Giter VIP home page Giter VIP logo

terraform-aws-vpc's Introduction

terraform-aws-vpc

Terraform Version Release Last Commit Issues Pull Requests License Open Source Love

Table of Content

Prerequisites

  • Terraform. This module currently tested on 0.13.7

Quick Start

Terraform module to create all mandatory VPC components.

This module supports either single-tier (only public subnet) or multi-tier (public-app-data subnets) VPC creation. This module supports only up to 4 AZs.

Multi-Tier VPC

module "abc_dev" {
  source  = "traveloka/vpc/aws"
  version = "v0.8.0"
  
  product_domain = "abc"
  environment    = "dev"

  vpc_name       = "abc-dev"
  vpc_cidr_block = "172.16.0.0/16"

  flowlogs_s3_logging_bucket_name = "S3-bucket-name"
}

We use multi-tier architecture for our VPC design. This design divides the infrastructure into three layers:

  • Public tier: entrypoint for public-facing client. Using public subnet since resources in this tier will be discoverable through Internet. Examples: external load balancer, bastion, etc.
  • Application Tier: this is where the business logic services life and communicate each others. This tier using private subnet, hence it's only accessible through private network.
  • Database Tier: this is where databases life. Application and databases are seperated to have clear boundaries and secure access through application tier.

Benefits or having multi-tier architecture are:

  • Scalable
  • Gives us high availability and redundancy
  • Fit with microservices architecture
  • Clear boundaries between public-facing, business logic, and data storage
  • Secure and reduce risk, because by default any services life at private subnet, and database only accessible through the application tier.

Single-Tier VPC

In some cases, you will need a VPC which has only public subnets.

module "abc_dev" {
  source  = "traveloka/vpc/aws"
  version = "v0.8.0"

  # you only need to add this line
  vpc_multi_tier = false 

  # ... omitted
}

In some situations (it is not always happening), you will get some errors from Terraform when you set vpc_multi_tier = false. It happens because several resources were not created but stated as the outputs. Currrently Terraform does not allow count inside output block, so now it is inevitable. But don't worry, the errors have nothing to do with the stacks/resources/infrastructures that you created. Just re-execute terraform apply and you will be fine.

Examples

Module

Requirements

Name Version
terraform >= 0.12.0
terraform >= 0.13
aws ~> 3.74
random >= 1.2, < 3.0.0

Providers

Name Version
aws ~> 3.74

Modules

Name Source Version
flowlogs_to_s3_naming [email protected]:traveloka/terraform-aws-resource-naming.git v0.20.0

Resources

Name Type
aws_db_subnet_group.this resource
aws_default_network_acl.this resource
aws_default_route_table.this resource
aws_default_security_group.this resource
aws_default_vpc_dhcp_options.this resource
aws_eip.nat resource
aws_elasticache_subnet_group.this resource
aws_flow_log.flowlogs_to_s3 resource
aws_internet_gateway.this resource
aws_nat_gateway.this resource
aws_redshift_subnet_group.this resource
aws_route.app resource
aws_route.data resource
aws_route.public resource
aws_route_table.app resource
aws_route_table.data resource
aws_route_table.public resource
aws_route_table_association.app resource
aws_route_table_association.data resource
aws_route_table_association.public resource
aws_s3_bucket.flowlogs_to_s3 resource
aws_s3_bucket_policy.flowlogs_to_s3 resource
aws_subnet.app resource
aws_subnet.data resource
aws_subnet.public resource
aws_vpc.this resource
aws_vpc_endpoint.dynamodb resource
aws_vpc_endpoint.s3 resource
aws_vpc_endpoint_route_table_association.dynamodb_app resource
aws_vpc_endpoint_route_table_association.dynamodb_data resource
aws_vpc_endpoint_route_table_association.dynamodb_public resource
aws_vpc_endpoint_route_table_association.s3_app resource
aws_vpc_endpoint_route_table_association.s3_data resource
aws_vpc_endpoint_route_table_association.s3_public resource
aws_caller_identity.current data source
aws_iam_policy_document.flowlogs_to_s3 data source
aws_region.current data source

