terraform-aws-vpc

Table of Content

Prerequisites
Quick Start
Dependencies
Contributing
Contributor
License
Acknowledgments

Prerequisites

Terraform. This module currently tested on 0.11.14

Quick Start

Terraform module to create all mandatory VPC components.

This module supports either single-tier (only public subnet) or multi-tier (public-app-data subnets) VPC creation. This module supports only up to 4 AZs.

Multi-Tier VPC

module "abc_dev" {
  source  = "traveloka/vpc/aws"
  version = "v0.2.3"
  
  product_domain = "abc"
  environment    = "dev"

  vpc_name       = "abc-dev"
  vpc_cidr_block = "172.16.0.0/16"
}

We use multi-tier architecture for our VPC design. This design divides the infrastructure into three layers:

Public tier: entrypoint for public-facing client. Using public subnet since resources in this tier will be discoverable through Internet. Examples: external load balancer, bastion, etc.
Application Tier: this is where the business logic services life and communicate each others. This tier using private subnet, hence it's only accessible through private network.
Database Tier: this is where databases life. Application and databases are seperated to have clear boundaries and secure access through application tier.

Benefits or having multi-tier architecture are:

Scalable
Gives us high availability and redundancy
Fit with microservices architecture
Clear boundaries between public-facing, business logic, and data storage
Secure and reduce risk, because by default any services life at private subnet, and database only accessible through the application tier.

Single-Tier VPC

In some cases, you will need a VPC which has only public subnets.

module "abc_dev" {
  source  = "traveloka/vpc/aws"
  version = "v0.2.3"

  # you only need to add this line
  vpc_multi_tier = false 

  # ... omitted
}

In some situations (it is not always happening), you will get some errors from Terraform when you set vpc_multi_tier = false. It happens because several resources were not created but stated as the outputs. Currrently Terraform does not allow count inside output block, so now it is inevitable. But don't worry, the errors have nothing to do with the stacks/resources/infrastructures that you created. Just re-execute terraform apply and you will be fine.

Examples

Multi-Tier VPC

Module

Providers

Name	Version
aws	n/a
random	>= 1.1, < 3.0.0

Inputs

Name	Description	Type	Default	Required
additional_tags	A map of additional tags to add to all resources	`map`	`{}`	no
environment	Type of environment these resources belong to.	`string`	n/a	yes
flow_logs_log_group_retention_period	Specifies the number of days you want to retain log events in the specified log group.	`string`	`"14"`	no
product_domain	Product domain these resources belong to.	`string`	n/a	yes
subnet_availability_zones	List of AZs to spread VPC subnets over.	`list`	[ "ap-southeast-1a", "ap-souStheast-1b", "ap-southeast-1c" ]	no
vpc_cidr_block	The CIDR block for the VPC.	`string`	n/a	yes
vpc_enable_dns_hostnames	A boolean flag to enable/disable DNS hostnames in the VPC. Defaults true.	`string`	`"true"`	no
vpc_enable_dns_support	A boolean flag to enable/disable DNS support in the VPC. Defaults true.	`string`	`"true"`	no
vpc_multi_tier	Whether this VPC should have 3 tiers. True means 3-tier, false means single-tier. Defaults true. Recommended value is true.	`string`	`"true"`	no
vpc_name	The name of the VPC. This name will be used as the prefix for all VPC components.	`string`	n/a	yes

Outputs

Name	Description
aws_account_id	The AWS Account ID number of the account that owns or contains the calling entity.
aws_caller_arn	The AWS ARN associated with the calling entity.
aws_caller_user_id	The unique identifier of the calling entity.
db_subnet_group_arn	The ARN of the db subnet group.
db_subnet_group_name	The db subnet group name.
eip_nat_ids	List of Elastic IP allocation IDs for NAT Gateway.
eip_nat_public_ips	List of Elastic IP public IPs for NAT Gateway.
elasticache_subnet_group_name	The elasticache subnet group name.
flow_logs_iam_role_arn	The Amazon Resource Name (ARN) specifying the role for VPC Flow Logs.
flow_logs_iam_role_create_date	The creation date of the IAM role for VPC Flow Logs.
flow_logs_iam_role_description	The description of the role for VPC Flow Logs.
flow_logs_iam_role_name	The name of the role for VPC Flow Logs.
flow_logs_iam_role_unique_id	The stable and unique string identifying the role for VPC Flow Logs.
flow_logs_log_group_arn	The Amazon Resource Name (ARN) specifying the log group for VPC Flow Logs.
igw_id	The ID of the Internet Gateway.
nat_ids	List of NAT Gateway IDs
nat_network_interface_ids	List of ENI IDs of the network interface created by the NAT gateway.
nat_private_ips	List of private IP addresses of the NAT Gateway.
redshift_subnet_group_id	The Redshift Subnet group ID.
region_ec2_endpoint	The EC2 endpoint for the selected region.
region_name	The name of the selected region.
rtb_app_ids	List of IDs of app route tables
rtb_data_ids	List of IDs of data route tables
rtb_public_id	ID of public route table
subnet_app_cidr_blocks	List of cidr_blocks of app subnets.
subnet_app_ids	List of IDs of app subnets.
subnet_data_cidr_blocks	List of cidr_blocks of data subnets.
subnet_data_ids	List of IDs of data subnets.
subnet_public_cidr_blocks	List of cidr_blocks of public subnets.
subnet_public_ids	List of IDs of public subnets.
vpc_cidr_block	The CIDR block of the VPC.
vpc_default_network_acl_id	The ID of the network ACL created by default on VPC creation.
vpc_default_route_table_id	The ID of the route table created by default on VPC creation.
vpc_default_security_group_id	The ID of the security group created by default on VPC creation.
vpc_enable_classiclink	Whether or not the VPC has Classiclink enabled.
vpc_enable_dns_hostnames	Whether or not the VPC has DNS hostname support.
vpc_enable_dns_support	Whether or not the VPC has DNS support.
vpc_id	The ID of the VPC.
vpc_instance_tenancy	Tenancy of instances spin up within VPC.
vpc_main_route_table_id	The ID of the main route table associated with this VPC.
vpc_multi_tier	Whether or not the VPC has Multi Tier subnets.
vpce_dynamodb_cidr_blocks	The list of CIDR blocks for DynamoDB service.
vpce_dynamodb_id	The ID of VPC endpoint for DynamoDB
vpce_dynamodb_prefix_list_id	The prefix list for the DynamoDB VPC endpoint.
vpce_s3_cidr_blocks	The list of CIDR blocks for S3 service.
vpce_s3_id	The ID of VPC endpoint for S3
vpce_s3_prefix_list_id	The prefix list for the S3 VPC endpoint.

ahafidh / terraform-aws-vpc Goto Github PK