Browse the Repo
Browse the Repo
Create a Virtual Private Cloud (VPC). Includes multiple subnet tiers, NACLs, NAT gateways, Internet Gateways, and VPC peering.
This Terraform Module launches a single VPC meant to house applications. By contrast, DevOps-related services such as Jenkins or InfluxDB should be in a "mgmt" VPC. (See the vpc-mgmt module.)
Check out the examples folder.
A VPC or Virtual Private Cloud is a logically isolated section of your AWS cloud. Each VPC defines a virtual network within which you run your AWS resources, as well as rules for what can go in and out of that network. This includes subnets, route tables that tell those subnets how to route inbound and outbound traffic, security groups, firewalls for the subnet (known as "Network ACLs"), and any other network components such as VPN connections.
This VPC defines three "tiers" of subnets:
The three-tier VPC is inspired by the VPC Architecture described by Ben Whaley in his blog post A Reference VPC Architecture. That blog post proposed the following VPC structure:
us-west-2region, which has Availability Zones
us-west-2c, each subnet tier would have three subnets (one per Availability Zone) for a total of 9 subnets in all.
num_availability_zonesvariable in the mgmt VPC and the
num_availability_zonesvariable in the app VPC don't match, there are problems with the routes that are created between the two VPCs as part of setting up VPC Peering. If your use case requires different numbers of Availability Zones for each of these VPCs, please let us know and we'll investigate further!
Learn about Other VPC Core Concepts like subnets, NAT Gateways, and VPC Endpoints.
We're here to talk about our services, answer any questions, give advice, or just to chat.