Inputs

Name Description Type Default Required
additional_app_subnet_tags A map of additional tags to add to the application subnet map {} no
additional_data_subnet_tags A map of additional tags to add to the data subnet map {} no
additional_public_subnet_tags A map of additional tags to add to the public subnet map {} no
additional_tags A map of additional tags to add to all resources map {} no
additional_vpc_tags A map of additional tags to add to the vpc map {} no
environment Type of environment these resources belong to. string n/a yes
flow_logs_log_group_retention_period Specifies the number of days you want to retain log events in the specified log group. string "14" no
flowlogs_bucket_retention_in_days FlowLogs bucket retention (in days) number 365 no
flowlogs_max_aggregation_interval FlowLogs Max Aggregation Interval number 600 no
flowlogs_s3_logging_bucket_name S3 bucket name to store FlowLogs S3 Bucket log string n/a yes
product_domain Product domain these resources belong to. string n/a yes
subnet_availability_zones List of AZs to spread VPC subnets over. list(string) 
[
  "ap-southeast-1a",
  "ap-southeast-1b",
  "ap-southeast-1c"
]
 no
transition_to_glacier_ir_in_days Days stored in standard class before transition to glacier number 30 no
vpc_cidr_block The CIDR block for the VPC. string n/a yes
vpc_enable_dns_hostnames A boolean flag to enable/disable DNS hostnames in the VPC. Defaults true. string "true" no
vpc_enable_dns_support A boolean flag to enable/disable DNS support in the VPC. Defaults true. string "true" no
vpc_multi_tier Whether this VPC should have 3 tiers. True means 3-tier, false means single-tier. Defaults true. Recommended value is true. string "true" no
vpc_name The name of the VPC. This name will be used as the prefix for all VPC components. string n/a yes

Outputs

Name Description
aws_account_id The AWS Account ID number of the account that owns or contains the calling entity.
aws_caller_arn The AWS ARN associated with the calling entity.
aws_caller_user_id The unique identifier of the calling entity.
db_subnet_group_arn The ARN of the db subnet group.
db_subnet_group_name The db subnet group name.
eip_nat_ids List of Elastic IP allocation IDs for NAT Gateway.
eip_nat_public_ips List of Elastic IP public IPs for NAT Gateway.
elasticache_subnet_group_name The elasticache subnet group name.
igw_id The ID of the Internet Gateway.
nat_ids List of NAT Gateway IDs
nat_network_interface_ids List of ENI IDs of the network interface created by the NAT gateway.
nat_private_ips List of private IP addresses of the NAT Gateway.
redshift_subnet_group_id The Redshift Subnet group ID.
region_ec2_endpoint The EC2 endpoint for the selected region.
region_name The name of the selected region.
rtb_app_ids List of IDs of app route tables
rtb_data_ids List of IDs of data route tables
rtb_public_id ID of public route table
subnet_app_cidr_blocks List of cidr_blocks of app subnets.
subnet_app_ids List of IDs of app subnets.
subnet_data_cidr_blocks List of cidr_blocks of data subnets.
subnet_data_ids List of IDs of data subnets.
subnet_public_cidr_blocks List of cidr_blocks of public subnets.
subnet_public_ids List of IDs of public subnets.
vpc_cidr_block The CIDR block of the VPC.
vpc_default_network_acl_id The ID of the network ACL created by default on VPC creation.
vpc_default_route_table_id The ID of the route table created by default on VPC creation.
vpc_default_security_group_id The ID of the security group created by default on VPC creation.
vpc_enable_classiclink Whether or not the VPC has Classiclink enabled.
vpc_enable_dns_hostnames Whether or not the VPC has DNS hostname support.
vpc_enable_dns_support Whether or not the VPC has DNS support.
vpc_id The ID of the VPC.
vpc_instance_tenancy Tenancy of instances spin up within VPC.
vpc_main_route_table_id The ID of the main route table associated with this VPC.
vpc_multi_tier Whether or not the VPC has Multi Tier subnets.
vpce_dynamodb_cidr_blocks The list of CIDR blocks for DynamoDB service.
vpce_dynamodb_id The ID of VPC endpoint for DynamoDB
vpce_dynamodb_prefix_list_id The prefix list for the DynamoDB VPC endpoint.
vpce_s3_cidr_blocks The list of CIDR blocks for S3 service.
vpce_s3_id The ID of VPC endpoint for S3
vpce_s3_prefix_list_id The prefix list for the S3 VPC endpoint.

Contributing

See CONTRIBUTING.md

License

Apache 2 Licensed. See LICENSE for full details.

Acknowledgement

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.