Skip to content

Terraform module to create an AWS VPC (public, or public and private)

License

Notifications You must be signed in to change notification settings

philips-software/terraform-aws-vpc

Repository files navigation

Terraform module for creating a vpc

This module creates one VPC, by default it creates public and private subnets in all the availability zones for the selected region.

Terraform version

  • Terraform 0.12: Pin module to ~> 2+, submit pull request to branch develop
  • Terraform 0.11: Pin module to ~> 1.x, submit pull request to branch terraform011

Example usages:

See the examples for executable examples.

module "vpc" {
  source = "github.com/philips-software/terraform-aws-vpc.git?ref=2.2.0"

  environment = "my-awsome-project"
  aws_region  = "eu-west-1"

  // optional, defaults
  project                    = "Forest"
  create_private_hosted_zone = "false"  // default = true
  create_private_subnets     = "false"  // default = true

  // example to override default availability_zones
  availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]

  // add aditional tags
  tags = {
    my-tag = "my-new-tag"
  }
}

Inputs

Name Description Type Default Required
availability_zones List to specify the availability zones for which subnes will be created. By default all availability zones will be used. list <list> no
aws_region The Amazon region string n/a yes
cidr_block The CIDR block used for the VPC. string "10.0.0.0/16" no
create_private_hosted_zone Indicate to create a private hosted zone. bool "true" no
create_private_subnets Indicates to create private subnets. bool "true" no
create_s3_vpc_endpoint Whether to create a VPC Endpoint for S3, so the S3 buckets can be used from within the VPC without using the NAT gateway. bool "true" no
enable_create_defaults Add tags to the default resources. bool "false" no
environment Environment name, will be added for resource tagging. string n/a yes
private_subnet_tags Map of tags to apply on the private subnets map(string) <map> no
project Project name, will be added for resource tagging. string "" no
public_subnet_map_public_ip_on_launch Enable public ip creaton by default on EC2 instance launch. bool "false" no
public_subnet_tags Map of tags to apply on the public subnets map(string) <map> no
tags Map of tags to apply on the resources map(string) <map> no

Outputs

Name Description
availability_zones List of the availability zones.
nat_gateway_public_ip Public IP address of the NAT gateway.
private_dns_zone_id ID of the the private DNS zone, optional.
private_domain_name Private domain name, optional.
private_subnets List of the private subnets.
private_subnets_route_table
public_subnets List of the public subnets.
public_subnets_route_table
vpc_cidr VPC CDIR.
vpc_id ID of the VPC.

VPC for Amazon EKS

Amazon EKS (Elastic Kubernetes Service) requires that both VPCs and Subnets (public and private) are tagged specifically with certain values according to the [aws-eks-docs].

Therefore, if the VPC created using this module is targeted for EKS, tag it with

  tags = {
    "kubernetes.io/cluster/<cluster-name>" = "my-new-tag"
  }

Subnets Tags

As stated above, tagging the subnets is also mandatory for EKS Clusters. The tags for public and private subnets are as follows, respectively:

Public Subnet Tags

  public_subnet_tags = {
    "kubernetes.io/cluster/<cluster_name>" = "shared"
    "kubernetes.io/role/elb"               = "1"
  }

Private Subnet Tags

  private_subnet_tags = {
    "kubernetes.io/cluster/<cluster_name>" = "shared"
    "kubernetes.io/role/internal-elb"      = "1"
  }

Automated checks

Currently the automated checks are limited. In CI the following checks are done for the root and each example.

  • lint: terraform validate and terraform fmt
  • basic init / get check: terraform init -get -backend=false -input=false

Generation variable documentation

A markdown table for variables can be generated as follow. Generation requires awk and terraform-docs installed.

 .ci/bin/terraform-docs.sh markdown .

Philips Forest

This module is part of the Philips Forest.

                                                     ___                   _
                                                    / __\__  _ __ ___  ___| |_
                                                   / _\/ _ \| '__/ _ \/ __| __|
                                                  / / | (_) | | |  __/\__ \ |_
                                                  \/   \___/|_|  \___||___/\__|  

                                                                 Infrastructure

Talk to the forestkeepers in the forest-channel on Slack.

Slack [aws-eks-docs]: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html