Skip to content

Latest commit

 

History

History

vpc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

docs

docs

 
 

examples

examples

 
 

tests

tests

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

defaults.tf

defaults.tf

 
 

flowlogs.tf

flowlogs.tf

 
 

inputs.tf

inputs.tf

 
 

locals.tf

locals.tf

 
 

main.tf

main.tf

 
 

nacl.tf

nacl.tf

 
 

outputs.tf

outputs.tf

 
 

priv_pub_vpc.svg

priv_pub_vpc.svg

 
 

routetable.tf

routetable.tf

 
 

versions.tf

versions.tf

 
 

README.md

Virtual Private Cloud (VPC)

This module creates a pre-configured VPC with a pair of subnets split over one or many availability zones (AZ). Each of the AZs created has a public and private subnet. The public subnet has a public IP address attached and has a route to the internet. The private subnet has a route to the internet through a nat gateway.

Architecture

This module allows you to deploy two types of architecture high availability and single zone mode.

High Availability Mode

Please Note: This might not work outside of ca-central-1

High Availability mode deploys in each AZ in a region. This is what you should chose if you want to target Protected B, Medium Integrity, Medium Availability (PBMM). Diagram of the High Availiablity Zone architecture

Single Zone mode

Please Note: This should not be used in a PBMM Production environment.

Single Zone mode deployes in the first AZ in a region that is found by the availability lookup. This will work for if you want to save money in dev. Diagram of the Single Zone architecture

Requirements

Name Version
aws >= 5

Providers

Name Version
aws >= 5

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.flow_logs resource
aws_default_network_acl.default resource
aws_default_route_table.default resource
aws_default_security_group.default resource
aws_eip.nat resource
aws_flow_log.flow_logs resource
aws_iam_policy.vpc_metrics_flow_logs_write_policy resource
aws_iam_role.flow_logs resource
aws_iam_role_policy_attachment.vpc_metrics_flow_logs_write_policy_attach resource
aws_internet_gateway.gw resource
aws_nat_gateway.nat_gw resource
aws_network_acl.main resource
aws_network_acl_rule.block_rdp resource
aws_network_acl_rule.block_ssh resource
aws_network_acl_rule.https_request_egress_443 resource
aws_network_acl_rule.https_request_in_ingress_443 resource
aws_network_acl_rule.https_request_in_ingress_ephemeral resource
aws_network_acl_rule.https_request_in_response_egress_443 resource
aws_network_acl_rule.https_request_in_response_egress_ephemeral resource
aws_network_acl_rule.https_request_out_egress_ephemeral resource
aws_network_acl_rule.https_request_out_response_ingress_443 resource
aws_network_acl_rule.https_request_out_response_ingress_ephemeral resource
aws_route.private_nat_gateway resource
aws_route.public_internet_gateway resource
aws_route_table.private resource
aws_route_table.public resource
aws_route_table_association.private resource
aws_route_table_association.public resource
aws_subnet.private resource
aws_subnet.public resource
aws_vpc.main resource
aws_availability_zones.available data source
aws_iam_policy_document.vpc_flow_logs_service_principal data source
aws_iam_policy_document.vpc_metrics_flow_logs_write data source

Inputs

Name Description Type Default Required
allow_https_request_in (Optional, default 'false') Allow HTTPS connections on port 443 in from the internet bool false no
allow_https_request_in_response (Optional, default 'false') Allow a response back to the internet in reply to a request bool false no
allow_https_request_out (Optional, default 'false') Allow HTTPS connections on port 443 out to the internet bool false no
allow_https_request_out_response (Optional, default 'false') Allow a response back from the internet in reply to a request bool false no
availability_zones (Optional, default '1') The number of availability zones to use number 1 no
billing_tag_key (Optional, default 'CostCentre') The name of the billing tag string "CostCentre" no
billing_tag_value (Required) The value of the billing tag string n/a yes
block_rdp (Optional, default 'true') Whether or not to block Port 3389 bool true no
block_ssh (Optional, default 'true') Whether or not to block Port 22 bool true no
cidr (Optional, default '10.0.0.0/16') The CIDR block for the VPC string "10.0.0.0/16" no
cidrsubnet_newbits (Optional, default '10') The number of additional bits with which to extend the cidr subnet prefix number 10 no
enable_eip (Optional, default 'true') Enables Elastic IPs, disabling is mainly used for testing purposes bool true no
enable_flow_log (Optional, default 'false') Whether or not to enable VPC Flow Logs bool false no
name (Required) The name of the vpc string n/a yes
private_subnets (Optional, default []) A list of private subnets inside the VPC list(string) [] no
public_subnets (Optional, default []) A list of public subnets inside the VPC list(string) [] no
single_nat_gateway Should be true if you want to provision a single shared NAT Gateway across all of your private networks bool false no

Outputs

Name Description
cidr_block n/a
main_nacl_id n/a
main_route_table_id n/a
private_route_table_ids n/a
private_subnet_cidr_blocks n/a
private_subnet_ids n/a
public_ips n/a
public_subnet_cidr_blocks n/a
public_subnet_ids n/a
vpc_id n/a