This repository contains Terraform configuration files that create an AWS Virtual Private Cloud (VPC). This module also sets up subnets for different types of resources, such as public, private and database subnets. Additionally, the module creates and configures a number of other resources, such as default network ACL, default route table, and default security group. It also creates VPC endpoints for services such as S3 and DynamoDB, to allow communication between resources in the VPC and those services without going over the internet.
To view examples for how you can leverage this VPC Module, please see the examples directory.
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | >= 3.73 |
| Name | Version |
|---|---|
| aws | >= 3.73 |
| Name | Source | Version |
|---|---|---|
| vpc | git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git | v5.9.0 |
| vpc_endpoints | git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//modules/vpc-endpoints | v5.9.0 |
| Name | Type |
|---|---|
| aws_ec2_subnet_cidr_reservation.this | resource |
| aws_security_group.vpc_smtp | resource |
| aws_security_group.vpc_tls | resource |
| aws_region.current | data source |
| aws_security_group.default | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azs | List of availability zones to deploy into | list(string) |
n/a | yes |
| create_database_subnet_group | Create database subnet group | bool |
true |
no |
| create_default_vpc_endpoints | Creates a default set of VPC endpoints. | bool |
true |
no |
| database_subnets | List of database subnets inside the VPC | list(string) |
[] |
no |
| ecr_endpoint_policy | Policy to attach to the ECR endpoint. Defaults to *. | string |
null |
no |
| enable_fips_vpce | Enable FIPS endpoints for VPC endpoints. | bool |
false |
no |
| enable_nat_gateway | Enable NAT gateway | bool |
false |
no |
| enable_ses_vpce | Enable Simple Email Service endpoints for the VPC endpoints. | bool |
true |
no |
| flow_log_cloudwatch_log_group_retention_in_days | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | number |
365 |
no |
| flow_log_log_format | The fields to include in the flow log record, in the order in which they should appear | string |
null |
no |
| instance_tenancy | Tenancy of instances launched into the VPC. Valid values are "default" or "dedicated". EKS does not support dedicated tenancy. |
string |
"default" |
no |
| intra_subnet_tags | Tags to apply to intra subnets | map(string) |
{} |
no |
| intra_subnets | List of intra subnets inside the VPC | list(string) |
[] |
no |
| ip_offsets_per_subnet | List of offsets for IP reservations in each subnet. | list(list(number)) |
null |
no |
| name | Name to be used on all resources as identifier | string |
n/a | yes |
| private_subnet_tags | Tags to apply to private subnets | map(string) |
{} |
no |
| private_subnets | List of private subnets inside the VPC | list(string) |
[] |
no |
| public_subnet_tags | Tags to apply to public subnets | map(string) |
{} |
no |
| public_subnets | List of public subnets inside the VPC | list(string) |
[] |
no |
| secondary_cidr_blocks | List of secondary CIDR blocks for the VPC | list(string) |
[] |
no |
| single_nat_gateway | Use a single NAT gateway for all private subnets | bool |
true |
no |
| tags | A map of tags to apply to all resources | map(string) |
{} |
no |
| vpc_cidr | CIDR block for the VPC | string |
n/a | yes |
| vpc_flow_log_permissions_boundary | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | string |
null |
no |
| Name | Description |
|---|---|
| azs | A list of availability zones in the region |
| cgw_arns | List of ARNs of Customer Gateway |
| cgw_ids | List of IDs of Customer Gateway |
| database_internet_gateway_route_id | ID of the database internet gateway route |
| database_ipv6_egress_route_id | ID of the database IPv6 egress route |
| database_nat_gateway_route_ids | List of IDs of the database nat gateway route |
| database_network_acl_arn | ARN of the database network ACL |
| database_network_acl_id | ID of the database network ACL |
| database_route_table_association_ids | List of IDs of the database route table association |
| database_route_table_ids | List of IDs of database route tables |
| database_subnet_arns | List of ARNs of database subnets |
| database_subnet_group | ID of database subnet group |
| database_subnet_group_name | Name of database subnet group |
| database_subnets | List of IDs of database subnets |
| database_subnets_cidr_blocks | List of cidr_blocks of database subnets |
| database_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC |
| default_network_acl_id | The ID of the default network ACL |
| default_route_table_id | The ID of the default route table |
| default_security_group_id | The ID of the security group created by default on VPC creation |
| default_vpc_arn | The ARN of the Default VPC |
| default_vpc_cidr_block | The CIDR block of the Default VPC |
| default_vpc_default_network_acl_id | The ID of the default network ACL of the Default VPC |
| default_vpc_default_route_table_id | The ID of the default route table of the Default VPC |
| default_vpc_default_security_group_id | The ID of the security group created by default on Default VPC creation |
| default_vpc_enable_dns_hostnames | Whether or not the Default VPC has DNS hostname support |
| default_vpc_enable_dns_support | Whether or not the Default VPC has DNS support |
| default_vpc_id | The ID of the Default VPC |
| default_vpc_instance_tenancy | Tenancy of instances spin up within Default VPC |
| default_vpc_main_route_table_id | The ID of the main route table associated with the Default VPC |
| dhcp_options_id | The ID of the DHCP options |
| egress_only_internet_gateway_id | The ID of the egress only Internet Gateway |
| elasticache_network_acl_arn | ARN of the elasticache network ACL |
| elasticache_network_acl_id | ID of the elasticache network ACL |
| elasticache_route_table_association_ids | List of IDs of the elasticache route table association |
| elasticache_route_table_ids | List of IDs of elasticache route tables |
| elasticache_subnet_arns | List of ARNs of elasticache subnets |
| elasticache_subnet_group | ID of elasticache subnet group |
| elasticache_subnet_group_name | Name of elasticache subnet group |
| elasticache_subnets | List of IDs of elasticache subnets |
| elasticache_subnets_cidr_blocks | List of cidr_blocks of elasticache subnets |
| elasticache_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC |
| igw_arn | The ARN of the Internet Gateway |
| igw_id | The ID of the Internet Gateway |
| intra_network_acl_arn | ARN of the intra network ACL |
| intra_network_acl_id | ID of the intra network ACL |
| intra_route_table_association_ids | List of IDs of the intra route table association |
| intra_route_table_ids | List of IDs of intra route tables |
| intra_subnet_arns | List of ARNs of intra subnets |
| intra_subnets | List of IDs of intra subnets |
| intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets |
| intra_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC |
| name | The name of the VPC specified as argument to this module |
| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway |
| natgw_ids | List of NAT Gateway IDs |
| outpost_network_acl_arn | ARN of the outpost network ACL |
| outpost_network_acl_id | ID of the outpost network ACL |
| outpost_subnet_arns | List of ARNs of outpost subnets |
| outpost_subnets | List of IDs of outpost subnets |
| outpost_subnets_cidr_blocks | List of cidr_blocks of outpost subnets |
| outpost_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC |
| private_ipv6_egress_route_ids | List of IDs of the ipv6 egress route |
| private_nat_gateway_route_ids | List of IDs of the private nat gateway route |
| private_network_acl_arn | ARN of the private network ACL |
| private_network_acl_id | ID of the private network ACL |
| private_route_table_association_ids | List of IDs of the private route table association |
| private_route_table_ids | List of IDs of private route tables |
| private_subnet_arns | List of ARNs of private subnets |
| private_subnets | List of IDs of private subnets |
| private_subnets_cidr_blocks | List of cidr_blocks of private subnets |
| private_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC |
| public_internet_gateway_ipv6_route_id | ID of the IPv6 internet gateway route |
| public_internet_gateway_route_id | ID of the internet gateway route |
| public_network_acl_arn | ARN of the public network ACL |
| public_network_acl_id | ID of the public network ACL |
| public_route_table_association_ids | List of IDs of the public route table association |
| public_route_table_ids | List of IDs of public route tables |
| public_subnet_arns | List of ARNs of public subnets |
| public_subnets | List of IDs of public subnets |
| public_subnets_cidr_blocks | List of cidr_blocks of public subnets |
| public_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC |
| redshift_network_acl_arn | ARN of the redshift network ACL |
| redshift_network_acl_id | ID of the redshift network ACL |
| redshift_public_route_table_association_ids | List of IDs of the public redshift route table association |
| redshift_route_table_association_ids | List of IDs of the redshift route table association |
| redshift_route_table_ids | List of IDs of redshift route tables |
| redshift_subnet_arns | List of ARNs of redshift subnets |
| redshift_subnet_group | ID of redshift subnet group |
| redshift_subnets | List of IDs of redshift subnets |
| redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets |
| redshift_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC |
| reserved_ips_per_subnet | Map of subnet IDs to their reserved IP addresses in dotted decimal notation. |
| this_customer_gateway | Map of Customer Gateway attributes |
| vgw_arn | The ARN of the VPN Gateway |
| vgw_id | The ID of the VPN Gateway |
| vpc_arn | The ARN of the VPC |
| vpc_cidr_block | The CIDR block of the VPC |
| vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support |
| vpc_enable_dns_support | Whether or not the VPC has DNS support |
| vpc_endpoints | Array containing the full resource object and attributes for all endpoints created |
| vpc_flow_log_cloudwatch_iam_role_arn | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
| vpc_flow_log_destination_arn | The ARN of the destination for VPC Flow Logs |
| vpc_flow_log_destination_type | The type of the destination for VPC Flow Logs |
| vpc_flow_log_id | The ID of the Flow Log resource |
| vpc_id | The ID of the VPC |
| vpc_instance_tenancy | Tenancy of instances spin up within VPC |
| vpc_ipv6_association_id | The association ID for the IPv6 CIDR block |
| vpc_ipv6_cidr_block | The IPv6 CIDR block |
| vpc_main_route_table_id | The ID of the main route table associated with this VPC |
| vpc_owner_id | The ID of the AWS account that owns the VPC |
| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC |