ventx/terraform-aws-stackx-network
Explore the diagrams »

Report a Bug · Request a Feature · Ask a Question

Table of Contents

• About
  • Built With
• Getting Started
  • Prerequisites
  • Quickstart
• Usage
• Support
• Project assistance
• Contributing
• Authors & contributors
• Security
• License
• Acknowledgements
• Roadmap

---

About

Terraform networking module which deploys Kubernetes (EKS) optimized VPC networks and subnets to AWS. Private, Public, Internal (noinet), Database (RDS) and Cache (ElastiCache) subnets supported. CIDR range in 10.x.0.0/16 will be automatically (default) chosen based on Availability Zone. Can be used with or without Kubernetes. -- Part of stackx.

ℹ️ Architecture Diagrams

Diagrams	Rover

Built With

Getting Started

Prerequisites

• AWS credentials
• Terraform

Quickstart

To get started, clone the projects, check all configurable Inputs and deploy everything with make.

git clone https://github.com/ventx/stackx-terraform-aws-network.git
make all # init, validate, plan, apply

Usage

You can run this module in conjunction with other stackx components (recommended) or as single-use (build your own).

stackx (RECOMMENDED)

This is just a bare minimum example of how to use the module. See all available stackx modules here: https://github.com/ventx

  module "aws-network" {
    source = "ventx/stackx-network/aws"
    version     = "0.2.3" // Pinned and tested version, generated by {x-release-please-version}
  }

Single-Use

  module "aws.network" {
    source = "ventx/stackx-network/aws"
    version     = "0.2.3" // Pinned and tested version, generated by {x-release-please-version}
  }

Terraform

Features

• Simple and easy to use, just the bare minimum
• Optimized for Kubernetes
• Single NAT Gateway (default = false)
• IPv6 (default = false)
• (Optional) DB Subnet Group (RDS, default = false)
• (Optional) ElastiCache Subnet Group (ElastiCache, default = false)
• The minimum VPC CIDR subnet mask is /16, as too small subnet CIDRs might cause trouble to change afterwards and with K8s Pod networking.
• Set var.k8s = true (default) to get bigger /18 private subnets (for K8s Pods) and smaller /22 public, database, cache subnets (if enabled)
• Set var.k8s = false to get evenly distributed /20 subnet CIDRs across all subnets

Resources

• VPC
• Subnets - Public - Private - Internal - Database - Cache
• Subnet Groups
• Route Tables
• Routes
• Internet Gateway
• NAT Gateway/s
• IPv6 Egress Gateway
• S3 VPC Endpoint

Opinions

Our Terraform modules are are highly opionated:

• Keep modules small, focused, simple and easy to understand
• Prefer simple code over complex code
• Prefer KISS > DRY
• Set some sane default values for variables, but do not set a default value if user input is strictly required

These opinions can be seen as some "soft" rules but which are not strictly required.

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 3.45.0

Providers

Name	Version
aws	5.22.0

Modules

No modules.

Resources

Name	Type
aws_db_subnet_group.db	resource
aws_egress_only_internet_gateway.ipv6	resource
aws_eip.eip	resource
aws_elasticache_subnet_group.cache	resource
aws_internet_gateway.igw	resource
aws_nat_gateway.natgw	resource
aws_route.private_ipv6_egress	resource
aws_route.private_nat_gateway	resource
aws_route.public_internet_gateway	resource
aws_route.public_internet_gateway_ipv6	resource
aws_route_table.cache	resource
aws_route_table.db	resource
aws_route_table.internal	resource
aws_route_table.private	resource
aws_route_table.public	resource
aws_route_table_association.cache	resource
aws_route_table_association.db	resource
aws_route_table_association.internal	resource
aws_route_table_association.private	resource
aws_route_table_association.public	resource
aws_subnet.cache	resource
aws_subnet.db	resource
aws_subnet.internal	resource
aws_subnet.private	resource
aws_subnet.public	resource
aws_vpc.vpc	resource
aws_vpc_endpoint.s3	resource
aws_vpc_endpoint_route_table_association.cache_s3	resource
aws_vpc_endpoint_route_table_association.db_s3	resource
aws_vpc_endpoint_route_table_association.internal_s3	resource
aws_vpc_endpoint_route_table_association.private_s3	resource
aws_vpc_endpoint_route_table_association.public_s3	resource
aws_availability_zone.all	data source
aws_availability_zones.available	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
az_number	n/a	map	{ "a": 1, "b": 2, "c": 3, "d": 4, "e": 5, "f": 6 }	no
cache	Enable / Disable Cache Subnets	bool	false	no
cache_endpoints	Enable / Disable VPC Endpoints for Cache Subnets	bool	false	no
cache_subnet_name	Name for Cache subnets and dependent resources (will be prefixed with var.name-)	string	"cache"	no
cache_subnet_tags	Tags as map for Cache subnets and dependent resources (preferably generated by terraform-null-label)	map(string)	{ "type": "cache" }	no
cluster_name	EKS Cluster name to add in tags for ELB and cluster-autoscaler / karpenter discovery of subnets / VPC	string	"stackx"	no
db	Enable / Disable Database Subnets	bool	false	no
db_endpoints	Enable / Disable VPC Endpoints for Database Subnets	bool	false	no
db_subnet_name	Name for Database subnets and dependent resources (will be prefixed with var.name-)	string	"database"	no
db_subnet_tags	Tags as map for Database subnets and dependent resources (preferably generated by terraform-null-label)	map(string)	{ "type": "database" }	no
internal	Enable / Disable Internal Subnets	bool	false	no
internal_endpoints	Enable / Disable VPC Endpoints for Internal Subnets	bool	false	no
internal_subnet_name	Name for Internal subnets and dependent resources (will be prefixed with var.name-)	string	"internal"	no
internal_subnet_tags	Tags as map for Internal subnets and dependent resources (preferably generated by terraform-null-label)	map(string)	{ "type": "internal" }	no
ipv6	Enable / Disable IPv6 in your VPC and subnets	bool	true	no
k8s	Enable / Disable usage for Kubernetes (adding tags to subnets and resources, increase private subnetes size)	bool	true	no
name	Base Name for all resources (preferably generated by terraform-null-label)	string	"stackx-network"	no
private	Enable / Disable Private Subnets	bool	true	no
private_endpoints	Enable / Disable VPC Endpoints for Private Subnets	bool	true	no
private_subnet_name	Name for Private subnets and dependent resources (will be prefixed with var.name-)	string	"private"	no
private_subnet_tags	Tags as map for Private subnets and dependent resources (preferably generated by terraform-null-label)	map(string)	{ "type": "private" }	no
public	Enable / Disable Public Subnets	bool	true	no
public_endpoints	Enable / Disable VPC Endpoints for Public Subnets	bool	false	no
public_subnet_name	Name for Public subnets and dependent resources (will be prefixed with var.name-)	string	"public"	no
public_subnet_tags	Tags as map for Public subnets and dependent resources (preferably generated by terraform-null-label)	map(string)	{ "type": "public" }	no
region	AWS Region (e.g. eu-central-1)	string	"eu-central-1"	no
region_number	n/a	map	{ "ap-east-1": 5, "ap-southeast-1": 6, "ap-southeast-2": 7, "eu-central-1": 1, "eu-west-2": 2, "us-east-1": 3, "us-west-2": 4 }	no
s3_endpoint	Enable / Disable VPC Endpoint (Gateway) - S3	bool	true	no
single_nat_gateway	Should be true if you want to provision a single shared NAT Gateway across all of your private networks (cost efficiency)	bool	false	no
tags	User specific Tags / Labels to attach to resources (will be merged with module tags)	map(string)	{}	no
vpc_cidr_add	Add this number to the VPC CIDR to allow for multiple same region VPCs with different CIDRs	number	0	no
zones	Number of AWS Availability Zones to use for every subnet	number	3	no

