This Terraform module creates AWS subnet along with additional configuration options.
To use this module, include it in your Terraform configuration file and provide the required input variables. Below is an example of how to use the module:
module "private-subnets" {
source = "git::https://github.com/opsstation/terraform-aws-subnet.git?ref=v1.0.0"
name = "app"
environment = "test"
nat_gateway_enabled = true
availability_zones = ["eu-west-1a"]
vpc_id = module.vpc.vpc_id
type = "private"
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
ipv4_private_cidrs = ["10.0.3.0/24"]
public_subnet_ids = ["subnet-07962e9e61ad3bcd3"]
}module "subnets" {
source = "./../../"
nat_gateway_enabled = true
single_nat_gateway = true
name = "app"
environment = "test"
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
vpc_id = module.vpc.vpc_id
type = "public-private"
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
enable_ipv6 = false
}module "subnets" {
source = "./../../"
name = "app"
environment = "test"
nat_gateway_enabled = true
availability_zones = ["eu-west-1a", "eu-west-1b"]
vpc_id = module.vpc.vpc_id
type = "public-private"
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
ipv6_cidr_block = module.vpc.ipv6_cidr_block
public_subnet_assign_ipv6_address_on_creation = true
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
}module "subnet" {
source = "./../.."
name = "app"
environment = "test"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
vpc_id = module.vpc.vpc_id
type = "public"
igw_id = module.vpc.igw_id
ipv4_public_cidrs = ["10.0.1.0/24", "10.0.13.0/24", "10.0.18.0/24"]
enable_ipv6 = false
}For detailed examples on how to use this module, please refer to the Examples directory within this repository.
Your Name Replace MIT and opsstation with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >= 1.4.6 |
| aws | >= 5.9.0 |
| Name | Version |
|---|---|
| aws | >= 5.9.0 |
| Name | Source | Version |
|---|---|---|
| private-labels | git::https://github.com/opsstation/terraform-aws-labels.git | v1.0.0 |
| public-labels | git::https://github.com/opsstation/terraform-aws-labels.git | v1.0.0 |
| Name | Type |
|---|---|
| aws_eip.private | resource |
| aws_flow_log.private_subnet_flow_log | resource |
| aws_flow_log.public_subnet_flow_log | resource |
| aws_nat_gateway.private | resource |
| aws_network_acl.private | resource |
| aws_network_acl.public | resource |
| aws_network_acl_rule.private_inbound | resource |
| aws_network_acl_rule.private_outbound | resource |
| aws_network_acl_rule.public_inbound | resource |
| aws_network_acl_rule.public_outbound | resource |
| aws_route.nat_gateway | resource |
| aws_route.public | resource |
| aws_route.public_ipv6 | resource |
| aws_route_table.private | resource |
| aws_route_table.public | resource |
| aws_route_table_association.private | resource |
| aws_route_table_association.public | resource |
| aws_subnet.private | resource |
| aws_subnet.public | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| attributes | Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| availability_zones | List of Availability Zones (e.g. ['us-east-1a', 'us-east-1b', 'us-east-1c']). |
list(string) |
[] |
no |
| cidr_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). |
string |
null |
no |
| delimiter | Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| enable | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| enable_flow_log | Enable subnet_flow_log logs. | bool |
false |
no |
| enable_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | bool |
false |
no |
| enable_private_acl | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| enable_public_acl | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| extra_private_tags | Additional private subnet tags. | map(any) |
{} |
no |
| extra_public_tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| flow_log_destination_arn | ARN of resource in which flow log will be sent. | string |
null |
no |
| flow_log_destination_type | Type of flow log destination. Can be s3 or cloud-watch-logs | string |
"cloud-watch-logs" |
no |
| flow_log_file_format | (Optional) The format for the flow log. Valid values: plain-text, parquet |
string |
null |
no |
| flow_log_hive_compatible_partitions | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | bool |
false |
no |
| flow_log_iam_role_arn | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | string |
null |
no |
| flow_log_log_format | The fields to include in the flow log record, in the order in which they should appear | string |
null |
no |
| flow_log_max_aggregation_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds or 600 seconds |
number |
600 |
no |
| flow_log_per_hour_partition | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | bool |
false |
no |
| flow_log_traffic_type | Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL. | string |
"ALL" |
no |
| igw_id | Internet Gateway ID that is used as a default route when creating public subnets (e.g. igw-9c26a123). |
string |
"" |
no |
| ipv4_private_cidrs | Subnet CIDR blocks (e.g. 10.0.0.0/16). |
list(any) |
[] |
no |
| ipv4_public_cidrs | Subnet CIDR blocks (e.g. 10.0.0.0/16). |
list(any) |
[] |
no |
| ipv6_cidr_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). |
string |
null |
no |
| label_order | Label order, e.g. name,Environment. |
list(any) |
[ |
no |
| managedby | ManagedBy, eg 'OpsStation'. | string |
"" |
no |
| map_public_ip_on_launch | Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. | bool |
false |
no |
| name | Name (e.g. prod-subnet or subnet). |
string |
"" |
no |
| nat_gateway_destination_cidr_block | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | string |
"0.0.0.0/0" |
no |
| nat_gateway_enabled | Flag to enable/disable NAT Gateways creation in public subnets. | bool |
false |
no |
| private_inbound_acl_rules | Private subnets inbound network ACLs | list(map(string)) |
[ |
no |
| private_ipv6_cidrs | Private Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). |
list(any) |
[] |
no |
| private_outbound_acl_rules | Private subnets outbound network ACLs | list(map(string)) |
[ |
no |
| private_subnet_assign_ipv6_address_on_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | bool |
false |
no |
| private_subnet_enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
false |
no |
| private_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| private_subnet_enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
false |
no |
| private_subnet_ipv6_native | Indicates whether to create an IPv6-only private subnet. Default: false |
bool |
false |
no |
| private_subnet_private_dns_hostname_type_on_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name |
string |
null |
no |
| public_inbound_acl_rules | Public subnets inbound network ACLs | list(map(string)) |
[ |
no |
| public_ipv6_cidrs | Public Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). |
list(any) |
[] |
no |
| public_outbound_acl_rules | Public subnets outbound network ACLs | list(map(string)) |
[ |
no |
| public_rt_ipv4_destination_cidr | The destination ipv4 CIDR block. | string |
"0.0.0.0/0" |
no |
| public_rt_ipv6_destination_cidr | The destination ipv6 CIDR block. | string |
"::/0" |
no |
| public_subnet_assign_ipv6_address_on_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | bool |
false |
no |
| public_subnet_enable_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true |
bool |
false |
no |
| public_subnet_enable_resource_name_dns_a_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false |
bool |
false |
no |
| public_subnet_enable_resource_name_dns_aaaa_record_on_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true |
bool |
false |
no |
| public_subnet_ids | A list of public subnet ids. | list(string) |
[] |
no |
| public_subnet_ipv6_native | Indicates whether to create an IPv6-only public subnet. Default: false |
bool |
false |
no |
| public_subnet_private_dns_hostname_type_on_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name |
string |
null |
no |
| repository | Terraform current module repo | string |
"https://github.com/opsstation/terraform-aws-subnet" |
no |
| single_nat_gateway | Enable for only single NAT Gateway in one Availability Zone | bool |
false |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| type | Type of subnets to create (private or public). |
string |
"" |
no |
| vpc_id | VPC ID. | string |
n/a | yes |
| Name | Description |
|---|---|
| private_acl | The ID of the network ACL. |
| private_route_tables_id | The ID of the routing table. |
| private_subnet_cidrs | CIDR blocks of the created private subnets. |
| private_subnet_cidrs_ipv6 | CIDR blocks of the created private subnets. |
| private_subnet_id | The ID of the private subnet. |
| private_tags | A mapping of private tags to assign to the resource. |
| public_acl | The ID of the network ACL. |
| public_route_tables_id | The ID of the routing table. |
| public_subnet_cidrs | CIDR blocks of the created public subnets. |
| public_subnet_cidrs_ipv6 | CIDR blocks of the created public subnets. |
| public_subnet_id | The ID of the subnet. |
| public_tags | A mapping of public tags to assign to the resource. |