36 lines
1.4 KiB
HCL
36 lines
1.4 KiB
HCL
module "vpc" {
|
|
source = "terraform-aws-modules/vpc/aws"
|
|
version = "~> 3"
|
|
|
|
name = "${var.name}-${var.environment}"
|
|
cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic
|
|
|
|
azs = data.aws_availability_zones.available.names
|
|
private_subnets = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
|
|
public_subnets = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
|
|
database_subnets = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"]
|
|
|
|
private_subnet_tags = { "name": "${var.private_subnet_suffix}-${var.name}-${var.environment}" }
|
|
public_subnet_tags = { "name": "${var.public_subnet_suffix}-${var.name}-${var.environment}" }
|
|
database_subnet_tags = { "name": "${var.database_subnet_suffix}-${var.name}-${var.environment}" }
|
|
|
|
create_database_subnet_group = true
|
|
|
|
enable_nat_gateway = true
|
|
single_nat_gateway = true
|
|
|
|
enable_dhcp_options = false
|
|
|
|
# Default security group - ingress/egress rules cleared to deny all
|
|
manage_default_security_group = true
|
|
default_security_group_ingress = []
|
|
default_security_group_egress = []
|
|
|
|
# VPC Flow Logs (Cloudwatch log group and IAM role will be created)
|
|
enable_flow_log = true
|
|
create_flow_log_cloudwatch_log_group = true
|
|
create_flow_log_cloudwatch_iam_role = true
|
|
flow_log_max_aggregation_interval = 60
|
|
|
|
tags = local.default_tags
|
|
}
|