This module aims to pre-define a set of subnets for a VPC. It's definitely not perfect and fits all use cases, however, it's suitable for most common cases. The following table shows subnet allocation:
| Name | Netmask | Useable Address | AZ-1 | AZ-2 | AZ-3 | Note |
|---|---|---|---|---|---|---|
| External Load Balancer (lb-ext) | /25 | 123 | 10.16.0.0/25 10.16.0.0 - 10.16.0.127 |
10.16.0.128/25 10.16.0.128 - 10.16.0.255 |
10.16.1.0/25 10.16.1.0 - 10.16.1.127 |
|
| Internal Load Balancer (lb-int) | /23 | 507 | 10.16.2.0/23 10.16.2.0 - 10.16.3.255 |
10.16.4.0/23 10.16.4.0 - 10.16.5.255 |
10.16.6.0/23 10.16.6.0 - 10.16.7.255 |
|
| Public EC2 (ec2-pub) | /23 | 507 | 10.16.8.0/23 10.16.8.0 - 10.16.9.255 |
10.16.10.0/23 10.16.10.0 - 10.16.11.255 |
10.16.12.0/23 10.16.12.0 - 10.16.13.255 |
|
| Private EC2 (ec2-priv) | /22 | 1019 | 10.16.16.0/22 10.16.16.0 - 10.16.19.255 |
10.16.20.0/22 10.16.20.0 - 10.16.23.255 |
10.16.24.0/22 10.16.24.0 - 10.16.27.255 |
|
| ECS | /21 | 2043 | 10.16.40.0/21 10.16.40.0 - 10.16.47.255 |
10.16.48.0/21 10.16.48.0 - 10.16.55.255 |
10.16.56.0/21 10.16.56.0 - 10.16.63.255 |
|
| EKS | /19 | 8187 | 10.16.160.0/19 10.16.160.0 - 10.16.191.255 |
10.16.192.0/19 10.16.192.0 - 10.16.223.255 |
10.16.224.0/19 10.16.224.0 - 10.16.255.255 |
|
| DB | /21 | 2043 | 10.16.88.0/21 10.16.88.0 - 10.16.95.255 |
10.16.96.0/21 10.16.96.0 - 10.16.103.255 |
10.16.104.0/21 10.16.104.0 - 10.16.111.255 |
|
| Cache | /21 | 2043 | 10.16.64.0/21 10.16.64.0 - 10.16.71.255 |
10.16.72.0/21 10.16.72.0 - 10.16.79.255 |
10.16.80.0/21 10.16.80.0 - 10.16.87.255 |
|
| Connectivity | /25 | 123 | 10.16.1.128/25 10.16.1.128 - 10.16.1.255 |
10.16.14.0/25 10.16.14.0 - 10.16.14.127 |
10.16.14.128/25 10.16.14.128 - 10.16.14.255 |
|
| Others public | /22 | 1019 | 10.16.28.0/22 10.16.28.0 - 10.16.31.255 |
10.16.32.0/22 10.16.32.0 - 10.16.35.255 |
10.16.36.0/22 10.16.36.0 - 10.16.39.255 |
|
| Others private | /20 | 4091 | 10.16.112.0/20 10.16.112.0 - 10.16.127.255 |
10.16.128.0/20 10.16.128.0 - 10.16.143.255 |
10.16.144.0/20 10.16.144.0 - 10.16.159.255 |
|
| Spare* | /24 | 251 | 10.16.15.0/24 10.16.15.0 - 10.16.15.255 |
Not created and not tied to any specificed AZ |
-
Run command below whenever update a module to update the document
terraform-docs markdown table --output-file README.md --output-mode inject ./
| Name | Version |
|---|---|
| terraform | >= 1.4.0 |
| aws | >= 4.64.0 |
| Name | Version |
|---|---|
| aws | >= 4.64.0 |
| Name | Source | Version |
|---|---|---|
| cache_network_acl | ./modules/network-acl | n/a |
| connectivity_network_acl | ./modules/network-acl | n/a |
| db_network_acl | ./modules/network-acl | n/a |
| ec2_private_network_acl | ./modules/network-acl | n/a |
| ec2_public_network_acl | ./modules/network-acl | n/a |
| ecs_network_acl | ./modules/network-acl | n/a |
| eks_network_acl | ./modules/network-acl | n/a |
| lb_external_network_acl | ./modules/network-acl | n/a |
| lb_internal_network_acl | ./modules/network-acl | n/a |
| others_private_network_acl | ./modules/network-acl | n/a |
| others_public_network_acl | ./modules/network-acl | n/a |
| spare_subnet_network_acl | ./modules/network-acl | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cache_acl_tags | Additional tags for the cache subnets network ACL | map(string) |
{} |
no |
| cache_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for cache subnets | bool |
false |
no |
| cache_inbound_acl_rules | Elasticache subnets inbound network ACL rules | list(map(string)) |
[ |
no |
| cache_outbound_acl_rules | Elasticache subnets outbound network ACL rules | list(map(string)) |
[ |
no |
| cache_route_table_tags | Additional tags for the cache route tables | map(string) |
{} |
no |
| cache_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| cache_subnet_group_name | Name of cache subnet group | string |
null |
no |
| cache_subnet_group_tags | Additional tags for the cache subnet group | map(string) |
{} |
no |
| cache_subnet_names | Explicit values to use in the Name tag on cache subnets. If empty, Name tags are generated | list(string) |
[] |
no |
| cache_subnet_suffix | Suffix to append to cache subnets name | string |
"cache" |
no |
| cache_subnet_tags | Additional tags for the cache subnets | map(string) |
{} |
no |
| cidr_prefix | The prefix IPv4 CIDR block for the VPC | string |
"10.0" |
