amazon_side_asn
|
The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. |
string |
"64512" |
no |
assign_ipv6_address_on_creation
|
Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
false |
no |
azs
|
A list of availability zones names or ids in the region |
list(string) |
[] |
no |
cidr
|
The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden |
string |
"0.0.0.0/0" |
no |
create_database_internet_gateway_route
|
Controls if an internet gateway route for public database access should be created |
bool |
false |
no |
create_database_nat_gateway_route
|
Controls if a nat gateway route should be created to give internet access to the database subnets |
bool |
false |
no |
create_database_subnet_group
|
Controls if database subnet group should be created (n.b. database_subnets must also be set) |
bool |
true |
no |
create_database_subnet_route_table
|
Controls if separate route table for database should be created |
bool |
false |
no |
create_egress_only_igw
|
Controls if an Egress Only Internet Gateway is created and its related routes. |
bool |
true |
no |
create_elasticache_subnet_group
|
Controls if elasticache subnet group should be created |
bool |
true |
no |
create_elasticache_subnet_route_table
|
Controls if separate route table for elasticache should be created |
bool |
false |
no |
create_flow_log_cloudwatch_iam_role
|
Whether to create IAM role for VPC Flow Logs |
bool |
false |
no |
create_flow_log_cloudwatch_log_group
|
Whether to create CloudWatch log group for VPC Flow Logs |
bool |
false |
no |
create_igw
|
Controls if an Internet Gateway is created for public subnets and the related routes that connect them. |
bool |
true |
no |
create_redshift_subnet_group
|
Controls if redshift subnet group should be created |
bool |
true |
no |
create_redshift_subnet_route_table
|
Controls if separate route table for redshift should be created |
bool |
false |
no |
create_vpc
|
Controls if VPC should be created (it affects almost all resources) |
bool |
true |
no |
customer_gateway_tags
|
Additional tags for the Customer Gateway |
map(string) |
{} |
no |
customer_gateways
|
Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) |
map(map(any)) |
{} |
no |
database_acl_tags
|
Additional tags for the database subnets network ACL |
map(string) |
{} |
no |
database_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for database subnets |
bool |
false |
no |
database_inbound_acl_rules
|
Database subnets inbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
database_outbound_acl_rules
|
Database subnets outbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
database_route_table_tags
|
Additional tags for the database route tables |
map(string) |
{} |
no |
database_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
database_subnet_group_name
|
Name of database subnet group |
string |
null |
no |
database_subnet_group_tags
|
Additional tags for the database subnet group |
map(string) |
{} |
no |
database_subnet_ipv6_prefixes
|
Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
database_subnet_suffix
|
Suffix to append to database subnets name |
string |
"db" |
no |
database_subnet_tags
|
Additional tags for the database subnets |
map(string) |
{} |
no |
database_subnets
|
A list of database subnets |
list(string) |
[] |
no |
default_network_acl_egress
|
List of maps of egress rules to set on the Default Network ACL |
list(map(string)) |
[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 }, { "action": "allow", "from_port": 0, "ipv6_cidr_block": "::/0", "protocol": "-1", "rule_no": 101, "to_port": 0 } ] |
no |
default_network_acl_ingress
|
List of maps of ingress rules to set on the Default Network ACL |
list(map(string)) |
[ { "action": "allow", "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_no": 100, "to_port": 0 }, { "action": "allow", "from_port": 0, "ipv6_cidr_block": "::/0", "protocol": "-1", "rule_no": 101, "to_port": 0 } ] |
no |
default_network_acl_name
|
Name to be used on the Default Network ACL |
string |
"" |
no |
default_network_acl_tags
|
Additional tags for the Default Network ACL |
map(string) |
{} |
no |
default_route_table_propagating_vgws
|
List of virtual gateways for propagation |
list(string) |
[] |
no |
default_route_table_routes
|
Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route
