Terraform modules networking related vpc,subnets,route tables..
Creates a nat gateway and automatically adds a route table to the route tables passed as parameter
- [
private_route_tables
]: List(string)(required): List of private route tables that require the nat gateway [NOTE the number of nat gateways should match the number of private routes] - [
number_nat_gateways
]: Number(optional): Number of nat gateways required - [
public_subnets
]: List(string)(required): The subnets where we are going to create/deploy the NAT gateways - [
tags
]: Map(optional): optional tags
- [
ids
]: List: The ids of the nat gateways created.
module "nat_gateway" {
source = "nat_gateway"
private_route_tables=module.vpc.private_rts
public_subnets=module.vpc.public_subnets
}
Creates a number of subnets and divides them in different parts based on the input params
TODO once terraform-docs properly supports 0.12...
Name | Description |
---|---|
ids | the ids of the subnets created |
module "public_lb_subnets" {
source = "../subnets"
num_subnets = var.amount_public_lb_subnets
visibility = "public"
role = "lb"
cidr = var.cidr_block
netnum = 0
vpc_id = aws_vpc.main.id
aws_region = var.aws_region
environment = var.environment
project = var.project
tags = { "KubernetesCluster" = "test" }
}
This module will create a vpc with the option to specify 4 types of subnets:
- public_nat-bastion_subnets
- public_lb_subnets
- private_app_subnets
- private_db_subnets
It will also create the required route tables for the private subnets. The private_app and private_db subnets are private subnets.
Name | Description | Type | Default | Required |
---|---|---|---|---|
availability_zones | List of AZs to use for the subnets. Defaults to all available AZs when not specified (looped over sequentially for the amount of subnets) | list(string) | null |
no |
amount_private_app_subnets | Amount of subnets you need | number | 3 |
no |
amount_private_db_subnets | Amount of subnets you need | number | 3 |
no |
amount_private_management_subnets | Amount of subnets you need | number | 0 |
no |
amount_public_lb_subnets | Amount of subnets you need | number | 3 |
no |
amount_public_nat-bastion_subnets | Amount of subnets you need | number | 1 |
no |
cidr_block | CIDR block you want to have in your VPC | string | n/a | yes |
environment | How do you want to call your environment, this is helpful if you have more than 1 VPC. | string | "production" |
no |
extra_tags_private_app | Private app subnets extra tags | map | <map> |
no |
extra_tags_private_db | Private database subnets extra tags | map | <map> |
no |
extra_tags_private_management | Private management subnets extra tags | map | <map> |
no |
extra_tags_public_lb | Public load balancer subnets extra tags | map | <map> |
no |
extra_tags_public_nat-bastion | Public nat/bastion subnets extra tags | map | <map> |
no |
extra_tags_vpc | VPC extra tags | map | <map> |
no |
netnum_private_app | First number of subnet to start of for private_app subnets | string | "20" |
no |
netnum_private_db | First number of subnet to start of for private_db subnets | string | "30" |
no |
netnum_private_management | First number of subnet to start of for private_management subnets | string | "200" |
no |
netnum_public_lb | First number of subnet to start of for public_lb subnets | string | "10" |
no |
netnum_public_nat-bastion | First number of subnet to start of for public_nat-bastion subnets | string | "0" |
no |
number_private_rt | The desired number of private route tables. In case we want one per AZ we can change this value. | number | 1 |
no |
project | The current project | string | n/a | yes |
tags | Optional Tags | map | <map> |
no |
Name | Description |
---|---|
default_network_acl_id | Id of the default network acl |
private_app_subnets | List of the private_app subnets id created |
private_db_subnets | List of the private_db subnets id created |
private_management_subnets | List of the private_management subnets id created |
private_rts | List of the ids of the private route tables created |
public_lb_subnets | List of the public_lb subnets id created |
public_nat-bastion | List of the public_nat-bastion subnets id created |
public_rts | List of the ids of the public route tables created |
vpc_id | The id of the vpc created |
module "vpc" {
source = "vpc"
cidr_block = "172.16.0.0/16"
project = "test"
environment = "prod"
tags = { "KubernetesCluster" = "test" }
}
The Terraform state migration commands to migrate from VPC module v2.x to v3.0 and up.
terraform state mv module.vpc.aws_route_table_association.public_nat-bastion_hosts module.vpc.module.public_nat-bastion_subnets.aws_route_table_association.subnet_association
terraform state mv module.vpc.aws_route_table_association.private_app[0] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_app[1] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_app[2] module.vpc.module.private_app_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_management[0] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_management[1] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_management[2] module.vpc.module.private_management_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[0] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[1] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.public_lb_hosts[2] module.vpc.module.public_lb_subnets.aws_route_table_association.subnet_association[2]
terraform state mv module.vpc.aws_route_table_association.private_db[0] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[0]
terraform state mv module.vpc.aws_route_table_association.private_db[1] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[1]
terraform state mv module.vpc.aws_route_table_association.private_db[2] module.vpc.module.private_db_subnets.aws_route_table_association.subnet_association[2]
This module creates and exposes a reusable security group called sg-all
.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
sg_id
]: String: the id of the security group created
module "securitygroup_all" {
source = "github.com/skyscrapers/terraform-network//securitygroups/all"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
}
This module creates and exposes a reusable security group called sg_icinga_satellite
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
icinga_master_ip
]: String(required): the IP address of the Icinga master in CIDR notation. - [
internal_sg_id
]: String(optional): The Icinga satellite will be able to access this security group through NRPE, if provided.
- [
sg_id
]: String: the id of the security group created
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/icinga_satellite"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
icinga_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_puppet
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
puppet_master_ip
]: String(required): the IP address of the Puppet master in CIDR notation.
- [
sg_id
]: String: the id of the security group created
module "securitygroup_icinga" {
source = "github.com/skyscrapers/terraform-network//securitygroups/puppet"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
puppet_master_ip = "123.234.123.234/32"
}
This module creates and exposes a reusable security group called sg_web_public
, expanded
with project and environment info.
The implementation uses the separate aws_security_group
and aws_security_group_rule
resources
to make the creation and adaptation of security groups much more modular.
- [
vpc_id
]: String(required): the id of the VPC where the security group must be created - [
project
]: String(required): the name of the customer or project - [
environment
]: String(required): the environment to create the security group in. Examples:staging
,production
- [
sg_id
]: String: the id of the security group created
module "securitygroup_web_public" {
source = "github.com/skyscrapers/terraform-network//securitygroups/web_public"
vpc_id = module.vpc.vpc_id
project = var.project
environment = var.environment
}