no |
| connectivity_acl_tags | Additional tags for the Connectivity subnets network ACL | map(string) |
{} |
no |
| connectivity_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for Connectivity subnets. Default: true |
bool |
true |
no |
| connectivity_inbound_acl_rules | Connectivity subnets inbound network ACLs | list(map(string)) |
[ |
no |
| connectivity_outbound_acl_rules | Connectivity subnets outbound network ACLs | list(map(string)) |
[ |
no |
| connectivity_route_table_tags | Additional tags for the Connectivity route tables | map(string) |
{} |
no |
| connectivity_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| connectivity_subnet_names | Explicit values to use in the Name tag on Connectivity subnets. If empty, Name tags are generated | list(string) |
[] |
no |
| connectivity_subnet_suffix | Suffix to append to Connectivity subnets name | string |
"connectivity" |
no |
| connectivity_subnet_tags | Additional tags for the Connectivity subnets | map(string) |
{} |
no |
| connectivity_subnet_tags_per_az | Additional tags for the Connectivity subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| create_cache_egress_internet_gateway_route | Controls if an egress internet gateway route for public cache access should be created | bool |
false |
no |
| create_cache_internet_gateway_route | Controls if an internet gateway route for public cache access should be created | bool |
false |
no |
| create_cache_nat_gateway_route | Controls if a nat gateway route should be created to give internet access to the cache subnets | bool |
false |
no |
| create_cache_subnet_group | Controls if cache subnet group should be created | bool |
true |
no |
| create_cache_subnet_route_table | Controls if separate route table for cache should be created | bool |
false |
no |
| create_cache_subnets | Wheter or not to create cache subnets. Default: false |
bool |
false |
no |
| create_connectivity_egress_internet_gateway_route | Controls if a egrss internet gateway route should be created to give internet access to the Connectivity subnets | bool |
false |
no |
| create_connectivity_nat_gateway_route | Controls if a nat gateway route should be created to give internet access to the Connectivity subnets | bool |
false |
no |
| create_connectivity_subnet_route_table | Controls if separate route table for Connectivity subnets should be created. Default: true |
bool |
true |
no |
| create_connectivity_subnets | Wheter or not to create Connectivity subnets. Default: true |
bool |
true |
no |
| create_db_egress_internet_gateway_route | Controls if an egrss internet gateway route for public database access should be created | bool |
false |
no |
| create_db_internet_gateway_route | Controls if an internet gateway route for public database access should be created | bool |
false |
no |
| create_db_nat_gateway_route | Controls if a nat gateway route should be created to give internet access to the database subnets | bool |
false |
no |
| create_db_subnet_group | Controls if database subnet group should be created (n.b. database_subnets must also be set) | bool |
true |
no |
| create_db_subnet_route_table | Controls if separate route table for database should be created | bool |
false |
no |
| create_db_subnets | Wheter or not to create database subnets. Default: false |
bool |
false |
no |
| create_default_route_eigw | Controls if a route for Egress Only Internet Gateway is created | bool |
true |
no |
| create_ec2_private_subnet_route_table | Controls if separate route table for EC2 private subnets should be created. Default: false |
bool |
false |
no |
| create_ec2_private_subnets | Wheter or not to create EC2 private subnets. Default: true |
bool |
true |
no |
| create_ec2_public_subnet_route_table | Controls if separate route table for EC2 public subnets should be created. Default: false |
bool |
false |
no |
| create_ec2_public_subnets | Wheter or not to create EC2 public subnets. Default: true |
bool |
true |
no |
| create_ecs_subnet_route_table | Controls if separate route table for ECS subnets should be created. Default: false |
bool |
false |
no |
| create_ecs_subnets | Wheter or not to create ECS subnets. Default: false |
bool |
false |
no |
| create_egress_only_igw | Controls if an Egress Only Internet Gateway is created | bool |
true |
no |
| create_eks_subnet_route_table | Controls if separate route table for EKS subnets should be created. Default: false |
bool |
false |
no |
| create_eks_subnets | Wheter or not to create EKS subnets. Default: false |
bool |
false |
no |
| create_igw | Controls if an Internet Gateway is created for public subnets and the related routes that connect them | bool |
true |
no |
| create_lb_external_subnet_route_table | Controls if separate route table for LB external subnets should be created. Default: false |
bool |
false |
no |
| create_lb_external_subnets | Wheter or not to create LB external subnets. Default: true |
bool |
true |
no |
| create_lb_internal_subnet_route_table | Controls if separate route table for LB internal subnets should be created. Default: false |
bool |
false |
no |
| create_lb_internal_subnets | Wheter or not to create LB internal subnets. Default: true |
bool |
true |
no |
| create_others_private_subnet_route_table | Controls if separate route table for others private subnets should be created. Default: false |
bool |
false |
no |
| create_others_private_subnets | Wheter or not to create others private subnets. Default: true |
bool |
true |
no |
| create_others_public_subnet_route_table | Controls if separate route table for others public subnets should be created. Default: false |
bool |
false |
no |
| create_others_public_subnets | Wheter or not to create others public subnets. Default: true |
bool |
true |
no |
| create_spare_subnet | Wheter or not to create spare subnet. Default: false |
bool |
false |
no |
| create_spare_subnet_egress_internet_gateway_route | Controls if an egress internet gateway route for spare subnet access should be created | bool |
false |
no |
| create_spare_subnet_nat_gateway_route | Controls if an NAT gateway route for spare subnet access should be created | bool |
false |
no |
| create_spare_subnet_route_table | Controls if separate route table for spare subnet should be created. Default: false |
bool |
false |
no |
| create_vpc | Controls if VPC should be created (it affects almost all resources) | bool |
true |
no |
| customer_gateway_tags | Additional tags for the Customer Gateway | map(string) |
{} |
no |
| customer_gateways | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | map(map(any)) |
{} |
no |
| db_acl_tags | Additional tags for the database subnets network ACL | map(string) |
{} |
no |
| db_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for database subnets | bool |
false |
no |
| db_inbound_acl_rules | Database subnets inbound network ACL rules | list(map(string)) |
[ |
no |
| db_outbound_acl_rules | Database subnets outbound network ACL rules | list(map(string)) |
[ |
no |
| db_route_table_tags | Additional tags for the database route tables | map(string) |
{} |
no |
| db_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| db_subnet_group_name | Name of database subnet group | string |
null |
no |
| db_subnet_group_tags | Additional tags for the database subnet group | map(string) |
{} |
no |
| db_subnet_names | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated | list(string) |
[] |
no |
| db_subnet_suffix | Suffix to append to database subnets name | string |
"db" |
no |
| db_subnet_tags | Additional tags for the database subnets | map(string) |
{} |
no |
| default_network_acl_egress | List of maps of egress rules to set on the Default Network ACL | list(map(string)) |
[ |
no |
| default_network_acl_ingress | List of maps of ingress rules to set on the Default Network ACL | list(map(string)) |
[ |
no |
| default_network_acl_name | Name to be used on the Default Network ACL | string |
null |
no |
| default_network_acl_tags | Additional tags for the Default Network ACL | map(string) |
{} |
no |
| default_route_table_name | Name to be used on the default route table | string |
null |
no |
| default_route_table_propagating_vgws | List of virtual gateways for propagation | list(string) |
[] |
no |
| default_route_table_routes | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | list(map(string)) |
[] |
no |
| default_route_table_tags | Additional tags for the default route table | map(string) |
{} |
no |
| default_security_group_egress | List of maps of egress rules to set on the default security group | list(map(string)) |
[] |
no |
| default_security_group_ingress | List of maps of ingress rules to set on the default security group | list(map(string)) |
[] |
no |
| default_security_group_name | Name to be used on the default security group | string |
null |
no |
| default_security_group_tags | Additional tags for the default security group | map(string) |
{} |
no |
| default_vpc_enable_dns_hostnames | Should be true to enable DNS hostnames in the Default VPC | bool |
true |
no |
| default_vpc_enable_dns_support | Should be true to enable DNS support in the Default VPC | bool |
true |
no |
| default_vpc_name | Name to be used on the Default VPC | string |
null |
no |
| default_vpc_tags | Additional tags for the Default VPC | map(string) |
{} |
no |
| dhcp_options_domain_name | Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true) | string |
"" |
no |
| dhcp_options_domain_name_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true) | list(string) |
[ |
no |
| dhcp_options_netbios_name_servers | Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true) | list(string) |
[] |
no |
| dhcp_options_netbios_node_type | Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true) | string |
"" |
no |
| dhcp_options_ntp_servers | Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true) | list(string) |
[] |
no |
| dhcp_options_tags | Additional tags for the DHCP option set (requires enable_dhcp_options set to true) | map(string) |
{} |
no |
| ec2_private_acl_tags | Additional tags for the EC2 private subnets network ACL | map(string) |
{} |
no |
| ec2_private_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for EC2 private subnets. Default: true |
bool |
true |
no |
| ec2_private_inbound_acl_rules | EC2 private subnets inbound network ACLs | list(map(string)) |
[ |
no |
| ec2_private_outbound_acl_rules | EC2 private subnets outbound network ACLs | list(map(string)) |
[ |
no |
| ec2_private_route_table_tags | Additional tags for the EC2 private route tables | map(string) |
{} |
no |
| ec2_private_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| ec2_private_subnet_suffix | Suffix to append to EC2 private subnets name | string |
"ec2-priv" |
no |
| ec2_private_subnet_tags | Additional tags for the Ec2 private subnets | map(string) |
{} |
no |
| ec2_private_subnet_tags_per_az | Additional tags for the EC2 subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| ec2_public_acl_tags | Additional tags for the EC2 public subnets network ACL | map(string) |
{} |
no |
| ec2_public_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for EC2 public subnets. Default: true |
bool |
true |
no |
| ec2_public_inbound_acl_rules | EC2 public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| ec2_public_ipv6_native | Indicates whether to create an IPv6-only subnet for EC2 public. Default: false |
bool |
false |
no |
| ec2_public_outbound_acl_rules | EC2 public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| ec2_public_route_table_tags | Additional tags for the EC2 public route tables | map(string) |
{} |
no |
| ec2_public_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| ec2_public_subnet_suffix | Suffix to append to EC2 public subnets name | string |
"ec2-pub" |
no |
| ec2_public_subnet_tags | Additional tags for the Ec2 public subnets | map(string) |
{} |
no |
| ec2_public_subnet_tags_per_az | Additional tags for the EC2 public subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| ecs_acl_tags | Additional tags for the ECS subnets network ACL | map(string) |
{} |
no |
| ecs_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for ECS subnets. Default: true |
bool |
true |
no |
| ecs_inbound_acl_rules | ECS subnets inbound network ACLs | list(map(string)) |
[ |
no |
| ecs_outbound_acl_rules | ECS subnets outbound network ACLs | list(map(string)) |
[ |
no |
| ecs_route_table_tags | Additional tags for the ECS route tables | map(string) |
{} |
no |
| ecs_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| ecs_subnet_suffix | Suffix to append to ECS subnets name | string |
"ecs" |
no |
| ecs_subnet_tags | Additional tags for the ECS subnets | map(string) |
{} |
no |
| ecs_subnet_tags_per_az | Additional tags for the ECS where the primary key is the AZ | map(map(string)) |
{} |
no |
| eks_acl_tags | Additional tags for the EKS subnets network ACL | map(string) |
{} |
no |