|
list(map(string)) |
[] |
no |
default_route_table_tags
|
Additional tags for the default route table |
map(string) |
{} |
no |
default_security_group_egress
|
List of maps of egress rules to set on the default security group |
list(map(string)) |
null |
no |
default_security_group_ingress
|
List of maps of ingress rules to set on the default security group |
list(map(string)) |
null |
no |
default_security_group_name
|
Name to be used on the default security group |
string |
"default" |
no |
default_security_group_tags
|
Additional tags for the default security group |
map(string) |
{} |
no |
default_vpc_enable_classiclink
|
Should be true to enable ClassicLink in the Default VPC |
bool |
false |
no |
default_vpc_enable_dns_hostnames
|
Should be true to enable DNS hostnames in the Default VPC |
bool |
false |
no |
default_vpc_enable_dns_support
|
Should be true to enable DNS support in the Default VPC |
bool |
true |
no |
default_vpc_name
|
Name to be used on the Default VPC |
string |
"" |
no |
default_vpc_tags
|
Additional tags for the Default VPC |
map(string) |
{} |
no |
dhcp_options_domain_name
|
Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true) |
string |
"" |
no |
dhcp_options_domain_name_servers
|
Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true) |
list(string) |
[ "AmazonProvidedDNS" ] |
no |
dhcp_options_netbios_name_servers
|
Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true) |
list(string) |
[] |
no |
dhcp_options_netbios_node_type
|
Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true) |
string |
"" |
no |
dhcp_options_ntp_servers
|
Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true) |
list(string) |
[] |
no |
dhcp_options_tags
|
Additional tags for the DHCP option set (requires enable_dhcp_options set to true) |
map(string) |
{} |
no |
elasticache_acl_tags
|
Additional tags for the elasticache subnets network ACL |
map(string) |
{} |
no |
elasticache_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets |
bool |
false |
no |
elasticache_inbound_acl_rules
|
Elasticache subnets inbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
elasticache_outbound_acl_rules
|
Elasticache subnets outbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
elasticache_route_table_tags
|
Additional tags for the elasticache route tables |
map(string) |
{} |
no |
elasticache_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
elasticache_subnet_group_name
|
Name of elasticache subnet group |
string |
null |
no |
elasticache_subnet_group_tags
|
Additional tags for the elasticache subnet group |
map(string) |
{} |
no |
elasticache_subnet_ipv6_prefixes
|
Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
elasticache_subnet_suffix
|
Suffix to append to elasticache subnets name |
string |
"elasticache" |
no |
elasticache_subnet_tags
|
Additional tags for the elasticache subnets |
map(string) |
{} |
no |
elasticache_subnets
|
A list of elasticache subnets |
list(string) |
[] |
no |
enable_classiclink
|
Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. |
bool |
null |
no |
enable_classiclink_dns_support
|
Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. |
bool |
null |
no |
enable_dhcp_options
|
Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type |
bool |
false |
no |
enable_dns_hostnames
|
Should be true to enable DNS hostnames in the VPC |
bool |
false |
no |
enable_dns_support
|
Should be true to enable DNS support in the VPC |
bool |
true |
no |
enable_flow_log
|
Whether or not to enable VPC Flow Logs |
bool |
false |
no |
enable_ipv6
|
Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. |
bool |
false |
no |
enable_nat_gateway
|
Should be true if you want to provision NAT Gateways for each of your private networks |
bool |
false |
no |
enable_public_redshift
|
Controls if redshift should have public routing table |
bool |
false |
no |
enable_vpn_gateway
|
Should be true if you want to create a new VPN Gateway resource and attach it to the VPC |
bool |
false |
no |
example_variable
|
An example variable to showcase the module release process |
bool |
true |
no |
external_nat_ip_ids
|
List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) |
list(string) |
[] |
no |
external_nat_ips
|
List of EIPs to be used for nat_public_ips output (used in combination with reuse_nat_ips and external_nat_ip_ids) |
