AWS VPC

With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

This module creates an AWS VPC with these constraints:

  • Use all availability zones

  • Create VPC flow logs in CloudWatch

  • All traffic are captured in flow logs

  • Enable DNS hostnames and DNS support

  • Possibility to set the use of the VPC for an AWS EKS (only one EKS)

Requirements

Name

Version

terraform

>= 1.0

aws

>= 5.61

Providers

Name

Version

aws

>= 5.61

Modules

Name

Source

Version

vpc

terraform-aws-modules/vpc/aws

5.19.0

Resources

Name

Type

aws_availability_zones.available

data source

aws_subnet.pod_subnets

data source

Inputs

Name

Description

Type

Default

Required

cidr

Main CIDR bloc for the VPC

string

"10.0.0.0/16"

no

eks_name

Name of the EKS to be deployed in this VPC

string

null

no

flow_log_cloudwatch_log_group_kms_key_id

ARN of the KMS to encrypt/decrypt VPC flow logs

string

null

no

flow_log_cloudwatch_log_group_retention_in_days

Number of days for retention of VPC flow logs in the CloudWatch

number

null

no

flow_log_file_format

The format for the flow log

string

"plain-text"

no

flow_log_max_aggregation_interval

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log

number

60

no

name

Name of the AWS VPC

string

n/a

yes

pod_subnets

List of CIDR blocks for Pods

list(string)

[]

no

private_subnets

A list of private subnets inside the VPC

list(string)

[]

no

public_subnets

A list of public subnets inside the VPC

list(string)

[]

no

secondary_cidr_blocks

List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool

list(string)

[]

no

tags

Map of keys,values to tags VPC resources

map(string)

{}

no

use_karpenter

Use Karpenter for the cluster autoscaling

bool

false

no

Outputs

Name

Description

arn

The ARN of the VPC

azs

A list of availability zones

cidr_block

The CIDR block of the VPC

eks_cluster_name

Name of the AWS EKS cluster

enable_external_access

Boolean to disable external access

flow_log_cloudwatch_iam_role_arn

The ARN of the IAM role used when pushing logs to Cloudwatch log group

flow_log_destination_arn

The ARN of the destination for VPC Flow Logs

flow_log_id

The ID of the Flow Log resource

id

The ID of the VPC

name

The name of the VPC

pod_subnet_arns

List of ARNs of Pods subnets

pod_subnets

List of IDs of Pods subnets

pod_subnets_cidr_blocks

List of Pods subnet CIDR blocks

private_subnet_arns

List of ARNs of private subnets

private_subnets

List of IDs of private subnets

private_subnets_cidr_blocks

List of cidr_blocks of private subnets

private_subnets_details

Map of private subnet IDs to availability zones

public_subnet_arns

List of ARNs of public subnets

public_subnets

List of IDs of public subnets

public_subnets_cidr_blocks

List of cidr_blocks of public subnets

secondary_cidr_blocks

List of secondary CIDR blocks of the VPC

tags

List of tags for VPC resources

this

Object VPC

Examples