| eks_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for EKS subnets. Default: true |
bool |
true |
no |
| eks_inbound_acl_rules | EKS subnets inbound network ACLs | list(map(string)) |
[ |
no |
| eks_outbound_acl_rules | EKS subnets outbound network ACLs | list(map(string)) |
[ |
no |
| eks_route_table_tags | Additional tags for the EKS route tables | map(string) |
{} |
no |
| eks_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| eks_subnet_suffix | Suffix to append to EKS subnets name | string |
"eks" |
no |
| eks_subnet_tags | Additional tags for the EKS subnets | map(string) |
{} |
no |
| eks_subnet_tags_per_az | Additional tags for the EKS subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| enable_dhcp_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | bool |
false |
no |
| enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
true |
no |
| enable_dns_hostnames | Should be true to enable DNS hostnames in the VPC | bool |
true |
no |
| enable_dns_support | Should be true to enable DNS support in the VPC | bool |
true |
no |
| enable_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | bool |
false |
no |
| enable_nat_gateway | Should be true if you want to provision NAT Gateways for each of your private networks. Default: true |
bool |
true |
no |
| enable_network_address_usage_metrics | Determines whether network address usage metrics are enabled for the VPC | bool |
null |
no |
| enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
true |
no |
| external_nat_ip_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list(string) |
[] |
no |
| external_nat_ips | List of EIPs to be used for nat_public_ips output (used in combination with reuse_nat_ips and external_nat_ip_ids) |
list(string) |
[] |
no |
| igw_tags | Additional tags for the internet gateway | map(string) |
{} |
no |
| instance_tenancy | A tenancy option for instances launched into the VPC | string |
"default" |
no |
| ipv6_native | Indicates whether to create an IPv6-only subnet. Default: false |
bool |
false |
no |
| lb_external_acl_tags | Additional tags for the LB public subnets network ACL | map(string) |
{} |
no |
| lb_external_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for LB public subnets. Default: true |
bool |
true |
no |
| lb_external_inbound_acl_rules | LB public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| lb_external_ipv6_native | Indicates whether to create an IPv6-only subnet for Load balancer public. Default: false |
bool |
false |
no |
| lb_external_outbound_acl_rules | LB public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| lb_external_route_table_tags | Additional tags for the Load balancer public route tables | map(string) |
{} |
no |
| lb_external_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| lb_external_subnet_suffix | Suffix to append to Load balancer public subnets name | string |
"lb-ext" |
no |
| lb_external_subnet_tags | Additional tags for the Load balancer public subnets | map(string) |
{} |
no |
| lb_external_subnet_tags_per_az | Additional tags for the Load balancer public subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| lb_internal_acl_tags | Additional tags for the LB private subnets network ACL | map(string) |
{} |
no |
| lb_internal_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for LB private subnets. Default: true |
bool |
true |
no |
| lb_internal_inbound_acl_rules | LB private subnets inbound network ACLs | list(map(string)) |
[ |
no |
| lb_internal_outbound_acl_rules | LB private subnets outbound network ACLs | list(map(string)) |
[ |
no |
| lb_internal_route_table_tags | Additional tags for the LB private route tables | map(string) |
{} |
no |
| lb_internal_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| lb_internal_subnet_names | Explicit values to use in the Name tag on LB private subnets. If empty, Name tags are generated | list(string) |
[] |
no |
| lb_internal_subnet_suffix | Suffix to append to LB private subnets name | string |
"lb-int" |
no |
| lb_internal_subnet_tags | Additional tags for the LB private subnets | map(string) |
{} |
no |
| lb_internal_subnet_tags_per_az | Additional tags for the LB private subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| manage_default_network_acl | Should be true to adopt and manage Default Network ACL | bool |
true |
no |
| manage_default_route_table | Should be true to manage default route table | bool |
true |
no |
| manage_default_security_group | Should be true to adopt and manage default security group | bool |
true |
no |
| manage_default_vpc | Should be true to adopt and manage Default VPC | bool |
false |
no |
| map_public_ip_on_ec2_launched | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is true |
bool |
true |
no |
| name | Name to be used on all the resources as identifier | string |
"" |
no |
| nat_eip_tags | Additional tags for the NAT EIP | map(string) |
{ |
no |
| nat_gateway_tags | Additional tags for the NAT gateways | map(string) |
{} |
no |
| one_nat_gateway_per_az | Should be true if you want only one NAT Gateway per availability zone. Default: false |
bool |
false |
no |
| others_private_acl_tags | Additional tags for the LB public subnets network ACL | map(string) |
{} |
no |
| others_private_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for LB public subnets. Default: true |
bool |
true |
no |
| others_private_inbound_acl_rules | LB public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| others_private_outbound_acl_rules | LB public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| others_private_route_table_tags | Additional tags for others private route tables | map(string) |
{} |
no |
| others_private_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| others_private_subnet_suffix | Suffix to append to Load balancer public subnets name | string |
"others-priv" |
no |
| others_private_subnet_tags | Additional tags for others private public subnets | map(string) |
{} |
no |
| others_private_subnet_tags_per_az | Additional tags for others private subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| others_public_acl_tags | Additional tags for others public subnets network ACL | map(string) |
{} |
no |
| others_public_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for others public subnets. Default: true |
bool |
true |
no |
| others_public_inbound_acl_rules | others public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| others_public_outbound_acl_rules | others public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| others_public_route_table_tags | Additional tags for others public route tables | map(string) |
{} |
no |
| others_public_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| others_public_subnet_suffix | Suffix to append to others public subnets name | string |
"other-pub" |
no |
| others_public_subnet_tags | Additional tags for others public subnets | map(string) |
{} |
no |
| others_public_subnet_tags_per_az | Additional tags for others public subnets where the primary key is the AZ | map(map(string)) |
{} |
no |
| private_dns_hostname_type_on_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name. Default ip-name |
string |
"ip-name" |
no |
| reuse_nat_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | bool |
false |
no |
| route_table_tags | Additional tags for all route tables | map(string) |
{} |
no |
| secondary_cidr_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list(string) |
[] |
no |
| single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool |
false |
no |
| spare_subnet_acl_tags | Additional tags for spare subnet network ACL | map(string) |
{} |
no |
| spare_subnet_dedicated_network_acl | Whether to use dedicated network ACL (not default) and custom rules for spare subnet. Default: true |
bool |
true |
no |
| spare_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| spare_subnet_inbound_acl_rules | spare subnet inbound network ACLs | list(map(string)) |
[ |
no |
| spare_subnet_ipv6_native | Indicates whether to create an IPv6-only subnet for spare subnet. Default: false |
bool |
false |
no |
| spare_subnet_map_public_ip_on_launch | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false |
bool |
false |
no |
| spare_subnet_outbound_acl_rules | spare subnet outbound network ACLs | list(map(string)) |
[ |
no |
| spare_subnet_route_table_tags | Additional tags for spare subnet route tables | map(string) |
{} |
no |
| spare_subnet_suffix | Suffix to append to spare subnet name | string |
"spare" |
no |
| spare_subnet_tags | Additional tags for spare subnet | map(string) |
{} |
no |
| spare_subnet_tags_per_az | Additional tags for spare subnet where the primary key is the AZ | map(map(string)) |
