Skip to content

Terraform modules networking related vpc,subnets,route tables..

License

Notifications You must be signed in to change notification settings

skyscrapers/terraform-network

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

terraform-network

Terraform modules networking related vpc,subnets,route tables..

Nat Gateway

Creates a nat gateway and automatically adds a route table to the route tables passed as parameter

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_eip.nat_gateway resource
aws_nat_gateway.gateway resource
aws_route.r resource
aws_subnet.ngw_subnets data source

Inputs

Name Description Type Default Required
private_route_tables n/a list(string) n/a yes
public_subnets n/a list(string) n/a yes
number_nat_gateways n/a number 1 no
tags Optional extra tags map(string) {} no

Outputs

Name Description
ids n/a
ips n/a

Example

module "nat_gateway" {
  source               = "nat_gateway"
  private_route_tables = module.vpc.private_rts
  public_subnets       = module.vpc.public_subnets
}

Subnets

Creates a number of subnets and divides them in different parts based on the input params

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_route_table_association.subnet_association resource
aws_subnet.subnets resource
aws_availability_zones.available data source

Inputs

Name Description Type Default Required
cidr CIDR block you use in your VPC string n/a yes
name Name string n/a yes
vpc_id ID of the VPC where we want to deploy the subnet string n/a yes
availability_zones List of AZs to use for the subnets. Defaults to all available AZs when not specified (looped over sequentially for the amount of subnets) list(string) null no
map_public_ip_on_launch Specify true to indicate that instances launched into the subnets should be assigned a public IP address bool false no
netnum Netnum to use for generating the EKS worker subnets. For more information, see the cidrsubnet function docs number 0 no
newbits Newbits to use for generating the subnets. For more information, see the cidrsubnet function docs number 8 no
num_route_tables Amount of route tables to attach the subnets to number 0 no
num_subnets Amount of subnets to create number 3 no
route_tables Route tables to attach the subnets to list(string) [] no
tags Optional Tags map(string) {} no

Outputs

Name Description
ids n/a

Example

module "public_lb_subnets" {
  source      = "../subnets"
  name        = "test-public-lb"
  num_subnets = var.amount_public_lb_subnets
  visibility  = "public"
  role        = "lb"
  cidr        = var.cidr_block
  netnum      = 0
  vpc_id      = aws_vpc.main.id
  aws_region  = var.aws_region

  tags = {
    visibility        = "public"
    role              = "lb"
    KubernetesCluster = "test"
  }
}

vpc

This module will create a vpc with the option to specify 4 types of subnets:

  • public_nat-bastion_subnets
  • public_lb_subnets
  • private_app_subnets
  • private_db_subnets

It will also create the required route tables for the private subnets. The private_app and private_db subnets are private subnets.

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

Name Source Version
private_app_subnets ../subnets n/a
private_db_subnets ../subnets n/a
private_management_subnets ../subnets n/a
public_lb_subnets ../subnets n/a
public_nat-bastion_subnets ../subnets n/a

Resources

Name Type
aws_internet_gateway.gw resource
aws_route.public resource
aws_route_table.private resource
aws_route_table.public resource
aws_vpc.main resource

Inputs

Name Description Type Default Required
cidr_block CIDR block you want to have in your VPC any n/a yes
amount_private_app_subnets Amount of subnets you need number 3 no
amount_private_db_subnets Amount of subnets you need number 3 no
amount_private_management_subnets Amount of subnets you need number 0 no
amount_public_lb_subnets Amount of subnets you need number 3 no
amount_public_nat-bastion_subnets Amount of subnets you need number 1 no
availability_zones List of AZs to use for the subnets. Defaults to all available AZs when not specified (looped over sequentially for the amount of subnets) list(string) null no
extra_tags_private_app Private app subnets extra tags map(string) {} no
extra_tags_private_db Private database subnets extra tags map(string) {} no
extra_tags_private_management Private management subnets extra tags map(string) {} no
extra_tags_public_lb Public load balancer subnets extra tags map(string) {} no
extra_tags_public_nat-bastion Public nat/bastion subnets extra tags map(string) {} no
extra_tags_vpc VPC extra tags map(string) {} no
name Main name for your your VPC, subnets, etc. string "production" no
netnum_private_app First number of subnet to start of for private_app subnets string "20" no
netnum_private_db First number of subnet to start of for private_db subnets string "30" no
netnum_private_management First number of subnet to start of for private_management subnets string "200" no
netnum_public_lb First number of subnet to start of for public_lb subnets string "10" no
netnum_public_nat-bastion First number of subnet to start of for public_nat-bastion subnets string "0" no
number_private_rt The desired number of private route tables. In case we want one per AZ we can change this value. number 1 no
tags Optional Tags map(string) {} no

Outputs

Name Description
default_network_acl_id Id of the default network acl
private_app_subnets List of the private_app subnets id created
private_db_subnets List of the private_db subnets id created
private_management_subnets List of the private_management subnets id created
private_rts List of the ids of the private route tables created
public_lb_subnets List of the public_lb subnets id created
public_nat-bastion List of the public_nat-bastion subnets id created
public_rts List of the ids of the public route tables created
vpc_id The id of the vpc created

Example

module "vpc" {
  source     = "vpc"
  cidr_block = "172.16.0.0/16"
  name       = "test"
  tags       = { "KubernetesCluster" = "test" }
}

vpc_peering

Module to create a VPC peering connection between two VPCs. It creates the needed resources on both ends of the peering connection, thus it requires two different AWS providers.

