A Terraform module that creates a customizable VPC (based on the official VPC module) and optionally allows to provision a ELB protected bastion host with route53 controlled DNS name and unlimited number of SSH keys.
module "vpc" {
source = "github.com/Flaconi/terraform-modules-vpc?ref=v2.1.0"
vpc_cidr = "12.0.0.0/16"
vpc_subnet_azs = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]
vpc_private_subnets = ["12.0.1.0/24", "12.0.2.0/24", "12.0.3.0/24"]
vpc_public_subnets = ["12.0.101.0/24", "12.0.102.0/24", "12.0.103.0/24"]
vpc_enable_nat_gateway = true
vpc_enable_vpn_gateway = false
vpc_enable_bastion_host = true
name = "my-project"
bastion_ssh_keys = ["ssh-ed25519 AAAAC3Nznte5aaCdi1a1Lzaai/tX6Mc2E+S6g3lrClL09iBZ5cW2OZdSIqomcMko 2 mysshkey"]
bastion_route53_public_dns_name = "my-project.example.com"
bastion_subdomain = "bastion-host"
}
Name | Version |
---|---|
aws | >= 5 |
null | >= 3 |
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 5 |
null | >= 3 |
The following input variables are required:
Description: The VPC CIDR to use for this VPC.
Type: string
Description: A list of AZ's to use to spawn subnets over
Type: list(string)
Description: A list of private subnet CIDR's
Type: list(string)
Description: A list of public subnet CIDR's
Type: list(string)
Description: The name(-prefix) to prepend/apply to all Name tags on all VPC resources
Type: string
The following input variables are optional (have default values):
Description: A boolean that enables or disables NAT gateways for private subnets
Type: bool
Default: true
Description: Should be true if you want only one NAT Gateway per availability zone. Requires var.azs
to be set, and the number of public_subnets
created to be greater than or equal to the number of availability zones specified in var.azs
Type: bool
Default: true
Description: Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable
Type: bool
Default: false
Description: "List of names used to select the allocated EIP(s) that will be associated with the NAT GW(s). These EIPs can be managed outside of this module but they should be with Terraform and should be part of the same state as this module's resources. In case you have an uneven distribution of subnets in your AZs (i.e. you use 2 AZs but create 3 private subnets) and you want to use externally managed EIPs with one NAT GW per AZ, you have to provide as many EIPs as NAT GWs. Otherwise you will see this in the EIPs state message: Elastic IP address [eipalloc-xxx] is already associated."
Type: list(string)
Default: []
Description: Should be true to enable DNS hostnames in the VPC
Type: bool
Default: false
Description: Should be true to enable DNS support in the VPC
Type: bool
Default: true
Description: A boolean that enables or disables a VPN gateways for the VPC
Type: bool
Default: false
Description: Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)
Type: map(map(any))
Default: {}
Description: A boolean that enables or disables the deployment of a bastion host in the private subnet with an ELB in front of it
Type: bool
Default: false
Description: List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool
Type: list(string)
Default: []
Description: A map of additional tags to apply to all VPC resources
Type: map(string)
Default: {}
Description: A map of additional tags to apply to the VPC
Type: map(string)
Default: {}
Description: A map of additional tags to apply to all public subnets
Type: map(string)
Default:
{
"Visibility": "public"
}
Description: A map of additional tags to apply to all private subnets
Type: map(string)
Default:
{
"Visibility": "private"
}
Description: If not empty will overwrite the bastion host name specified by 'name'
Type: string
Default: ""
Description: User name used for SSH-connections.
Type: string
Default: "ec2-user"
Description: A list of public ssh keys to add to authorized_keys file
Type: list(string)
Default: []
Description: A list of CIDR's from which one can connect to the bastion host ELB
Type: list(string)
Default:
[
"0.0.0.0/0"
]
Description: List of one or more security groups to be added to the load balancer
Type: list(string)
Default: []
Description: If set, the bastion ELB will be assigned this public DNS name via Route53.
Type: string
Default: ""
Description: EC2 AMI ID for bastion host.
Type: string
Default: null
Description: EC2 instance type of bastion host.
Type: string
Default: "t2.micro"
Description: The number of Bastion host server nodes to deploy.
Type: number
Default: 1
Description: Should be true to adopt and manage default security group
Type: bool
Default: true
Description: List of maps of ingress rules to set on the default security group
Type: list(map(string))
Default:
[
{
"from_port": 0,
"protocol": -1,
"self": true,
"to_port": 0
}
]
Description: List of maps of egress rules to set on the default security group
Type: list(map(string))
Default:
[
{
"from_port": 0,
"protocol": "-1",
"self": true,
"to_port": 0
}
]
Name | Description |
---|---|
bastion_asg_name | Autoscaling group name of the bastion host. (or empty string if bastion host is disabled) |
bastion_elb_fqdn | The auto-generated FQDN of the bastion ELB. |
bastion_elb_security_group_id | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) |
bastion_launch_template_name | Launch template name of the bastion host. (or empty string if bastion host is disabled) |
bastion_route53_public_dns_name | The route53 public dns name of the bastion ELB if set. |
bastion_security_group_id | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) |
cgw_ids | List of IDs of Customer Gateway |
name | The name of the VPC |
private_route_table_ids | List of IDs of private route tables |
private_subnets | List of IDs of private subnets |
private_subnets_cidr_blocks | List of cidr_blocks of private subnets |
public_route_table_ids | List of IDs of public route tables |
public_subnets | List of IDs of public subnets |
public_subnets_cidr_blocks | List of cidr_blocks of public subnets |
vgw_id | The ID of the VPN Gateway |
vpc_cidr_block | The CIDR block of the VPC |
vpc_id | The ID of the VPC |
Copyright (c) 2018-2021 Flaconi GmbH