Terraform modules networking related vpc,subnets,route tables..
- terraform-network
Creates a nat gateway and automatically adds a route table to the route tables passed as parameter
Name | Version |
---|---|
terraform | >= 0.12 |
Name | Version |
---|---|
aws | n/a |
No modules.
Name | Type |
---|---|
aws_eip.nat_gateway | resource |
aws_nat_gateway.gateway | resource |
aws_route.r | resource |
aws_subnet.ngw_subnets | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
private_route_tables | n/a | list(string) |
n/a | yes |
public_subnets | n/a | list(string) |
n/a | yes |
number_nat_gateways | n/a | number |
1 |
no |
tags | Optional extra tags | map(string) |
{} |
no |
Name | Description |
---|---|
ids | n/a |
ips | n/a |
module "nat_gateway" {
source = "nat_gateway"
private_route_tables = module.vpc.private_rts
public_subnets = module.vpc.public_subnets
}
Creates a number of subnets and divides them in different parts based on the input params
No requirements.
Name | Version |
---|---|
aws | n/a |
No modules.
Name | Type |
---|---|
aws_route_table_association.subnet_association | resource |
aws_subnet.subnets | resource |
aws_availability_zones.available | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cidr | CIDR block you use in your VPC | string |
n/a | yes |
name | Name | string |
n/a | yes |
vpc_id | ID of the VPC where we want to deploy the subnet | string |
n/a | yes |
availability_zones | List of AZs to use for the subnets. Defaults to all available AZs when not specified (looped over sequentially for the amount of subnets) | list(string) |
null |
no |
map_public_ip_on_launch | Specify true to indicate that instances launched into the subnets should be assigned a public IP address | bool |
false |
no |
netnum | Netnum to use for generating the EKS worker subnets. For more information, see the cidrsubnet function docs | number |
0 |
no |
newbits | Newbits to use for generating the subnets. For more information, see the cidrsubnet function docs | number |
8 |
no |
num_route_tables | Amount of route tables to attach the subnets to | number |
0 |
no |
num_subnets | Amount of subnets to create | number |
3 |
no |
route_tables | Route tables to attach the subnets to | list(string) |
[] |
no |
tags | Optional Tags | map(string) |
{} |
no |
Name | Description |
---|---|
ids | n/a |
module "public_lb_subnets" {
source = "../subnets"
name = "test-public-lb"
num_subnets = var.amount_public_lb_subnets
visibility = "public"
role = "lb"
cidr = var.cidr_block
netnum = 0
vpc_id = aws_vpc.main.id
aws_region = var.aws_region
tags = {
visibility = "public"
role = "lb"
KubernetesCluster = "test"
}
}
This module will create a vpc with the option to specify 4 types of subnets:
- public_nat-bastion_subnets
- public_lb_subnets
- private_app_subnets
- private_db_subnets
It will also create the required route tables for the private subnets. The private_app and private_db subnets are private subnets.
No requirements.
Name | Version |
---|---|
aws | n/a |
Name | Source | Version |
---|---|---|
private_app_subnets | ../subnets | n/a |
private_db_subnets | ../subnets | n/a |
private_management_subnets | ../subnets | n/a |
public_lb_subnets | ../subnets | n/a |
public_nat-bastion_subnets | ../subnets | n/a |
Name | Type |
---|---|
aws_internet_gateway.gw | resource |
aws_route.public | resource |
aws_route_table.private | resource |
aws_route_table.public | resource |
aws_vpc.main | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cidr_block | CIDR block you want to have in your VPC | any |
n/a | yes |
amount_private_app_subnets | Amount of subnets you need | number |
3 |
no |
amount_private_db_subnets | Amount of subnets you need | number |
3 |
no |
amount_private_management_subnets | Amount of subnets you need | number |
0 |
no |
amount_public_lb_subnets | Amount of subnets you need | number |
3 |
no |
amount_public_nat-bastion_subnets | Amount of subnets you need | number |
1 |
no |
availability_zones | List of AZs to use for the subnets. Defaults to all available AZs when not specified (looped over sequentially for the amount of subnets) | list(string) |
null |
no |
extra_tags_private_app | Private app subnets extra tags | map(string) |
{} |
no |
extra_tags_private_db | Private database subnets extra tags | map(string) |
{} |
no |
extra_tags_private_management | Private management subnets extra tags | map(string) |
{} |
no |
extra_tags_public_lb | Public load balancer subnets extra tags | map(string) |
{} |
no |
extra_tags_public_nat-bastion | Public nat/bastion subnets extra tags | map(string) |
{} |
no |
extra_tags_vpc | VPC extra tags | map(string) |
{} |
no |
name | Main name for your your VPC, subnets, etc. | string |
"production" |
no |
netnum_private_app | First number of subnet to start of for private_app subnets | string |
"20" |
no |
netnum_private_db | First number of subnet to start of for private_db subnets | string |
"30" |
no |
netnum_private_management | First number of subnet to start of for private_management subnets | string |
"200" |
no |
netnum_public_lb | First number of subnet to start of for public_lb subnets | string |
"10" |
no |
netnum_public_nat-bastion | First number of subnet to start of for public_nat-bastion subnets | string |
"0" |
no |
