Skip to content

T
terraform-aws-vpc
Commit ef0d14c8 authored by tbugfinder's avatar tbugfinder Committed by GitHub
Browse files
Options

Merge pull request #1 from terraform-aws-modules/master 

test
parents 44bb5899 8e2f50e6
Show whitespace changes
Inline Side-by-side
Showing with 301 additions and 73 deletions
.pre-commit-config.yaml
View file @ ef0d14c8
repos: repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform - repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.7.4 rev: v1.8.1
hooks: hooks:
- id: terraform_fmt - id: terraform_fmt
- id: terraform_docs - id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks - repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.0.0 rev: v2.1.0
hooks: hooks:
- id: check-merge-conflict - id: check-merge-conflict
README.md
View file @ ef0d14c8
...@@ -13,7 +13,7 @@ These types of resources are supported: ...@@ -13,7 +13,7 @@ These types of resources are supported:
* [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) * [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html)
* [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html) * [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html)
* [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html)
* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (S3 and DynamoDB) * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (Gateway: S3, DynamoDB; Interface: EC2, SSM)
* [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html)
* [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html)
* [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html)
...@@ -179,82 +179,94 @@ Terraform version 0.10.3 or newer is required for this module to work. ...@@ -179,82 +179,94 @@ Terraform version 0.10.3 or newer is required for this module to work.
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | | amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `"64512"` | no |
| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | | assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no |
| azs | A list of availability zones in the region | list | `[]` | no | | azs | A list of availability zones in the region | list | `[]` | no |
| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no |
| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | | create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no |
| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | | create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no |
| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no |
| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no |
| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | | create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no |
| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | | create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `"false"` | no |
| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `"true"` | no |
| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `"false"` | no |
| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `"true"` | no |
| database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | | database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no |
| database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | | database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no |
| database\_subnet\_suffix | Suffix to append to database subnets name | string | `db` | no | | database\_subnet\_suffix | Suffix to append to database subnets name | string | `"db"` | no |
| database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | | database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no |
| database\_subnets | A list of database subnets | list | `[]` | no | | database\_subnets | A list of database subnets | list | `[]` | no |
| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | | default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `"false"` | no |
| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | | default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `"false"` | no |
| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | | default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `"true"` | no |
| default\_vpc\_name | Name to be used on the Default VPC | string | `` | no | | default\_vpc\_name | Name to be used on the Default VPC | string | `""` | no |
| default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | | default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no |
| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `` | no | | dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `""` | no |
| dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | | dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no |
| dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | | dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no |
| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `` | no | | dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `""` | no |
| dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no |
| dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no |
| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `"false"` | no |
| ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | list | `[]` | no |
| ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no |
| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | | elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no |
| elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no |
| elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | | elasticache\_subnets | A list of elasticache subnets | list | `[]` | no |
| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | | enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no |
| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | | enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no |
| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `true` | no | | enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no |
| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | | enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no |
| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | | enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no |
| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no |
| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no |
| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no |
| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no |
| external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no |
| igw\_tags | Additional tags for the internet gateway | map | `{}` | no | | igw\_tags | Additional tags for the internet gateway | map | `{}` | no |
| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | | instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no |
| intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | | intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no |
| intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | | intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no |
| intra\_subnets | A list of intra subnets | list | `[]` | no | | intra\_subnets | A list of intra subnets | list | `[]` | no |
| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | | manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `"false"` | no |
| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | | map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `"true"` | no |
| name | Name to be used on all the resources as identifier | string | `` | no | | name | Name to be used on all the resources as identifier | string | `""` | no |
| nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | | nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no |
| nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | | nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no |
| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | | one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `"false"` | no |
| private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | | private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no |
| private\_subnet\_suffix | Suffix to append to private subnets name | string | `private` | no | | private\_subnet\_suffix | Suffix to append to private subnets name | string | `"private"` | no |
| private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | | private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no |
| private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | | private\_subnets | A list of private subnets inside the VPC | list | `[]` | no |
| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | | propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no |
| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | | propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no |
| public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | | public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no |
| public\_subnet\_suffix | Suffix to append to public subnets name | string | `public` | no | | public\_subnet\_suffix | Suffix to append to public subnets name | string | `"public"` | no |
| public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | | public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no |
| public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | | public\_subnets | A list of public subnets inside the VPC | list | `[]` | no |
| redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | | redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no |
| redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no |
| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | | redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `"redshift"` | no |
| redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | | redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no |
| redshift\_subnets | A list of redshift subnets | list | `[]` | no | | redshift\_subnets | A list of redshift subnets | list | `[]` | no |
| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no |
| secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no |
| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no |
| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no |
| ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no |
| ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no |
| tags | A map of tags to add to all resources | map | `{}` | no | | tags | A map of tags to add to all resources | map | `{}` | no |
| vpc\_tags | Additional tags for the VPC | map | `{}` | no | | vpc\_tags | Additional tags for the VPC | map | `{}` | no |
| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `` | no | | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no |
| vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no |
## Outputs ## Outputs
| Name | Description | | Name | Description |
|------|-------------| |------|-------------|
| azs | A list of availability zones specified as argument to this module |
| database\_route\_table\_ids | List of IDs of database route tables | | database\_route\_table\_ids | List of IDs of database route tables |
| database\_subnet\_group | ID of database subnet group | | database\_subnet\_group | ID of database subnet group |
| database\_subnets | List of IDs of database subnets | | database\_subnets | List of IDs of database subnets |
...@@ -299,8 +311,14 @@ Terraform version 0.10.3 or newer is required for this module to work. ...@@ -299,8 +311,14 @@ Terraform version 0.10.3 or newer is required for this module to work.
| vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | | vpc\_enable\_dns\_support | Whether or not the VPC has DNS support |
| vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB | | vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB |
| vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. | | vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. |
| vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. |
| vpc\_endpoint\_ec2\_id | The ID of VPC endpoint for EC2 |
| vpc\_endpoint\_ec2\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 |
| vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 |
| vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. |
| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. |
| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM |
| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. |
| vpc\_id | The ID of the VPC | | vpc\_id | The ID of the VPC |
| vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | | vpc\_instance\_tenancy | Tenancy of instances spin up within VPC |
| vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | | vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC |
......
examples/complete-vpc/README.md
View file @ ef0d14c8
...@@ -28,6 +28,9 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -28,6 +28,9 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| private\_subnets | List of IDs of private subnets | | private\_subnets | List of IDs of private subnets |
| public\_subnets | List of IDs of public subnets | | public\_subnets | List of IDs of public subnets |
| redshift\_subnets | List of IDs of redshift subnets | | redshift\_subnets | List of IDs of redshift subnets |
| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. |
| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM |
| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. |
| vpc\_id | The ID of the VPC | | vpc\_id | The ID of the VPC |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
examples/complete-vpc/main.tf
View file @ ef0d14c8
...@@ -2,6 +2,11 @@ provider "aws" { ...@@ -2,6 +2,11 @@ provider "aws" {
region = "eu-west-1" region = "eu-west-1"
} }
data "aws_security_group" "default" {
name = "default"
vpc_id = "${module.vpc.vpc_id}"
}
module "vpc" { module "vpc" {
source = "../../" source = "../../"
...@@ -19,18 +24,35 @@ module "vpc" { ...@@ -19,18 +24,35 @@ module "vpc" {
create_database_subnet_group = false create_database_subnet_group = false
enable_dns_hostnames = true
enable_dns_support = true
enable_nat_gateway = true enable_nat_gateway = true
single_nat_gateway = true single_nat_gateway = true
enable_vpn_gateway = true enable_vpn_gateway = true
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
enable_dhcp_options = true enable_dhcp_options = true
dhcp_options_domain_name = "service.consul" dhcp_options_domain_name = "service.consul"
dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
# VPC endpoint for S3
enable_s3_endpoint = true
# VPC endpoint for DynamoDB
enable_dynamodb_endpoint = true
# VPC endpoint for SSM
enable_ssm_endpoint = true
ssm_endpoint_private_dns_enabled = true
ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
// ssm_endpoint_subnet_ids = ["..."]
# VPC Endpoint for EC2
enable_ec2_endpoint = true
ec2_endpoint_private_dns_enabled = true
ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
tags = { tags = {
Owner = "user" Owner = "user"
Environment = "staging" Environment = "staging"
......
examples/complete-vpc/outputs.tf
View file @ ef0d14c8
...@@ -40,3 +40,37 @@ output "nat_public_ips" { ...@@ -40,3 +40,37 @@ output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = ["${module.vpc.nat_public_ips}"]
} }
# VPC endpoints
output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM"
value = "${module.vpc.vpc_endpoint_ssm_id}"
}
output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_network_interface_ids}"]
}
output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_dns_entry}"]
}
//
//# VPC endpoints
//output "vpc_endpoint_ec2_id" {
// description = "The ID of VPC endpoint for EC2"
// value = "${module.vpc.vpc_endpoint_ec2_id}"
//}
//
//output "vpc_endpoint_ec2_network_interface_ids" {
// description = "One or more network interfaces for the VPC Endpoint for EC2."
// value = ["${module.vpc.vpc_endpoint_ec2_network_interface_ids}"]
//}
//
//output "vpc_endpoint_ec2_dns_entry" {
// description = "The DNS entries for the VPC Endpoint for EC2."
// value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"]
//}
examples/simple-vpc/README.md
View file @ ef0d14c8
...@@ -21,6 +21,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP ...@@ -21,6 +21,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Description | | Name | Description |
|------|-------------| |------|-------------|
| azs | A list of availability zones spefified as argument to this module |
| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | | nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway |
| private\_subnets | List of IDs of private subnets | | private\_subnets | List of IDs of private subnets |
| public\_subnets | List of IDs of public subnets | | public\_subnets | List of IDs of public subnets |
......
examples/simple-vpc/outputs.tf
View file @ ef0d14c8
...@@ -31,3 +31,9 @@ output "nat_public_ips" { ...@@ -31,3 +31,9 @@ output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = ["${module.vpc.nat_public_ips}"]
} }
# AZs
output "azs" {
description = "A list of availability zones spefified as argument to this module"
value = ["${module.vpc.azs}"]
}
examples/test_fixture/README.md
View file @ ef0d14c8
...@@ -25,7 +25,7 @@ This will destroy any existing test resources, create the resources afresh, run ...@@ -25,7 +25,7 @@ This will destroy any existing test resources, create the resources afresh, run
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| region | - | string | `eu-west-1` | no | | region | | string | `"eu-west-1"` | no |
## Outputs ## Outputs
......
main.tf
View file @ ef0d14c8
...@@ -122,7 +122,7 @@ resource "aws_route_table" "database" { ...@@ -122,7 +122,7 @@ resource "aws_route_table" "database" {
} }
resource "aws_route" "database_internet_gateway" { resource "aws_route" "database_internet_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0}" count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0}"
route_table_id = "${aws_route_table.database.id}" route_table_id = "${aws_route_table.database.id}"
destination_cidr_block = "0.0.0.0/0" destination_cidr_block = "0.0.0.0/0"
...@@ -133,6 +133,17 @@ resource "aws_route" "database_internet_gateway" { ...@@ -133,6 +133,17 @@ resource "aws_route" "database_internet_gateway" {
} }
} }
resource "aws_route" "database_nat_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0}"
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}"
timeouts {
create = "5m"
}
}
################# #################
# Redshift routes # Redshift routes
################# #################
...@@ -230,7 +241,7 @@ resource "aws_subnet" "redshift" { ...@@ -230,7 +241,7 @@ resource "aws_subnet" "redshift" {
} }
resource "aws_redshift_subnet_group" "redshift" { resource "aws_redshift_subnet_group" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? 1 : 0}" count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0}"
name = "${lower(var.name)}" name = "${lower(var.name)}"
description = "Redshift subnet group for ${var.name}" description = "Redshift subnet group for ${var.name}"
...@@ -253,7 +264,7 @@ resource "aws_subnet" "elasticache" { ...@@ -253,7 +264,7 @@ resource "aws_subnet" "elasticache" {
} }
resource "aws_elasticache_subnet_group" "elasticache" { resource "aws_elasticache_subnet_group" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? 1 : 0}" count = "${var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0}"
name = "${var.name}" name = "${var.name}"
description = "ElastiCache subnet group for ${var.name}" description = "ElastiCache subnet group for ${var.name}"
...@@ -393,6 +404,48 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { ...@@ -393,6 +404,48 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
route_table_id = "${aws_route_table.public.id}" route_table_id = "${aws_route_table.public.id}"
} }
######################
# VPC Endpoint for SSM
######################
data "aws_vpc_endpoint_service" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
service = "ssm"
}
resource "aws_vpc_endpoint" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ssm.service_name}"
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ssm_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
}
######################
# VPC Endpoint for EC2
######################
data "aws_vpc_endpoint_service" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
service = "ec2"
}
resource "aws_vpc_endpoint" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ec2.service_name}"
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ec2_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
}
########################## ##########################
# Route table association # Route table association
########################## ##########################
......
