├── .deepsource.toml ├── .editorconfig ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── basic │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── complete │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── private-subnet │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── public-private-subnet-single-nat-gateway │ ├── example.tf │ ├── outputs.tf │ └── versions.tf └── public-subnet │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | [[analyzers]] 3 | name = "terraform" 4 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | # Uses editorconfig to maintain consistent coding styles 3 | 4 | # top-most EditorConfig file 5 | root = true 6 | 7 | # Unix-style newlines with a newline ending every file 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | indent_style = space 13 | insert_final_newline = true 14 | max_line_length = 80 15 | trim_trailing_whitespace = true 16 | 17 | [*.{tf,tfvars}] 18 | indent_size = 2 19 | indent_style = space 20 | 21 | [*.md] 22 | max_line_length = 0 23 | trim_trailing_whitespace = false 24 | 25 | [Makefile] 26 | tab_width = 2 27 | indent_style = tab 28 | 29 | [COMMIT_EDITMSG] 30 | max_line_length = 0 31 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | version: 2 6 | updates: 7 | - package-ecosystem: "github-actions" 8 | directory: "/" 9 | schedule: 10 | interval: "daily" 11 | open-pull-requests-limit: 3 12 | assignees: 13 | - "clouddrove-ci" 14 | reviewers: 15 | - "approvers" 16 | 17 | - package-ecosystem: "terraform" # See documentation for possible values 18 | directory: "/" # Location of package manifests 19 | schedule: 20 | interval: "weekly" 21 | # Add assignees 22 | assignees: 23 | - "clouddrove-ci" 24 | # Add reviewer 25 | reviewers: 26 | - "approvers" 27 | # Allow up to 3 open pull requests for pip dependencies 28 | open-pull-requests-limit: 3 29 | 30 | - package-ecosystem: "terraform" # See documentation for possible values 31 | directory: "/_example/private-subnet" # Location of package manifests 32 | schedule: 33 | interval: "weekly" 34 | # Add assignees 35 | assignees: 36 | - "clouddrove-ci" 37 | # Add reviewer 38 | reviewers: 39 | - "approvers" 40 | # Allow up to 3 open pull requests for pip dependencies 41 | open-pull-requests-limit: 3 42 | 43 | - package-ecosystem: "terraform" # See documentation for possible values 44 | directory: "/_example/complete" # Location of package manifests 45 | schedule: 46 | interval: "weekly" 47 | # Add assignees 48 | assignees: 49 | - "clouddrove-ci" 50 | # Add reviewer 51 | reviewers: 52 | - "approvers" 53 | # Allow up to 3 open pull requests for pip dependencies 54 | open-pull-requests-limit: 3 55 | 56 | - package-ecosystem: "terraform" # See documentation for possible values 57 | directory: "/_example/public-private-subnet-single-nat-gateway" # Location of package manifests 58 | schedule: 59 | interval: "weekly" 60 | # Add assignees 61 | assignees: 62 | - "clouddrove-ci" 63 | # Add reviewer 64 | reviewers: 65 | - "approvers" 66 | # Allow up to 3 open pull requests for pip dependencies 67 | open-pull-requests-limit: 3 68 | 69 | - package-ecosystem: "terraform" # See documentation for possible values 70 | directory: "/_example/basic" # Location of package manifests 71 | schedule: 72 | interval: "weekly" 73 | # Add assignees 74 | assignees: 75 | - "clouddrove-ci" 76 | # Add reviewer 77 | reviewers: 78 | - "approvers" 79 | # Allow up to 3 open pull requests for pip dependencies 80 | open-pull-requests-limit: 3 81 | 82 | - package-ecosystem: "terraform" # See documentation for possible values 83 | directory: "/_example/public-subnet" # Location of package manifests 84 | schedule: 85 | interval: "weekly" 86 | # Add assignees 87 | assignees: 88 | - "clouddrove-ci" 89 | # Add reviewer 90 | reviewers: 91 | - "approvers" 92 | # Allow up to 3 open pull requests for pip dependencies 93 | open-pull-requests-limit: 3 94 | 95 | -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | name: Auto Assign PRs 2 | on: 3 | pull_request: 4 | types: [opened, reopened] 5 | workflow_dispatch: 6 | jobs: 7 | assignee: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 9 | secrets: 10 | GITHUB: ${{ secrets.GITHUB }} 11 | with: 12 | assignees: 'clouddrove-ci' 13 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'tf-checks-basic-example / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | name: changelog 2 | permissions: write-all 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | workflow_dispatch: 8 | jobs: 9 | changelog: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 11 | secrets: inherit 12 | with: 13 | branch: 'master' 14 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: readme workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | workflow_dispatch: 9 | jobs: 10 | assignee: 11 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 12 | secrets: 13 | TOKEN : ${{ secrets.GITHUB }} 14 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} 15 | -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | name: tf-checks 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-checks-private-subnet-example: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 10 | with: 11 | working_directory: './examples/private-subnet/' 12 | tf-checks-basic-example: 13 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 14 | with: 15 | working_directory: './examples/basic/' 16 | tf-checks-public-private-subnet-single-nat-gateway-example: 17 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 18 | with: 19 | working_directory: './examples/public-private-subnet-single-nat-gateway/' 20 | tf-checks-complete-example: 21 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 22 | with: 23 | working_directory: './examples/complete/' 24 | tf-checks-public-subnet-example: 25 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 26 | with: 27 | working_directory: './examples/public-subnet/' 28 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | name: tf-lint 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-lint: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 10 | secrets: 11 | GITHUB: ${{ secrets.GITHUB }} 12 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | name: tfsec 2 | permissions: write-all 3 | on: 4 | pull_request: 5 | workflow_dispatch: 6 | jobs: 7 | tfsec: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 9 | secrets: inherit 10 | with: 11 | working_directory: '.' 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *~ 3 | 4 | # temporary files which can be created if a process still has a handle open of a deleted file 5 | .fuse_hidden* 6 | 7 | # KDE directory preferences 8 | .directory 9 | 10 | # Linux trash folder which might appear on any partition or disk 11 | .Trash-* 12 | 13 | # .nfs files are created when an open file is removed but is still being accessed 14 | .nfs* 15 | ### Eclipse template 16 | 17 | .metadata 18 | bin/ 19 | tmp/ 20 | *.tmp 21 | *.bak 22 | *.swp 23 | *~.nib 24 | local.properties 25 | .settings/ 26 | .loadpath 27 | .recommenders 28 | 29 | # External tool builders 30 | .externalToolBuilders/ 31 | 32 | # Locally stored "Eclipse launch configurations" 33 | *.launch 34 | 35 | # PyDev specific (Python IDE for Eclipse) 36 | *.pydevproject 37 | 38 | # CDT-specific (C/C++ Development Tooling) 39 | .cproject 40 | 41 | # Java annotation processor (APT) 42 | .factorypath 43 | 44 | # PDT-specific (PHP Development Tools) 45 | .buildpath 46 | 47 | # sbteclipse plugin 48 | .target 49 | 50 | # Tern plugin 51 | .tern-project 52 | 53 | # TeXlipse plugin 54 | .texlipse 55 | 56 | # STS (Spring Tool Suite) 57 | .springBeans 58 | 59 | # Code Recommenders 60 | .recommenders/ 61 | 62 | # Scala IDE specific (Scala & Java development for Eclipse) 63 | .cache-main 64 | .scala_dependencies 65 | .worksheet 66 | ### Windows template 67 | # Windows thumbnail cache files 68 | Thumbs.db 69 | ehthumbs.db 70 | ehthumbs_vista.db 71 | 72 | # Dump file 73 | *.stackdump 74 | 75 | # Folder config file 76 | [Dd]esktop.ini 77 | 78 | # Recycle Bin used on file shares 79 | $RECYCLE.BIN/ 80 | 81 | # Windows Installer files 82 | *.cab 83 | *.msi 84 | *.msm 85 | *.msp 86 | 87 | # Windows shortcuts 88 | *.lnk 89 | ### Ansible template 90 | *.retry 91 | ### macOS template 92 | # General 93 | .DS_Store 94 | .AppleDouble 95 | .LSOverride 96 | 97 | # Icon must end with two \r 98 | Icon 99 | 100 | # Thumbnails 101 | ._* 102 | 103 | # Files that might appear in the root of a volume 104 | .DocumentRevisions-V100 105 | .fseventsd 106 | .Spotlight-V100 107 | .TemporaryItems 108 | .Trashes 109 | .VolumeIcon.icns 110 | .com.apple.timemachine.donotpresent 111 | 112 | # Directories potentially created on remote AFP share 113 | .AppleDB 114 | .AppleDesktop 115 | Network Trash Folder 116 | Temporary Items 117 | .apdisk 118 | ### Archives template 119 | # It's better to unpack these files and commit the raw source because 120 | # git has its own built in compression methods. 