{} |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| vpc_tags | Additional tags for the VPC | map(string) |
{} |
no |
| Name | Description |
|---|---|
| azs | A list of availability zones specified as argument to this module |
| connectivity_route_table_ids | List of IDs of Connectivity route tables |
| connectivity_subnet_arns | List of ARNs of Connectivity subnets |
| connectivity_subnets | List of IDs of Connectivity private subnets |
| connectivity_subnets_cidr_blocks | List of cidr_blocks of Connectivity subnets |
| db_internet_gateway_route_id | ID of the database internet gateway route |
| db_nat_gateway_route_ids | List of IDs of the database nat gateway route |
| db_route_table_association_ids | List of IDs of the database route table association |
| db_route_table_ids | List of IDs of database route tables |
| db_subnet_arns | List of ARNs of database subnets |
| db_subnet_group | ID of database subnet group |
| db_subnet_group_name | Name of database subnet group |
| db_subnets | List of IDs of database subnets |
| db_subnets_cidr_blocks | List of cidr_blocks of database subnets |
| db_subnets_ipv6_cidr_blocks | List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC |
| default_network_acl_id | The ID of the default network ACL |
| default_route_table_id | The ID of the default route table |
| default_security_group_id | The ID of the security group created by default on VPC creation |
| ec2_private_route_table_ids | List of IDs of EC2 private route tables |
| ec2_private_subnet_arns | List of ARNs of EC2 private subnets |
| ec2_private_subnets | List of IDs of EC2 private subnets |
| ec2_private_subnets_cidr_blocks | List of cidr_blocks of EC2 private subnets |
| ec2_public_route_table_ids | List of IDs of EC2 public route tables |
| ec2_public_subnet_arns | List of ARNs of EC2 public subnets |
| ec2_public_subnets | List of IDs of EC2 public subnets |
| ec2_public_subnets_cidr_blocks | List of cidr_blocks of EC2 public subnets |
| ecs_route_table_ids | List of IDs of ECS route tables |
| ecs_subnet_arns | List of ARNs of ECS subnets |
| ecs_subnets | List of IDs of ECS subnets |
| ecs_subnets_cidr_blocks | List of cidr_blocks of ECS subnets |
| lb_external_route_table_ids | List of IDs of Load Balancer public route tables |
| lb_external_subnet_arns | List of ARNs of Load Balancer public subnets |
| lb_external_subnets | List of IDs of Load Balancer public subnets |
| lb_external_subnets_cidr_blocks | List of cidr_blocks of Load Balancer public subnets |
| lb_internal_route_table_ids | List of IDs of Load Balancer private route tables |
| lb_internal_subnet_arns | List of ARNs of Load Balancer private subnets |
| lb_internal_subnets | List of IDs of Load Balancer private subnets |
| lb_internal_subnets_cidr_blocks | List of cidr_blocks of Load Balancer private subnets |
| name | The name of the VPC specified as argument to this module |
| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway |
| natgw_ids | List of NAT Gateway IDs |
| others_private_route_table_ids | List of IDs of others private route tables |
| others_private_subnet_arns | List of ARNs of other private subnets |
| others_private_subnets | List of IDs of other private subnets |
| others_private_subnets_cidr_blocks | List of cidr_blocks of other private subnets |
| others_public_route_table_ids | List of IDs of others public route tables |
| others_public_subnet_arns | List of ARNs of other public subnets |
| others_public_subnets | List of IDs of other public subnets |
| others_public_subnets_cidr_blocks | List of cidr_blocks of other public subnets |
| private_route_table_ids | Private route tables associated with this VPC |
| public_route_table_ids | Public route tables associated with this VPC |
| spare_subnet | List of IDs of spare subnet |
| spare_subnet_arns | List of ARNs of spare subnet |
| spare_subnet_cidr_blocks | List of cidr_blocks of spare subnet |
| spare_subnet_route_table_ids | List of IDs of spare subnet route tables |
| vpc_arn | The ARN of the VPC |
| vpc_cidr_block | The CIDR block of the VPC |
| vpc_id | The ID of the VPC |
| vpc_main_route_table_id | The ID of the main route table associated with this VPC |
| vpc_owner_id | The ID of the AWS account that owns the VPC |
| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC |