├── LICENSE ├── .gitignore ├── outputs.tf ├── variables.tf ├── README.md └── main.tf /LICENSE: -------------------------------------------------------------------------------- 1 | Licensed under the Apache License, Version 2.0 (the "License"); 2 | you may not use this file except in compliance with the License. 3 | You may obtain a copy of the License at 4 | 5 | http://www.apache.org/licenses/LICENSE-2.0 6 | 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # used for testing 2 | terraform.tfvars 3 | 4 | ### https://raw.github.com/github/gitignore/abad92dac5a4306f72242dae3bca6e277bce3615/Terraform.gitignore 5 | 6 | # Compiled files 7 | *.tfstate 8 | *.tfstate.backup 9 | 10 | # Module directory 11 | .terraform/ 12 | 13 | 14 | ### https://raw.github.com/github/gitignore/abad92dac5a4306f72242dae3bca6e277bce3615/Global/Vim.gitignore 15 | 16 | # swap 17 | [._]*.s[a-w][a-z] 18 | [._]s[a-w][a-z] 19 | # session 20 | Session.vim 21 | # temporary 22 | .netrwhist 23 | *~ 24 | # auto-generated tag files 25 | tags 26 | 27 | 28 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "private_subnets" { 2 | value = ["${aws_subnet.private.*.id}"] 3 | } 4 | 5 | output "database_subnets" { 6 | value = ["${aws_subnet.database.*.id}"] 7 | } 8 | 9 | output "database_subnet_group" { 10 | value = "${aws_db_subnet_group.database.id}" 11 | } 12 | 13 | output "public_subnets" { 14 | value = ["${aws_subnet.public.*.id}"] 15 | } 16 | 17 | output "elasticache_subnets" { 18 | value = ["${aws_subnet.elasticache.*.id}"] 19 | } 20 | 21 | output "elasticache_subnet_group" { 22 | value = "${aws_elasticache_subnet_group.elasticache.id}" 23 | } 24 | 25 | output "vpc_id" { 26 | value = "${aws_vpc.mod.id}" 27 | } 28 | 29 | output "vpc_cidr_block" { 30 | value = "${aws_vpc.mod.cidr_block}" 31 | } 32 | 33 | output "public_route_table_ids" { 34 | value = ["${aws_route_table.public.*.id}"] 35 | } 36 | 37 | output "private_route_table_ids" { 38 | value = ["${aws_route_table.private.*.id}"] 39 | } 40 | 41 | output "default_security_group_id" { 42 | value = "${aws_vpc.mod.default_security_group_id}" 43 | } 44 | 45 | output "nat_eips" { 46 | value = ["${aws_eip.nateip.*.id}"] 47 | } 48 | 49 | output "nat_eips_public_ips" { 50 | value = ["${aws_eip.nateip.*.public_ip}"] 51 | } 52 | 53 | output "natgw_ids" { 54 | value = ["${aws_nat_gateway.natgw.*.id}"] 55 | } 56 | 57 | output "igw_id" { 58 | value = "${aws_internet_gateway.mod.id}" 59 | } 60 | 61 | output "default_network_acl_id" { 62 | value = "${aws_vpc.mod.default_network_acl_id}" 63 | } 64 | 65 | output "vpc_endpoint_s3_id" { 66 | value = "${aws_vpc_endpoint.s3.id}" 67 | } 68 | 69 | output "vpc_endpoint_dynamodb_id" { 70 | value = "${aws_vpc_endpoint.dynamodb.id}" 71 | } 72 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "Name to be used on all the resources as identifier" 3 | default = "" 4 | } 5 | 6 | variable "cidr" { 7 | description = "The CIDR block for the VPC" 8 | default = "" 9 | } 10 | 11 | variable "instance_tenancy" { 12 | description = "A tenancy option for instances launched into the VPC" 13 | default = "default" 14 | } 15 | 16 | variable "public_subnets" { 17 | description = "A list of public subnets inside the VPC." 18 | default = [] 19 | } 20 | 21 | variable "private_subnets" { 22 | description = "A list of private subnets inside the VPC." 23 | default = [] 24 | } 25 | 26 | variable "database_subnets" { 27 | type = "list" 28 | description = "A list of database subnets" 29 | default = [] 30 | } 31 | 32 | variable "create_database_subnet_group" { 33 | description = "Controls, if should database subnet group be created." 