121 | *.7z 122 | *.jar 123 | *.rar 124 | *.zip 125 | *.gz 126 | *.tgz 127 | *.bzip 128 | *.bz2 129 | *.xz 130 | *.lzma 131 | *.cab 132 | 133 | # Packing-only formats 134 | *.iso 135 | *.tar 136 | 137 | # Package management formats 138 | *.dmg 139 | *.xpi 140 | *.gem 141 | *.egg 142 | *.deb 143 | *.rpm 144 | *.msi 145 | *.msm 146 | *.msp 147 | ### JetBrains template 148 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm 149 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 150 | 151 | /.idea/ 152 | # User-specific stuff: 153 | .idea/**/workspace.xml 154 | .idea/**/tasks.xml 155 | .idea/dictionaries 156 | 157 | # Sensitive or high-churn files: 158 | .idea/**/dataSources/ 159 | .idea/**/dataSources.ids 160 | .idea/**/dataSources.xml 161 | .idea/**/dataSources.local.xml 162 | .idea/**/sqlDataSources.xml 163 | .idea/**/dynamic.xml 164 | .idea/**/uiDesigner.xml 165 | 166 | # Gradle: 167 | .idea/**/gradle.xml 168 | .idea/**/libraries 169 | 170 | # CMake 171 | cmake-build-debug/ 172 | 173 | # Mongo Explorer plugin: 174 | .idea/**/mongoSettings.xml 175 | 176 | ## File-based project format: 177 | *.iws 178 | 179 | ## Plugin-specific files: 180 | 181 | # IntelliJ 182 | out/ 183 | 184 | # mpeltonen/sbt-idea plugin 185 | .idea_modules/ 186 | # User-specific stuff: 187 | .idea/* 188 | # JIRA plugin 189 | atlassian-ide-plugin.xml 190 | 191 | # Cursive Clojure plugin 192 | .idea/replstate.xml 193 | 194 | # TFstste 195 | *.tfstate* 196 | 197 | deployment/_logs/ansible-log.json 198 | deployment/_logs/ansible-log.log 199 | deployment/_logs/facts/* 200 | deployment/_logs/retry/* 201 | _app/* 202 | ansible-log.json 203 | .terraform 204 | terraform.tfstate 205 | 206 | *.tfstate 207 | *.tfstate.backup 208 | *.iml 209 | *.terraform.lock.hcl 210 | *.lock.hcl 211 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | - id: tflint 9 | 10 | - repo: git://github.com/pre-commit/pre-commit-hooks 11 | rev: v4.0.1 # Use the ref you want to point at 12 | hooks: 13 | - id: end-of-file-fixer 14 | - id: trailing-whitespace 15 | - id: mixed-line-ending 16 | - id: check-byte-order-marker 17 | - id: check-executables-have-shebangs 18 | - id: check-merge-conflict 19 | - id: debug-statements 20 | - id: check-yaml 21 | - id: check-added-large-files 22 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [2.0.0] - 2023-07-31 8 | ### :sparkles: New Features 9 | - [`ed62101`](https://github.com/clouddrove/terraform-aws-subnet/commit/ed62101280c6bbfa96b559926070a6c519f3dd44) - updated tfsec.yml file *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 10 | - [`f5c930b`](https://github.com/clouddrove/terraform-aws-subnet/commit/f5c930bd72698b38d4a97e390214a3e458a99a30) - updated changelog.yml name *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 11 | - [`6943d39`](https://github.com/clouddrove/terraform-aws-subnet/commit/6943d3926850e73e9e654c5fd5843805cd6ce1d4) - updated changelog.yml name and file *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 12 | - [`886f047`](https://github.com/clouddrove/terraform-aws-subnet/commit/886f047b6424edf8a6a3272cc2525525c8a28547) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* 13 | - [`d4b3fd2`](https://github.com/clouddrove/terraform-aws-subnet/commit/d4b3fd20bcde645b3be80f347733af6ef372c952) - update resource and readme.yaml *(PR [#43](https://github.com/clouddrove/terraform-aws-subnet/pull/43) by [@theprashantyadav](https://github.com/theprashantyadav))* 14 | - [`1507dff`](https://github.com/clouddrove/terraform-aws-subnet/commit/1507dff94f17909e1db7682b26fadd27f52db646) - added vpc endpoint resource *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 15 | - [`ca930b6`](https://github.com/clouddrove/terraform-aws-subnet/commit/ca930b6dd3784dc9348f42eaf2894374a3f00504) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 16 | - [`4c0a0c4`](https://github.com/clouddrove/terraform-aws-subnet/commit/4c0a0c46afc3c36caa73f51fa9f58a45f8b93ee2) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 17 | - [`0e7ffe2`](https://github.com/clouddrove/terraform-aws-subnet/commit/0e7ffe23bbe449290fb3bf76492caa2e4e27b670) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 18 | - [`00e7638`](https://github.com/clouddrove/terraform-aws-subnet/commit/00e7638282fe3c4ad67c0b2107073ac96ed22894) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 19 | - [`5dabff5`](https://github.com/clouddrove/terraform-aws-subnet/commit/5dabff5a1d8b78083ba6ae5caa02a0aad6435fa5) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 20 | - [`d9ef25a`](https://github.com/clouddrove/terraform-aws-subnet/commit/d9ef25ae379ab57b4924b7ea07341c414c47311d) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 21 | - [`9fe72e8`](https://github.com/clouddrove/terraform-aws-subnet/commit/9fe72e86806c1bad2e7bf5a7271b148592277c3c) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 22 | - [`b824573`](https://github.com/clouddrove/terraform-aws-subnet/commit/b82457373507077e42bde6ef3951d5038930859a) - enabled vpc endpoint *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 23 | - [`ae8e7aa`](https://github.com/clouddrove/terraform-aws-subnet/commit/ae8e7aace667ec5eb808e5ef4482efe151db6fe7) - added github action files and endpoint policy *(commit by [@anmolnagpal](https://github.com/anmolnagpal))* 24 | - [`fc053bf`](https://github.com/clouddrove/terraform-aws-subnet/commit/fc053bfbbb136d0d13f91ba220983d6abc772f28) - added github action files and endpoint policy *(commit by [@anmolnagpal](https://github.com/anmolnagpal))* 25 | 26 | ### :bug: Bug Fixes 27 | - [`bb20e60`](https://github.com/clouddrove/terraform-aws-subnet/commit/bb20e6059326f5ae1b7b9cc112fc7d71096ce1a5) - Fixed Readme.yaml & Versions.tf *(PR [#50](https://github.com/clouddrove/terraform-aws-subnet/pull/50) by [@13archit](https://github.com/13archit))* 28 | 29 | 30 | ## [v1.3.0] - 2022-12-30 31 | ### :bug: Bug Fixes 32 | - [`f57c04e`](https://github.com/clouddrove/terraform-aws-subnet/commit/f57c04eeea83e0b99c58db9c9f59cda34a74f729) - update workflows. 33 | 34 | 35 | ## [v1.0.1] - 2022-06-15 36 | ### :bug: Bug Fixes 37 | - [`e918491`](https://github.com/clouddrove/terraform-aws-subnet/commit/e918491dd7adfa4a5a31b41722db8dafbcf71225) - update terraform letest version and fix github-action 38 | - [`2849368`](https://github.com/clouddrove/terraform-aws-subnet/commit/2849368baca6a203505f5ce4b073f3bcd8071cad) - fix labels tag 39 | 40 | ## [v0.15.3] - 2022-03-21 41 | ### :bug: Bug Fixes 42 | - [`26d5faa`](https://github.com/clouddrove/terraform-aws-subnet/commit/26d5faafedbf21ef23890dd6a4eca5e570b360b1) - fix readme 43 | - [`4b3c2e1`](https://github.com/clouddrove/terraform-aws-subnet/commit/4b3c2e122cff06807794fa2757d7781593f15c6a) - update version 44 | - [`b29bbe8`](https://github.com/clouddrove/terraform-aws-subnet/commit/b29bbe8066b4194e254c5ffcc0cdbec68b8486ad) - update githubaction 45 | 46 | 47 | ## [v0.15.2] - 2022-02-11 48 | ### :sparkles: New Features 49 | - [`58693eb`](https://github.com/clouddrove/terraform-aws-subnet/commit/fa64f3b2d9dd28bccc8a152cd1bd1c388e1bfe9b) - create new variables 50 | 51 | 52 | ## [v0.15.1] - 2021-06-30 53 | ### :bug: Bug Fixes 54 | - [`54c4537`](https://github.com/clouddrove/terraform-aws-subnet/commit/54c4537fe8ec5fb5b369233097317a0add999c40) - value updated 55 | - [`109282e`](https://github.com/clouddrove/terraform-aws-subnet/commit/109282e8e905a59a7bb06c62eab00ae18849206c) - acl output added 56 | - [`294bdf0`](https://github.com/clouddrove/terraform-aws-subnet/commit/294bdf08cd11e5ef26525c188d48a54822d4c3fc) - fix terratest 57 | 58 | 59 | ## [v0.15.0] - 2021-06-17 60 | ### :bug: Bug Fixes 61 | - [`883dc4b`](https://github.com/clouddrove/terraform-aws-subnet/commit/883dc4ba3a54ea1e3f20f769d658b1daa19dab73) - added tag type 62 | - [`9e5334d`](https://github.com/clouddrove/terraform-aws-subnet/commit/9e5334db6d8752f5df75e9e3ee7b73ee8e1d9857) - update githuab action 63 | - [`ae4deda`](https://github.com/clouddrove/terraform-aws-subnet/commit/ae4deda6ca0205b3a4cc0ac2081d224b87b25b63) - fixing example 64 | - [`fe829bc`](https://github.com/clouddrove/terraform-aws-subnet/commit/fe829bc5aa8c5f461b7aba6eef0da5fc0bbbbb3c) - bug fix for single nat gateway 65 | - [`d808696`](https://github.com/clouddrove/terraform-aws-subnet/commit/d808696f8b9af92aca447c34815c16442993b7d8) - added support of single nat gateway 66 | 67 | 68 | ## [v0.14.0] - 2021-05-10 69 | ### :bug: Bug Fixes 70 | - [`9c7d778`](https://github.com/clouddrove/terraform-aws-subnet/commit/9c7d778f920dac5323a67970f04b1bf631710fc9) - update labels module 71 | - [`014aa66`](https://github.com/clouddrove/terraform-aws-subnet/commit/014aa66022406cae4403a730deba56a6724ffce2) - update module tags 72 | - [`7b94599`](https://github.com/clouddrove/terraform-aws-subnet/commit/7b94599592874f3d391db359076ec36fa95d1c77) - Update variables.tf 73 | - [`36130dc`](https://github.com/clouddrove/terraform-aws-subnet/commit/36130dc4ee284392f0144c9f02aa417eaa97) - fix github conflicts 74 | - [`f930c3e`](https://github.com/clouddrove/terraform-aws-subnet/commit/f930c3e1ebfbf198eeb75c1c1637fa0a33d339a4) - added support of 0.15 75 | 76 | 77 | ## [v0.12.11] - 2021-01-30 78 | 79 | ## [v0.12.10] - 2020-10-17 80 | 81 | ## [v0.12.9] - 2020-11-26 82 | 83 | ## [v0.13.0] - 2020-10-21 84 | ### :bug: Bug Fixes 85 | - [`9534ae4`](https://github.com/clouddrove/terraform-aws-subnet/commit/9534ae4c27d4e5d8abfb9ce93359dab4b07dd323) - upgrade to 0.14 86 | - [`161a7c6`](https://github.com/clouddrove/terraform-aws-subnet/commit/161a7c60e2c27d23511cc01920a967881dbfc23e) - fix module with custom subnet CIDRs 87 | - [`0d852c9`](https://github.com/clouddrove/terraform-aws-subnet/commit/4ec6878eb4314c09f0717fdd2feff91741942d34) - fix little issues 88 | 89 | 90 | 91 | ## [v0.12.8] - 2020-09-04 92 | ### :bug: Bug Fixes 93 | - [`6536795`](https://github.com/clouddrove/terraform-aws-subnet/commit/6536795da7558e26aae7c0871af6a89b32a604ab) - update terratest pipeline 94 | - [`aaaa9c7`](https://github.com/clouddrove/terraform-aws-subnet/commit/aaaa9c7a8324a287450a2c0b4565a6486fddeb5e) - Upgrade terraform version to 0.13.0 95 | - [`4e67655`](https://github.com/clouddrove/terraform-aws-subnet/commit/4e6765541728b2153b518afae54942bfa5052626) - update pre-commit & terraform version 96 | 97 | 98 | ## [v0.12.7] - 2020-06-25 99 | ### :bug: Bug Fixes 100 | - [`3296a53`](https://github.com/clouddrove/terraform-aws-subnet/commit/3296a53bfdf597a81666472d5c48b4b9b7b69d90) - add new variable 101 | 102 | 103 | ## [v0.12.6] - 2020-04-30 104 | ### :bug: Bug Fixes 105 | - [`685d4ba`](https://github.com/clouddrove/terraform-aws-subnet/commit/685d4ba03877f220fc897164f1e78752ba48ff53) - update readme 106 | - [`854b807`](https://github.com/clouddrove/terraform-aws-subnet/commit/854b8077c5d0c04c3dd0c316300f7670aa1d4f5b) - Added IPV6 107 | 108 | 109 | ## [v0.12.5] - 2020-04-25 110 | ### :bug: Bug Fixes 111 | - [`ee365a1`](https://github.com/clouddrove/terraform-aws-subnet/commit/ee365a1540c9200f95d824c1f15f8a53d4eed285) - add managedby in public subnet labels 112 | - [`fdc75b9`](https://github.com/clouddrove/terraform-aws-subnet/commit/fdc75b9967cf69fad743a919a3ac891ddab9c83e) - Updated main.tf 113 | 114 | 115 | ## [v0.12.4] - 2019-12-27 116 | ### :bug: Bug Fixes 117 | - [`9d33de2`](https://github.com/clouddrove/terraform-aws-subnet/commit/9d33de228e9da74ebce756e09d2fe446f0e40ccc) - fix labels managedby variables 118 | 119 | 120 | ## [v0.12.3] - 2019-11-05 121 | ### :bug: Bug Fixes 122 | - [`bd9cad4`](https://github.com/clouddrove/terraform-aws-subnet/commit/bd9cad43e3e94133c530e0da0594915f347bda74) - fix the tags of route table, nat gateway, and EIP 123 | 124 | 125 | ## [v0.12.2] - 2019-09-14 126 | ### :bug: Bug Fixes 127 | - [`5c5fd8f`](https://github.com/clouddrove/terraform-aws-subnet/commit/5c5fd8f098ed62d2c369e200a1e38ae79c0a1600) - Update main.tf 128 | - [`5e266c4`](https://github.com/clouddrove/terraform-aws-subnet/commit/5e266c43a0ab0ff8484ca8735a51ccaba8170459) - update tags 129 | 130 | 131 | ## [v0.12.1] - 2019-09-05 132 | ### :bug: Bug Fixes 133 | - [`3a642cf`](https://github.com/clouddrove/terraform-aws-subnet/commit/3a642cfa8b38e06e4218f3c8da27e83ecd252024) - fix the tags for eks 134 | 135 | 136 | ## [v0.12.1] - 2019-09-05 137 | ### :bug: Bug Fixes 138 | - [`3a642cf`](https://github.com/clouddrove/terraform-aws-subnet/commit/3a642cfa8b38e06e4218f3c8da27e83ecd252024) - fix the tags for eks 139 | 140 | 141 | ## [v0.12.0] - 2019-08-12 142 | ### :bug: Bug Fixes 143 | - [`6eb3fb2`](https://github.com/clouddrove/terraform-aws-subnet/commit/6eb3fb2249a7492e657bce57e77f9b01639c8291) - update url 144 | 145 | 146 | ## [v0.11.0] - 2019-08-12 147 | ### :bug: Bug Fixes 148 | - [`86a45c2`](https://github.com/clouddrove/terraform-aws-subnet/commit/86a45c23b9d0cde0e118d9726482b15355941468) - terraform 0.12.0 149 | 150 | 151 | [v0.11.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.11.0...master 152 | [v0.12.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.11.0...0.12.0 153 | [v0.12.1]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.0...0.12.1 154 | [v0.12.2]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.1...0.12.2 155 | [v0.12.3]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.2...0.12.3 156 | [v0.12.4]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.3...0.12.4 157 | [v0.12.5]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.4...0.12.5 158 | [v0.12.6]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.5...0.12.6 159 | [v0.12.7]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.6...0.12.7 160 | [v0.12.8]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.7...0.12.8 161 | [v0.13.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/0.12.8...v0.13.0 162 | [v0.12.9]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.13.0...v0.12.9 163 | [v0.12.10]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.12.9...v0.12.10 164 | [v0.12.11]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.12.10...v0.12.11 165 | [v0.14.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.12.11...v0.14.0 166 | [v0.15.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.14.0...v0.15.0 167 | [v0.15.1]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.15.0...v0.15.1 168 | [v0.15.2]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.15.1...v0.15.2 169 | [v0.15.3]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.15.2...v0.15.3 170 | [v1.0.1]: https://github.com/clouddrove/terraform-aws-subnet/compare/v0.15.3...v1.0.1 171 | [v1.3.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/v1.0.1...v1.3.0 172 | [2.0.0]: https://github.com/clouddrove/terraform-aws-subnet/compare/1.3.0...2.0.0 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | include $(GENIE_PATH)/Makefile 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website] 3 |

4 | Terraform AWS Subnet 5 |

6 | 7 |

8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |

10 | 11 | 12 |

13 | 14 | 15 | Latest Release 16 | 17 | 18 | tfsec 19 | 20 | 21 | Licence 22 | 23 | 24 | Changelog 25 | 26 | 27 | 28 |

29 |

30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |

45 |
46 | 47 | 48 | We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. 49 | 50 | 51 | This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. 52 | 53 | 54 | 55 | 56 | ## Prerequisites and Providers 57 | 58 | This table contains both Prerequisites and Providers: 59 | 60 | | Description | Name | Version | 61 | |:-------------:|:-------------------------------------------:|:---------:| 62 | | **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.6 | 63 | | **Provider** | [aws](https://aws.amazon.com/) | >= 5.31.0 | 64 | 65 | 66 | 67 | 68 | 69 | ## Examples 70 | 71 | **IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-subnet/releases). 72 | 73 | 📌 For additional usage examples, check the complete list under [`examples/`](./examples) directory. 74 | 75 | 76 | 77 | ## Inputs and Outputs 78 | 79 | Refer to complete documentation: [here](docs/io.md) 80 | 81 | 82 | 93 | 94 | 95 | ## Module Dependencies 96 | 97 | This module has dependencies on: 98 | - [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. 99 | 100 | 101 | ## 📑 Changelog 102 | 103 | Refer [here](CHANGELOG.md). 104 | 105 | 106 | 107 | 108 | ## ✨ Contributors 109 | 110 | Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 111 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): 119 | 120 | - **Fork the Repository:** Create a new branch for your feature or bug fix. 121 | - **Coding Standards:** You know the drill. 122 | - **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. 123 | - **Thorough Testing:** Test your changes thoroughly before submitting a pull request. 124 | - **Documentation Updates:** Include relevant documentation updates if your changes impact it. 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | ## Feedback 139 | Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-subnet/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 140 | 141 | Show some love with a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-subnet)! if our work has brightened your day! – your feedback fuels our journey! 142 | 143 | 144 | ## :rocket: Our Accomplishment 145 | 146 | We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. 147 | 148 | - [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. 149 | 150 | - [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 151 | 152 | - [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. 153 | 154 | 155 | 156 | 157 | ## Join Our Slack Community 158 | 159 | Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. 160 | Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. 161 | 162 | 🌐💬What you'll get after joining this Slack community: 163 | 164 | - 🚀 Encouragement to upgrade your best version. 165 | - 🌈 Learning companionship with our DevOps squad. 166 | - 🌱 Relentless growth with daily updates on new advancements in technologies. 167 | 168 | Join our tech elites [Join Now][slack] 🚀 169 | 170 | 171 | ## Explore Our Blogs 172 | 173 | Click [here][blog] :books: :star2: 174 | 175 | ## Tap into our capabilities 176 | We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 177 | 178 | At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com). 179 | 180 |

We are The Cloud Experts!

