Skip to content

opsstation/terraform-aws-subnet

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform-aws-subnet

Terraform AWS Cloud Subnet Modules

Table of Contents

Introduction

This Terraform module creates AWS subnet along with additional configuration options.

Usage

To use this module, include it in your Terraform configuration file and provide the required input variables. Below is an example of how to use the module:

Examples:

Example: private-subnet

module "private-subnets" {
  source              = "git::https://github.com/opsstation/terraform-aws-subnet.git?ref=v1.0.0"
  name                = "app"
  environment         = "test"
  nat_gateway_enabled = true
  availability_zones  = ["eu-west-1a"]
  vpc_id              = module.vpc.vpc_id
  type                = "private"
  cidr_block          = module.vpc.vpc_cidr_block
  ipv6_cidr_block     = module.vpc.ipv6_cidr_block
  ipv4_private_cidrs  = ["10.0.3.0/24"]
  public_subnet_ids   = ["subnet-07962e9e61ad3bcd3"]
}

Example: public-private-subnet-single-nat-gateway

module "subnets" {
  source              = "./../../"
  nat_gateway_enabled = true
  single_nat_gateway  = true
  name                = "app"
  environment         = "test"
  availability_zones  = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  vpc_id              = module.vpc.vpc_id
  type                = "public-private"
  igw_id              = module.vpc.igw_id
  cidr_block          = module.vpc.vpc_cidr_block
  ipv6_cidr_block     = module.vpc.ipv6_cidr_block
  enable_ipv6         = false
}

Example: public-private

module "subnets" {
  source                                         = "./../../"
  name                                           = "app"
  environment                                    = "test"
  nat_gateway_enabled                            = true
  availability_zones                             = ["eu-west-1a", "eu-west-1b"]
  vpc_id                                         = module.vpc.vpc_id
  type                                           = "public-private"
  igw_id                                         = module.vpc.igw_id
  cidr_block                                     = module.vpc.vpc_cidr_block
  ipv6_cidr_block                                = module.vpc.ipv6_cidr_block
  public_subnet_assign_ipv6_address_on_creation  = true
  enable_ipv6                                    = true
  private_subnet_assign_ipv6_address_on_creation = true
}

Example: public-subnet

module "subnet" {
  source             = "./../.."
  name               = "app"
  environment        = "test"
  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
  vpc_id             = module.vpc.vpc_id
  type               = "public"
  igw_id             = module.vpc.igw_id
  ipv4_public_cidrs  = ["10.0.1.0/24", "10.0.13.0/24", "10.0.18.0/24"]
  enable_ipv6        = false
}

Examples

For detailed examples on how to use this module, please refer to the Examples directory within this repository.

Author

Your Name Replace MIT and opsstation with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Requirements

Name Version
terraform >= 1.4.6
aws >= 5.9.0

Providers

Name Version
aws >= 5.9.0

Modules

Name Source Version
private-labels git::https://github.com/opsstation/terraform-aws-labels.git v1.0.0
public-labels git::https://github.com/opsstation/terraform-aws-labels.git v1.0.0

Resources

Name Type
aws_eip.private resource
aws_flow_log.private_subnet_flow_log resource
aws_flow_log.public_subnet_flow_log resource
aws_nat_gateway.private resource
aws_network_acl.private resource
aws_network_acl.public resource
aws_network_acl_rule.private_inbound resource
aws_network_acl_rule.private_outbound resource
aws_network_acl_rule.public_inbound resource
aws_network_acl_rule.public_outbound resource
aws_route.nat_gateway resource
aws_route.public resource
aws_route.public_ipv6 resource
aws_route_table.private resource
aws_route_table.public resource
aws_route_table_association.private resource
aws_route_table_association.public resource
aws_subnet.private resource
aws_subnet.public resource