list(string) |
[] |
no |
flow_log_cloudwatch_iam_role_arn
|
The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided. |
string |
"" |
no |
flow_log_cloudwatch_log_group_kms_key_id
|
The ARN of the KMS Key to use when encrypting log data for VPC flow logs. |
string |
null |
no |
flow_log_cloudwatch_log_group_name_prefix
|
Specifies the name prefix of CloudWatch Log Group for VPC flow logs. |
string |
"/aws/vpc-flow-log/" |
no |
flow_log_cloudwatch_log_group_retention_in_days
|
Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. |
number |
null |
no |
flow_log_destination_arn
|
The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided. |
string |
"" |
no |
flow_log_destination_type
|
Type of flow log destination. Can be s3 or cloud-watch-logs. |
string |
"cloud-watch-logs" |
no |
flow_log_log_format
|
The fields to include in the flow log record, in the order in which they should appear. |
string |
null |
no |
flow_log_max_aggregation_interval
|
The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds or 600 seconds. |
number |
600 |
no |
flow_log_traffic_type
|
The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. |
string |
"ALL" |
no |
igw_tags
|
Additional tags for the internet gateway |
map(string) |
{} |
no |
instance_tenancy
|
A tenancy option for instances launched into the VPC |
string |
"default" |
no |
intra_acl_tags
|
Additional tags for the intra subnets network ACL |
map(string) |
{} |
no |
intra_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for intra subnets |
bool |
false |
no |
intra_inbound_acl_rules
|
Intra subnets inbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
intra_outbound_acl_rules
|
Intra subnets outbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
intra_route_table_tags
|
Additional tags for the intra route tables |
map(string) |
{} |
no |
intra_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
intra_subnet_ipv6_prefixes
|
Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
intra_subnet_suffix
|
Suffix to append to intra subnets name |
string |
"intra" |
no |
intra_subnet_tags
|
Additional tags for the intra subnets |
map(string) |
{} |
no |
intra_subnets
|
A list of intra subnets |
list(string) |
[] |
no |
manage_default_network_acl
|
Should be true to adopt and manage Default Network ACL |
bool |
false |
no |
manage_default_route_table
|
Should be true to manage default route table |
bool |
false |
no |
manage_default_security_group
|
Should be true to adopt and manage default security group |
bool |
false |
no |
manage_default_vpc
|
Should be true to adopt and manage Default VPC |
bool |
false |
no |
map_public_ip_on_launch
|
Should be false if you do not want to auto-assign public IP on launch |
bool |
true |
no |
name
|
Name to be used on all the resources as identifier |
string |
"" |
no |
nat_eip_tags
|
Additional tags for the NAT EIP |
map(string) |
{} |
no |
nat_gateway_tags
|
Additional tags for the NAT gateways |
map(string) |
{} |
no |
one_nat_gateway_per_az
|
Should be true if you want only one NAT Gateway per availability zone. Requires var.azs to be set, and the number of public_subnets created to be greater than or equal to the number of availability zones specified in var.azs . |
bool |
false |
no |
outpost_acl_tags
|
Additional tags for the outpost subnets network ACL |
map(string) |
{} |
no |
outpost_arn
|
ARN of Outpost you want to create a subnet in. |
string |
null |
no |
outpost_az
|
AZ where Outpost is anchored. |
string |
null |
no |
outpost_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for outpost subnets |
bool |
false |
no |
outpost_inbound_acl_rules
|
Outpost subnets inbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
outpost_outbound_acl_rules
|
Outpost subnets outbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
outpost_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
outpost_subnet_ipv6_prefixes
|
Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
outpost_subnet_suffix
|
Suffix to append to outpost subnets name |
string |
"outpost" |
no |
outpost_subnet_tags
|
Additional tags for the outpost subnets |
map(string) |
{} |
no |
outpost_subnets
|
A list of outpost subnets inside the VPC |
list(string) |
[] |
no |
private_acl_tags
|
Additional tags for the private subnets network ACL |
