Last update : 18/09/2018
This module deploy a VPC (Virtual Private Cloud) currently on AWS, at term it'll evolve to support GCP (Google Cloud Plateform) or any other cloud providers.
This module will evolve so stay tuned
To consult recent changes and evolutions, see the CHANGELOG.md file
This module use conditionals vars to deploy resources, in the case you choose to deploy this module without setting the optionals vars you'll only have a VPC and nothing more.
Please check the Optionals vars part if you want to deploy :
- Public subnets with NAT Gateways (and their route tables)
- Private subnets and their route tables
- Enable DNS resolution inside the vpc
- Enable FlowLogs
- with default cloudwatch log group expire rule (7d)
- Force S3 logging bucket creation
- with default object expire rules
- 15d : standard_ia
- 30d : onezone_ia
- 60d : glacier
- 90d : Finally expire
- with default object expire rules
- Kinesis data stream to send CWL logs to s3 (via Lambda function)
- Enable IPv6
- Enable ClassicLink
- Set default instance tenancy
- Configure VPN Connections
- Configure NACL (Network ACL)
- Configure VPC Peering
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| accepter_allow_classic_link_to_remote_vpc | Allow vpc accepter classic link on remote | bool |
false |
no |
| accepter_allow_remote_vpc_dns_resolution | Allow vpc accepter dns resolution | bool |
false |
no |
| accepter_allow_vpc_to_remote_classic_link | Allow vpc accepter classic link from current vpc | bool |
false |
no |
| amazon_side_asn | n/a | number |
65000 |
no |
| assign_generated_ipv6_cidr_block | n/a | bool |
false |
no |
| bgp_asn | n/a | list(string) |
[ |
no |
| cidr_block | Enter the cidr block for your VPC | any |
n/a | yes |
| cwl_retention_in_days | Retention in days for FlowLogs | number |
90 |
no |
| enable_classiclink | n/a | bool |
false |
no |
| enable_classiclink_dns_support | n/a | bool |
false |
no |
| enable_dns_hostnames | n/a | bool |
false |
no |
| enable_dns_support | n/a | bool |
false |
no |
| have_flowlogs | Enable FlowLogs (true/false) | bool |
false |
no |
| have_kinesis_stream | Enable Kinesis Data Stream for Flowlogs (true/false) | bool |
false |
no |
| have_logging_bucket | Force deployment of S3 logging bucket even if kinesis isn't deployed | bool |
false |
no |
| have_nacl | Should deploy nacl (true/false) | bool |
false |
no |
| have_nat_gateways | Should allow private subnet to access internet through public subnets (true/false) | bool |
false |
no |
| have_private_subnets | Should deploy private subnet (true/false) | bool |
false |
no |
| have_public_subnets | Should deploy public subnet, deploy NAT Gateways too (true/false) | bool |
false |
no |
| have_vpc_peering | Should deploy a VPC peering (true/false) | bool |
false |
no |
| have_vpn_connections | Should deploy vpn connections (true/false) | bool |
false |
no |
| instance_tenancy | Default instance tenancy for EC2 launched inside the VPC | string |
"default" |
no |
| is_multi_az | Use all az of the current region (true/false) | bool |
false |
no |
| logs_complete_expiration_days | Number of days object finally expire in S3 | number |
90 |
no |
| logs_expiration_glacier | Number of days before change S3 Storage Class to Glacier | number |
60 |
no |
| logs_expiration_onezone | Number of days before change S3 Storage Class to One Zone IA | number |
30 |
no |
| logs_expiration_standard | Number of days before change S3 Storage Class to Standard IA | number |
15 |
no |
| module_version | Current version of the module | string |
"v0.0.1" |
no |
| peer_friendly_name | List of peer name | list(string) |
[] |
no |
| peer_owner_ids | List of AWS Account ID of the peer | list(string) |
[] |
no |
| peer_region | List of region for each vpc peer | list(string) |
[] |
no |
| peer_vpc_ids | List of all peer vpc id | list(string) |
[] |
no |
| plateform_environment | Plateform environment (test/prod/...) | any |
n/a | yes |
| plateform_name | Name of the plateform | any |
n/a | yes |
| region | AWS Region to use | any |
n/a | yes |
| requester_allow_classic_link_to_remote_vpc | Allow vpc requester classic link on remote | bool |
false |
no |
| requester_allow_remote_vpc_dns_resolution | Allow vpc requester dns resolution | bool |
false |
no |
| requester_allow_vpc_to_remote_classic_link | Allow vpc requester classic link from current vpc | bool |
false |
no |
| s3_expiration_enabled | Enable logs expiration in logging bucket | bool |
false |
no |
| static_routes_only | use static route | list(string) |
[] |
no |
| vpn_client_endpoint | All the public IP for each vpn client | list(string) |
[] |
no |
| vpn_client_name | All the name for each vpn client | list(string) |
[] |
no |
| Name | Description |
|---|---|
| internet_gateway_id | n/a |
| nat_gateway_ids | n/a |
| nat_gateway_ips | n/a |
| private_rtb | n/a |
| private_subnet_ids | n/a |
| public_rtb | n/a |
| public_subnet_ids | OUTPUT FROM SUBNETS MODULE |
| s3_logging_bucket_arn | n/a |
| s3_logging_bucket_dns | n/a |
| s3_logging_bucket_name | OUTPUT FROM FLOWLOGS |
| s3_policy | n/a |
| vpc_id | OUTPUT FROM MAIN |
| vpc_peering_accept_status | n/a |
| vpc_peering_id | OUTPUT FROM VPC_PEERING |
Made with ❤️ and ☕