- Terraform module to create public, private and public-private subnet with network acl, route table, Elastic IP, nat gateway, flow log. -
++ With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. +
+
@@ -22,6 +20,9 @@
+
+ 
+
+ 
+
@@ -41,21 +45,22 @@
[| no | -| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | -| map\_public\_ip\_on\_launch | Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. | `bool` | `false` | no | -| name | Name (e.g. `prod-subnet` or `subnet`). | `string` | `""` | no | -| nat\_gateway\_destination\_cidr\_block | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no | -| nat\_gateway\_enabled | Flag to enable/disable NAT Gateways creation in public subnets. | `bool` | `false` | no | -| private\_inbound\_acl\_rules | Private subnets inbound network ACLs | `list(map(string))` |
"name",
"environment"
]
[| no | -| private\_ipv6\_cidrs | Private Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | -| private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| private\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | -| private\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | -| private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | -| private\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only private subnet. Default: `false` | `bool` | `false` | no | -| private\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| public\_inbound\_acl\_rules | Public subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| public\_ipv6\_cidrs | Public Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | -| public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | -| public\_rt\_ipv4\_destination\_cidr | The destination ipv4 CIDR block. | `string` | `"0.0.0.0/0"` | no | -| public\_rt\_ipv6\_destination\_cidr | The destination ipv6 CIDR block. | `string` | `"::/0"` | no | -| public\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | -| public\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | -| public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | -| public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | -| public\_subnet\_ids | A list of public subnet ids. | `list(string)` | `[]` | no | -| public\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only public subnet. Default: `false` | `bool` | `false` | no | -| public\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | -| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-subnet"` | no | -| single\_nat\_gateway | Enable for only single NAT Gateway in one Availability Zone | `bool` | `false` | no | -| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(any)` | `{}` | no | -| type | Type of subnets to create (`private` or `public`). | `string` | `""` | no | -| vpc\_id | VPC ID. | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| private\_acl | The ID of the network ACL. | -| private\_route\_tables\_id | The ID of the routing table. | -| private\_subnet\_cidrs | CIDR blocks of the created private subnets. | -| private\_subnet\_cidrs\_ipv6 | CIDR blocks of the created private subnets. | -| private\_subnet\_id | The ID of the private subnet. | -| private\_tags | A mapping of private tags to assign to the resource. | -| public\_acl | The ID of the network ACL. | -| public\_route\_tables\_id | The ID of the routing table. | -| public\_subnet\_cidrs | CIDR blocks of the created public subnets. | -| public\_subnet\_cidrs\_ipv6 | CIDR blocks of the created public subnets. | -| public\_subnet\_id | The ID of the subnet. | -| public\_tags | A mapping of public tags to assign to the resource. | - - - - -## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. - -You need to run the following command in the testing folder: -```hcl - go test -run Test -``` ## Feedback -If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-subnet/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). +Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-subnet/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). + +Show some love with a β on [our GitHub](https://github.com/clouddrove/terraform-aws-subnet)! if our work has brightened your day! β your feedback fuels our journey! + + +## :rocket: Our Accomplishment + +We have [*100+ Terraform modules*][terraform_modules] π. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. + +- [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. + +- [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. + +- [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. + + + + +## Join Our Slack Community + +Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. +Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. + +ππ¬What you'll get after joining this Slack community: + +- π Encouragement to upgrade your best version. +- π Learning companionship with our DevOps squad. +- π± Relentless growth with daily updates on new advancements in technologies. + +Join our tech elites [Join Now][slack] π + + +## Explore Our Blogs -If you have found it worth your time, go ahead and give us a β on [our GitHub](https://github.com/clouddrove/terraform-aws-subnet)! + Click [here][blog] :books: :star2: -## About us +## Tap into our capabilities +We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. -At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. +At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com).
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
We are The Cloud Experts!
We β€οΈ Open Source and you can check out our other modules to get help with your new Cloud ideas.
+We β€οΈ Open Source and you can check out our other modules to get help with your new Cloud ideas.
