terraform-aws-mcaf-vpc-with-ipam

Terraform module to manage an AWS VPC using the CIDR provided by an IPAM pool and attaching the VPC to a transit gateway.

This module will be merged with https://github.com/schubergphilis/terraform-aws-mcaf-vpc in the future.

Usage

Requirements

Name	Version
terraform	>= 1.3
aws	>= 5.20

Providers

Name	Version
aws	>= 5.20
aws.transit_gateway_account	>= 5.20

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_log_group.vpc_flow_logs	resource
aws_default_security_group.default_vpc	resource
aws_default_security_group.workload_vpc	resource
aws_default_vpc.default	resource
aws_ec2_transit_gateway_route_table_association.default	resource
aws_ec2_transit_gateway_route_table_propagation.default	resource
aws_ec2_transit_gateway_vpc_attachment.default	resource
aws_ec2_transit_gateway_vpc_attachment_accepter.default	resource
aws_eip.nat_gw	resource
aws_flow_log.default	resource
aws_iam_policy.vpc_flow_logs	resource
aws_iam_role.vpc_flow_logs	resource
aws_iam_role_policy_attachment.vpc_flow_logs	resource
aws_internet_gateway.default	resource
aws_nat_gateway.public	resource
aws_route.internet_gateway	resource
aws_route_table.default	resource
aws_route_table_association.default	resource
aws_subnet.default	resource
aws_vpc.default	resource
aws_vpc_ipam_preview_next_cidr.vpc	resource
aws_caller_identity.default	data source
aws_iam_policy_document.vpc_flow_log	data source
aws_iam_policy_document.vpc_flow_logs_assume_role	data source
aws_region.default	data source

Inputs

Name	Description	Type	Default	Required
availability_zones	A list of availability zones names or ids in the region.	list(string)	n/a	yes
aws_vpc_ipam_pool	ID of the IPAM pool to get CIDRs from.	string	n/a	yes
name	Name to be used on all the resources as identifier.	string	n/a	yes
networks	A list of objects describing requested subnetwork prefixes.	list(object({ name = string cidr_netmask = number public = optional(bool, false) nat_gw = optional(bool, false) tgw_attachment = optional(bool, false) tags = optional(map(string), {}) }))	n/a	yes
cloudwatch_flow_logs_configuration	Cloudwatch flow logs configuration	object({ iam_path = optional(string, "/") iam_policy_name_prefix = optional(string, "vpc-flow-logs-to-cloudwatch-") iam_role_name_prefix = optional(string, "vpc-flow-logs-role-") kms_key_arn = optional(string) log_group_name = optional(string) max_aggregation_interval = optional(number, 60) retention_in_days = optional(number, 90) traffic_type = optional(string, "ALL") })	{}	no
enable_dns_hostnames	Enable DNS hostnames in the VPC.	bool	true	no
manage_default_vpc	Should be true to adopt and manage the default VPC.	bool	true	no
tags	A map of tags to add to all resources.	map(string)	{}	no
transit_gateway_appliance_mode_support	Enable to attach the VPC in appliance mode on the Transit Gateway.	bool	false	no
transit_gateway_id	Transit Gateway ID.	string	""	no
transit_gateway_route_table_association	Transit Gateway route table ID to attach the VPC on.	string	""	no
transit_gateway_route_table_propagation	Transit Gateway route table ID's to propagate the VPC CIDR to.	list(string)	[]	no
vpc_cidr_netmask	The netmask length of the IPv4 CIDR you want to allocate to this VPC.	number	20	no

Outputs

Name	Description
nat_gateway_ids	List of NAT Gateway IDs
route_table_ids	Map of all networks in the VPC and their subnets
subnet_ids	Map of all networks in the VPC and their subnets
subnets	Map of all subnets in the VPCs
transit_gateway_attachment_id	Transit Gateway attachment ID
vpc_arn	The ARN of the VPC
vpc_cidr_block	The CIDR block of the VPC
vpc_id	The ID of the VPC

Licensing

100% Open Source and licensed under the Apache License Version 2.0. See LICENSE for full details.