Initial commit

.gitignore

+# used for testing
+terraform.tfvars
+
+### https://raw.github.com/github/gitignore/abad92dac5a4306f72242dae3bca6e277bce3615/Terraform.gitignore
+
+# Compiled files
+*.tfstate
+*.tfstate.backup
+
+# Module directory
+.terraform/
+
+
+### https://raw.github.com/github/gitignore/abad92dac5a4306f72242dae3bca6e277bce3615/Global/Vim.gitignore
+
+# swap
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+# session
+Session.vim
+# temporary
+.netrwhist
+*~
+# auto-generated tag files
+tags
+
+

LICENSE

+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

-# vpc
-Terraform module which creates VPC resources on AWS
+VPC terraform module
+===========
+
+**NOTE: THIS IS A FORK, IGNORE THIS. I WILL DELETE THIS REPO SHORTLY.**
+
+Terraform module which creates VPC resources on AWS.
+
+Module Input Variables
+----------------------
+
+- `name` - name to be used on all the resources created by the module
+- `cidr` - the CIDR block for the VPC
+- `instance_tenancy` - tenancy option for instances launched into the VPC
+- `public_subnets` - list of public subnet cidrs
+- `private_subnets` - list of private subnet cidrs
+- `database_subnets` - list of private RDS subnet cidrs
+- `elasticache_subnets` - list of private Elasticache subnet cidrs
+- `azs` - list of AZs in which to distribute subnets
+- `enable_dns_hostnames` - should be true if you want to use private DNS within the VPC
+- `enable_dns_support` - should be true if you want to use private DNS within the VPC
+- `enable_nat_gateway` - should be true if you want to provision NAT Gateways
+- `enable_s3_endpoint` - should be true if you want to provision an S3 endpoint within the VPC
+- `map_public_ip_on_launch` - should be false if you do not want to auto-assign public IP on launch
+- `private_propagating_vgws` - list of VGWs the private route table should propagate
+- `public_propagating_vgws` - list of VGWs the public route table should propagate
+- `tags` - dictionary of tags that will be added to resources created by the module
+- `public_subnet_tags` - dictionary of tags that will be added to public subnets created by the module
+- `private_subnet_tags` - dictionary of tags that will be added to private subnets created by the module
+- `database_subnet_tags` - dictionary of tags that will be added to database subnets created by the module
+- `elasticache_subnet_tags` - dictionary of tags that will be added to elasticache subnets created by the module
+
+It's generally preferable to keep `public_subnets`, `private_subnets`, and
+`azs` to lists of the same length.
+
+This module optionally creates NAT Gateways (one per availability zone) and sets them
+as the default gateways for the corresponding private subnets.
+
+Usage
+-----
+
+```hcl
+module "vpc" {
+  source = "github.com/terraform-aws-modules/terraform-aws-vpc"
+
+  name = "my-vpc"
+
+  cidr = "10.0.0.0/16"
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = "true"
+
+  azs      = ["us-west-2a", "us-west-2b", "us-west-2c"]
+
+  tags {
+    "Terraform" = "true"
+    "Environment" = "${var.environment}"
+  }
+}
+```
+
+For Terraform version older than 0.7.0 use `ref=v1.0.0`:
+`source = "github.com/terraform-community-modules/tf_aws_vpc?ref=v1.0.0"`
+
+Outputs
+=======
+
+ - `vpc_id` - does what it says on the tin
+ - `private_subnets` - list of private subnet ids
+ - `public_subnets` - list of public subnet ids
+ - `database_subnets` - list of database subnets ids
+ - `database_subnet_group` - db subnet group name
+ - `elasticache_subnets` - list of elasticache subnets ids
+ - `elasticache_subnet_group` - elasticache subnet group name
+ - `public_route_table_ids` - list of public route table ids
+ - `private_route_table_ids` - list of private route table ids
+ - `default_security_group_id` - VPC default security group id string
+ - `nat_eips` - list of Elastic IP ids (if any are provisioned)
+ - `nat_eips_public_ips` - list of NAT gateways' public Elastic IP's (if any are provisioned)
+ - `natgw_ids` - list of NAT gateway ids
+ - `igw_id` - Internet Gateway id string
+
+**NOTE**: previous versions of this module returned a single string as a route
+table ID, while this version returns a list.
+
+Authors
+=======
+
+Originally created and maintained by [Casey Ransom](https://github.com/cransom)
+Hijacked by [Paul Hinze](https://github.com/phinze)
+
+License
+=======
+
+Apache 2 Licensed. See LICENSE for full details.
\ No newline at end of file