[website]: https://clouddrove.com + [blog]: https://blog.clouddrove.com + [slack]: https://www.launchpass.com/devops-talks [github]: https://github.com/clouddrove [linkedin]: https://cpco.io/linkedin [twitter]: https://twitter.com/clouddrove/ diff --git a/docs/io.md b/docs/io.md new file mode 100644 index 0000000..6d76765 --- /dev/null +++ b/docs/io.md @@ -0,0 +1,79 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| attributes | Additional attributes (e.g. `1`). | `list(any)` | `[]` | no | +| availability\_zones | List of Availability Zones (e.g. `['us-east-1a', 'us-east-1b', 'us-east-1c']`). | `list(string)` | `[]` | no | +| cidr\_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`). | `string` | `null` | no | +| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | `string` | `"-"` | no | +| enable | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | +| enable\_flow\_log | Enable subnet\_flow\_log logs. | `bool` | `false` | no | +| enable\_ipv6 | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | `bool` | `false` | no | +| enable\_private\_acl | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | +| enable\_public\_acl | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | +| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | +| extra\_private\_tags | Additional private subnet tags. | `map(any)` | `{}` | no | +| extra\_public\_tags | Additional public subnet tags. | `map(any)` | `{}` | no | +| flow\_log\_destination\_arn | ARN of resource in which flow log will be sent. | `string` | `null` | no | +| flow\_log\_destination\_type | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | +| flow\_log\_file\_format | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no | +| flow\_log\_hive\_compatible\_partitions | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no | +| flow\_log\_iam\_role\_arn | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `null` | no | +| flow\_log\_log\_format | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no | +| flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds | `number` | `600` | no | +| flow\_log\_per\_hour\_partition | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | `bool` | `false` | no | +| flow\_log\_traffic\_type | Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL. | `string` | `"ALL"` | no | +| igw\_id | Internet Gateway ID that is used as a default route when creating public subnets (e.g. `igw-9c26a123`). | `string` | `""` | no | +| ipv4\_private\_cidrs | Subnet CIDR blocks (e.g. `10.0.0.0/16`). | `list(any)` | `[]` | no | +| ipv4\_public\_cidrs | Subnet CIDR blocks (e.g. `10.0.0.0/16`). | `list(any)` | `[]` | no | +| ipv6\_cidr\_block | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`). | `string` | `null` | no | +| label\_order | Label order, e.g. `name`,`Environment`. | `list(any)` |[| no | +| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | +| map\_public\_ip\_on\_launch | Specify true to indicate that instances launched into the public subnet should be assigned a public IP address. | `bool` | `false` | no | +| name | Name (e.g. `prod-subnet` or `subnet`). | `string` | `""` | no | +| nat\_gateway\_destination\_cidr\_block | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no | +| nat\_gateway\_enabled | Flag to enable/disable NAT Gateways creation in public subnets. | `bool` | `false` | no | +| private\_inbound\_acl\_rules | Private subnets inbound network ACLs | `list(map(string))` |
"name",
"environment"
]
[| no | +| private\_ipv6\_cidrs | Private Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | +| private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
[| no | +| private\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | +| private\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | +| private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | +| private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | +| private\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only private subnet. Default: `false` | `bool` | `false` | no | +| private\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | +| public\_inbound\_acl\_rules | Public subnets inbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "deny",
"rule_number": 100,
"to_port": 0
}
]
[| no | +| public\_ipv6\_cidrs | Public Subnet CIDR blocks (e.g. `2a05:d018:832:ca02::/64`). | `list(any)` | `[]` | no | +| public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` |
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
[| no | +| public\_rt\_ipv4\_destination\_cidr | The destination ipv4 CIDR block. | `string` | `"0.0.0.0/0"` | no | +| public\_rt\_ipv6\_destination\_cidr | The destination ipv6 CIDR block. | `string` | `"::/0"` | no | +| public\_subnet\_assign\_ipv6\_address\_on\_creation | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. | `bool` | `false` | no | +| public\_subnet\_enable\_dns64 | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `false` | no | +| public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | +| public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `false` | no | +| public\_subnet\_ids | A list of public subnet ids. | `list(string)` | `[]` | no | +| public\_subnet\_ipv6\_native | Indicates whether to create an IPv6-only public subnet. Default: `false` | `bool` | `false` | no | +| public\_subnet\_private\_dns\_hostname\_type\_on\_launch | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | +| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-subnet"` | no | +| single\_nat\_gateway | Enable for only single NAT Gateway in one Availability Zone | `bool` | `false` | no | +| type | Type of subnets to create (`private` or `public`). | `string` | `""` | no | +| vpc\_id | VPC ID. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| nat\_gateway\_private\_ip | The private IPv4 address to assign to the NAT Gateway. If you don't provide an address, a private IPv4 address will be automatically assigned. | +| private\_acl | The ID of the network ACL. | +| private\_route\_tables\_id | The ID of the routing table. | +| private\_subnet\_cidrs | CIDR blocks of the created private subnets. | +| private\_subnet\_cidrs\_ipv6 | CIDR blocks of the created private subnets. | +| private\_subnet\_id | The ID of the private subnet. | +| private\_tags | A mapping of private tags to assign to the resource. | +| public\_acl | The ID of the network ACL. | +| public\_route\_tables\_id | The ID of the routing table. | +| public\_subnet\_cidrs | CIDR blocks of the created public subnets. | +| public\_subnet\_cidrs\_ipv6 | CIDR blocks of the created public subnets. | +| public\_subnet\_id | The ID of the subnet. | +| public\_tags | A mapping of public tags to assign to the resource. | +
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]