Inputs

Name Description Type Default Required
attributes Additional attributes (e.g. 1). list(any) [] no
availability_zones List of Availability Zones (e.g. ['us-east-1a', 'us-east-1b', 'us-east-1c']). list(string) [] no
cidr_block Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). string null no
delimiter Delimiter to be used between organization, environment, name and attributes. string "-" no
enable Set to false to prevent the module from creating any resources. bool true no
enable_flow_log Enable subnet_flow_log logs. bool false no
enable_ipv6 Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block bool false no
enable_private_acl Set to false to prevent the module from creating any resources. bool true no
enable_public_acl Set to false to prevent the module from creating any resources. bool true no
environment Environment (e.g. prod, dev, staging). string "" no
extra_private_tags Additional private subnet tags. map(any) {} no
extra_public_tags Additional tags (e.g. map(BusinessUnit,XYZ). map(any) {} no
flow_log_destination_arn ARN of resource in which flow log will be sent. string null no
flow_log_destination_type Type of flow log destination. Can be s3 or cloud-watch-logs string "cloud-watch-logs" no
flow_log_file_format (Optional) The format for the flow log. Valid values: plain-text, parquet string null no
flow_log_hive_compatible_partitions (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 bool false no
flow_log_iam_role_arn The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided string null no
flow_log_log_format The fields to include in the flow log record, in the order in which they should appear string null no
flow_log_max_aggregation_interval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds or 600 seconds number 600 no
flow_log_per_hour_partition (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries bool false no
flow_log_traffic_type Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL. string "ALL" no
igw_id Internet Gateway ID that is used as a default route when creating public subnets (e.g. igw-9c26a123). string "" no
ipv4_private_cidrs Subnet CIDR blocks (e.g. 10.0.0.0/16). list(any) [] no
ipv4_public_cidrs Subnet CIDR blocks (e.g. 10.0.0.0/16). list(any) [] no
ipv6_cidr_block Base CIDR block which is divided into subnet CIDR blocks (e.g. 10.0.0.0/16). string null no
label_order Label order, e.g. name,Environment. list(any)
[
"name",
"environment"
]
no
managedby ManagedBy, eg 'OpsStation'. string "" no
map_public_ip_on_launch Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. bool false no
name Name (e.g. prod-subnet or subnet). string "" no
nat_gateway_destination_cidr_block Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route string "0.0.0.0/0" no
nat_gateway_enabled Flag to enable/disable NAT Gateways creation in public subnets. bool false no
private_inbound_acl_rules Private subnets inbound network ACLs list(map(string))
[
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
no
private_ipv6_cidrs Private Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). list(any) [] no
private_outbound_acl_rules Private subnets outbound network ACLs list(map(string))
[
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
no
private_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. bool false no
private_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool false no
private_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
private_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool false no
private_subnet_ipv6_native Indicates whether to create an IPv6-only private subnet. Default: false bool false no
private_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
public_inbound_acl_rules Public subnets inbound network ACLs list(map(string))
[
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
no
public_ipv6_cidrs Public Subnet CIDR blocks (e.g. 2a05:d018:832:ca02::/64). list(any) [] no
public_outbound_acl_rules Public subnets outbound network ACLs list(map(string))
[
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
no
public_rt_ipv4_destination_cidr The destination ipv4 CIDR block. string "0.0.0.0/0" no
public_rt_ipv6_destination_cidr The destination ipv6 CIDR block. string "::/0" no
public_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. bool false no
public_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool false no
public_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
public_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool false no
public_subnet_ids A list of public subnet ids. list(string) [] no
public_subnet_ipv6_native Indicates whether to create an IPv6-only public subnet. Default: false bool false no
public_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
repository Terraform current module repo string "https://github.com/opsstation/terraform-aws-subnet" no
single_nat_gateway Enable for only single NAT Gateway in one Availability Zone bool false no
tags Additional tags (e.g. map(BusinessUnit,XYZ). map(any) {} no
type Type of subnets to create (private or public). string "" no
vpc_id VPC ID. string n/a yes

Outputs

Name Description
private_acl The ID of the network ACL.
private_route_tables_id The ID of the routing table.
private_subnet_cidrs CIDR blocks of the created private subnets.
private_subnet_cidrs_ipv6 CIDR blocks of the created private subnets.
private_subnet_id The ID of the private subnet.
private_tags A mapping of private tags to assign to the resource.
public_acl The ID of the network ACL.
public_route_tables_id The ID of the routing table.
public_subnet_cidrs CIDR blocks of the created public subnets.
public_subnet_cidrs_ipv6 CIDR blocks of the created public subnets.
public_subnet_id The ID of the subnet.
public_tags A mapping of public tags to assign to the resource.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages