terraform.aws-baseline-infra/modules/networking/vpc_subnets/README.md

53 lines
3.7 KiB
Markdown
Raw Normal View History

2021-01-28 16:36:32 +08:00
# Overview
2021-01-28 16:36:32 +08:00
This module performs the following tasks:
- Create VPC, vpcflow log
- Create subnets in every AZ
- Create IGW, NGW
2021-01-28 16:52:18 +08:00
## Subnet addressing
Subnet cidrs are calculated automatically. Due to the design of terraform's cidrsubnets, this module has limitations:
* supports 2, 4, 6, or 8 subnets in total.
* hard-coded to work with 2 AZs, regardless of number of AZs available in the region.
Based on the input variables, it will create subnet cidrs using the following function
2021-01-28 16:52:18 +08:00
| Private Subnets per az | Public Subnets per az | Function | Example if a /24 is used on VPC |
| ---------------------- | --------------------- | -------------------------------------------- | ------------------------------- |
| 1 | 0 | cidrsubnets(local.vpc-cidr, 1,1) | 2 * /25 |
| 1 | 1 | cidrsubnets(local.vpc-cidr, 2,2,2,2) | 4 * /26 |
| 2 | 1 | cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) | 6 * /27 |
| 2 | 2 | cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) | 8 * /28 |
2021-01-28 16:52:18 +08:00
simple-divide = local.total-no-subnets >=8 ? cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) : local.total-no-subnets >=6 ? cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) : local.total-no-subnets >=4 ? cidrsubnets(local.vpc-cidr, 2,2,2,2) : local.total-no-subnets >=2 ? cidrsubnets(local.vpc-cidr, 1,1) : null
2021-01-28 16:52:18 +08:00
2021-01-28 16:36:32 +08:00
## Inputs:
| Name | Description | Type | Default | Required |
| -------------------------------- | ------------------------------------------------- | ------ | ------- |:--------:|
| application | name of application | string | none | yes |
| environment | capacity of environment (prd/dev/lab) | string | none | yes |
| customer-name | owner of aws resources | string | none | yes |
| project | name of project | string | none | yes |
| default-tags | tags to be added to resources | list | none | yes |
| number-of-private-subnets-per-az | number of private subnets per az | number | 0 | yes |
| number-of-public-subnets-per-az | number of public subnets per az | number | 0 | yes |
| create-nat-gateway | whether to deploy NAT gateway for private subnets | bool | true | yes |
| vpc-cidr | VPC cidr | string | none | yes |
| enable-flowlog | whether to enable vpc flowlog | bool | true | yes |
| vpcflowlog-retain-days | number of days to retain vpc cloudwatch log | number | 90 | yes |
| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
| aws-region | aws region (e.g. ap-northeast-1) | string | none | yes |
| vpcflowlog-cwl-loggroup-key-arn | kms key alias arn for log group encryption | string | none | yes |
2021-01-28 16:36:32 +08:00
## Outputs:
| Name | Description | Type |
| --------------- | ------------------- | ------ |
| vpc_id | vpc id | string |
| public_subnets | list of cidr blocks | list |
| private_subnets | list of cidr blocks | list |