This module creates following resources.
aws_vpc
aws_default_network_acl
aws_default_security_group
aws_vpc_dhcp_options
(optional)aws_vpc_dhcp_options_association
(optional)aws_vpc_ipv4_cidr_block_association
(optional)aws_vpc_ipv6_cidr_block_association
(optional)aws_route53_zone_association
(optional)aws_internet_gateway
(optional)aws_internet_gateway_attachment
(optional)aws_egress_only_internet_gateway
(optional)aws_vpn_gateway
(optional)aws_vpn_gateway_attachment
(optional)
Name | Version |
---|---|
terraform | >= 1.6 |
aws | >= 5.3 |
Name | Version |
---|---|
aws | 5.22.0 |
Name | Source | Version |
---|---|---|
resource_group | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
Name | Type |
---|---|
aws_default_network_acl.this | resource |
aws_default_security_group.this | resource |
aws_egress_only_internet_gateway.this | resource |
aws_internet_gateway.this | resource |
aws_internet_gateway_attachment.this | resource |
aws_route53_resolver_dnssec_config.this | resource |
aws_route53_zone_association.this | resource |
aws_vpc.this | resource |
aws_vpc_dhcp_options.this | resource |
aws_vpc_dhcp_options_association.this | resource |
aws_vpc_ipv4_cidr_block_association.this | resource |
aws_vpc_ipv6_cidr_block_association.this | resource |
aws_vpn_gateway.this | resource |
aws_vpn_gateway_attachment.this | resource |
aws_region.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
name | (Required) Desired name for the VPC resources. | string |
n/a | yes |
default_network_acl | (Optional) The configuration for the default Network ACL of the VPC. default_network_acl as defined below.(Optional) name - The name of the default Network ACL. Defaults to same name of the VPC.(Optional) ingress_rules - A set of ingress rules in the default Network ACL. If not explicitly defined, the AWS default rules are applied. ingress_rules as defined below.(Required) priority - The rule priority. The rule number. Used for ordering.(Required) action - The action to indicate whether to allow or deny the traffic that matches the rule. Valid values are ALLOW and DENY .(Required) protocol - The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0 .(Required) from_port - The from port to match.(Required) to_port - The to port to match.(Optional) ipv4_cidr - The IPv4 network range to allow or deny, in CIDR notation. Cannot be specified with ipv6_cidr .(Optional) ipv6_cidr - The IPv6 network range to allow or deny, in CIDR notation. Cannot be specified with ipv4_cidr .(Optional) icmp_type - The ICMP type to be used. Defaults to 0 .(Optional) icmp_code - The ICMP code to be used. Defaults to 0 .(Optional) egress_rules - A set of egress rules in the default Network ACL. If not explicitly defined, the AWS default rules are applied. egress_rules as defined below.(Required) priority - The rule priority. The rule number. Used for ordering.(Required) action - The action to indicate whether to allow or deny the traffic that matches the rule. Valid values are ALLOW and DENY .(Required) protocol - The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0 .(Required) from_port - The from port to match.(Required) to_port - The to port to match.(Optional) ipv4_cidr - The IPv4 network range to allow or deny, in CIDR notation. Cannot be specified with ipv6_cidr .(Optional) ipv6_cidr - The IPv6 network range to allow or deny, in CIDR notation. Cannot be specified with ipv4_cidr .(Optional) icmp_type - The ICMP type to be used. Defaults to 0 .(Optional) icmp_code - The ICMP code to be used. Defaults to 0 . |
object({ |
{} |
no |
default_security_group | (Optional) The configuration for the default Security Group of the VPC. default_security_group as defined below.(Optional) name - The name of the default Security Group. Defaults to same name of the VPC.(Optional) ingress_rules - A set of ingress rules in the default Security Group. If not explicitly defined, the AWS default rules are applied. ingress_rules as defined below.(Optional) description - The description of the rule.(Required) protocol - The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0 .(Required) from_port - The from port to match.(Required) to_port - The to port to match.(Optional) ipv4_cidrs - The IPv4 network ranges to allow, in CIDR notation. Cannot be specified with ipv6_cidrs .(Optional) ipv6_cidrs - The IPv6 network ranges to allow, in CIDR notation. Cannot be specified with ipv4_cidrs .(Optional) prefix_lists - The prefix list IDs to allow.(Optional) security_groups - The source security group IDs to allow.(Optional) self - Whether the security group itself will be added as a source to this ingress rule.(Optional) egress_rules - A set of egress rules in the default Security Group. If not explicitly defined, the AWS default rules are applied. egress_rules as defined below.(Optional) description - The description of the rule.(Required) protocol - The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0 .(Required) from_port - The from port to match.(Required) to_port - The to port to match.(Optional) ipv4_cidrs - The IPv4 network range to allow or deny, in CIDR notation. Cannot be specified with ipv6_cidrs .(Optional) ipv6_cidrs - The IPv6 network range to allow or deny, in CIDR notation. Cannot be specified with ipv4_cidrs .(Optional) prefix_lists - The prefix list IDs to allow.(Optional) security_groups - The source security group IDs to allow.(Optional) self - Whether the security group itself will be added as a source to this ingress rule. |
