This module creates a pre-configured VPC with a pair of subnets split over one or many availability zones (AZ). Each of the AZs created has a public and private subnet. The public subnet has a public IP address attached and has a route to the internet. The private subnet has a route to the internet through a nat gateway.
This module allows you to deploy two types of architecture high availability and single zone mode.
Please Note: This might not work outside of ca-central-1
High Availability mode deploys in each AZ in a region. This is what you should chose if you want to target Protected B, Medium Integrity, Medium Availability (PBMM).
Please Note: This should not be used in a PBMM Production environment.
Single Zone mode deployes in the first AZ in a region that is found by the availability lookup. This will work for if you want to save money in dev.
If you upgrade to v9.0.0 or above from a lower version, the high_availability flag is deprecated and no longer available. You will need to do the following in order to upgrade to a higher version:
- Remove the
high_availabilityflag - Instead add the following to your code:
availability_zones = 3
cidrsubnet_newbits = 8
- Run terraform/terragrunt plan. You should have no changes in your infrastucture.
| Name | Version |
|---|---|
| aws | >= 5 |
| Name | Version |
|---|---|
| aws | >= 5 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_https_request_in | (Optional, default 'false') Allow HTTPS connections on port 443 in from the internet | bool |
false |
no |
| allow_https_request_in_response | (Optional, default 'false') Allow a response back to the internet in reply to a request | bool |
false |
no |
| allow_https_request_out | (Optional, default 'false') Allow HTTPS connections on port 443 out to the internet | bool |
false |
no |
| allow_https_request_out_response | (Optional, default 'false') Allow a response back from the internet in reply to a request | bool |
false |
no |
| availability_zones | (Optional, default '1') The number of availability zones to use | number |
1 |
no |
| billing_tag_key | (Optional, default 'CostCentre') The name of the billing tag | string |
"CostCentre" |
no |
| billing_tag_value | (Required) The value of the billing tag | string |
n/a | yes |
| block_rdp | (Optional, default 'true') Whether or not to block Port 3389 | bool |
true |
no |
| block_ssh | (Optional, default 'true') Whether or not to block Port 22 | bool |
true |
no |
| cidr | (Optional, default '10.0.0.0/16') The CIDR block for the VPC | string |
"10.0.0.0/16" |
no |
| cidrsubnet_newbits | (Optional, default '10') The number of additional bits with which to extend the cidr subnet prefix | number |
10 |
no |
| enable_eip | (Optional, default 'true') Enables Elastic IPs, disabling is mainly used for testing purposes | bool |
true |
no |
| enable_flow_log | (Optional, default 'false') Whether or not to enable VPC Flow Logs | bool |
false |
no |
| name | (Required) The name of the vpc | string |
n/a | yes |
| private_subnets | (Optional, default []) A list of private subnets inside the VPC | list(string) |
[] |
no |
| public_subnets | (Optional, default []) A list of public subnets inside the VPC | list(string) |
[] |
no |
| single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool |
false |
no |
| Name | Description |
|---|---|
| cidr_block | n/a |
| main_nacl_id | n/a |
| main_route_table_id | n/a |
| private_route_table_ids | n/a |
| private_subnet_cidr_blocks | n/a |
| private_subnet_ids | n/a |
| public_ips | n/a |
| public_subnet_cidr_blocks | n/a |
| public_subnet_ids | n/a |
| vpc_id | n/a |