181 |
182 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name : Terraform AWS Subnet 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-subnet 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-subnet.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-subnet/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-subnet/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-subnet/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.6" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.31.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | description: |- 47 | Terraform module to create public, private and public-private subnet with network acl, route table, Elastic IP, nat gateway, flow log. 48 | 49 | 50 | # How to use this project 51 | usage: |- 52 | Here are some examples of how you can use this module in your inventory structure: 53 | ### PRIVATE SUBNET 54 | ```hcl 55 | module "private-subnets" { 56 | source = "clouddrove/terraform-aws-subnet/aws" 57 | name = "subnets" 58 | environment = "test" 59 | nat_gateway_enabled = true 60 | availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 61 | vpc_id = module.vpc.vpc_id 62 | type = "private" 63 | cidr_block = module.vpc.vpc_cidr_block 64 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 65 | public_subnet_ids = ["subnet-xxxxxxxxxxxx", "subnet-xxxxxxxxxxxx"] 66 | } 67 | ``` 68 | 69 | ### PUBLIC-PRIVATE SUBNET 70 | ```hcl 71 | module "subnets" { 72 | source = "clouddrove/terraform-aws-subnet/aws" 73 | name = "subnets" 74 | environment = "test" 75 | label_order = ["name", "environment"] 76 | nat_gateway_enabled = true 77 | availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 78 | vpc_id = module.vpc.vpc_id 79 | type = "public-private" 80 | igw_id = module.vpc.igw_id 81 | cidr_block = module.vpc.vpc_cidr_block 82 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 83 | enable_ipv6 = true 84 | } 85 | ``` 86 | 87 | ### PUBLIC SUBNET 88 | ```hcl 89 | module "subnets" { 90 | source = "clouddrove/terraform-aws-subnet/aws" 91 | name = "subnets" 92 | environment = "test" 93 | label_order = ["name", "environment"] 94 | availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] 95 | vpc_id = module.vpc.vpc_id 96 | type = "public" 97 | igw_id = module.vpc.igw_id 98 | ipv4_public_cidrs = ["10.0.1.0/24", "10.0.13.0/24", "10.0.18.0/24"] 99 | enable_ipv6 = false 100 | } 101 | ``` 102 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | attributes | Additional attributes (e.g. `1`). | `list(any)` | `[]` | no | 6 | | availability\_zones | List of Availability Zones (e.g. `['us-east-1a', 'us-east-1b', 'us-east-1c']`). | `list(string)` | `[]` | no | 7 | | cidr\_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`). | `string` | `null` | no | 8 | | delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | `string` | `"-"` | no | 9 | | enable | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | 10 | | enable\_flow\_log | Enable subnet\_flow\_log logs. | `bool` | `false` | no | 11 | | enable\_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | `bool` | `false` | no | 12 | | enable\_private\_acl | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | 13 | | enable\_public\_acl | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | 14 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 15 | | extra\_private\_tags | Additional private subnet tags. | `map(any)` | `{}` | no | 16 | | extra\_public\_tags | Additional public subnet tags. | `map(any)` | `{}` | no | 17 | | flow\_log\_destination\_arn | ARN of resource in which flow log will be sent. | `string` | `null` | no | 18 | | flow\_log\_destination\_type | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | 19 | | flow\_log\_file\_format | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no | 20 | | flow\_log\_hive\_compatible\_partitions | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no | 21 | | flow\_log\_iam\_role\_arn | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `null` | no | 22 | | flow\_log\_log\_format | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no | 23 | | flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds | `number` | `600` | no | 24 | | flow\_log\_per\_hour\_partition | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | `bool` | `false` | no | 25 | | flow\_log\_traffic\_type | Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL. | `string` | `"ALL"` | no | 26 | | igw\_id | Internet Gateway ID that is used as a default route when creating public subnets (e.g. `igw-9c26a123`). | `string` | `""` | no | 27 | | ipv4\_private\_cidrs | Subnet CIDR blocks (e.g. `10.0.0.0/16`). | `list(any)` | `[]` | no | 28 | | ipv4\_public\_cidrs | Subnet CIDR blocks (e.g. `10.0.0.0/16`). | `list(any)` | `[]` | no | 29 | | ipv6\_cidr\_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`). | `string` | `null` | no | 30 | | label\_order | Label order, e.g. `name`,`Environment`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | 31 | | managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | 32 | | map\_public\_ip\_on\_launch | Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. | `bool` | `false` | no | 33 | | name | Name (e.g. `prod-subnet` or `subnet`). | `string` | `""` | no | 34 | | nat\_gateway\_destination\_cidr\_block | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no | 35 | | nat\_gateway\_enabled | Flag to enable/disable NAT Gateways creation in public subnets. | `bool` | `false` | no | 36 | | private\_inbound\_acl\_rules | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "deny",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | 37 | | private\_ipv6\_cidrs | Private Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | 38 | | private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "deny",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | 39 | | private\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | 40 | | private\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | 41 | | private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | 42 | | private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | 43 | | private\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only private subnet. Default: `false` | `bool` | `false` | no | 44 | | private\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | 45 | | public\_inbound\_acl\_rules | Public subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | 46 | | public\_ipv6\_cidrs | Public Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | 47 | | public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | 48 | | public\_rt\_ipv4\_destination\_cidr | The destination ipv4 CIDR block. | `string` | `"0.0.0.0/0"` | no | 49 | | public\_rt\_ipv6\_destination\_cidr | The destination ipv6 CIDR block. | `string` | `"::/0"` | no | 50 | | public\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | 51 | | public\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | 52 | | public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | 53 | | public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | 54 | | public\_subnet\_ids | A list of public subnet ids. | `list(string)` | `[]` | no | 55 | | public\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only public subnet. Default: `false` | `bool` | `false` | no | 56 | | public\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | 57 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-subnet"` | no | 58 | | single\_nat\_gateway | Enable for only single NAT Gateway in one Availability Zone | `bool` | `false` | no | 59 | | type | Type of subnets to create (`private` or `public`). | `string` | `""` | no | 60 | | vpc\_id | VPC ID. | `string` | n/a | yes | 61 | 62 | ## Outputs 63 | 64 | | Name | Description | 65 | |------|-------------| 66 | | nat\_gateway\_private\_ip | The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned. | 67 | | private\_acl | The ID of the network ACL. | 68 | | private\_route\_tables\_id | The ID of the routing table. | 69 | | private\_subnet\_cidrs | CIDR blocks of the created private subnets. | 70 | | private\_subnet\_cidrs\_ipv6 | CIDR blocks of the created private subnets. | 71 | | private\_subnet\_id | The ID of the private subnet. | 72 | | private\_tags | A mapping of private tags to assign to the resource. | 73 | | public\_acl | The ID of the network ACL. | 74 | | public\_route\_tables\_id | The ID of the routing table. | 75 | | public\_subnet\_cidrs | CIDR blocks of the created public subnets. | 76 | | public\_subnet\_cidrs\_ipv6 | CIDR blocks of the created public subnets. | 77 | | public\_subnet\_id | The ID of the subnet. | 78 | | public\_tags | A mapping of public tags to assign to the resource. | 79 | 80 | -------------------------------------------------------------------------------- /examples/basic/example.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | name = "app" 3 | environment = "test" 4 | } 5 | 6 | ##----------------------------------------------------------------------------- 7 | ## Subnet Module Call. 8 | ## Both private and public subnet will be deployed. 9 | ##----------------------------------------------------------------------------- 10 | #tfsec:ignore:aws-ec2-no-excessive-port-access 11 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 12 | module "subnets" { 13 | source = "./../../" 14 | name = local.name 15 | environment = local.environment 16 | nat_gateway_enabled = true 17 | availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 18 | vpc_id = "vpv_id-xxxxxxx" 19 | type = "public-private" 20 | igw_id = "vpc_igw_id-xxxxxxx" 21 | cidr_block = "10.0.0.0/16" 22 | enable_ipv6 = false 23 | } -------------------------------------------------------------------------------- /examples/basic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "public_subnet_cidrs" { 2 | value = module.subnets.public_subnet_cidrs 3 | description = "The CIDR of the subnet." 4 | } 5 | 6 | output "public_subnet_cidrs_ipv6" { 7 | value = module.subnets.public_subnet_cidrs_ipv6 8 | description = "The CIDR of the subnet." 9 | } 10 | 11 | output "private_subnet_cidrs" { 12 | value = module.subnets.private_subnet_cidrs 13 | description = "The CIDR of the subnet." 14 | } 15 | 16 | output "private_subnet_cidrs_ipv6" { 17 | value = module.subnets.private_subnet_cidrs_ipv6 18 | description = "The CIDR of the subnet." 19 | } 20 | 21 | output "private_tags" { 22 | value = module.subnets.private_tags 23 | description = "A mapping of tags to assign to the resource." 24 | } 25 | 26 | output "public_tags" { 27 | value = module.subnets.public_tags 28 | description = "A mapping of tags to assign to the resource." 