34 | default = true 35 | } 36 | 37 | variable "elasticache_subnets" { 38 | type = "list" 39 | description = "A list of elasticache subnets" 40 | default = [] 41 | } 42 | 43 | variable "azs" { 44 | description = "A list of Availability zones in the region" 45 | default = [] 46 | } 47 | 48 | variable "enable_dns_hostnames" { 49 | description = "should be true if you want to use private DNS within the VPC" 50 | default = false 51 | } 52 | 53 | variable "enable_dns_support" { 54 | description = "should be true if you want to use private DNS within the VPC" 55 | default = false 56 | } 57 | 58 | variable "enable_classiclink" { 59 | description = "should be true if you want to use ClassicLink within the VPC" 60 | default = false 61 | } 62 | 63 | variable "enable_classiclink_dns_support" { 64 | description = "should be true if you want to use private DNS within the classiclinks" 65 | default = false 66 | } 67 | 68 | variable "enable_nat_gateway" { 69 | description = "should be true if you want to provision NAT Gateways for each of your private networks" 70 | default = false 71 | } 72 | 73 | variable "single_nat_gateway" { 74 | description = "should be true if you want to provision a single shared NAT Gateway across all of your private networks" 75 | default = false 76 | } 77 | 78 | variable "enable_s3_endpoint" { 79 | description = "should be true if you want to provision an S3 endpoint to the VPC" 80 | default = false 81 | } 82 | 83 | variable "enable_dynamodb_endpoint" { 84 | description = "should be true if you want to provision an DynamoDB endpoint to the VPC" 85 | default = false 86 | } 87 | 88 | variable "map_public_ip_on_launch" { 89 | description = "should be false if you do not want to auto-assign public IP on launch" 90 | default = true 91 | } 92 | 93 | variable "private_propagating_vgws" { 94 | description = "A list of VGWs the private route table should propagate." 95 | default = [] 96 | } 97 | 98 | variable "public_propagating_vgws" { 99 | description = "A list of VGWs the public route table should propagate." 100 | default = [] 101 | } 102 | 103 | variable "tags" { 104 | description = "A map of tags to add to all resources" 105 | default = {} 106 | } 107 | 108 | variable "public_subnet_tags" { 109 | description = "Additional tags for the public subnets" 110 | default = {} 111 | } 112 | 113 | variable "private_subnet_tags" { 114 | description = "Additional tags for the public subnets" 115 | default = {} 116 | } 117 | 118 | variable "database_subnet_tags" { 119 | description = "Additional tags for the database subnets" 120 | default = {} 121 | } 122 | 123 | variable "elasticache_subnet_tags" { 124 | description = "Additional tags for the elasticache subnets" 125 | default = {} 126 | } 127 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | vpc terraform module 2 | =========== 3 | 4 | # This module is deprecated and [terraform-aws-modules/terraform-aws-vpc module](https://github.com/terraform-aws-modules/terraform-aws-vpc) published on [the Terraform registry](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws) should be used instead. 5 | 6 | ## This repository will not have active support any more. 7 | 8 | --- 9 | 10 | A terraform module to provide a VPC in AWS. 11 | 12 | 13 | Module Input Variables 14 | ---------------------- 15 | 16 | - `name` - name to be used on all the resources created by the module 17 | - `cidr` - the CIDR block for the VPC 18 | - `instance_tenancy` - tenancy option for instances launched into the VPC 19 | - `public_subnets` - list of public subnet cidrs 20 | - `private_subnets` - list of private subnet cidrs 21 | - `database_subnets` - list of private RDS subnet cidrs 22 | - `create_database_subnet_group` - Controls, if should database subnet group be created 23 | - `elasticache_subnets` - list of private Elasticache subnet cidrs 24 | - `azs` - list of AZs in which to distribute subnets 25 | - `enable_dns_hostnames` - should be true if you want to use private DNS within the VPC 26 | - `enable_dns_support` - should be true if you want to use private DNS within the VPC 27 | - `enable_classiclink` - should be true if you want to use ClassicLink within the VPC 28 | - `enable_classiclink_dns_support` - should be true if you want to use private DNS within the classiclinks 29 | - `enable_nat_gateway` - should be true if you want to provision NAT Gateways 30 | - `single_nat_gateway` - should be true if you want to provision a single shared NAT Gateway across all of your private networks 31 | - `enable_s3_endpoint` - should be true if you want to provision an S3 endpoint within the VPC 32 | - `enable_dynamodb_endpoint` - should be true if you want to provision a DynamoDB endpoint within the VPC 33 | - `map_public_ip_on_launch` - should be false if you do not want to auto-assign public IP on launch 34 | - `private_propagating_vgws` - list of VGWs the private route table should propagate 35 | - `public_propagating_vgws` - list of VGWs the public route table should propagate 36 | - `tags` - dictionary of tags that will be added to resources created by the module 37 | - `public_subnet_tags` - dictionary of tags that will be added to public subnets created by the module 38 | - `private_subnet_tags` - dictionary of tags that will be added to private subnets created by the module 39 | - `database_subnet_tags` - dictionary of tags that will be added to database subnets created by the module 40 | - `elasticache_subnet_tags` - dictionary of tags that will be added to elasticache subnets created by the module 41 | 42 | It's generally preferable to keep `public_subnets`, `private_subnets`, and 43 | `azs` to lists of the same length. 44 | 45 | This module optionally creates NAT Gateways (one per availability zone) and sets them 46 | as the default gateways for the corresponding private subnets. 47 | 48 | Usage 49 | ----- 50 | 51 | ```hcl 52 | module "vpc" { 53 | source = "github.com/terraform-community-modules/tf_aws_vpc" 54 | 55 | name = "my-vpc" 56 | 57 | cidr = "10.0.0.0/16" 58 | private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 59 | public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] 60 | 61 | enable_nat_gateway = "true" 62 | 63 | azs = ["us-west-2a", "us-west-2b", "us-west-2c"] 64 | 65 | tags { 66 | "Terraform" = "true" 67 | "Environment" = "${var.environment}" 68 | } 69 | } 70 | ``` 71 | 72 | For Terraform version older than 0.7.0 use `ref=v1.0.0`: 73 | `source = "github.com/terraform-community-modules/tf_aws_vpc?ref=v1.0.0"` 74 | 75 | Outputs 76 | ======= 77 | 78 | - `vpc_id` - does what it says on the tin 79 | - `private_subnets` - list of private subnet ids 80 | - `public_subnets` - list of public subnet ids 81 | - `database_subnets` - list of database subnets ids 82 | - `database_subnet_group` - db subnet group name 83 | - `elasticache_subnets` - list of elasticache subnets ids 84 | - `elasticache_subnet_group` - elasticache subnet group name 85 | - `public_route_table_ids` - list of public route table ids 86 | - `private_route_table_ids` - list of private route table ids 87 | - `default_security_group_id` - VPC default security group id string 88 | - `nat_eips` - list of Elastic IP ids (if any are provisioned) 89 | - `nat_eips_public_ips` - list of NAT gateways' public Elastic IP's (if any are provisioned) 90 | - `natgw_ids` - list of NAT gateway ids 91 | - `igw_id` - Internet Gateway id string 92 | - `default_network_acl_id` - VPC default network ACL id 93 | - `vpc_endpoint_s3_id` - VPC Endpoint ID for S3 94 | - `vpc_endpoint_dynamodb_id` - VPC Endpoint ID for Dynamodb 95 | 96 | **NOTE**: previous versions of this module returned a single string as a route 97 | table ID, while this version returns a list. 98 | 99 | Authors 100 | ======= 101 | 102 | Originally created and maintained by [Casey Ransom](https://github.com/cransom) 103 | Hijacked by [Paul Hinze](https://github.com/phinze) 104 | 105 | License 106 | ======= 107 | 108 | Apache 2 Licensed. See LICENSE for full details. 