object({ |
{} |
no |
dhcp_options | (Optional) The configuration for a DHCP option set of the VPC. Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network. dhcp_options as defined below.(Optional) enabled - Whether to create a DHCP option set for the VPC. Defaults to false .(Optional) name - The name of the DHCP option set. Defaults to same name of the VPC.(Optional) domain_name - The suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the search value in the /etc/resolv.conf file. If you're using AmazonProvidedDNS in us-east-1 , specify ec2.internal . If you're using AmazonProvidedDNS in another Region, specify {region}.compute.internal .(Optional) domain_name_servers - A list of name servers to configure in /etc/resolv.conf . The IP addresses of up to four domain name servers, or AmazonProvidedDNS . If you want to use the default AWS nameservers you should set this to AmazonProvidedDNS . Defaults to ["AmazonProvidedDNS"] .(Optional) netbios_name_servers - A list of NetBIOS name servers. The IP addresses of up to four NetBIOS name servers.(Optional) netbios_node_type - The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132. Defaults to 2 .(Optional) ntp_servers - A list of NTP servers to configure. The IP addresses of up to four Network Time Protocol (NTP) servers. |
object({ |
{} |
no |
dns_dnssec_validation_enabled | (Optional) Should be true to enable Route53 DNSSEC validation in the VPC. | bool |
false |
no |
dns_hostnames_enabled | (Optional) Whether instances launched in the VPC receive public DNS hostnames that correspond to their public IP addresses. Defaults to true . |
bool |
true |
no |
dns_resolution_enabled | (Optional) Whether DNS resolution through the Amazon DNS server is supported for the VPC. Defaults to true . |
bool |
true |
no |
egress_only_internet_gateway | (Required) The configuration for an Egress-only Internet Gateway of the VPC. Egress-only Internet Gateway is VPC component that allows outbound only communication to the internet over IPv6, and prevents the Internet from initiating an IPv6 connection with your instances. egress_only_internet_gateway as defined below.(Optional) enabled - Whether to create an egress-only Internet gateway for the VPC. Defaults to false .(Optional) name - The name of the Egress-only Internet Gateway. Defaults to same name of the VPC. |
object({ |
{} |
no |
internet_gateway | (Required) The configuration for an Internet Gateway of the VPC. An internet gateway is a virtual router that connects a VPC to the internet. internet_gateway as defined below.(Optional) enabled - Whether to create an Internet gateway for the VPC. Defaults to true .(Optional) name - The name of the Internet Gateway. Defaults to same name of the VPC. |
object({ |
{} |
no |
ipv4_cidrs | (Required) A list of IPv4 CIDR blocks for the VPC. At least one CIDR must be defined. Each block of ipv4_cidrs as defined below.(Optional) type - Valid values are MANUAL and IPAM_POOL . Defaults to MANUAL .(Optional) cidr - The CIDR block for the VPC. CIDR block size must be between /16 and /28.(Optional) ipam_pool - The configuration to get an IPv4 CIDR from the IPAM pool to use for the VPC. Required if type is IPAM_POOL . ipam_pool as defined below.(Required) id - The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.(Optional) netmask_length - The netmask length of the IPv4 CIDR you want to allocate to this VPC. |
list(object({ |
[] |
no |
ipv6_cidrs | (Optional) A list of IPv6 CIDR blocks for the VPC. Each block of ipv6_cidrs as defined below.(Optional) type - Valid values are AMAZON and IPAM_POOL . Defaults to AMAZON .(Optional) amazon - The configuration to get the Amazon-provided IPv6 CIDR to use for the VPC. Only used if type is AMAZON . amazon as defined below.(Optional) network_border_group - The name of the network border group. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones. Defaults to the region of the VPC.(Optional) ipam_pool - The configuration to get an IPv6 CIDR from the IPAM pool to use for the VPC. Required if type is IPAM_POOL . ipam_pool as defined below.(Required) id - The ID of an IPv6 IPAM pool you want to use for allocating this VPC's CIDR.(Optional) cidr - The CIDR block for the VPC. The CIDR can be explicitly set. Required if netmask_length is not set and the IPAM pool does not have allocation_default_netmask set.(Optional) netmask_length - The netmask length of the IPv6 CIDR you want to allocate to this VPC. |