main.tf

+resource "aws_vpc" "mod" {
+  cidr_block           = "${var.cidr}"
+  instance_tenancy     = "${var.instance_tenancy}"
+  enable_dns_hostnames = "${var.enable_dns_hostnames}"
+  enable_dns_support   = "${var.enable_dns_support}"
+  tags                 = "${merge(var.tags, map("Name", format("%s", var.name)))}"
+}
+
+resource "aws_internet_gateway" "mod" {
+  vpc_id = "${aws_vpc.mod.id}"
+  tags   = "${merge(var.tags, map("Name", format("%s-igw", var.name)))}"
+}
+
+resource "aws_route_table" "public" {
+  vpc_id           = "${aws_vpc.mod.id}"
+  propagating_vgws = ["${var.public_propagating_vgws}"]
+  tags             = "${merge(var.tags, map("Name", format("%s-rt-public", var.name)))}"
+}
+
+resource "aws_route" "public_internet_gateway" {
+  route_table_id         = "${aws_route_table.public.id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.mod.id}"
+}
+
+resource "aws_route" "private_nat_gateway" {
+  route_table_id         = "${element(aws_route_table.private.*.id, count.index)}"
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = "${element(aws_nat_gateway.natgw.*.id, count.index)}"
+  count                  = "${var.enable_nat_gateway ? length(var.azs) : 0}"
+}
+
+resource "aws_route_table" "private" {
+  vpc_id           = "${aws_vpc.mod.id}"
+  propagating_vgws = ["${var.private_propagating_vgws}"]
+  count            = "${length(var.azs)}"
+  tags             = "${merge(var.tags, map("Name", format("%s-rt-private-%s", var.name, element(var.azs, count.index))))}"
+}
+
+resource "aws_subnet" "private" {
+  vpc_id            = "${aws_vpc.mod.id}"
+  cidr_block        = "${var.private_subnets[count.index]}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.private_subnets)}"
+  tags              = "${merge(var.tags, var.private_subnet_tags, map("Name", format("%s-subnet-private-%s", var.name, element(var.azs, count.index))))}"
+}
+
+resource "aws_subnet" "database" {
+  vpc_id            = "${aws_vpc.mod.id}"
+  cidr_block        = "${var.database_subnets[count.index]}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.database_subnets)}"
+  tags              = "${merge(var.tags, var.database_subnet_tags, map("Name", format("%s-subnet-database-%s", var.name, element(var.azs, count.index))))}"
+}
+
+resource "aws_db_subnet_group" "database" {
+  name        = "${var.name}-rds-subnet-group"
+  description = "Database subnet groups for ${var.name}"
+  subnet_ids  = ["${aws_subnet.database.*.id}"]
+  tags        = "${merge(var.tags, map("Name", format("%s-database-subnet-group", var.name)))}"
+  count       = "${length(var.database_subnets) > 0 ? 1 : 0}"
+}
+
+resource "aws_subnet" "elasticache" {
+  vpc_id            = "${aws_vpc.mod.id}"
+  cidr_block        = "${var.elasticache_subnets[count.index]}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.elasticache_subnets)}"
+  tags              = "${merge(var.tags, var.elasticache_subnet_tags, map("Name", format("%s-subnet-elasticache-%s", var.name, element(var.azs, count.index))))}"
+}
+
+resource "aws_elasticache_subnet_group" "elasticache" {
+  name        = "${var.name}-elasticache-subnet-group"
+  description = "Elasticache subnet groups for ${var.name}"
+  subnet_ids  = ["${aws_subnet.elasticache.*.id}"]
+  count       = "${length(var.elasticache_subnets) > 0 ? 1 : 0}"
+}
+
+resource "aws_subnet" "public" {
+  vpc_id            = "${aws_vpc.mod.id}"
+  cidr_block        = "${var.public_subnets[count.index]}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.public_subnets)}"
+  tags              = "${merge(var.tags, var.public_subnet_tags, map("Name", format("%s-subnet-public-%s", var.name, element(var.azs, count.index))))}"
+
+  map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
+}
+
+resource "aws_eip" "nateip" {
+  vpc   = true
+  count = "${var.enable_nat_gateway ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}"
+}
+
+resource "aws_nat_gateway" "natgw" {
+  allocation_id = "${element(aws_eip.nateip.*.id, (var.single_nat_gateway ? 0 : count.index))}"
+  subnet_id     = "${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}"
+  count         = "${var.enable_nat_gateway ? (var.single_nat_gateway ? 1 : length(var.azs)) : 0}"
+
+  depends_on = ["aws_internet_gateway.mod"]
+}
+
+data "aws_vpc_endpoint_service" "s3" {
+  service = "s3"
+}
+
+resource "aws_vpc_endpoint" "ep" {
+  vpc_id       = "${aws_vpc.mod.id}"
+  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
+  count        = "${var.enable_s3_endpoint}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "private_s3" {
+  count           = "${var.enable_s3_endpoint ? length(var.private_subnets) : 0}"
+  vpc_endpoint_id = "${aws_vpc_endpoint.ep.id}"
+  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_vpc_endpoint_route_table_association" "public_s3" {
+  count           = "${var.enable_s3_endpoint ? length(var.public_subnets) : 0}"
+  vpc_endpoint_id = "${aws_vpc_endpoint.ep.id}"
+  route_table_id  = "${aws_route_table.public.id}"
+}
+
+resource "aws_route_table_association" "private" {
+  count          = "${length(var.private_subnets)}"
+  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
+  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_route_table_association" "database" {
+  count          = "${length(var.database_subnets)}"
+  subnet_id      = "${element(aws_subnet.database.*.id, count.index)}"
+  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_route_table_association" "elasticache" {
+  count          = "${length(var.elasticache_subnets)}"
+  subnet_id      = "${element(aws_subnet.elasticache.*.id, count.index)}"
+  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+}
+
+resource "aws_route_table_association" "public" {
+  count          = "${length(var.public_subnets)}"
+  subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
+  route_table_id = "${aws_route_table.public.id}"
+}