109 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "mod" { 2 | cidr_block = "${var.cidr}" 3 | instance_tenancy = "${var.instance_tenancy}" 4 | enable_dns_hostnames = "${var.enable_dns_hostnames}" 5 | enable_dns_support = "${var.enable_dns_support}" 6 | 7 | enable_classiclink = "${var.enable_classiclink}" 8 | enable_classiclink_dns_support = "${var.enable_classiclink_dns_support}" 9 | 10 | tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" 11 | } 12 | 13 | resource "aws_internet_gateway" "mod" { 14 | count = "${length(var.public_subnets) > 0 ? 1 : 0}" 15 | 16 | vpc_id = "${aws_vpc.mod.id}" 17 | 18 | tags = "${merge(var.tags, map("Name", format("%s-igw", var.name)))}" 19 | } 20 | 21 | resource "aws_route_table" "public" { 22 | count = "${length(var.public_subnets) > 0 ? 1 : 0}" 23 | 24 | vpc_id = "${aws_vpc.mod.id}" 25 | propagating_vgws = ["${var.public_propagating_vgws}"] 26 | 27 | tags = "${merge(var.tags, map("Name", format("%s-rt-public", var.name)))}" 28 | } 29 | 30 | resource "aws_route" "public_internet_gateway" { 31 | count = "${length(var.public_subnets) > 0 ? 1 : 0}" 32 | 33 | route_table_id = "${aws_route_table.public.id}" 34 | destination_cidr_block = "0.0.0.0/0" 35 | gateway_id = "${aws_internet_gateway.mod.id}" 36 | } 37 | 38 | resource "aws_route" "private_nat_gateway" { 39 | count = "${var.enable_nat_gateway ? length(var.azs) : 0}" 40 | 41 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 42 | destination_cidr_block = "0.0.0.0/0" 43 | nat_gateway_id = "${element(aws_nat_gateway.natgw.*.id, count.index)}" 44 | } 45 | 46 | resource "aws_route_table" "private" { 47 | count = "${length(var.azs)}" 48 | 49 | vpc_id = "${aws_vpc.mod.id}" 50 | propagating_vgws = ["${var.private_propagating_vgws}"] 51 | 52 | tags = "${merge(var.tags, map("Name", format("%s-rt-private-%s", var.name, element(var.azs, count.index))))}" 53 | } 54 | 55 | resource "aws_subnet" "private" { 56 | count = "${length(var.private_subnets)}" 57 | 58 | vpc_id = "${aws_vpc.mod.id}" 59 | cidr_block = "${var.private_subnets[count.index]}" 60 | availability_zone = "${element(var.azs, count.index)}" 61 | 62 | tags = "${merge(var.tags, var.private_subnet_tags, map("Name", format("%s-subnet-private-%s", var.name, element(var.azs, count.index))))}" 63 | } 64 | 65 | resource "aws_subnet" "database" { 66 | count = "${length(var.database_subnets)}" 67 | 68 | vpc_id = "${aws_vpc.mod.id}" 69 | cidr_block = "${var.database_subnets[count.index]}" 70 | availability_zone = "${element(var.azs, count.index)}" 71 | 72 | tags = "${merge(var.tags, var.database_subnet_tags, map("Name", format("%s-subnet-database-%s", var.name, element(var.azs, count.index))))}" 73 | } 74 | 75 | resource "aws_db_subnet_group" "database" { 76 | count = "${length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0}" 77 | 78 | name = "${var.name}-rds-subnet-group" 79 | description = "Database subnet groups for ${var.name}" 80 | subnet_ids = ["${aws_subnet.database.*.id}"] 81 | 82 | tags = "${merge(var.tags, map("Name", format("%s-database-subnet-group", var.name)))}" 83 | } 84 | 85 | resource "aws_subnet" "elasticache" { 86 | count = "${length(var.elasticache_subnets)}" 87 | 88 | vpc_id = "${aws_vpc.mod.id}" 89 | cidr_block = "${var.elasticache_subnets[count.index]}" 90 | availability_zone = "${element(var.azs, count.index)}" 91 | 92 | tags = "${merge(var.tags, var.elasticache_subnet_tags, map("Name", format("%s-subnet-elasticache-%s", var.name, element(var.azs, count.index))))}" 93 | } 94 | 95 | resource "aws_elasticache_subnet_group" "elasticache" { 96 | count = "${length(var.elasticache_subnets) > 0 ? 1 : 0}" 97 | 98 | name = "${var.name}-elasticache-subnet-group" 99 | description = "Elasticache subnet groups for ${var.name}" 100 | subnet_ids = ["${aws_subnet.elasticache.