This module performs the following tasks:
- Create VPC, vpcflow log
- Create subnets in every AZ
- Create IGW, NGW
- Create s3 and ddb endpoints which are free
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.3.0 |
| aws | >= 5.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 5.0 |
| random | n/a |
Modules
| Name | Source | Version |
|---|---|---|
| private-route | ./modules/RouteTables | n/a |
| private-route-multiaz | ./modules/RouteTables | n/a |
| vpc-ep | ../vpc-endpoints | n/a |
Resources
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.vpcflowlog-loggroup | resource |
| aws_default_security_group.default-sg | resource |
| aws_eip.ngw-eip | resource |
| aws_eip.ngw-eip-multiaz | resource |
| aws_flow_log.vpc-flowlog | resource |
| aws_flow_log.vpc-flowlog-s3 | resource |
| aws_iam_role.vpcflowlog-role | resource |
| aws_iam_role_policy.vpcflowlog-role-policy | resource |
| aws_internet_gateway.igw | resource |
| aws_nat_gateway.ngw | resource |
| aws_nat_gateway.ngw-multiaz | resource |
| aws_route.public-routes | resource |
| aws_route_table.public-route-table | resource |
| aws_route_table_association.public_route_association | resource |
| aws_subnet.private-subnets | resource |
| aws_subnet.public-subnets | resource |
| aws_vpc.vpc | resource |
| aws_vpc_ipv4_cidr_block_association.additional_cidr | resource |
| random_id.rid | resource |
| aws_availability_zones.available-az | data source |
| aws_caller_identity.this | data source |
| aws_default_tags.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create-free-vpc-endpoints | Whether to deploy free VPC endpoints (s3 and dynamodb) | bool |
true |
no |
| create-nat-gateway | Deploy NAT gateway for private subnets | bool |
false |
no |
| enable-flow-log | Whether to enable VPC flowlog | bool |
true |
no |
| flow-log-bucket-arn | Arn of S3 bucket to be used for flow logging | string |
null |
no |
| flow-log-destination | Destination of flowlog. Valid destinations are s3 or cwlog | string |
null |
no |
| multiaz-nat-gateway | Whether to deploy 1 NAT gateway for each AZ | bool |
false |
no |
| private-subnet-cidrs | Private subnet CIDRs | list(string) |
[] |
no |
| public-subnet-cidrs | Public subnet CIDRs | list(string) |
[] |
no |
| resource-prefix | Prefix of resource | string |
n/a | yes |
| secondary_cidr_blocks | Additional cidr blocks | list(string) |
[] |
no |
| vpc-cidr | VPC primary CIDR | string |
n/a | yes |
| vpcflowlog-cwl-loggroup-key-arn | KMS key arn for cwlog encryption | string |
n/a | yes |
| vpcflowlog-retain-days | Log retention period for CWlogs | number |
90 |
no |
Outputs
| Name | Description |
|---|---|
| private-subnet-details | Details of private subnets |
| private-subnet-ids | List of private subnet id |
| private_subnets | Private subnet cidrs |
| public-route-table-id | Public route table id |
| public-subnet-details | Details of public subnets |
| public-subnet-ids | List of public subnet id |
| public_subnets | Public subnet cidrs |
| secondary_cidr_blocks | Secondary CIDR block |
| vpc-cidr | VPC primary cidr |
| vpc_id | VPC id |
Authorship
This module was developed by xpk.