outputs.tf

+output "private_subnets" {
+  value = ["${aws_subnet.private.*.id}"]
+}
+
+output "database_subnets" {
+  value = ["${aws_subnet.database.*.id}"]
+}
+
+output "database_subnet_group" {
+  value = "${aws_db_subnet_group.database.id}"
+}
+
+output "public_subnets" {
+  value = ["${aws_subnet.public.*.id}"]
+}
+
+output "elasticache_subnets" {
+  value = ["${aws_subnet.elasticache.*.id}"]
+}
+
+output "elasticache_subnet_group" {
+  value = "${aws_elasticache_subnet_group.elasticache.id}"
+}
+
+output "vpc_id" {
+  value = "${aws_vpc.mod.id}"
+}
+
+output "vpc_cidr_block" {
+  value = "${aws_vpc.mod.cidr_block}"
+}
+
+output "public_route_table_ids" {
+  value = ["${aws_route_table.public.*.id}"]
+}
+
+output "private_route_table_ids" {
+  value = ["${aws_route_table.private.*.id}"]
+}
+
+output "default_security_group_id" {
+  value = "${aws_vpc.mod.default_security_group_id}"
+}
+
+output "nat_eips" {
+  value = ["${aws_eip.nateip.*.id}"]
+}
+
+output "nat_eips_public_ips" {
+  value = ["${aws_eip.nateip.*.public_ip}"]
+}
+
+output "natgw_ids" {
+  value = ["${aws_nat_gateway.natgw.*.id}"]
+}
+
+output "igw_id" {
+  value = "${aws_internet_gateway.mod.id}"
+}

variables.tf

+variable "name" {
+  description = "Name to be used on all the resources as identifier"
+  default     = ""
+}
+
+variable "cidr" {
+  description = "The CIDR block for the VPC"
+  default     = ""
+}
+
+variable "instance_tenancy" {
+  description = "A tenancy option for instances launched into the VPC"
+  default     = "default"
+}
+
+variable "public_subnets" {
+  description = "A list of public subnets inside the VPC."
+  default     = []
+}
+
+variable "private_subnets" {
+  description = "A list of private subnets inside the VPC."
+  default     = []
+}
+
+variable "database_subnets" {
+  type        = "list"
+  description = "A list of database subnets"
+  default     = []
+}
+
+variable "elasticache_subnets" {
+  type        = "list"
+  description = "A list of elasticache subnets"
+  default     = []
+}
+
+variable "azs" {
+  description = "A list of Availability zones in the region"
+  default     = []
+}
+
+variable "enable_dns_hostnames" {
+  description = "should be true if you want to use private DNS within the VPC"
+  default     = false
+}
+
+variable "enable_dns_support" {
+  description = "should be true if you want to use private DNS within the VPC"
+  default     = false
+}
+
+variable "enable_nat_gateway" {
+  description = "should be true if you want to provision NAT Gateways for each of your private networks"
+  default     = false
+}
+
+variable "single_nat_gateway" {
+  description = "should be true if you want to provision a single shared NAT Gateway across all of your private networks"
+  default     = false
+}
+
+variable "enable_s3_endpoint" {
+  description = "should be true if you want to provision an S3 endpoint to the VPC"
+  default     = false
+}
+variable "map_public_ip_on_launch" {
+  description = "should be false if you do not want to auto-assign public IP on launch"
+  default     = true
+}
+
+variable "private_propagating_vgws" {
+  description = "A list of VGWs the private route table should propagate."
+  default     = []
+}
+
+variable "public_propagating_vgws" {
+  description = "A list of VGWs the public route table should propagate."
+  default     = []
+}
+
+variable "tags" {
+  description = "A map of tags to add to all resources"
+  default     = {}
+}
+
+variable "public_subnet_tags" {
+  description = "Additional tags for the public subnets"
+  default     = {}
+}
+
+variable "private_subnet_tags" {
+  description = "Additional tags for the public subnets"
+  default     = {}
+}
+
+variable "database_subnet_tags" {
+  description = "Additional tags for the database subnets"
+  default     = {}
+}
+
+variable "elasticache_subnet_tags" {
+  description = "Additional tags for the elasticache subnets"
+  default     = {}
+}