subnet_ids	List of IDs of private subnets
private_subnet_ipv6_cidr_blocks	List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC
public_subnet_arns	List of ARNs of public subnets
public_subnet_cidrs_blocks	List if cidr_blocks of public subnets
public_subnet_ids	List of IDs of public subnets
public_subnet_ipv6_cidr_blocks	List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC
route_table_database_id	Route table database id
route_table_private_id	Route table private id
route_table_public_id	Route table public id
secondary_natgw_ids	List of Secondary NAT Gateway IDs
secondary_subnet_arns	List of ARNs of secondary subnets
secondary_subnet_cidrs_blocks	List if cidr_blocks of secondary subnets
secondary_subnet_ids	List of IDs of secondary subnets
secondary_subnet_ipv6_cidr_blocks	List of IPv6 cidr_blocks of secondary subnets in an IPv6 enabled VPC
secondary_vpc_cidr_block	The CIDR block of the VPC
vpc_arn	The ARN of the VPC
vpc_cidr_block	The CIDR block of the VPC
vpc_id	The ID of the VPC