terraform-aws-network

This module creates the basic network resources for a region.

The following resources will be created:

Virtual Private Cloud (VPC)
- Enable DNS Hostname - A DNS hostname is a name that uniquely and absolutely names a computer; it's composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
VPC Flow Logs
AWS Cloudwatch log groups
Subnets
- Public
- Private
- Secure
- Transit
Internet Gateway
Route tables for the Public, Private, Secure and Transit subnets
Associate all Route Tables created to the correct subnet
Nat Gateway
Network Access Control List (NACL) for all subnets
Database Subnet group - Provides an RDS DB subnet group resources
S3 VPC endpoint

Usage

module "network" {
  source = "git::https://github.com/DNXLabs/terraform-aws-network.git?ref=2.0.0"

  vpc_cidr              = "10.1.0.0/16"
  newbits               = 8             # will create /24 subnets
  name                  = "MyVPC"
  multi_nat             = false
}

Requirements

Name	Version
terraform	>= 1.5.1

Providers

Name	Version
aws	n/a

Inputs

Name	Description	Type	Default	Required
byoip	Enable module to use your own Elastic IPs (Bring Your Own IP)	`bool`	`false`	no
cf_export_name	Name prefix for the export resources of the cloud formation output	`string`	`""`	no
eip_allocation_ids	User-specified primary or secondary private IP address to associate with the Elastic IP address	`list(string)`	`[]`	no
enable_firewall_default_rule	Enable or disable the default stateful rule.	`bool`	`true`	no
firewall_custom_rule_arn	The stateful rule group arn created outside the module	`list(string)`	`[]`	no
firewall_custom_rules	The stateful rule group rules specifications in Suricata file format, with one rule per line	`list(string)`	`[]`	no
firewall_domain_list	List the domain names you want to take action on.	`list(any)`	[ ".amazonaws.com", ".github.com" ]	no
firewall_netnum_offset	Start with this subnet for secure ones, plus number of AZs	`number`	`14`	no
kubernetes_clusters	List of kubernetes cluster names to creates tags in public and private subnets of this VPC	`list(string)`	`[]`	no
kubernetes_clusters_secure	List of kubernetes cluster names to creates tags in secure subnets of this VPC	`list(string)`	`[]`	no
kubernetes_clusters_type	Use either 'owned' or 'shared' for kubernetes cluster tags	`string`	`"shared"`	no
max_az	Max number of AZs	`number`	`3`	no
multi_nat	Number of NAT Instances, 'true' will yield one per AZ while 'false' creates one NAT	`bool`	`false`	no
name	Name prefix for the resources of this stack	`string`	n/a	yes
name_pattern	Name pattern to use for resources. Options: default, kebab	`string`	`"default"`	no
name_suffix	Adds a name suffix to all resources created	`string`	`""`	no
nat	Deploy NAT instance(s)	`bool`	`true`	no
network_firewall	Enable or disable VPC Network Firewall	`bool`	`false`	no
newbits	Number of bits to add to the vpc cidr when building subnets	`number`	`5`	no
private_netnum_offset	Start with this subnet for private ones, plus number of AZs	`number`	`5`	no
public_nacl_icmp	Allows ICMP traffic to and from the public subnet	`bool`	`true`	no
public_nacl_inbound_tcp_ports	TCP Ports to allow inbound on public subnet via NACLs (this list cannot be empty)	`list(string)`	[ "80", "443", "22", "1194" ]	no
public_nacl_inbound_udp_ports	UDP Ports to allow inbound on public subnet via NACLs (this list cannot be empty)	`list(string)`	`[]`	no
public_nacl_outbound_tcp_ports	TCP Ports to allow outbound to external services (use [0] to allow all ports)	`list(string)`	[ "0" ]	no
public_nacl_outbound_udp_ports	UDP Ports to allow outbound to external services (use [0] to allow all ports)	`list(string)`	[ "0" ]	no
public_netnum_offset	Start with this subnet for public ones, plus number of AZs	`number`	`0`	no
secure_netnum_offset	Start with this subnet for secure ones, plus number of AZs	`number`	`10`	no
tags	Extra tags to attach to resources	`map(string)`	`{}`	no
transit_nacl_inbound_tcp_ports	TCP Ports to allow inbound on transit subnet via NACLs (this list cannot be empty)	`list(string)`	[ "1194" ]	no
transit_nacl_inbound_udp_ports	UDP Ports to allow inbound on transit subnet via NACLs (this list cannot be empty)	`list(string)`	[ "1194" ]	no
transit_netnum_offset	Start with this subnet for secure ones, plus number of AZs	`number`	`15`	no
transit_subnet	Create a transit subnet for VPC peering (only central account)	`bool`	`false`	no
vpc_cidr	Network CIDR for the VPC	`string`	n/a	yes
vpc_cidr_summ	Define cidr used to summarize subnets by tier	`string`	`"/0"`	no
vpc_endpoint_dynamodb_gateway	Enable or disable VPC Endpoint for DynamoDB (Gateway)	`bool`	`true`	no
vpc_endpoint_s3_gateway	Enable or disable VPC Endpoint for S3 Gateway	`bool`	`true`	no
vpc_endpoint_s3_policy	A policy to attach to the endpoint that controls access to the service	`string`	"{ "Statement": [ { "Action": "", "Effect": "Allow", "Resource": "","Principal": "*" } ] }"	no
vpc_endpoints	AWS services to create a VPC endpoint on private subnets for (e.g: ssm, ec2, ecr.dkr)	list(object( { name = string policy = optional(string) allowed_cidrs = optional(list(string)) } ))	`[]`	no
vpc_flow_logs	Enable or disable VPC Flow Logs	`bool`	`true`	no
vpc_flow_logs_retention	Retention in days for VPC Flow Logs CloudWatch Log Group	`number`	`365`	no