29 | } 30 | 31 | output "public_subnet_id" { 32 | value = module.subnets.private_subnet_id 33 | description = "The ID of the public subnet" 34 | } 35 | 36 | output "nat_gateway_private_ip" { 37 | value = module.subnets.nat_gateway_private_ip 38 | description = "The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned." 39 | } 40 | -------------------------------------------------------------------------------- /examples/basic/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/complete/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.region 3 | } 4 | 5 | locals { 6 | name = "app" 7 | environment = "test" 8 | region = "eu-west-1" 9 | } 10 | 11 | ##----------------------------------------------------------------------------- 12 | ## Vpc Module call. 13 | ##----------------------------------------------------------------------------- 14 | module "vpc" { 15 | source = "clouddrove/vpc/aws" 16 | version = "2.0.0" 17 | 18 | enable = true 19 | name = local.name 20 | environment = local.environment 21 | 22 | cidr_block = "10.0.0.0/16" 23 | enable_flow_log = true # Flow logs will be stored in cloudwatch log group. Variables passed in default. 24 | create_flow_log_cloudwatch_iam_role = true 25 | additional_cidr_block = ["172.3.0.0/16", "172.2.0.0/16"] 26 | dhcp_options_domain_name = "service.consul" 27 | dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] 28 | assign_generated_ipv6_cidr_block = true 29 | } 30 | 31 | ##----------------------------------------------------------------------------- 32 | ## Subnet Module call. 33 | ## Below module will deploy both public and private subnets. 34 | ##----------------------------------------------------------------------------- 35 | #tfsec:ignore:aws-ec2-no-excessive-port-access 36 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 37 | module "subnets" { 38 | source = "./../../" 39 | 40 | enable = true 41 | name = local.name 42 | environment = local.environment 43 | 44 | nat_gateway_enabled = true 45 | single_nat_gateway = true 46 | availability_zones = ["${local.region}a", "${local.region}b", "${local.region}c"] 47 | vpc_id = module.vpc.vpc_id 48 | type = "public-private" 49 | igw_id = module.vpc.igw_id 50 | cidr_block = module.vpc.vpc_cidr_block 51 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 52 | public_subnet_assign_ipv6_address_on_creation = true 53 | enable_ipv6 = true 54 | private_subnet_assign_ipv6_address_on_creation = true 55 | private_inbound_acl_rules = [ 56 | { 57 | rule_number = 100 58 | rule_action = "allow" 59 | from_port = 0 60 | to_port = 0 61 | protocol = "-1" 62 | cidr_block = module.vpc.vpc_cidr_block 63 | } 64 | ] 65 | private_outbound_acl_rules = [ 66 | { 67 | rule_number = 100 68 | rule_action = "allow" 69 | from_port = 0 70 | to_port = 0 71 | protocol = "-1" 72 | cidr_block = module.vpc.vpc_cidr_block 73 | } 74 | ] 75 | } 76 | -------------------------------------------------------------------------------- /examples/complete/outputs.tf: -------------------------------------------------------------------------------- 1 | output "public_subnet_cidrs" { 2 | value = module.subnets.public_subnet_cidrs 3 | description = "The CIDR of the subnet." 4 | } 5 | 6 | output "public_subnet_cidrs_ipv6" { 7 | value = module.subnets.public_subnet_cidrs_ipv6 8 | description = "The CIDR of the subnet." 9 | } 10 | 11 | output "private_subnet_cidrs" { 12 | value = module.subnets.private_subnet_cidrs 13 | description = "The CIDR of the subnet." 14 | } 15 | 16 | output "private_subnet_cidrs_ipv6" { 17 | value = module.subnets.private_subnet_cidrs_ipv6 18 | description = "The CIDR of the subnet." 19 | } 20 | 21 | output "private_tags" { 22 | value = module.subnets.private_tags 23 | description = "A mapping of tags to assign to the resource." 24 | } 25 | 26 | output "public_tags" { 27 | value = module.subnets.public_tags 28 | description = "A mapping of tags to assign to the resource." 29 | } 30 | 31 | output "public_subnet_id" { 32 | value = module.subnets.private_subnet_id 33 | description = "The ID of the public subnet" 34 | } 35 | 36 | output "nat_gateway_private_ip" { 37 | value = module.subnets.nat_gateway_private_ip 38 | description = "The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned." 39 | } 40 | -------------------------------------------------------------------------------- /examples/complete/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/private-subnet/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "app" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## Vpc Module call. 12 | ##----------------------------------------------------------------------------- 13 | module "vpc" { 14 | source = "clouddrove/vpc/aws" 15 | version = "2.0.0" 16 | name = local.name 17 | environment = local.environment 18 | cidr_block = "10.0.0.0/16" 19 | enable_flow_log = true # Flow logs will be stored in cloudwatch log group. Variables passed in default. 20 | create_flow_log_cloudwatch_iam_role = true 21 | additional_cidr_block = ["172.3.0.0/16", "172.2.0.0/16"] 22 | dhcp_options_domain_name = "service.consul" 23 | dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] 24 | assign_generated_ipv6_cidr_block = true 25 | } 26 | 27 | ##----------------------------------------------------------------------------- 28 | ## Subnet Module call. 29 | ## Below module will deploy only private subnet. 30 | ##----------------------------------------------------------------------------- 31 | #tfsec:ignore:aws-ec2-no-excessive-port-access 32 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 33 | module "private-subnets" { 34 | source = "./../../" 35 | name = local.name 36 | environment = local.environment 37 | nat_gateway_enabled = true 38 | availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 39 | vpc_id = module.vpc.vpc_id 40 | type = "private" 41 | cidr_block = module.vpc.vpc_cidr_block 42 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 43 | public_subnet_ids = ["subnet-xxxxxxx", "subnet-xxxxxxx"] 44 | } 45 | -------------------------------------------------------------------------------- /examples/private-subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "private_subnet_cidrs" { 2 | value = module.private-subnets.private_subnet_cidrs 3 | description = "The ID of the subnet." 4 | } 5 | 6 | output "private_tags" { 7 | value = module.private-subnets.private_tags 8 | description = "A mapping of tags to assign to the resource." 9 | } 10 | output "nat_gateway_private_ip" { 11 | value = module.private-subnets.nat_gateway_private_ip 12 | description = "The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned." 13 | } 14 | 15 | -------------------------------------------------------------------------------- /examples/private-subnet/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/public-private-subnet-single-nat-gateway/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "app" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## Vpc Module call. 12 | ##----------------------------------------------------------------------------- 13 | module "vpc" { 14 | source = "clouddrove/vpc/aws" 15 | version = "2.0.0" 16 | name = local.name 17 | environment = local.environment 18 | cidr_block = "10.0.0.0/16" 19 | enable_flow_log = true # Flow logs will be stored in cloudwatch log group. Variables passed in default. 20 | create_flow_log_cloudwatch_iam_role = true 21 | additional_cidr_block = ["172.3.0.0/16", "172.2.0.0/16"] 22 | dhcp_options_domain_name = "service.consul" 23 | dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] 24 | assign_generated_ipv6_cidr_block = true 25 | } 26 | 27 | ##----------------------------------------------------------------------------- 28 | ## Subnet Module call. 29 | ## Below module will deploy both public and private subnets with single nat gateway. 30 | ##----------------------------------------------------------------------------- 31 | #tfsec:ignore:aws-ec2-no-excessive-port-access 32 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 33 | module "subnets" { 34 | source = "./../../" 35 | nat_gateway_enabled = true 36 | single_nat_gateway = true 37 | name = local.name 38 | environment = local.environment 39 | availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 40 | vpc_id = module.vpc.vpc_id 41 | type = "public-private" 42 | igw_id = module.vpc.igw_id 43 | cidr_block = module.vpc.vpc_cidr_block 44 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 45 | enable_ipv6 = false 46 | } 47 | -------------------------------------------------------------------------------- /examples/public-private-subnet-single-nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "public_subnet_cidrs" { 2 | value = module.subnets.public_subnet_cidrs 3 | description = "The CIDR of the subnet." 4 | } 5 | 6 | output "public_subnet_cidrs_ipv6" { 7 | value = module.subnets.public_subnet_cidrs_ipv6 8 | description = "The CIDR of the subnet." 9 | } 10 | 11 | output "private_subnet_cidrs" { 12 | value = module.subnets.private_subnet_cidrs 13 | description = "The CIDR of the subnet." 14 | } 15 | 16 | output "private_subnet_cidrs_ipv6" { 17 | value = module.subnets.private_subnet_cidrs_ipv6 18 | description = "The CIDR of the subnet." 19 | } 20 | 21 | output "private_tags" { 22 | value = module.subnets.private_tags 23 | description = "A mapping of tags to assign to the resource." 24 | } 25 | 26 | output "public_tags" { 27 | value = module.subnets.public_tags 28 | description = "A mapping of tags to assign to the resource." 29 | } 30 | 31 | output "public_subnet_id" { 32 | value = module.subnets.private_subnet_id 33 | description = "The ID of the public subnet" 34 | } 35 | 36 | output "nat_gateway_private_ip" { 37 | value = module.subnets.nat_gateway_private_ip 38 | description = "The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned." 39 | } 40 | -------------------------------------------------------------------------------- /examples/public-private-subnet-single-nat-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/public-subnet/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "us-east-1" 3 | } 4 | 5 | locals { 6 | name = "app" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## Vpc Module call. 12 | ##----------------------------------------------------------------------------- 13 | module "vpc" { 14 | source = "clouddrove/vpc/aws" 15 | version = "2.0.0" 16 | name = local.name 17 | environment = local.environment 18 | cidr_block = "10.0.0.0/16" 19 | enable_flow_log = true # Flow logs will be stored in cloudwatch log group. Variables passed in default. 20 | create_flow_log_cloudwatch_iam_role = true 21 | dhcp_options_domain_name = "service.consul" 22 | dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] 23 | assign_generated_ipv6_cidr_block = true 24 | } 25 | 26 | ##----------------------------------------------------------------------------- 27 | ## Subnet Module call. 28 | ## Below module will deploy only public subnet. 