Outputs

Name	Description
azs	Number of Availability Zones specified
cache_azs	Availability Zones for Cache Subnets
cache_rt_ids	Cache Route Table IDs
cache_subnet_arns	Cache Subnet ARNs
cache_subnet_cidrs	Cache Subnet CIDRs
cache_subnet_ids	Number of Cache Subnet IDs
cache_subnet_ipv6_cidr_blocks	Cache Subnet IPv6 CIDR blocks
cache_subnets	Number of Cache Subnet IDs
db_azs	Availability Zones for Database Subnets
db_rt_ids	Database Route Table IDs
db_subnet_arns	Database Subnet ARNs
db_subnet_cidrs	Database Subnet CIDRs
db_subnet_ids	Number of Database Subnet IDs
db_subnet_ipv6_cidr_blocks	Database Subnet IPv6 CIDR blocks
db_subnets	Number of Database Subnet IDs
egress_only_internet_gateway_id	ID of IPv6 Egress-Only Internet Gateway
eip_public_ips	Public IPv4 of EIP addresses
igw_id	Internet Gateway ID
internal_azs	Availability Zones for Internal Subnets
internal_rt_ids	Internal Route Table IDs
internal_subnet_arns	Internal Subnet ARNs
internal_subnet_cidrs	Internal Subnet CIDRs
internal_subnet_ids	Number of Internal Subnet IDs
internal_subnet_ipv6_cidr_blocks	Internal Subnet IPv6 CIDR blocks
internal_subnets	Number of Internal Subnet IDs
nat_gateway_count	Number of NAT Gateways
nat_gateway_public_ips	Public IPs of NAT Gateways
number_azs	Number of Availability Zones specified
private_azs	Availability Zones for Private Subnets
private_rt_ids	Private Route Table IDs
private_subnet_arns	Private Subnet ARNs
private_subnet_cidrs	Private Subnet CIDRs
private_subnet_ids	Number of Private Subnet IDs
private_subnet_ipv6_cidr_blocks	Private Subnet IPv6 CIDR blocks
private_subnets	Number of Private Subnet IDs
public_azs	Availability Zones for Public Subnets
public_rt_ids	Public Route Table IDs
public_subnet_arns	Public Subnet ARNs
public_subnet_cidrs	Public Subnets CIDRs
public_subnet_ids	Number of Public Subnet IDs
public_subnet_ipv6_cidr_blocks	Public Subnet IPv6 CIDR blocks
public_subnets	Number of Public Subnets
vpc_arn	AWS VPC ID ARN
vpc_cidr	AWS VPC IPv4 CIDR
vpc_dns	VPC DNS Server IP
vpc_endpoint_s3_id	ID of VPC endpoint for S3
vpc_endpoint_s3_pl_id	Prefix list ID for the S3 VPC endpoint
vpc_id	AWS VPC ID
vpc_ipv6_association_id	AWS VPC aassociation ID for the IPv6 CIDR block
vpc_ipv6_cidr	AWS VPC IPv6 CIDR
zones	Number of Availability Zones specified

Support

If you need professional support directly by the maintainers of the project, don't hesitate to contact us:

• GitHub issues
• Contact options listed on this GitHub profile

Project assistance

If you want to say thank you or/and support active development of terraform-aws-stackx-network:

• Add a GitHub Star to the project.
• Tweet about the terraform-aws-stackx-network.
• Write interesting articles about the project on Dev.to, Medium or your personal blog.

Together, we can make terraform-aws-stackx-network better!

Contributing

First off, thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are greatly appreciated.

Please read our contribution guidelines, and thank you for being involved!

Security

terraform-aws-stackx-network follows good practices of security, but 100% security cannot be assured. terraform-aws-stackx-network is provided "as is" without any warranty. Use at your own risk.

For more information and to report security issues, please refer to our security documentation.

License

This project is licensed under the Apache 2.0 license.

See LICENSE for more information.

Acknowledgements

• All open source contributors who made this possible

Roadmap

See the open issues for a list of proposed features (and known issues).

• Top Feature Requests (Add your votes using the 👍 reaction)
• Top Bugs (Add your votes using the 👍 reaction)
• Newest Bugs