Outputs

Name	Description
cidr_block	CIDR for VPC created
db_subnet_group_id	n/a
firewall_subnet_cidrs	List of firewall subnet CIDRs
firewall_subnet_ids	List of firewall subnet IDs
internet_gateway_id	ID of Internet Gateway created
nat_gateway	n/a
nat_gateway_ids	List of NAT Gateway IDs
private_nacl_id	n/a
private_nacls	n/a
private_route_table_id	n/a
private_subnet_cidrs	List of private subnet CIDRs
private_subnet_ids	List of private subnet IDs
private_subnets	n/a
public_nacl_id	n/a
public_nacls	n/a
public_route_table_id	n/a
public_subnet_cidrs	List of public subnet CIDRs
public_subnet_ids	List of public subnet IDs
public_subnets	n/a
secure_db_subnet	n/a
secure_nacl_id	n/a
secure_nacls	n/a
secure_route_table_id	n/a
secure_subnet_cidrs	List of secure subnet CIDRs
secure_subnet_ids	List of secure subnet IDs
secure_subnets	n/a
transit_nacl_id	n/a
transit_route_table_id	n/a
transit_subnets	n/a
vpc_id	ID for VPC created

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.

Name		Name	Last commit message	Last commit date
Latest commit History 174 Commits
.github		.github
.tflint.hcl		.tflint.hcl
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
_data.tf		_data.tf
_outputs.tf		_outputs.tf
_variables.tf		_variables.tf
cf-exports.tf		cf-exports.tf
cf-exports.yml		cf-exports.yml
db-subnet.tf		db-subnet.tf
nacl-private.tf		nacl-private.tf
nacl-public.tf		nacl-public.tf
nacl-secure.tf		nacl-secure.tf
nacl-transit.tf		nacl-transit.tf
nat.tf		nat.tf
network-firewall.tf		network-firewall.tf
subnet-firewall.tf		subnet-firewall.tf
subnet-private.tf		subnet-private.tf
subnet-public.tf		subnet-public.tf
subnet-secure.tf		subnet-secure.tf
subnet-transit.tf		subnet-transit.tf
versions.tf		versions.tf
vpc-endpoint-dynamodb.tf		vpc-endpoint-dynamodb.tf
vpc-endpoint-s3.tf		vpc-endpoint-s3.tf
vpc-endpoints.tf		vpc-endpoints.tf
vpc-flow-logs.tf		vpc-flow-logs.tf
vpc.tf		vpc.tf

License

Pragmateam/terraform-aws-network

Folders and files

Latest commit

History

Repository files navigation

terraform-aws-network

Usage

Requirements

Providers

Inputs

Outputs

Authors

License

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Languages