list(object({ |
[] |
no |
module_tags_enabled | (Optional) Whether to create AWS Resource Tags for the module informations. | bool |
true |
no |
network_address_usage_metrics_enabled | (Optional) Whether NAU (Network Address Usage) metrics are enabled for the VPC. Defaults to false . |
bool |
false |
no |
private_hosted_zones | (Optional) List of private Hosted Zone IDs to associate. | list(string) |
[] |
no |
resource_group_description | (Optional) The description of Resource Group. | string |
"Managed by Terraform." |
no |
resource_group_enabled | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | bool |
true |
no |
resource_group_name | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws . |
string |
"" |
no |
tags | (Optional) A map of tags to add to all resources. | map(string) |
{} |
no |
tenancy | (Optional) A tenancy option for instances launched into the VPC. Valid values are DEFAULT and DEDICATED . Defaults to DEFAULT .DEFAULT - Ensure that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launchedDEDICATED - Ensure that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee. |
string |
"DEFAULT" |
no |
vpn_gateway | (Required) The configuration for a virtual private gateway of the VPC. A virtual private gateway is the VPN concentrator on the Amazon side of the site-to-site VPN connection. vpn_gateway as defined below.(Optional) enabled - Whether to create a new VPN Gateway resource and attach it to the VPC. Defaults to false .(Optional) name - The name of the VPN Gateway. Defaults to same name of the VPC.(Optional) asn - The Autonomous System Number (ASN) for the Amazon side of the gateway. Defaults to 64512 . |
object({ |
{} |
no |
Name | Description |
---|---|
arn | The ARN (Amazon Resource Name) of the VPC. |
default_network_acl | The configuration for the default Network ACL of the VPC.id - The ID of the default Network ACL.arn - The ARN of the default Network ACL.owner - The ID of the AWS account that owns the default Network ACL. |
default_route_table | The configuration for the default Route Table of the VPC.id - The ID of the default Route Table. |
default_security_group | The configuration for the default Security Group of the VPC.id - The ID of the default Security Group.arn - The ARN of the default Security Group.owner - The ID of the AWS account that owns the default Security Group.name - The name of the default Security Group.description - The description of the default Security Group. |
dhcp_options | The configuration for the DHCP Option Set of the VPC.id - The ID of the DHCP Options Set.arn - The ARN of the DHCP Options Set.owner - The ID of the AWS account that owns the DHCP Option Set.domain_name - The suffix domain name to use by default when resolving non Fully Qualified Domain Names.domain_name_servers - A list of name servers to configure in /etc/resolv.conf .netbios_name_servers - A list of NetBIOS name servers.netbios_node_type - The NetBIOS node type (1, 2, 4, or 8).ntp_servers - A list of NTP servers to configure. |
dns_dnssec_validation_enabled | Whether or not the VPC has Route53 DNSSEC validation support. |
dns_dnssec_validation_id | The ID of a configuration for DNSSEC validation. |
dns_hostnames_enabled | Whether instances launched in the VPC receive public DNS hostnames that correspond to their public IP addresses. |
dns_resolution_enabled | Whether DNS resolution through the Amazon DNS server is supported for the VPC. |
egress_only_internet_gateway | The configuration for the Egress-only Internet Gateway of the VPC.id - The ID of the Egress-only Internet Gateway. |
id | The ID of the VPC. |
internet_gateway | The configuration for the Internet Gateway of the VPC.id - The ID of the Internet Gateway.arn - The ARN of the Internet Gateway.owner - The ID of the AWS account that owns the internet gateway. |
ipv4_cidr_configurations | The list of IPv4 CIDR configurations for the VPC. |
ipv4_cidrs | The list of IPv4 CIDR blocks for the VPC. |
ipv6_cidr_configurations | The list of IPv6 CIDR configurations for the VPC. |
ipv6_cidrs | The list of IPv6 CIDR blocks for the VPC. |
main_route_table | The configuration for the main Route Table of the VPC. Note that you can change a VPC's main route table.id - The ID of the main Route Table. |
name | The name of the VPC. |
network_address_usage_metrics_enabled | Whether NAU (Network Address Usage) metrics are enabled for the VPC. |
owner | The ID of the AWS account that owns the VPC. |
private_hosted_zones | List of associated private Hosted Zone IDs. |
tenancy | A tenancy option for instances launched into the VPC. |
vpn_gateway | The configuration for the virtual private gateway of the VPC.id - The ID of the Virtual Private Gateway.arn - The ARN of the Virtual Private Gateway.asn - The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. |