map(string) |
{} |
no |
private_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for private subnets |
bool |
false |
no |
private_inbound_acl_rules
|
Private subnets inbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
private_outbound_acl_rules
|
Private subnets outbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
private_route_table_tags
|
Additional tags for the private route tables |
map(string) |
{} |
no |
private_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
private_subnet_ipv6_prefixes
|
Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
private_subnet_suffix
|
Suffix to append to private subnets name |
string |
"private" |
no |
private_subnet_tags
|
Additional tags for the private subnets |
map(string) |
{} |
no |
private_subnets
|
A list of private subnets inside the VPC |
list(string) |
[] |
no |
propagate_intra_route_tables_vgw
|
Should be true if you want route table propagation |
bool |
false |
no |
propagate_private_route_tables_vgw
|
Should be true if you want route table propagation |
bool |
false |
no |
propagate_public_route_tables_vgw
|
Should be true if you want route table propagation |
bool |
false |
no |
public_acl_tags
|
Additional tags for the public subnets network ACL |
map(string) |
{} |
no |
public_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for public subnets |
bool |
false |
no |
public_inbound_acl_rules
|
Public subnets inbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
public_outbound_acl_rules
|
Public subnets outbound network ACLs |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
public_route_table_tags
|
Additional tags for the public route tables |
map(string) |
{} |
no |
public_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
public_subnet_ipv6_prefixes
|
Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
public_subnet_suffix
|
Suffix to append to public subnets name |
string |
"public" |
no |
public_subnet_tags
|
Additional tags for the public subnets |
map(string) |
{} |
no |
public_subnets
|
A list of public subnets inside the VPC |
list(string) |
[] |
no |
redshift_acl_tags
|
Additional tags for the redshift subnets network ACL |
map(string) |
{} |
no |
redshift_dedicated_network_acl
|
Whether to use dedicated network ACL (not default) and custom rules for redshift subnets |
bool |
false |
no |
redshift_inbound_acl_rules
|
Redshift subnets inbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
redshift_outbound_acl_rules
|
Redshift subnets outbound network ACL rules |
list(map(string)) |
[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ] |
no |
redshift_route_table_tags
|
Additional tags for the redshift route tables |
map(string) |
{} |
no |
redshift_subnet_assign_ipv6_address_on_creation
|
Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch |
bool |
null |
no |
redshift_subnet_group_name
|
Name of redshift subnet group |
string |
null |
no |
redshift_subnet_group_tags
|
Additional tags for the redshift subnet group |
map(string) |
{} |
no |
redshift_subnet_ipv6_prefixes
|
Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list |
list(string) |
[] |
no |
redshift_subnet_suffix
|
Suffix to append to redshift subnets name |
string |
"redshift" |
no |
redshift_subnet_tags
|
Additional tags for the redshift subnets |
map(string) |
{} |
no |
redshift_subnets
|
A list of redshift subnets |
list(string) |
[] |
no |
reuse_nat_ips
|
Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable |
bool |
false |
no |
secondary_cidr_blocks
|
List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool |
list(string) |
[] |
no |
single_nat_gateway
|
Should be true if you want to provision a single shared NAT Gateway across all of your private networks |
bool |
false |
no |
tags
|
A map of tags to add to all resources |
map(string) |
{} |
no |
vpc_flow_log_permissions_boundary
|
The ARN of the Permissions Boundary for the VPC Flow Log IAM Role |
string |
null |
no |
vpc_flow_log_tags
|
Additional tags for the VPC Flow Logs |
map(string) |
{} |
no |
vpc_tags
|
Additional tags for the VPC |
map(string) |
{} |
no |
vpn_gateway_az
|
The Availability Zone for the VPN Gateway |
string |
null |
no |
vpn_gateway_id
|
ID of VPN Gateway to attach to the VPC |
string |
"" |
no |
vpn_gateway_tags
|
Additional tags for the VPN gateway |
map(string) |
{} |
no |