Use the tf-mod-aws-subnets Terraform module to provision dynamic private/public subnets with NAT instances or gateways.
Project: %!s() : [%!s()] | [%!s()]
AWS resources deployed with this project includes:
- Dynamic subnets based on
var.cidr_blockinput and number of Availability Zones in the region.- typically three private & public subnets are created.
- Deploys a number of private and public route tables as availability zones and associates the dynamically created subnets and appropriate NAT instances/gateways automattically
- (Recommended) - Deploys a number of NAT gateways based on the number of available zones and creates a route for each respective private subnet to route through to the internet
- (Optional) - Deploys a number of NAT instances based on the number of available zones and creates a route for each respective private subnet to route through to the internet
The below values shown in the usage of this module are purely representative, please replace desired values as required.
module "tf-mod-aws-subnets" {
source = "git::https://github.com:Callumccr/tf-mod-aws-subnets.git?ref=master"
enabled = true
aws_region = "eu-west-1"
vpc_id = "vpc-020cb3f232eeb11db7"
igw_id = "igw-022c7022fadvd4f2c"
cidr_block = "10.0.0.0/16"
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
nat_gateway_enabled = true
nat_instance_enabled = false
map_public_ip_on_launch = true
tags = {
"ABC" = "XYZ"
}
}Simple and advanced examples of this project.
module "tf-mod-aws-vpc" {
source = "git::https://github.com:Callumccr/tf-mod-aws-vpc.git?ref=master"
enabled = true
aws_account_id = "12345678910"
aws_region = "eu-west-1"
cidr_block = "10.0.0.0/16"
tags = {
"ABC" = "XYZ"
}
}
module "tf-mod-aws-subnets" {
source = "git::https://github.com:Callumccr/tf-mod-aws-subnets.git?ref=master"
enabled = true
aws_region = "eu-west-1"
vpc_id = module.tf-mod-aws-vpc.vpc_id
igw_id = module.tf-mod-aws-vpc.igw_id
cidr_block = module.tf-mod-aws-vpc.cidr_block
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
nat_gateway_enabled = true
nat_instance_enabled = false
map_public_ip_on_launch = true
tags = {
"ABC" = "XYZ"
}
}| Name | Version |
|---|---|
| aws | ~> 2.0 >= 2.7.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cidr_block | Base CIDR block which will be divided into subnet CIDR blocks (e.g. 10.0.0.0/16) |
string |
n/a | yes |
| igw_id | Internet Gateway ID the public route table will point to (e.g. igw-9c26a123) |
string |
n/a | yes |
| vpc_id | VPC ID where subnets will be created (e.g. vpc-aceb2723) |
string |
n/a | yes |
| attributes | (Optional) - Additional attributes (e.g. 1) |
list(string) |
[] |
no |
| aws_account_id | The AWS account id of the provider being deployed to (e.g. 12345678). Autoloaded from account.tfvars | string |
"" |
no |
| aws_assume_role_arn | (Optional) - ARN of the IAM role when optionally connecting to AWS via assumed role. Autoloaded from account.tfvars. | string |
"" |
no |
| aws_assume_role_external_id | (Optional) - The external ID to use when making the AssumeRole call. | string |
"" |
no |
| aws_assume_role_session_name | (Optional) - The session name to use when making the AssumeRole call. | string |
"" |
no |
| aws_region | The AWS region (e.g. ap-southeast-2). Autoloaded from region.tfvars. | string |
"" |
no |
| delimiter | (Optional) - Delimiter to be used between namespace, environment, stage, name and attributes |
string |
"-" |
no |
| enabled | (Optional). A Switch that decides whether to create a terraform resource or run a provisioner. Default is true | bool |
true |
no |
| environment | (Optional) - Environment, e.g. 'dev', 'qa', 'staging', 'prod' | string |
"" |
no |
| map_public_ip_on_launch | Instances launched into a public subnet should be assigned a public IP address | bool |
true |
no |
| max_subnet_count | Sets the maximum amount of subnets to deploy. 0 will deploy a subnet for every provided availablility zone (in availability_zones variable) within the region |
number |
0 |
no |
| name | (Optional) - Solution name, e.g. 'vault', 'consul', 'keycloak', 'k8s', or 'baseline' | string |
"" |
no |
| namespace | (Optional) - Namespace, which could be your abbreviated product team, e.g. 'rci', 'mi', 'hp', or 'core' | string |
"" |
no |
| nat_gateway_enabled | Flag to enable/disable NAT Gateways to allow servers in the private subnets to access the Internet | bool |
true |
no |
| nat_instance_enabled | Flag to enable/disable NAT Instances to allow servers in the private subnets to access the Internet | bool |
false |
no |
| nat_instance_type | NAT Instance type | string |
"t3.micro" |
no |
| private_network_acl_id | Network ACL ID that will be added to private subnets. If empty, a new ACL will be created | string |
"" |
no |
| public_network_acl_id | Network ACL ID that will be added to public subnets. If empty, a new ACL will be created | string |
"" |
no |
| subnet_type_tag_key | Key for subnet type tag to provide information about the type of subnets, e.g. cpco.io/subnet/type=private or cpco.io/subnet/type=public |
string |
"cpco.io/subnet/type" |
no |
| subnet_type_tag_value_format | This is using the format interpolation symbols to allow the value of the subnet_type_tag_key to be modified. | string |
"%s" |
no |
| tags | (Optional) - Additional tags | map(string) |
{} |
no |
| vpc_default_route_table_id | Default route table for public subnets. If not set, will be created. (e.g. rtb-f4f0ce12) |
string |
"" |
no |
| Name | Description |
|---|---|
| availability_zones | List of Availability Zones where subnets were created |
| nat_gateway_ids | IDs of the NAT Gateways created |
| private_route_table_ids | IDs of the created private route tables |
| private_subnet_cidrs | CIDR blocks of the created private subnets |
| private_subnet_ids | IDs of the created private subnets |
| public_route_table_ids | IDs of the created public route tables |
| public_subnet_cidrs | CIDR blocks of the created public subnets |
| public_subnet_ids | IDs of the created public subnets |
You can find more Terraform Modules by vising the link.
Additionally, check out these other related, and maintained projects.
- %!s() - %!s()
For additional context, refer to some of these links.
- cloudposse/terraform-aws-dynamic-subnets - Unmodified upstream provided for this module
Got a question? We got answers.
File a Github issue, or message us on Slack
 Callum Robertson |
|---|