number_private_rt | The desired number of private route tables. In case we want one per AZ we can change this value. | number |
1 |
no |
tags | Optional Tags | map(string) |
{} |
no |
Name | Description |
---|---|
default_network_acl_id | Id of the default network acl |
private_app_subnets | List of the private_app subnets id created |
private_db_subnets | List of the private_db subnets id created |
private_management_subnets | List of the private_management subnets id created |
private_rts | List of the ids of the private route tables created |
public_lb_subnets | List of the public_lb subnets id created |
public_nat-bastion | List of the public_nat-bastion subnets id created |
public_rts | List of the ids of the public route tables created |
vpc_id | The id of the vpc created |
module "vpc" {
source = "vpc"
cidr_block = "172.16.0.0/16"
name = "test"
tags = { "KubernetesCluster" = "test" }
}
Module to create a VPC peering connection between two VPCs. It creates the needed resources on both ends of the peering connection, thus it requires two different AWS providers.
It also creates the routing between the two VPCs if the route tables are provided.
No requirements.
Name | Version |
---|---|
aws.source | n/a |
aws.target | n/a |
No modules.
Name | Type |
---|---|
aws_route.source_to_target | resource |
aws_route.target_to_source | resource |
aws_vpc_peering_connection.peering | resource |
aws_vpc_peering_connection_accepter.peering | resource |
aws_vpc_peering_connection_options.peering_accepter | resource |
aws_vpc_peering_connection_options.peering_requester | resource |
aws_vpc.source | data source |
aws_vpc.target | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
source_name | Name of the source VPC | string |
n/a | yes |
source_route_table_ids | List of route table IDs from the source VPC that should be routable to the target VPC | list(string) |
n/a | yes |
source_vpc_id | ID of the source VPC | string |
n/a | yes |
target_account_id | AWS account id of the target VPC | string |
n/a | yes |
target_name | Name of the target VPC | string |
n/a | yes |
target_route_table_ids | List of route table IDs from the target VPC that should be routable to the source VPC | list(string) |
n/a | yes |
target_vpc_id | ID of the target VPC | string |
n/a | yes |
tags | AWS tags to apply to the created resources | map(string) |
{} |
no |
Name | Description |
---|---|
vpc_peering_id | ID of the VPC peering connection |
This module creates and exposes a reusable security group called sg-all
.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
module "securitygroup_all" {
source = "github.com/skyscrapers/terraform-network//securitygroups/all"
vpc_id = module.vpc.vpc_id
name = "sg_all"
}
This module creates and exposes a reusable security group called sg_icinga_satellite
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/icinga_satellite"
vpc_id = module.vpc.vpc_id
name = "sg_icinga_satellite"
icinga_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_puppet
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/puppet"
vpc_id = module.vpc.vpc_id
name = "sg_puppet"
puppet_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_web_public
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
module "securitygroup_web_public" {
source = "github.com/skyscrapers/terraform-network//securitygroups/web_public"
vpc_id = module.vpc.vpc_id
name = "sg_web_public"
}
Starting with v5, we've changed how naming and tagging of resources happen within the modules. In earlier versions, a resource's name was derived from the project
and environment
variables.
Starting with v5, we only provide a name
variable, so make sure to update your code accordingly. In most cases this shouldn't be a breaking change: names for VPCs, subnets, route tables etc can be changed without a destroy/recreate of the resources.
Important: The exception is for Security Groups, so eg. in case of the securitygroups/all
module, you should specify name = "sg_all_myproject_myenv"
to keep the old name.
We've also removed our default, hardcoded tags for Project
and Environment
. You can still re-add these via the respective tags
variables, or use the default_tags
parameter from the AWS provider.
The Terraform state migration commands to migrate from VPC module v2.x to v3.0 and up.
terraform state mv module.vpc.aws_route_table_association.public_nat-bastion_hosts module.vpc.module.public_nat-bastion_subnets.aws_route_table_association.subnet_association
terraform state mv module.vpc.aws_route_table_association.private_app[0] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_app[1] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_app[2] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_management[0] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_management[1] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_management[2] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[0] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[1] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[2] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_db[0] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_db[1] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_db[2] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[2]