29 | ##----------------------------------------------------------------------------- 30 | #tfsec:ignore:aws-ec2-no-excessive-port-access 31 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 32 | module "subnets" { 33 | source = "./../../" 34 | name = local.name 35 | environment = local.environment 36 | availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"] 37 | vpc_id = module.vpc.vpc_id 38 | type = "public" 39 | igw_id = module.vpc.igw_id 40 | ipv4_public_cidrs = ["10.0.1.0/24", "10.0.13.0/24", "10.0.18.0/24"] 41 | enable_ipv6 = false 42 | } 43 | -------------------------------------------------------------------------------- /examples/public-subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "public_subnet_cidrs" { 2 | value = module.subnets.public_subnet_cidrs 3 | description = "The CIDR of the subnet." 4 | } 5 | 6 | output "public_subnet_cidrs_ipv6" { 7 | value = module.subnets.public_subnet_cidrs_ipv6 8 | description = "The CIDR of the subnet." 9 | } 10 | 11 | output "public_tags" { 12 | value = module.subnets.public_tags 13 | description = "A mapping of tags to assign to the resource." 14 | } 15 | 16 | output "public_subnet_id" { 17 | value = module.subnets.private_subnet_id 18 | description = "The ID of the public subnet" 19 | } 20 | -------------------------------------------------------------------------------- /examples/public-subnet/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Managed By : CloudDrove 2 | # Copyright @ CloudDrove. All Right Reserved. 3 | 4 | ##----------------------------------------------------------------------------- 5 | ## Locals declration to determine count of public subnet, private subnet, and nat gateway. 6 | ##----------------------------------------------------------------------------- 7 | locals { 8 | public_count = var.enable == true && (var.type == "public" || var.type == "public-private") ? length(var.availability_zones) : 0 9 | private_count = var.enable == true && (var.type == "private" || var.type == "public-private") ? length(var.availability_zones) : 0 10 | nat_gateway_count = var.enable == true && var.single_nat_gateway ? 1 : (var.enable == true && (var.type == "private" || var.type == "public-private") && var.nat_gateway_enabled == true ? length(var.availability_zones) : 0) 11 | } 12 | ##----------------------------------------------------------------------------- 13 | ## Labels module called that will be used for naming and tags. 14 | ##----------------------------------------------------------------------------- 15 | module "private-labels" { 16 | source = "clouddrove/labels/aws" 17 | version = "1.3.0" 18 | 19 | name = var.name 20 | repository = var.repository 21 | environment = var.environment 22 | managedby = var.managedby 23 | label_order = var.label_order 24 | attributes = compact(concat(var.attributes, ["private"])) 25 | extra_tags = { 26 | Type = "private" 27 | } 28 | } 29 | 30 | module "public-labels" { 31 | source = "clouddrove/labels/aws" 32 | version = "1.3.0" 33 | 34 | name = var.name 35 | repository = var.repository 36 | environment = var.environment 37 | managedby = var.managedby 38 | label_order = var.label_order 39 | attributes = compact(concat(var.attributes, ["public"])) 40 | extra_tags = { 41 | Type = "public" 42 | } 43 | } 44 | 45 | ##----------------------------------------------------------------------------- 46 | ## Below resource will deploy public subnets and its related components in aws environment. 47 | ##----------------------------------------------------------------------------- 48 | resource "aws_subnet" "public" { 49 | count = local.public_count 50 | vpc_id = var.vpc_id 51 | availability_zone = element(var.availability_zones, count.index) 52 | cidr_block = length(var.ipv4_public_cidrs) == 0 ? cidrsubnet(var.cidr_block, ceil(log(local.public_count * 2, 2)), local.public_count + count.index) : var.ipv4_public_cidrs[count.index] 53 | ipv6_cidr_block = var.enable_ipv6 ? (length(var.public_ipv6_cidrs) == 0 ? cidrsubnet(var.ipv6_cidr_block, 8, count.index + 1) : var.public_ipv6_cidrs[count.index]) : null 54 | map_public_ip_on_launch = var.map_public_ip_on_launch 55 | assign_ipv6_address_on_creation = var.enable_ipv6 && var.public_subnet_ipv6_native ? true : var.public_subnet_assign_ipv6_address_on_creation 56 | private_dns_hostname_type_on_launch = var.public_subnet_private_dns_hostname_type_on_launch 57 | ipv6_native = var.enable_ipv6 && var.public_subnet_ipv6_native 58 | enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.public_subnet_enable_resource_name_dns_aaaa_record_on_launch 59 | enable_resource_name_dns_a_record_on_launch = !var.public_subnet_ipv6_native && var.public_subnet_enable_resource_name_dns_a_record_on_launch 60 | enable_dns64 = var.enable_ipv6 && var.public_subnet_enable_dns64 61 | tags = merge( 62 | module.public-labels.tags, var.extra_public_tags, 63 | { 64 | "Name" = format("%s%s%s", module.public-labels.id, var.delimiter, element(var.availability_zones, count.index)) 65 | "AZ" = element(var.availability_zones, count.index) 66 | } 67 | ) 68 | lifecycle { 69 | # Ignore tags added by kubernetes 70 | ignore_changes = [ 71 | tags["kubernetes.io"], 72 | tags["SubnetType"], 73 | ] 74 | } 75 | } 76 | 77 | ##----------------------------------------------------------------------------- 78 | ## Below resource will deploy network acl and its rules that will be attached to public subnets. 79 | ##----------------------------------------------------------------------------- 80 | resource "aws_network_acl" "public" { 81 | count = var.enable && local.public_count > 0 && var.enable_public_acl && (var.type == "public" || var.type == "public-private") ? 1 : 0 82 | vpc_id = var.vpc_id 83 | subnet_ids = aws_subnet.public[*].id 84 | tags = module.public-labels.tags 85 | depends_on = [aws_subnet.public] 86 | } 87 | 88 | resource "aws_network_acl_rule" "public_inbound" { 89 | count = var.enable && local.public_count > 0 && var.enable_public_acl && (var.type == "public" || var.type == "public-private") ? length(var.public_inbound_acl_rules) : 0 90 | network_acl_id = aws_network_acl.public[0].id 91 | egress = false 92 | rule_number = var.public_inbound_acl_rules[count.index]["rule_number"] 93 | rule_action = var.public_inbound_acl_rules[count.index]["rule_action"] 94 | from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null) 95 | to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null) 96 | icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null) 97 | icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null) 98 | protocol = var.public_inbound_acl_rules[count.index]["protocol"] 99 | cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null) 100 | ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null) 101 | } 102 | 103 | resource "aws_network_acl_rule" "public_outbound" { 104 | count = var.enable && local.public_count > 0 && var.enable_public_acl && (var.type == "public" || var.type == "public-private") ? length(var.public_outbound_acl_rules) : 0 105 | network_acl_id = aws_network_acl.public[0].id 106 | egress = true 107 | rule_number = var.public_outbound_acl_rules[count.index]["rule_number"] 108 | rule_action = var.public_outbound_acl_rules[count.index]["rule_action"] 109 | from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null) 110 | to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null) 111 | icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null) 112 | icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null) 113 | protocol = var.public_outbound_acl_rules[count.index]["protocol"] 114 | cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null) 115 | ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null) 116 | } 117 | 118 | ##----------------------------------------------------------------------------- 119 | ## Below resources will deploy route table and routes for public subnet and will be associated to public subnets. 120 | ##----------------------------------------------------------------------------- 121 | resource "aws_route_table" "public" { 122 | count = local.public_count 123 | vpc_id = var.vpc_id 124 | tags = merge( 125 | module.public-labels.tags, 126 | { 127 | "Name" = format("%s%s%s-rt", module.public-labels.id, var.delimiter, element(var.availability_zones, count.index)) 128 | "AZ" = element(var.availability_zones, count.index) 129 | } 130 | ) 131 | } 132 | 133 | resource "aws_route" "public" { 134 | count = local.public_count 135 | route_table_id = element(aws_route_table.public[*].id, count.index) 136 | gateway_id = var.igw_id 137 | destination_cidr_block = var.public_rt_ipv4_destination_cidr 138 | depends_on = [aws_route_table.public] 139 | timeouts { 140 | create = "5m" 141 | } 142 | } 143 | 144 | resource "aws_route" "public_ipv6" { 145 | count = local.public_count 146 | route_table_id = element(aws_route_table.public[*].id, count.index) 147 | gateway_id = var.igw_id 148 | destination_ipv6_cidr_block = var.public_rt_ipv6_destination_cidr 149 | depends_on = [aws_route_table.public] 150 | } 151 | 152 | resource "aws_route_table_association" "public" { 153 | count = local.public_count 154 | subnet_id = element(aws_subnet.public[*].id, count.index) 155 | route_table_id = element(aws_route_table.public[*].id, count.index) 156 | depends_on = [ 157 | aws_subnet.public, 158 | aws_route_table.public, 159 | ] 160 | } 161 | 162 | ##----------------------------------------------------------------------------- 163 | ## Below resource will deploy flow logs for public subnet. 164 | ##----------------------------------------------------------------------------- 165 | resource "aws_flow_log" "public_subnet_flow_log" { 166 | count = var.enable && var.enable_flow_log && local.public_count > 0 ? 1 : 0 167 | log_destination_type = var.flow_log_destination_type 168 | log_destination = var.flow_log_destination_arn 169 | log_format = var.flow_log_log_format 170 | iam_role_arn = var.flow_log_iam_role_arn 171 | traffic_type = var.flow_log_traffic_type 172 | subnet_id = element(aws_subnet.public[*].id, count.index) 173 | max_aggregation_interval = var.flow_log_max_aggregation_interval 174 | dynamic "destination_options" { 175 | for_each = var.flow_log_destination_type == "s3" ? [true] : [] 176 | 177 | content { 178 | file_format = var.flow_log_file_format 179 | hive_compatible_partitions = var.flow_log_hive_compatible_partitions 180 | per_hour_partition = var.flow_log_per_hour_partition 181 | } 182 | } 183 | tags = merge( 184 | module.public-labels.tags, 185 | { 186 | "Name" = format("%s-flowlog", module.public-labels.name) 187 | } 188 | ) 189 | } 190 | 191 | ##----------------------------------------------------------------------------- 192 | ## Below resource will deploy private subnets and its related components in aws environment. 193 | ##----------------------------------------------------------------------------- 194 | resource "aws_subnet" "private" { 195 | count = local.private_count 196 | vpc_id = var.vpc_id 197 | availability_zone = element(var.availability_zones, count.index) 198 | cidr_block = length(var.ipv4_private_cidrs) == 0 ? cidrsubnet(var.cidr_block, local.public_count == 0 ? ceil(log(local.private_count * 2, 2)) : ceil(log(local.public_count * 2, 2)), count.index) : var.ipv4_private_cidrs[count.index] 199 | ipv6_cidr_block = var.enable_ipv6 ? (length(var.private_ipv6_cidrs) == 0 ? cidrsubnet(var.ipv6_cidr_block, 8, local.public_count + count.index + 1) : var.private_ipv6_cidrs[count.index]) : null 200 | assign_ipv6_address_on_creation = var.enable_ipv6 && var.private_subnet_ipv6_native ? true : var.private_subnet_assign_ipv6_address_on_creation 201 | private_dns_hostname_type_on_launch = var.private_subnet_private_dns_hostname_type_on_launch 202 | ipv6_native = var.enable_ipv6 && var.private_subnet_ipv6_native 203 | enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.private_subnet_enable_resource_name_dns_aaaa_record_on_launch 204 | enable_resource_name_dns_a_record_on_launch = !var.private_subnet_ipv6_native && var.private_subnet_enable_resource_name_dns_a_record_on_launch 205 | enable_dns64 = var.enable_ipv6 && var.private_subnet_enable_dns64 206 | 207 | tags = merge( 208 | module.private-labels.tags, var.extra_private_tags, 209 | { 210 | "Name" = format("%s%s%s", module.private-labels.id, var.delimiter, element(var.availability_zones, count.index)) 211 | "AZ" = element(var.availability_zones, count.index) 212 | } 213 | ) 214 | 215 | lifecycle { 216 | # Ignore tags added by kubernetes 217 | ignore_changes = [ 218 | tags["kubernetes.io"], 219 | tags["SubnetType"], 220 | ] 221 | } 222 | } 223 | 224 | ##----------------------------------------------------------------------------- 225 | ## Below resource will deploy network acl and its rules that will be attached to private subnets. 226 | ##----------------------------------------------------------------------------- 227 | resource "aws_network_acl" "private" { 228 | count = var.enable && var.enable_private_acl && (var.type == "private" || var.type == "public-private") ? 1 : 0 229 | vpc_id = var.vpc_id 230 | subnet_ids = aws_subnet.private[*].id 231 | tags = module.private-labels.tags 232 | depends_on = [aws_subnet.private] 233 | } 234 | 235 | resource "aws_network_acl_rule" "private_inbound" { 236 | count = var.enable && var.enable_private_acl && (var.type == "private" || var.type == "public-private") ? length(var.private_inbound_acl_rules) : 0 237 | network_acl_id = aws_network_acl.private[0].id 238 | egress = false 239 | rule_number = var.private_inbound_acl_rules[count.index]["rule_number"] 240 | rule_action = var.private_inbound_acl_rules[count.index]["rule_action"] 241 | from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null) 242 | to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null) 243 | icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null) 244 | icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null) 245 | protocol = var.private_inbound_acl_rules[count.index]["protocol"] 246 | cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null) 247 | ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null) 248 | } 249 | 250 | resource "aws_network_acl_rule" "private_outbound" { 251 | count = var.enable && var.enable_private_acl && (var.type == "private" || var.type == "public-private") ? length(var.private_inbound_acl_rules) : 0 252 | network_acl_id = aws_network_acl.private[0].id 253 | egress = true 254 | rule_number = var.private_outbound_acl_rules[count.index]["rule_number"] 255 | rule_action = var.private_outbound_acl_rules[count.index]["rule_action"] 256 | from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null) 257 | to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null) 258 | icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null) 259 | icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null) 260 | protocol = var.private_outbound_acl_rules[count.index]["protocol"] 261 | cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null) 262 | ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) 263 | } 264 | 265 | ##----------------------------------------------------------------------------- 266 | ## Below resources will deploy route table and routes for private subnet and will be associated to private subnets. 267 | ##----------------------------------------------------------------------------- 268 | resource "aws_route_table" "private" { 269 | count = local.private_count 270 | vpc_id = var.vpc_id 271 | tags = merge( 272 | module.private-labels.tags, 273 | { 274 | "Name" = format("%s%s%s-rt", module.private-labels.id, var.delimiter, element(var.availability_zones, count.index)) 275 | "AZ" = element(var.availability_zones, count.index) 276 | } 277 | ) 278 | } 279 | 280 | resource "aws_route_table_association" "private" { 281 | count = local.private_count 282 | subnet_id = element(aws_subnet.private[*].id, count.index) 283 | route_table_id = element(aws_route_table.private[*].id, var.single_nat_gateway ? 0 : count.index, ) 284 | } 285 | 286 | resource "aws_route" "nat_gateway" { 287 | count = local.nat_gateway_count > 0 ? local.nat_gateway_count : 0 288 | route_table_id = element(aws_route_table.private[*].id, count.index) 289 | destination_cidr_block = var.nat_gateway_destination_cidr_block 290 | nat_gateway_id = element(aws_nat_gateway.private[*].id, count.index) 291 | depends_on = [aws_route_table.private] 292 | } 293 | 294 | ##---------------------------------------------------------------------------------- 295 | ## Below resource will create Elastic IP (EIP) for nat gateway. 296 | ##---------------------------------------------------------------------------------- 297 | resource "aws_eip" "private" { 298 | count = local.nat_gateway_count 299 | domain = "vpc" 300 | tags = merge( 301 | module.private-labels.tags, 302 | { 303 | "Name" = format("%s%s%s-eip", module.private-labels.id, var.delimiter, element(var.availability_zones, count.index)) 304 | } 305 | ) 306 | lifecycle { 307 | create_before_destroy = true 308 | } 309 | } 310 | 311 | ##---------------------------------------------------------------------------------- 312 | ## Below resource will deploy nat gateway for private subnets. 313 | ##---------------------------------------------------------------------------------- 314 | resource "aws_nat_gateway" "private" { 315 | count = local.nat_gateway_count 316 | allocation_id = element(aws_eip.private[*].id, count.index) 317 | subnet_id = length(aws_subnet.public) > 0 ? element(aws_subnet.public[*].id, count.index) : element(var.public_subnet_ids, count.index) 318 | tags = merge( 319 | module.private-labels.tags, 320 | { 321 | "Name" = format("%s%s%s-nat-gateway", module.private-labels.id, var.delimiter, element(var.availability_zones, count.index)) 322 | } 323 | ) 324 | } 325 | 326 | ##----------------------------------------------------------------------------- 327 | ## Below resource will deploy flow logs for private subnet. 328 | ##----------------------------------------------------------------------------- 329 | resource "aws_flow_log" "private_subnet_flow_log" { 330 | count = var.enable && var.enable_flow_log && local.private_count > 0 ? 1 : 0 331 | log_destination_type = var.flow_log_destination_type 332 | log_destination = var.flow_log_destination_arn 333 | log_format = var.flow_log_log_format 334 | iam_role_arn = var.flow_log_iam_role_arn 335 | traffic_type = var.flow_log_traffic_type 336 | subnet_id = element(aws_subnet.private[*].id, count.index) 337 | max_aggregation_interval = var.flow_log_max_aggregation_interval 338 | dynamic "destination_options" { 339 | for_each = var.flow_log_destination_type == "s3" ? [true] : [] 340 | 341 | content { 342 | file_format = var.flow_log_file_format 343 | hive_compatible_partitions = var.flow_log_hive_compatible_partitions 344 | per_hour_partition = var.flow_log_per_hour_partition 345 | } 346 | } 347 | tags = merge( 348 | module.private-labels.tags, 349 | { 350 | "Name" = format("%s-flowlog", module.private-labels.name) 351 | } 352 | ) 353 | } 354 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | #Module : SUBNET 2 | #Description : Terraform module to create public, private and public-private subnet with 3 | # network acl, route table, Elastic IP, nat gateway, flow log. 4 | output "public_subnet_id" { 5 | value = aws_subnet.public[*].id 6 | description = "The ID of the subnet." 7 | } 8 | 9 | output "public_subnet_cidrs" { 10 | value = aws_subnet.public[*].cidr_block 11 | description = "CIDR blocks of the created public subnets." 12 | } 13 | 14 | output "public_subnet_cidrs_ipv6" { 15 | value = aws_subnet.public[*].ipv6_cidr_block 16 | description = "CIDR blocks of the created public subnets." 17 | } 18 | 19 | output "private_subnet_id" { 20 | value = aws_subnet.private[*].id 21 | description = "The ID of the private subnet." 22 | } 23 | 24 | output "private_subnet_cidrs" { 25 | value = aws_subnet.private[*].cidr_block 26 | description = "CIDR blocks of the created private subnets." 27 | } 28 | 29 | output "private_subnet_cidrs_ipv6" { 30 | value = aws_subnet.private[*].ipv6_cidr_block 31 | description = "CIDR blocks of the created private subnets." 32 | } 33 | 34 | output "public_route_tables_id" { 35 | value = aws_route_table.public[*].id 36 | description = "The ID of the routing table." 37 | } 38 | 39 | output "private_route_tables_id" { 40 | value = aws_route_table.private[*].id 41 | description = "The ID of the routing table." 42 | } 43 | 44 | output "private_tags" { 45 | value = module.private-labels.tags 46 | description = "A mapping of private tags to assign to the resource." 47 | } 48 | 49 | output "public_tags" { 50 | value = module.public-labels.tags 51 | description = "A mapping of public tags to assign to the resource." 52 | } 53 | 54 | output "public_acl" { 55 | value = join("", aws_network_acl.public[*].id) 56 | description = "The ID of the network ACL." 57 | } 58 | 59 | output "private_acl" { 60 | value = join("", aws_network_acl.private[*].id) 61 | description = "The ID of the network ACL." 62 | } 63 | 64 | output "nat_gateway_private_ip" { 65 | value = aws_nat_gateway.private[*].private_ip 66 | description = "The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned." 67 | } 68 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #Module : LABEL 2 | #Description : Terraform label module variables. 3 | variable "name" { 4 | type = string 5 | default = "" 6 | description = "Name (e.g. `prod-subnet` or `subnet`)." 7 | } 8 | 9 | variable "repository" { 10 | type = string 11 | default = "https://github.com/clouddrove/terraform-aws-subnet" 12 | description = "Terraform current module repo" 13 | 14 | validation { 15 | # regex(...) fails if it cannot find a match 16 | condition = can(regex("^https://", var.repository)) 17 | error_message = "The module-repo value must be a valid Git repo link." 18 | } 19 | } 20 | 21 | variable "environment" { 22 | type = string 23 | default = "" 24 | description = "Environment (e.g. `prod`, `dev`, `staging`)." 25 | } 26 | 27 | variable "label_order" { 28 | type = list(any) 29 | default = ["name", "environment"] 30 | description = "Label order, e.g. `name`,`Environment`." 31 | } 32 | 33 | variable "attributes" { 34 | type = list(any) 35 | default = [] 36 | description = "Additional attributes (e.g. `1`)." 37 | } 38 | 39 | variable "delimiter" { 40 | type = string 41 | default = "-" 42 | description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`." 43 | } 44 | 45 | variable "extra_public_tags" { 46 | type = map(any) 47 | default = {} 48 | description = "Additional public subnet tags." 49 | } 50 | 51 | variable "extra_private_tags" { 52 | type = map(any) 53 | default = {} 54 | description = "Additional private subnet tags." 55 | } 56 | 57 | variable "managedby" { 58 | type = string 59 | default = "hello@clouddrove.com" 60 | description = "ManagedBy, eg 'CloudDrove'." 61 | } 62 | 63 | #Module : SUBNET 64 | #Description : Terraform SUBNET module variables. 65 | variable "availability_zones" { 66 | type = list(string) 67 | default = [] 68 | description = "List of Availability Zones (e.g. `['us-east-1a', 'us-east-1b', 'us-east-1c']`)." 69 | } 70 | 71 | variable "type" { 72 | type = string 73 | default = "" 74 | description = "Type of subnets to create (`private` or `public`)." 75 | } 76 | 77 | variable "vpc_id" { 78 | type = string 79 | description = "VPC ID." 80 | sensitive = true 81 | } 82 | 83 | variable "cidr_block" { 84 | type = string 85 | default = null 86 | description = "Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)." 87 | } 88 | 89 | variable "ipv6_cidr_block" { 90 | type = string 91 | default = null 92 | description = "Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`)." 93 | } 94 | 95 | variable "public_subnet_ids" { 96 | type = list(string) 97 | default = [] 98 | description = "A list of public subnet ids." 99 | sensitive = true 100 | 101 | } 102 | 103 | variable "igw_id" { 104 | type = string 105 | default = "" 106 | description = "Internet Gateway ID that is used as a default route when creating public subnets (e.g. `igw-9c26a123`)." 107 | sensitive = true 108 | } 109 | 110 | variable "enable" { 111 | type = bool 112 | default = true 113 | description = "Set to false to prevent the module from creating any resources." 114 | } 115 | 116 | variable "enable_public_acl" { 117 | type = bool 118 | default = true 119 | description = "Set to false to prevent the module from creating any resources." 120 | } 121 | 122 | variable "enable_private_acl" { 123 | type = bool 124 | default = true 125 | description = "Set to false to prevent the module from creating any resources." 126 | } 127 | 128 | variable "nat_gateway_enabled" { 129 | type = bool 130 | default = false 131 | description = "Flag to enable/disable NAT Gateways creation in public subnets." 132 | } 133 | 134 | variable "enable_flow_log" { 135 | type = bool 136 | default = false 137 | description = "Enable subnet_flow_log logs." 138 | } 139 | 140 | variable "map_public_ip_on_launch" { 141 | type = bool 142 | default = false 143 | description = "Specify true to indicate that instances launched into the public subnet should be assigned a public IP address." 144 | } 145 | 146 | #Module : FLOW LOG 147 | #Description : Terraform flow log module variables. 148 | variable "flow_log_destination_arn" { 149 | type = string 150 | default = null 151 | description = "ARN of resource in which flow log will be sent." 152 | sensitive = true 153 | } 154 | 155 | variable "flow_log_destination_type" { 156 | type = string 157 | default = "cloud-watch-logs" 158 | description = "Type of flow log destination. Can be s3 or cloud-watch-logs" 159 | } 160 | 161 | variable "flow_log_traffic_type" { 162 | type = string 163 | default = "ALL" 164 | description = "Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL." 165 | } 166 | 167 | variable "flow_log_log_format" { 168 | type = string 169 | default = null 170 | description = "The fields to include in the flow log record, in the order in which they should appear" 171 | } 172 | 173 | variable "flow_log_iam_role_arn" { 174 | type = string 175 | default = null 176 | description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided" 177 | } 178 | 179 | variable "flow_log_max_aggregation_interval" { 180 | type = number 181 | default = 600 182 | description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds" 183 | } 184 | 185 | variable "flow_log_file_format" { 186 | type = string 187 | default = null 188 | description = "(Optional) The format for the flow log. Valid values: `plain-text`, `parquet`" 189 | } 190 | 191 | variable "flow_log_hive_compatible_partitions" { 192 | type = bool 193 | default = false 194 | description = "(Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3" 195 | } 196 | 197 | variable "flow_log_per_hour_partition" { 198 | type = bool 199 | default = false 200 | description = "(Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries" 201 | } 202 | 203 | variable "public_ipv6_cidrs" { 204 | type = list(any) 205 | default = [] 206 | description = "Public Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`)." 207 | } 208 | 209 | variable "private_ipv6_cidrs" { 210 | type = list(any) 211 | default = [] 212 | description = "Private Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`)." 213 | } 214 | 215 | variable "ipv4_public_cidrs" { 216 | type = list(any) 217 | default = [] 218 | description = "Subnet CIDR blocks (e.g. `10.0.0.0/16`)." 219 | } 220 | variable "ipv4_private_cidrs" { 221 | type = list(any) 222 | default = [] 223 | description = "Subnet CIDR blocks (e.g. `10.0.0.0/16`)." 224 | } 225 | 226 | variable "single_nat_gateway" { 227 | type = bool 228 | default = false 229 | description = "Enable for only single NAT Gateway in one Availability Zone" 230 | } 231 | 232 | variable "public_subnet_assign_ipv6_address_on_creation" { 233 | type = bool 234 | default = false 235 | description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address." 236 | } 237 | 238 | variable "private_subnet_assign_ipv6_address_on_creation" { 239 | type = bool 240 | default = false 241 | description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address." 242 | } 243 | 244 | variable "public_subnet_private_dns_hostname_type_on_launch" { 245 | type = string 246 | default = null 247 | description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" 248 | } 249 | 250 | variable "private_subnet_private_dns_hostname_type_on_launch" { 251 | type = string 252 | default = null 253 | description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" 254 | } 255 | 256 | variable "public_subnet_ipv6_native" { 257 | type = bool 258 | default = false 259 | description = "Indicates whether to create an IPv6-only public subnet. Default: `false`" 260 | } 261 | 262 | variable "private_subnet_ipv6_native" { 263 | type = bool 264 | default = false 265 | description = "Indicates whether to create an IPv6-only private subnet. Default: `false`" 266 | } 267 | 268 | variable "enable_ipv6" { 269 | type = bool 270 | default = false 271 | description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block" 272 | } 273 | 274 | variable "public_subnet_enable_dns64" { 275 | type = bool 276 | default = false 277 | description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" 278 | } 279 | 280 | variable "private_subnet_enable_dns64" { 281 | type = bool 282 | default = false 283 | description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" 284 | } 285 | 286 | variable "public_subnet_enable_resource_name_dns_a_record_on_launch" { 287 | type = bool 288 | default = false 289 | description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" 290 | } 291 | 292 | variable "private_subnet_enable_resource_name_dns_a_record_on_launch" { 293 | type = bool 294 | default = false 295 | description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" 296 | } 297 | 298 | variable "public_subnet_enable_resource_name_dns_aaaa_record_on_launch" { 299 | type = bool 300 | default = false 301 | description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" 302 | } 303 | 304 | variable "private_subnet_enable_resource_name_dns_aaaa_record_on_launch" { 305 | type = bool 306 | default = false 307 | description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" 308 | } 309 | 310 | variable "public_inbound_acl_rules" { 311 | type = list(map(string)) 312 | default = [ 313 | { 314 | rule_number = 100 315 | rule_action = "allow" 316 | from_port = 0 317 | to_port = 0 318 | protocol = "-1" 319 | cidr_block = "0.0.0.0/0" 320 | }, 321 | ] 322 | description = "Public subnets inbound network ACLs" 323 | } 324 | 325 | variable "public_outbound_acl_rules" { 326 | type = list(map(string)) 327 | default = [ 328 | { 329 | rule_number = 100 330 | rule_action = "allow" 331 | from_port = 0 332 | to_port = 0 333 | protocol = "-1" 334 | cidr_block = "0.0.0.0/0" 335 | }, 336 | ] 337 | description = "Public subnets outbound network ACLs" 338 | } 339 | 340 | variable "private_inbound_acl_rules" { 341 | type = list(map(string)) 342 | default = [ 343 | { 344 | rule_number = 100 345 | rule_action = "deny" 346 | from_port = 0 347 | to_port = 0 348 | protocol = "-1" 349 | cidr_block = "0.0.0.0/0" 350 | }, 351 | ] 352 | description = "Private subnets inbound network ACLs" 353 | } 354 | 355 | variable "private_outbound_acl_rules" { 356 | type = list(map(string)) 357 | default = [ 358 | { 359 | rule_number = 100 360 | rule_action = "deny" 361 | from_port = 0 362 | to_port = 0 363 | protocol = "-1" 364 | cidr_block = "0.0.0.0/0" 365 | }, 366 | ] 367 | description = "Private subnets outbound network ACLs" 368 | } 369 | 370 | variable "nat_gateway_destination_cidr_block" { 371 | type = string 372 | default = "0.0.0.0/0" 373 | description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route" 374 | } 375 | 376 | variable "public_rt_ipv4_destination_cidr" { 377 | type = string 378 | default = "0.0.0.0/0" 379 | description = "The destination ipv4 CIDR block." 380 | } 381 | 382 | variable "public_rt_ipv6_destination_cidr" { 383 | type = string 384 | default = "::/0" 385 | description = "The destination ipv6 CIDR block." 386 | } 387 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | --------------------------------------------------------------------------------