It also creates the routing between the two VPCs if the route tables are provided.

Requirements

No requirements.

Providers

Name Version
aws.source n/a
aws.target n/a

Modules

No modules.

Resources

Name Type
aws_route.source_to_target resource
aws_route.target_to_source resource
aws_vpc_peering_connection.peering resource
aws_vpc_peering_connection_accepter.peering resource
aws_vpc_peering_connection_options.peering_accepter resource
aws_vpc_peering_connection_options.peering_requester resource
aws_vpc.source data source
aws_vpc.target data source

Inputs

Name Description Type Default Required
source_name Name of the source VPC string n/a yes
source_route_table_ids List of route table IDs from the source VPC that should be routable to the target VPC list(string) n/a yes
source_vpc_id ID of the source VPC string n/a yes
target_account_id AWS account id of the target VPC string n/a yes
target_name Name of the target VPC string n/a yes
target_route_table_ids List of route table IDs from the target VPC that should be routable to the source VPC list(string) n/a yes
target_vpc_id ID of the target VPC string n/a yes
tags AWS tags to apply to the created resources map(string) {} no

Outputs

Name Description
vpc_peering_id ID of the VPC peering connection

securitygroups/all

This module creates and exposes a reusable security group called sg-all.

The implementation uses the separate aws_security_group and aws_security_group_rule resources to make the creation and adaptation of security groups much more modular.

Example

module "securitygroup_all" {
  source = "github.com/skyscrapers/terraform-network//securitygroups/all"
  vpc_id = module.vpc.vpc_id
  name   = "sg_all"
}

securitygroups/icinga_satellite

This module creates and exposes a reusable security group called sg_icinga_satellite, expanded with project and environment info.

The implementation uses the separate aws_security_group and aws_security_group_rule resources to make the creation and adaptation of security groups much more modular.

Example

module "securitygroup_icinga" {
  source           = "github.com/skyscrapers/terraform-network//securitygroups/icinga_satellite"
  vpc_id           = module.vpc.vpc_id
  name             = "sg_icinga_satellite"
  icinga_master_ip = "123.234.123.234/32"
}

securitygroups/puppet

This module creates and exposes a reusable security group called sg_puppet, expanded with project and environment info.

The implementation uses the separate aws_security_group and aws_security_group_rule resources to make the creation and adaptation of security groups much more modular.

Example

module "securitygroup_icinga" {
  source           = "github.com/skyscrapers/terraform-network//securitygroups/puppet"
  vpc_id           = module.vpc.vpc_id
  name             = "sg_puppet"
  puppet_master_ip = "123.234.123.234/32"
}

securitygroups/web_public

This module creates and exposes a reusable security group called sg_web_public, expanded with project and environment info.

The implementation uses the separate aws_security_group and aws_security_group_rule resources to make the creation and adaptation of security groups much more modular.

Example

module "securitygroup_web_public" {
  source = "github.com/skyscrapers/terraform-network//securitygroups/web_public"
  vpc_id = module.vpc.vpc_id
  name   = "sg_web_public"
}

Migration

From v4 to v5

Starting with v5, we've changed how naming and tagging of resources happen within the modules. In earlier versions, a resource's name was derived from the project and environment variables.

Starting with v5, we only provide a name variable, so make sure to update your code accordingly. In most cases this shouldn't be a breaking change: names for VPCs, subnets, route tables etc can be changed without a destroy/recreate of the resources.

Important: The exception is for Security Groups, so eg. in case of the securitygroups/all module, you should specify name = "sg_all_myproject_myenv" to keep the old name.

We've also removed our default, hardcoded tags for Project and Environment. You can still re-add these via the respective tags variables, or use the default_tags parameter from the AWS provider.

From v2 to v3

The Terraform state migration commands to migrate from VPC module v2.x to v3.0 and up.

terraform state mv module.vpc.aws_route_table_association.public_nat-bastion_hosts module.vpc.module.public_nat-bastion_subnets.aws_route_table_association.subnet_association
terraform state mv module.vpc.aws_route_table_association.private_app[0] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_app[1] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_app[2] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_management[0] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_management[1] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_management[2] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[0] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[1] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[2] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_db[0] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_db[1] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_db[2] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[2]