.. | ||
main.tf | ||
outputs.tf | ||
README.md | ||
variables.tf | ||
vpc-flowlog.tf | ||
vpc.tf |
Overview
This module performs the following tasks:
- Create VPC, vpcflow log
- Create subnets in every AZ
- Create IGW, NGW
Subnet addressing
Subnet cidrs are calculated automatically. Due to the design of terraform's cidrsubnets, this module has limitations:
- supports 2, 4, 6, or 8 subnets in total.
- hard-coded to work with 2 AZs, regardless of number of AZs available in the region.
Based on the input variables, it will create subnet cidrs using the following function
Private Subnets per az | Public Subnets per az | Function | Example if a /24 is used on VPC |
---|---|---|---|
1 | 0 | cidrsubnets(local.vpc-cidr, 1,1) | 2 * /25 |
1 | 1 | cidrsubnets(local.vpc-cidr, 2,2,2,2) | 4 * /26 |
2 | 1 | cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) | 6 * /27 |
2 | 2 | cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) | 8 * /28 |
simple-divide = local.total-no-subnets >=8 ? cidrsubnets(local.vpc-cidr, 4,4,4,4,4,4,4,4) : local.total-no-subnets >=6 ? cidrsubnets(local.vpc-cidr, 3,3,3,3,3,3) : local.total-no-subnets >=4 ? cidrsubnets(local.vpc-cidr, 2,2,2,2) : local.total-no-subnets >=2 ? cidrsubnets(local.vpc-cidr, 1,1) : null
Inputs:
Name | Description | Type | Default | Required |
---|---|---|---|---|
application | name of application | string | none | yes |
environment | capacity of environment (prd/dev/lab) | string | none | yes |
customer-name | owner of aws resources | string | none | yes |
project | name of project | string | none | yes |
default-tags | tags to be added to resources | list | none | yes |
number-of-private-subnets-per-az | number of private subnets per az | number | 0 | yes |
number-of-public-subnets-per-az | number of public subnets per az | number | 0 | yes |
create-nat-gateway | whether to deploy NAT gateway for private subnets | bool | true | yes |
vpc-cidr | VPC cidr | string | none | yes |
enable-flowlog | whether to enable vpc flowlog | bool | true | yes |
vpcflowlog-retain-days | number of days to retain vpc cloudwatch log | number | 90 | yes |
aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
aws-region | aws region (e.g. ap-northeast-1) | string | none | yes |
vpcflowlog-cwl-loggroup-key-arn | kms key alias arn for log group encryption | string | none | yes |
Outputs:
Name | Description | Type |
---|---|---|
vpc_id | vpc id | string |
public_subnets | list of cidr blocks | list |
private_subnets | list of cidr blocks | list |