*.id}"] 101 | } 102 | 103 | resource "aws_subnet" "public" { 104 | count = "${length(var.public_subnets)}" 105 | 106 | vpc_id = "${aws_vpc.mod.id}" 107 | cidr_block = "${var.public_subnets[count.index]}" 108 | availability_zone = "${element(var.azs, count.index)}" 109 | map_public_ip_on_launch = "${var.map_public_ip_on_launch}" 110 | 111 | tags = "${merge(var.tags, var.public_subnet_tags, map("Name", format("%s-subnet-public-%s", var.name, element(var.azs, count.index))))}" 112 | } 113 | 114 | resource "aws_eip" "nateip" { 115 | count = "${var.enable_nat_gateway ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}" 116 | 117 | vpc = true 118 | } 119 | 120 | resource "aws_nat_gateway" "natgw" { 121 | count = "${var.enable_nat_gateway ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}" 122 | 123 | allocation_id = "${element(aws_eip.nateip.*.id, (var.single_nat_gateway ? 0 : count.index))}" 124 | subnet_id = "${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}" 125 | 126 | depends_on = ["aws_internet_gateway.mod"] 127 | } 128 | 129 | data "aws_vpc_endpoint_service" "s3" { 130 | service = "s3" 131 | } 132 | 133 | resource "aws_vpc_endpoint" "s3" { 134 | count = "${var.enable_s3_endpoint}" 135 | 136 | vpc_id = "${aws_vpc.mod.id}" 137 | service_name = "${data.aws_vpc_endpoint_service.s3.service_name}" 138 | } 139 | 140 | resource "aws_vpc_endpoint_route_table_association" "private_s3" { 141 | count = "${var.enable_s3_endpoint ? length(var.private_subnets) : 0}" 142 | 143 | vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}" 144 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 145 | } 146 | 147 | resource "aws_vpc_endpoint_route_table_association" "public_s3" { 148 | count = "${var.enable_s3_endpoint ? length(var.public_subnets) : 0}" 149 | 150 | vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}" 151 | route_table_id = "${aws_route_table.public.id}" 152 | } 153 | 154 | data "aws_vpc_endpoint_service" "dynamodb" { 155 | service = "dynamodb" 156 | } 157 | 158 | resource "aws_vpc_endpoint" "dynamodb" { 159 | count = "${var.enable_dynamodb_endpoint}" 160 | 161 | vpc_id = "${aws_vpc.mod.id}" 162 | service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}" 163 | } 164 | 165 | resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" { 166 | count = "${var.enable_dynamodb_endpoint ? length(var.private_subnets) : 0}" 167 | 168 | vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}" 169 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 170 | } 171 | 172 | resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { 173 | count = "${var.enable_dynamodb_endpoint ? length(var.public_subnets) : 0}" 174 | 175 | vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}" 176 | route_table_id = "${aws_route_table.public.id}" 177 | } 178 | 179 | resource "aws_route_table_association" "private" { 180 | count = "${length(var.private_subnets)}" 181 | 182 | subnet_id = "${element(aws_subnet.private.*.id, count.index)}" 183 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 184 | } 185 | 186 | resource "aws_route_table_association" "database" { 187 | count = "${length(var.database_subnets)}" 188 | 189 | subnet_id = "${element(aws_subnet.database.*.id, count.index)}" 190 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 191 | } 192 | 193 | resource "aws_route_table_association" "elasticache" { 194 | count = "${length(var.elasticache_subnets)}" 195 | 196 | subnet_id = "${element(aws_subnet.elasticache.*.id, count.index)}" 197 | route_table_id = "${element(aws_route_table.private.*.id, count.index)}" 198 | } 199 | 200 | resource "aws_route_table_association" "public" { 201 | count = "${length(var.public_subnets)}" 202 | 203 | subnet_id = "${element(aws_subnet.public.*.id, count.index)}" 204 | route_table_id = "${aws_route_table.public.id}" 205 | } 206 | --------------------------------------------------------------------------------