Management VPC

Deploy a VPC on AWS for administrative and management functions.

View on GitHub

Reference

Inputs

• availability_zone_exclude_ids — List of excluded Availability Zone IDs.

• availability_zone_exclude_names — List of excluded Availability Zone names.

• availability_zone_state — Allows to filter list of Availability Zones based on their current state. Can be either "available", "information", "impaired" or "unavailable". By default the list includes a complete set of Availability Zones to which the underlying AWS account has access, regardless of their state.

• aws_region — The AWS region to deploy into

• cidr_block — The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27. Examples include '10.100.0.0/16', '10.200.0.0/16', etc.

• create_flow_logs — If you set this variable to false, this module will not create VPC Flow Logs resources. This is used as a workaround because Terraform does not allow you to use the 'count' parameter on modules. By using this parameter, you can optionally create or not create the resources within this module.

• create_network_acls — If set to false, this module will NOT create Network ACLs. This is useful if you don't want to use Network ACLs or you want to provide your own Network ACLs outside of this module.

• custom_tags — A map of tags to apply to the VPC, Subnets, Route Tables, and Internet Gateway. The key is the tag name and the value is the tag value. Note that the tag 'Name' is automatically added by this module but may be optionally overwritten by this variable.

• custom_tags_vpc_only — A map of tags to apply just to the VPC itself, but not any of the other resources. The key is the tag name and the value is the tag value. Note that tags defined here will override tags defined as custom_tags in case of conflict.

• kms_key_arn — The ARN of a KMS key to use for encrypting VPC the flow log. A new KMS key will be created if this is not supplied.

• kms_key_user_iam_arns — VPC Flow Logs will be encrypted with a KMS Key (a Customer Master Key). The IAM Users specified in this list will have access to this key.

• nat_gateway_custom_tags — A map of tags to apply to the NAT gateways, on top of the custom_tags. The key is the tag name and the value is the tag value. Note that tags defined here will override tags defined as custom_tags in case of conflict.

• num_availability_zones — How many AWS Availability Zones (AZs) to use. One subnet of each type (public, private app) will be created in each AZ. Note that this must be less than or equal to the total number of AZs in a region. A value of null means all AZs should be used. For example, if you specify 3 in a region with 5 AZs, subnets will be created in just 3 AZs instead of all 5. Defaults to 3.

• num_nat_gateways — The number of NAT Gateways to launch for this VPC. The management VPC defaults to 1 NAT Gateway to save on cost, but to increase redundancy, you can adjust this to add additional NAT Gateways.

• private_subnet_bits — Takes the CIDR prefix and adds these many bits to it for calculating subnet ranges. MAKE SURE if you change this you also change the CIDR spacing or you may hit errors. See cidrsubnet interpolation in terraform config for more information.

• private_subnet_cidr_blocks — A map listing the specific CIDR blocks desired for each private subnet. The key must be in the form AZ-0, AZ-1, ... AZ-n where n is the number of Availability Zones. If left blank, we will compute a reasonable CIDR block for each subnet.

• private_subnet_custom_tags — A map of tags to apply to the private Subnet, on top of the custom_tags. The key is the tag name and the value is the tag value. Note that tags defined here will override tags defined as custom_tags in case of conflict.

• public_subnet_bits — Takes the CIDR prefix and adds these many bits to it for calculating subnet ranges. MAKE SURE if you change this you also change the CIDR spacing or you may hit errors. See cidrsubnet interpolation in terraform config for more information.

• public_subnet_cidr_blocks — A map listing the specific CIDR blocks desired for each public subnet. The key must be in the form AZ-0, AZ-1, ... AZ-n where n is the number of Availability Zones. If left blank, we will compute a reasonable CIDR block for each subnet.

• public_subnet_custom_tags — A map of tags to apply to the public Subnet, on top of the custom_tags. The key is the tag name and the value is the tag value. Note that tags defined here will override tags defined as custom_tags in case of conflict.

• subnet_spacing — The amount of spacing between the different subnet types

• vpc_name — The name of the VPC. Defaults to mgmt.

Outputs

• nat_gateway_public_ips — The public IP address(es) of the NAT gateway(s) of the mgmt VPC.

• num_availability_zones — The number of availability zones used by the mgmt VPC.

• private_subnet_arns — The private subnet ARNs of the mgmt VPC.

• private_subnet_cidr_blocks — The private subnet CIDR blocks of the mgmt VPC.

• private_subnet_ids — The private subnet IDs of the mgmt VPC.

• private_subnet_route_table_ids — The ID of the private subnet route table of the mgmt VPC.

• public_subnet_arns — The public subnet ARNs of the mgmt VPC.

• public_subnet_cidr_blocks — The public subnet CIDR blocks of the mgmt VPC.

• public_subnet_ids — The public subnet IDs of the mgmt VPC.

• public_subnet_route_table_id — The ID of the public subnet route table of the mgmt VPC.

• vpc_cidr_block — The CIDR block of the mgmt VPC.

• vpc_id — The ID of the mgmt VPC.

• vpc_name — The name of the mgmt VPC.

• vpc_ready — Indicates whether or not the VPC has finished creating