Terraform modules networking related vpc,subnets,route tables..
Creates a nat gateway and automatically adds a route table to the route tables passed as parameter
- [
private_route_tables
]: List(string)(required): List of private route tables that require the nat gateway [NOTE the number of nat gateways should match the number of private routes] - [
number_nat_gateways
]: Number(optional): Number of nat gateways required - [
public_subnets
]: List(string)(required): The subnets where we are going to create/deploy the NAT gateways - [
tags
]: Map(optional): optional tags
- [
ids
]: List: The ids of the nat gateways created.
module "nat_gateway" {
source = "nat_gateway"
private_route_tables=module.vpc.private_rts
public_subnets=module.vpc.public_subnets
}
Creates a number of subnets and divides them in different parts based on the input params
- [
cidr
]: String(required): the CIDR to be divided into subnets - [
newbits
]: String(optional): default to 8. For details see https://www.terraform.io/docs/configuration/interpolation.html#cidrsubnet_iprange_newbits_netnum_ - [
netnum
]: String(optional): default to 0. First number of subnet to start of (ex I want a 10.1,10.2,10.3 subnet I specify 1) - [
vpc_id
]: String(required): the VPC ID where we want to create the subnets - [
role
]: String(required): the role of the subnets. Example values arelb
,db
andapp
. - [
visibility
]: String(required): the visibility of the subnets. Valid values arepublic
andprivate
- [
tags
]: Map(optional): optional tags - [
project
]: String(required): the name of the project these subnets belong to - [
environment
]: String(required): the name of the environment these subnets belong to (prod,stag,dev) - [
num_subnets
]: String(optional): default to 3. the number of subnets we want to create - [
route_tables
]: List(string)(optional): the list of route tables to associate to the created subnet. This will associate the route table to the created subnet sequentially. If the subnet number is greater than the number of route tables, the route table will be selected sing a standard mod algorithm - [
num_route_tables
]: Number(optional): default to 0. the number of route tables passed in route_tables. NOTE: this is due to a bug in terraform that cannot iterate over count param
- [
ids
]: List: the ids of the subnets created
module "public_lb_subnets" {
source = "../subnets"
num_subnets = var.amount_public_lb_subnets
visibility = "public"
role = "lb"
cidr = var.cidr_block
netnum = 0
vpc_id = aws_vpc.main.id
aws_region = var.aws_region
environment = var.environment
project = var.project
tags = { "KubernetesCluster" = "test" }
}
This module will create a vpc with the option to specify 4 types of subnets:
- public_nat-bastion_subnets
- public_lb_subnets
- private_app_subnets
- private_db_subnets
It will also create the required route tables for the private subnets. The private_app and private_db subnets are private subnets.
Name | Description | Type | Default | Required |
---|---|---|---|---|
amount_private_app_subnets | Amount of subnets you need | number | 3 |
no |
amount_private_db_subnets | Amount of subnets you need | number | 3 |
no |
amount_private_management_subnets | Amount of subnets you need | number | 0 |
no |
amount_public_lb_subnets | Amount of subnets you need | number | 3 |
no |
amount_public_nat-bastion_subnets | Amount of subnets you need | number | 1 |
no |
cidr_block | CIDR block you want to have in your VPC | string | n/a | yes |
environment | How do you want to call your environment, this is helpful if you have more than 1 VPC. | string | "production" |
no |
extra_tags_private_app | Private app subnets extra tags | map | <map> |
no |
extra_tags_private_db | Private database subnets extra tags | map | <map> |
no |
extra_tags_private_management | Private management subnets extra tags | map | <map> |
no |
extra_tags_public_lb | Public load balancer subnets extra tags | map | <map> |
no |
extra_tags_public_nat-bastion | Public nat/bastion subnets extra tags | map | <map> |
no |
extra_tags_vpc | VPC extra tags | map | <map> |
no |
netnum_private_app | First number of subnet to start of for private_app subnets | string | "20" |
no |
netnum_private_db | First number of subnet to start of for private_db subnets | string | "30" |
no |
netnum_private_management | First number of subnet to start of for private_management subnets | string | "200" |
no |
netnum_public_lb | First number of subnet to start of for public_lb subnets | string | "10" |
no |
netnum_public_nat-bastion | First number of subnet to start of for public_nat-bastion subnets | string | "0" |
no |
number_private_rt | The desired number of private route tables. In case we want one per AZ we can change this value. | number | 1 |
no |
project | The current project | string | n/a | yes |
tags | Optional Tags | map | <map> |
no |
Name | Description |
---|---|
default_network_acl_id | Id of the default network acl |
private_app_subnets | List of the private_app subnets id created |
private_db_subnets | List of the private_db subnets id created |
private_management_subnets | List of the private_management subnets id created |
private_rts | List of the ids of the private route tables created |
public_lb_subnets | List of the public_lb subnets id created |
public_nat-bastion | List of the public_nat-bastion subnets id created |
public_rts | List of the ids of the public route tables created |
vpc_id | The id of the vpc created |
module "vpc" {
source = "vpc"
cidr_block = "172.16.0.0/16"
project = "test"
environment = "prod"
tags = { "KubernetesCluster" = "test" }
}
The Terraform state migration commands to migrate from VPC module v2.x to v3.0 and up.
terraform state mv module.vpc.aws_route_table_association.public_nat-bastion_hosts module.vpc.module.public_nat-bastion_subnets.aws_route_table_association.subnet_association
terraform state mv module.vpc.aws_route_table_association.private_app[0] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_app[1] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_app[2] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_management[0] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_management[1] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_management[2] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[0] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[1] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[2] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_db[0] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_db[1] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_db[2] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[2]
This module creates and exposes a reusable security group called sg-all
.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
sg_id
]: String: the id of the security group created
module "securitygroup_all" {
source = "github.com/skyscrapers/terraform-network//securitygroups/all"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
}
This module creates and exposes a reusable security group called sg_icinga_satellite
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
icinga_master_ip
]: String(required): the IP address of the Icinga master in CIDR notation. - [
internal_sg_id
]: String(optional): The Icinga satellite will be able to access this security group through NRPE, if provided.
- [
sg_id
]: String: the id of the security group created
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/icinga_satellite"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
icinga_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_puppet
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
puppet_master_ip
]: String(required): the IP address of the Puppet master in CIDR notation.
- [
sg_id
]: String: the id of the security group created
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/puppet"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
puppet_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_web_public
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
sg_id
]: String: the id of the security group created
module "securitygroup_web_public" {
source = "github.com/skyscrapers/terraform-network//securitygroups/web_public"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
}