outputs.tf
View file @ ef0d14c8
...@@ -193,31 +193,11 @@ output "igw_id" { ...@@ -193,31 +193,11 @@ output "igw_id" {
value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}" value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}"
} }
output "vpc_endpoint_s3_id" {
description = "The ID of VPC endpoint for S3"
value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}"
}
output "vpc_endpoint_s3_pl_id" {
description = "The prefix list for the S3 VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}"
}
output "vpc_endpoint_dynamodb_id" {
description = "The ID of VPC endpoint for DynamoDB"
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}"
}
output "vgw_id" { output "vgw_id" {
description = "The ID of the VPN Gateway" description = "The ID of the VPN Gateway"
value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}" value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}"
} }
output "vpc_endpoint_dynamodb_pl_id" {
description = "The prefix list for the DynamoDB VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}"
}
output "default_vpc_id" { output "default_vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}" value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}"
...@@ -278,3 +258,59 @@ output "default_vpc_main_route_table_id" { ...@@ -278,3 +258,59 @@ output "default_vpc_main_route_table_id" {
// value = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}" // value = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}"
//} //}
# VPC Endpoints
output "vpc_endpoint_s3_id" {
description = "The ID of VPC endpoint for S3"
value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}"
}
output "vpc_endpoint_s3_pl_id" {
description = "The prefix list for the S3 VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}"
}
output "vpc_endpoint_dynamodb_id" {
description = "The ID of VPC endpoint for DynamoDB"
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}"
}
output "vpc_endpoint_dynamodb_pl_id" {
description = "The prefix list for the DynamoDB VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}"
}
output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM"
value = "${element(concat(aws_vpc_endpoint.ssm.*.id, list("")), 0)}"
}
output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)}"
}
output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}"
}
output "vpc_endpoint_ec2_id" {
description = "The ID of VPC endpoint for EC2"
value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}"
}
output "vpc_endpoint_ec2_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2"
value = "${flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)}"
}
output "vpc_endpoint_ec2_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2."
value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}"
}
# Static values (arguments)
output "azs" {
description = "A list of availability zones specified as argument to this module"
value = "${var.azs}"
}
variables.tf
View file @ ef0d14c8
...@@ -81,6 +81,12 @@ variable "elasticache_subnets" { ...@@ -81,6 +81,12 @@ variable "elasticache_subnets" {
default = [] default = []
} }
variable "intra_subnets" {
type = "list"
description = "A list of intra subnets"
default = []
}
variable "create_database_subnet_route_table" { variable "create_database_subnet_route_table" {
description = "Controls if separate route table for database should be created" description = "Controls if separate route table for database should be created"
default = false default = false
...@@ -96,22 +102,31 @@ variable "create_elasticache_subnet_route_table" { ...@@ -96,22 +102,31 @@ variable "create_elasticache_subnet_route_table" {
default = false default = false
} }
variable "intra_subnets" {
type = "list"
description = "A list of intra subnets"
default = []
}
variable "create_database_subnet_group" { variable "create_database_subnet_group" {
description = "Controls if database subnet group should be created" description = "Controls if database subnet group should be created"
default = true default = true
} }
variable "create_elasticache_subnet_group" {
description = "Controls if elasticache subnet group should be created"
default = true
}
variable "create_redshift_subnet_group" {
description = "Controls if redshift subnet group should be created"
default = true
}
variable "create_database_internet_gateway_route" { variable "create_database_internet_gateway_route" {
description = "Controls if an internet gateway route for public database access should be created" description = "Controls if an internet gateway route for public database access should be created"
default = false default = false
} }
variable "create_database_nat_gateway_route" {
description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
default = false
}
variable "azs" { variable "azs" {
description = "A list of availability zones in the region" description = "A list of availability zones in the region"
default = [] default = []
...@@ -163,6 +178,46 @@ variable "enable_s3_endpoint" { ...@@ -163,6 +178,46 @@ variable "enable_s3_endpoint" {
default = false default = false
} }
variable "enable_ssm_endpoint" {
description = "Should be true if you want to provision an SSM endpoint to the VPC"
default = false
}
variable "ssm_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
default = []
}
variable "ssm_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
default = []
}
variable "ssm_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
default = false
}
variable "enable_ec2_endpoint" {
description = "Should be true if you want to provision an EC2 endpoint to the VPC"
default = false
}
variable "ec2_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
default = []
}
variable "ec2_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
default = false
}
variable "ec2_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
default = []
}
variable "map_public_ip_on_launch" { variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch" description = "Should be false if you do not want to auto-assign public IP on launch"
default = true default = true
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment