This repo contains modules for creating best-practices Virtual Private Clouds (VPCs) on AWS.
Main Modules
The two main modules are:
vpc-app: Launch a VPC meant to house applications. The VPC includes 3 "tiers" of subnets
(public, private app, private persistence), routing rules, security groups, network ACLs, and NAT gateways.
vpc-mgmt: Launch a VPC meant to house DevOps and other management services. The VPC includes
2 "tiers" of subnets (public, private), routing rules, security groups, network ACLs, and NAT gateways.
Supporting Modules
There are also several supporting modules that add extra functionality on top of vpc-app and vpc-mgmt:
vpc-peering: Creating peering connections between VPCs. Normally, VPCs are completely
isolated from each other, but sometimes, you want to allow traffic to flow between them, such as allowing DevOps
tools running in a Mgmt VPC to talk to apps in a Stage or Prod VPC. This module can create peering connections and
route table entries that make this sort of cross-VPC communication possible.
vpc-app-network-acls: Add a default set of Network ACLs to a VPC created using the
vpc-app module that control what inbound and outbound network traffic is allowed in each subnet
of that VPC.
vpc-mgmt-network-acls: Add a default set of Network ACLs to a VPC created using the
vpc-mgmt module that control what inbound and outbound network traffic is allowed in each subnet
of that VPC.
network-acl-inbound: A simple helper for adding inbound rules to a Network ACL, along
with the corresponding outbound rules for return traffic .
network-acl-outbound: A simple helper for adding outbound rules to a Network ACL,
along with the correspoding inbound rules for return traffic.
vpc-dns-forwarder: Set up Route 53 Resolvers to forward DNS queries from one VPC's DNS
resolver to another.
vpc-flow-logs: Create VPC flow logs to log network traffic in VPCs, subnets, and Elastic
Network Interfaces.
Click on each module above to see its documentation. Head over to the examples folder for examples.
What is a module?
At Gruntwork, we've taken the thousands of hours we spent building infrastructure on AWS and
condensed all that experience and code into pre-built packages or modules. Each module is a battle-tested,
best-practices definition of a piece of infrastructure, such as a VPC, ECS cluster, or an Auto Scaling Group. Modules
are versioned using Semantic Versioning to allow Gruntwork clients to keep up to date with the
latest infrastructure best practices in a systematic way.
To use a module in your Terraform templates, create a module resource and set its source field to the Git URL of
this repo. You should also set the ref parameter so you're fixed to a specific version of this repo, as the master
branch may have backwards incompatible changes (see module
sources).
For example, to use v1.0.8 of the vpc-app module, you would add the following:
module"ecs_cluster" {
source = "git::git@github.com:gruntwork-io/module-vpc.git//modules/vpc-app?ref=v1.0.8"// set the parameters for the vpc-app module
}
Note: the double slash (//) is intentional and required. It's part of Terraform's Git syntax (see module
sources).
See the module's documentation and vars.tf file for all the parameters you can set. Run terraform get -update to
pull the latest version of this module from this repo before runnin gthe standard terraform plan and
terraform apply commands.
Using scripts & binaries
You can install the scripts and binaries in the modules folder of any repo using the Gruntwork
Installer. For example, if the scripts you want to install are
in the modules/ecs-scripts folder of the https://github.com/gruntwork-io/module-ecs repo, you could install them
as follows:
See the docs for each script & binary for detailed instructions on how to use them.
What's a VPC?
A VPC or Virtual Private Cloud is a logically isolated section of your AWS cloud. Each
VPC defines a virtual network within which you run your AWS resources, as well as rules for what can go in and out of
that network. This includes subnets, route tables that tell those subnets how to route inbound and outbound traffic,
security groups, firewalls for the subnet (known as "Network ACLs"), and any other network components such as VPN connections.
Learn More about VPCs
See the READMEs for the vpc-app and vpc-mgmt modules for detailed info on a VPC,
along with best practices.
Developing a module
Versioning
We are following the principles of Semantic Versioning. During initial development, the major
version is to 0 (e.g., 0.x.y), which indicates the code does not yet have a stable API. Once we hit 1.0.0, we will
follow these rules:
Increment the patch version for backwards-compatible bug fixes (e.g., v1.0.8 -> v1.0.9).
Increment the minor version for new features that are backwards-compatible (e.g., v1.0.8 -> 1.1.0).
Increment the major version for any backwards-incompatible changes (e.g. 1.0.8 -> 2.0.0).
The version is defined using Git tags. Use GitHub to create a release, which will have the effect of adding a git tag.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"031646fb9893d9ac655fd76197f406600b191e74"}]},{"name":".gitignore","path":".gitignore","sha":"32845458602b36a63610885e236aecaf5d0cfb98"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"8f0a49e6e74c419dd55216b6397d21c6cc2e1029"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"8c24c86ef8447a19436b38826f458c71b4da4f45"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.md","path":"README.md","sha":"39903688407efa091dc00593faae51b12b3e75e8","toggled":true},{"name":"examples","children":[{"name":"vpc-app-no-nat-gateway","children":[{"name":"README.md","path":"examples/vpc-app-no-nat-gateway/README.md","sha":"5327b37f00deaf545ac8aeb140841c9bee6a60b5"},{"name":"main.tf","path":"examples/vpc-app-no-nat-gateway/main.tf","sha":"8469afbaf3fac272e23a12b28850c03fa4e64644"},{"name":"outputs.tf","path":"examples/vpc-app-no-nat-gateway/outputs.tf","sha":"e5fe2a9caaa3168dd704ef17ca49fbba76b3ede7"},{"name":"vars.tf","path":"examples/vpc-app-no-nat-gateway/vars.tf","sha":"20dea2995e4f8e7b697b2d7395a7b61ab02261ac"}]},{"name":"vpc-app-with-endpoint","children":[{"name":"README.md","path":"examples/vpc-app-with-endpoint/README.md","sha":"d156678fe7d97d89370b1f95cf0558bf3d2a6430"},{"name":"main.tf","path":"examples/vpc-app-with-endpoint/main.tf","sha":"80a35167e8191382818d45f6c40ddd3ad0760ecb"},{"name":"outputs.tf","path":"examples/vpc-app-with-endpoint/outputs.tf","sha":"36e21a8b972bd561cbc3bdaea7b21b8982d6a662"},{"name":"variables.tf","path":"examples/vpc-app-with-endpoint/variables.tf","sha":"be23cd1bfd3a29beb63724612f6bb9a7e5bd3d25"}]},{"name":"vpc-app","children":[{"name":"README.md","path":"examples/vpc-app/README.md","sha":"5327b37f00deaf545ac8aeb140841c9bee6a60b5"},{"name":"main.tf","path":"examples/vpc-app/main.tf","sha":"4b53b1dd173f1c397c7b448e3a704177c800399e"},{"name":"outputs.tf","path":"examples/vpc-app/outputs.tf","sha":"e5fe2a9caaa3168dd704ef17ca49fbba76b3ede7"},{"name":"vars.tf","path":"examples/vpc-app/vars.tf","sha":"20dea2995e4f8e7b697b2d7395a7b61ab02261ac"}]},{"name":"vpc-custom-cidr-blocks","children":[{"name":"README.md","path":"examples/vpc-custom-cidr-blocks/README.md","sha":"e2387ee9acf039e4bbb6f1094da014d8074ce5f3"},{"name":"main.tf","path":"examples/vpc-custom-cidr-blocks/main.tf","sha":"90055c870e739262a3a3430bfa66586adaaca421"},{"name":"outputs.tf","path":"examples/vpc-custom-cidr-blocks/outputs.tf","sha":"e5fe2a9caaa3168dd704ef17ca49fbba76b3ede7"},{"name":"vars.tf","path":"examples/vpc-custom-cidr-blocks/vars.tf","sha":"56d3e0ca50ded5ea2535c71f3568f3728106a42b"}]},{"name":"vpc-flow-logs","children":[{"name":"README.md","path":"examples/vpc-flow-logs/README.md","sha":"e83626d27ce68cd32c0cec0e2c12446c6dee1dd5"},{"name":"main.tf","path":"examples/vpc-flow-logs/main.tf","sha":"e32f8760b327a2f84203c4cd186f191d60f9cef7"},{"name":"outputs.tf","path":"examples/vpc-flow-logs/outputs.tf","sha":"1832dd649235eb4f917497c2772299c761d39dad"},{"name":"vars.tf","path":"examples/vpc-flow-logs/vars.tf","sha":"3ac7ead850b612a5973fd4c58192dc6b856330df"}]},{"name":"vpc-mgmt-no-nat-gateway","children":[{"name":"README.md","path":"examples/vpc-mgmt-no-nat-gateway/README.md","sha":"c3dba0df7f11986dffd3c5bbeab2edf3aa8a8fc7"},{"name":"main.tf","path":"examples/vpc-mgmt-no-nat-gateway/main.tf","sha":"61042a743ec3cdc29f1762c3c9425234b191e336"},{"name":"outputs.tf","path":"examples/vpc-mgmt-no-nat-gateway/outputs.tf","sha":"c11cde7873d030ed8e8e44a726ee2ea19d65fcd6"},{"name":"vars.tf","path":"examples/vpc-mgmt-no-nat-gateway/vars.tf","sha":"bf7cddc01e2b42855c9c435e5c2751e010e6a435"}]},{"name":"vpc-mgmt","children":[{"name":"README.md","path":"examples/vpc-mgmt/README.md","sha":"c3dba0df7f11986dffd3c5bbeab2edf3aa8a8fc7"},{"name":"main.tf","path":"examples/vpc-mgmt/main.tf","sha":"ce909ea1890742b539976338dc42537115a3d67c"},{"name":"outputs.tf","path":"examples/vpc-mgmt/outputs.tf","sha":"c11cde7873d030ed8e8e44a726ee2ea19d65fcd6"},{"name":"vars.tf","path":"examples/vpc-mgmt/vars.tf","sha":"59225eb0320c7af08fa4cade7bbeaf10bdeac295"}]},{"name":"vpc-network-acls","children":[{"name":"README.md","path":"examples/vpc-network-acls/README.md","sha":"f24e234e4e15cd6e87eff7d785256e59110542f9"},{"name":"main.tf","path":"examples/vpc-network-acls/main.tf","sha":"ae3a505d66f3d0e294abc5cffcbc26f4b4a6ac0a"},{"name":"outputs.tf","path":"examples/vpc-network-acls/outputs.tf","sha":"5f59a828f7128b7bd7e52599fa794abd0f760293"},{"name":"vars.tf","path":"examples/vpc-network-acls/vars.tf","sha":"a19ecd5a9d56e8127d6dbd39ea9594b0ef49a696"}]},{"name":"vpc-peering-external","children":[{"name":"README.md","path":"examples/vpc-peering-external/README.md","sha":"845de39a9e747e109eb5128f86f71292c793c039"},{"name":"main.tf","path":"examples/vpc-peering-external/main.tf","sha":"6509cbd9e55e156314fce3522e75e02505b7cb55"},{"name":"outputs.tf","path":"examples/vpc-peering-external/outputs.tf","sha":"5239df47a80d13f33ea58412eb73a83f4ff431ed"},{"name":"vars.tf","path":"examples/vpc-peering-external/vars.tf","sha":"891f648219c644354f932af309fa3dffb0de3bd5"}]},{"name":"vpc-peering","children":[{"name":"README.md","path":"examples/vpc-peering/README.md","sha":"8dc44dcaca1fd832fed57fce29a40ce10dd5e514"},{"name":"main.tf","path":"examples/vpc-peering/main.tf","sha":"f56da8b0cb3f9a015401f034a6f93f10b33248b2"},{"name":"outputs.tf","path":"examples/vpc-peering/outputs.tf","sha":"85acf3fc320ca7969f57133d94515e80150f7c79"},{"name":"vars.tf","path":"examples/vpc-peering/vars.tf","sha":"6a8eb9ed4db5427a9eddb3205cfca9fc7386c085"}]}]},{"name":"modules","children":[{"name":"_docs","children":[{"name":"vpc-core-concepts.md","path":"modules/_docs/vpc-core-concepts.md","sha":"6c5780d57f69364b702bbaa5337aa3a1d693370d"},{"name":"vpc_app_architecture.png","path":"modules/_docs/vpc_app_architecture.png","sha":"1cb6d726e1a35614b27be9f3d45b9752589b9683"}]},{"name":"network-acl-inbound","children":[{"name":"README.md","path":"modules/network-acl-inbound/README.md","sha":"95c14fd46389871c3de62f0035d2c96ee05a6a89"},{"name":"main.tf","path":"modules/network-acl-inbound/main.tf","sha":"7c1eac78f96279359b6cb18897f8630a2cff16d9"},{"name":"vars.tf","path":"modules/network-acl-inbound/vars.tf","sha":"afc6a8ae03a4b53a0bf4242b4c3cbbb59093dbca"}]},{"name":"network-acl-outbound","children":[{"name":"README.md","path":"modules/network-acl-outbound/README.md","sha":"8ab75a21400cb74a356d8dc8ccb984b5835c908e"},{"name":"main.tf","path":"modules/network-acl-outbound/main.tf","sha":"ed711e50fb32123e0ed62bb67633df2ec1d9c973"},{"name":"vars.tf","path":"modules/network-acl-outbound/vars.tf","sha":"679d04948306dcdc4e677e8bfee3653b9fb46cc3"}]},{"name":"vpc-app-network-acls","children":[{"name":"README.md","path":"modules/vpc-app-network-acls/README.md","sha":"2047f3b5a6157f6bef300626fd1a5cc914706f13"},{"name":"main.tf","path":"modules/vpc-app-network-acls/main.tf","sha":"ca0c1f5f9ae7a11e130cf988eba0e4755e621d3a"},{"name":"outputs.tf","path":"modules/vpc-app-network-acls/outputs.tf","sha":"525001be9458bc90704667a84f0ac4f784d33129"},{"name":"vars.tf","path":"modules/vpc-app-network-acls/vars.tf","sha":"5f36ba4daf2a65f7b30f037053804395a00deaed"}]},{"name":"vpc-app","children":[{"name":"README.md","path":"modules/vpc-app/README.md","sha":"0c1a23fc7cf7df8045b5dc45def50662d21cac0a"},{"name":"main.tf","path":"modules/vpc-app/main.tf","sha":"d7e1bc08c1a939c0c82ea1cd5a510c5945328308"},{"name":"outputs.tf","path":"modules/vpc-app/outputs.tf","sha":"5901ea4587c3ef057b76b4edf73d402a4dfa8d2e"},{"name":"vars.tf","path":"modules/vpc-app/vars.tf","sha":"04df92e37aa3fb5c0d547c50c3ba7c59f9f571c0"}]},{"name":"vpc-dns-forwarder-rules","children":[{"name":"README.md","path":"modules/vpc-dns-forwarder-rules/README.md","sha":"0bfe6263341fd1d212952149d4c3572785711663"},{"name":"main.tf","path":"modules/vpc-dns-forwarder-rules/main.tf","sha":"3264cb717be99d4f9d3ba8395c44c4b3ba7c5087"},{"name":"variables.tf","path":"modules/vpc-dns-forwarder-rules/variables.tf","sha":"b5baaad0819ce7c23d47d1292fe0798dee12cdf5"}]},{"name":"vpc-dns-forwarder","children":[{"name":"README.md","path":"modules/vpc-dns-forwarder/README.md","sha":"0d0b4fffb15431758fd436c7cdc474bace686b7e"},{"name":"main.tf","path":"modules/vpc-dns-forwarder/main.tf","sha":"98095c1c6b9261ec5d5a0a4fbb0de0d261d6b412"},{"name":"outputs.tf","path":"modules/vpc-dns-forwarder/outputs.tf","sha":"382b7f3ae80e99cfd8325c9b4de404110e4d85ef"},{"name":"variables.tf","path":"modules/vpc-dns-forwarder/variables.tf","sha":"3c27308d90da5517d686c5bfb901801ba65637c0"}]},{"name":"vpc-flow-logs","children":[{"name":"README.md","path":"modules/vpc-flow-logs/README.md","sha":"0c6650434183731aef9332db713d02d06010d470"},{"name":"main.tf","path":"modules/vpc-flow-logs/main.tf","sha":"dc1ee500e01d44189d05a7830c436477f54bb392"},{"name":"outputs.tf","path":"modules/vpc-flow-logs/outputs.tf","sha":"79d710e3bcb8288c03db16b71abc7918f32426fc"},{"name":"vars.tf","path":"modules/vpc-flow-logs/vars.tf","sha":"bd6957b840f84f331a8011fe0cb669ba41bbaeb3"}]},{"name":"vpc-interface-endpoint","children":[{"name":"README.md","path":"modules/vpc-interface-endpoint/README.md","sha":"bc6a270500a466e45476cce8a20e9ab39d5fccdd"},{"name":"main.tf","path":"modules/vpc-interface-endpoint/main.tf","sha":"dab6e3712b797b934edc1eb2b3e8df3492ebac9d"},{"name":"outputs.tf","path":"modules/vpc-interface-endpoint/outputs.tf","sha":"79d037d3f3ea31cb6981c07f036e9a1704da8945"},{"name":"variables.tf","path":"modules/vpc-interface-endpoint/variables.tf","sha":"e092b663fd6d87615bbb95d42452fa72878d6436"}]},{"name":"vpc-mgmt-network-acls","children":[{"name":"README.md","path":"modules/vpc-mgmt-network-acls/README.md","sha":"c49cc46bcbc09cff6175d7fc47d4eb719331f20f"},{"name":"main.tf","path":"modules/vpc-mgmt-network-acls/main.tf","sha":"7e5e484015cc7b6ded0d28c2b11e0361bf68a79b"},{"name":"outputs.tf","path":"modules/vpc-mgmt-network-acls/outputs.tf","sha":"7dba259d40baeee89c8ee4af63d2b3d1167e92be"},{"name":"vars.tf","path":"modules/vpc-mgmt-network-acls/vars.tf","sha":"559fb01af837e1700fc7fd650a9743f55f92a484"}]},{"name":"vpc-mgmt","children":[{"name":"README.md","path":"modules/vpc-mgmt/README.md","sha":"c36b3f5496f9f9438d6ece5f8616913e89a42230"},{"name":"main.tf","path":"modules/vpc-mgmt/main.tf","sha":"8eefd0bde9f55f54eb6eddd3a29dea11b15f0e73"},{"name":"outputs.tf","path":"modules/vpc-mgmt/outputs.tf","sha":"5c5ff7409ce2687c4c041279cb41717102d4d0a0"},{"name":"vars.tf","path":"modules/vpc-mgmt/vars.tf","sha":"682342efa6eed7bf896181063983ca4b6d6e1ebc"}]},{"name":"vpc-peering-external","children":[{"name":"README.md","path":"modules/vpc-peering-external/README.md","sha":"20b4e1dbadac81d6d5a7a6ce12b705e9d3a03c41"},{"name":"main.tf","path":"modules/vpc-peering-external/main.tf","sha":"aadc0a74ece9e121f07d189de3c6ac7ac4ed006c"},{"name":"vars.tf","path":"modules/vpc-peering-external/vars.tf","sha":"b7a9760c9a22524b8452e83d68495b31e3af18dc"}]},{"name":"vpc-peering","children":[{"name":"README.md","path":"modules/vpc-peering/README.md","sha":"56b1e169cef2f4201c8204611ea0364c5f04bf2c"},{"name":"main.tf","path":"modules/vpc-peering/main.tf","sha":"e9c4d70395e5964ae7c6d72c392dc936f4298d44"},{"name":"vars.tf","path":"modules/vpc-peering/vars.tf","sha":"60502cffac1867fa48a5f68ef6ef0aa566cef21e"}]}]},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"ef26d3851db2fff0b36dfa61379724c0db9ff281"},{"name":"go.mod","path":"test/go.mod","sha":"ec5387da6983f1941480ab52cb56a2227288a594"},{"name":"go.sum","path":"test/go.sum","sha":"099f6d2ad42e905152ac4cc64a480fcb0f0e6dab"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"f46a068d884da9a9bd82dff3e2f62585951d61ea"},{"name":"vpc_app_no_nat_gateway_test.go","path":"test/vpc_app_no_nat_gateway_test.go","sha":"c23d6186a6ebb7de534c9dcc73f74a8e278cf4c2"},{"name":"vpc_app_test.go","path":"test/vpc_app_test.go","sha":"d564a91c16fef917f1454f6409ac55f32f1199bb"},{"name":"vpc_app_with_endpoint_test.go","path":"test/vpc_app_with_endpoint_test.go","sha":"1316517e122d2f1a2e935517ebcee90877fda799"},{"name":"vpc_custom_cidr_blocks_test.go","path":"test/vpc_custom_cidr_blocks_test.go","sha":"056710e3d1fc6d6affc28f23caef27cac9042519"},{"name":"vpc_flow_logs_test.go","path":"test/vpc_flow_logs_test.go","sha":"9ba7543acd9d4f40850df419d4bbba56b3703fcb"},{"name":"vpc_mgmt_no_nat_gateway_test.go","path":"test/vpc_mgmt_no_nat_gateway_test.go","sha":"98a5b6189e3651267f7038f906deaa0304fcc699"},{"name":"vpc_mgmt_test.go","path":"test/vpc_mgmt_test.go","sha":"4df8061bd0de902e3ef3d1ff56e4e32758fb8ad8"},{"name":"vpc_network_acls_test.go","path":"test/vpc_network_acls_test.go","sha":"5ed930679340c81ea7549b0a26e94566e18ce660"},{"name":"vpc_peering_external_test.go","path":"test/vpc_peering_external_test.go","sha":"2ce81263d16d2b5f7387993404bea2849ca60698"},{"name":"vpc_peering_test.go","path":"test/vpc_peering_test.go","sha":"ad9bfb95c9e56bcbd9bb69eaaae6619607ad501d"}]}]},"detailsContent":"<p><img src=\"https://img.shields.io/badge/tf-%3E%3D0.12.0-blue.svg\" alt=\"Terraform Version\" class=\"preview__body--diagram\"></p>\n<h1 class=\"preview__body--title\" id=\"vpc-modules\">VPC Modules</h1><div class=\"preview__body--border\"></div><p>This repo contains modules for creating best-practices Virtual Private Clouds (VPCs) on AWS.</p>\n<h4 id=\"main-modules\">Main Modules</h4>\n<p>The two main modules are:</p>\n<ul>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-app\" class=\"preview__body--description--blue\">vpc-app</a>: Launch a VPC meant to house applications. The VPC includes 3 "tiers" of subnets\n(public, private app, private persistence), routing rules, security groups, network ACLs, and NAT gateways.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-mgmt\" class=\"preview__body--description--blue\">vpc-mgmt</a>: Launch a VPC meant to house DevOps and other management services. The VPC includes\n2 "tiers" of subnets (public, private), routing rules, security groups, network ACLs, and NAT gateways.</li>\n</ul>\n<h4 id=\"supporting-modules\">Supporting Modules</h4>\n<p>There are also several supporting modules that add extra functionality on top of vpc-app and vpc-mgmt:</p>\n<ul>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-peering\" class=\"preview__body--description--blue\">vpc-peering</a>: Creating peering connections between VPCs. Normally, VPCs are completely\nisolated from each other, but sometimes, you want to allow traffic to flow between them, such as allowing DevOps\ntools running in a Mgmt VPC to talk to apps in a Stage or Prod VPC. This module can create peering connections and\nroute table entries that make this sort of cross-VPC communication possible.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-app-network-acls\" class=\"preview__body--description--blue\">vpc-app-network-acls</a>: Add a default set of Network ACLs to a VPC created using the\n<a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-app\" class=\"preview__body--description--blue\">vpc-app</a> module that control what inbound and outbound network traffic is allowed in each subnet\nof that VPC.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-mgmt-network-acls\" class=\"preview__body--description--blue\">vpc-mgmt-network-acls</a>: Add a default set of Network ACLs to a VPC created using the\n<a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-mgmt\" class=\"preview__body--description--blue\">vpc-mgmt</a> module that control what inbound and outbound network traffic is allowed in each subnet\nof that VPC.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/network-acl-inbound\" class=\"preview__body--description--blue\">network-acl-inbound</a>: A simple helper for adding inbound rules to a Network ACL, along\nwith the corresponding outbound rules for return traffic .</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/network-acl-outbound\" class=\"preview__body--description--blue\">network-acl-outbound</a>: A simple helper for adding outbound rules to a Network ACL,\nalong with the correspoding inbound rules for return traffic.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-dns-forwarder\" class=\"preview__body--description--blue\">vpc-dns-forwarder</a>: Set up Route 53 Resolvers to forward DNS queries from one VPC's DNS\nresolver to another.</li>\n<li><a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-flow-logs\" class=\"preview__body--description--blue\">vpc-flow-logs</a>: Create VPC flow logs to log network traffic in VPCs, subnets, and Elastic\nNetwork Interfaces.</li>\n</ul>\n<p>Click on each module above to see its documentation. Head over to the <a href=\"/repos/v0.10.2/terraform-aws-vpc/examples\" class=\"preview__body--description--blue\">examples folder</a> for examples.</p>\n<h2 class=\"preview__body--subtitle\" id=\"what-is-a-module\">What is a module?</h2>\n<p>At <a href=\"http://www.gruntwork.io\" class=\"preview__body--description--blue\" target=\"_blank\">Gruntwork</a>, we've taken the thousands of hours we spent building infrastructure on AWS and\ncondensed all that experience and code into pre-built <strong>packages</strong> or <strong>modules</strong>. Each module is a battle-tested,\nbest-practices definition of a piece of infrastructure, such as a VPC, ECS cluster, or an Auto Scaling Group. Modules\nare versioned using <a href=\"http://semver.org/\" class=\"preview__body--description--blue\" target=\"_blank\">Semantic Versioning</a> to allow Gruntwork clients to keep up to date with the\nlatest infrastructure best practices in a systematic way.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-use-a-module\">How do you use a module?</h2>\n<p>Most of our modules contain either:</p>\n<ol>\n<li><a href=\"https://www.terraform.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a> code</li>\n<li>Scripts & binaries</li>\n</ol>\n<h4 id=\"using-a-terraform-module\">Using a Terraform Module</h4>\n<p>To use a module in your Terraform templates, create a <code>module</code> resource and set its <code>source</code> field to the Git URL of\nthis repo. You should also set the <code>ref</code> parameter so you're fixed to a specific version of this repo, as the <code>master</code>\nbranch may have backwards incompatible changes (see <a href=\"https://www.terraform.io/docs/modules/sources.html\" class=\"preview__body--description--blue\" target=\"_blank\">module\nsources</a>).</p>\n<p>For example, to use <code>v1.0.8</code> of the vpc-app module, you would add the following:</p>\n<pre><span class=\"hljs-keyword\">module</span> <span class=\"hljs-string\">\"ecs_cluster\"</span> {\n source = <span class=\"hljs-string\">\"git::git@github.com:gruntwork-io/module-vpc.git//modules/vpc-app?ref=v1.0.8\"</span>\n\n <span class=\"hljs-comment\">// set the parameters for the vpc-app module</span>\n}\n</pre>\n<p><em>Note: the double slash (<code>//</code>) is intentional and required. It's part of Terraform's Git syntax (see <a href=\"https://www.terraform.io/docs/modules/sources.html\" class=\"preview__body--description--blue\" target=\"_blank\">module\nsources</a>).</em></p>\n<p>See the module's documentation and <code>vars.tf</code> file for all the parameters you can set. Run <code>terraform get -update</code> to\npull the latest version of this module from this repo before runnin gthe standard <code>terraform plan</code> and\n<code>terraform apply</code> commands.</p>\n<h4 id=\"using-scripts-binaries\">Using scripts & binaries</h4>\n<p>You can install the scripts and binaries in the <code>modules</code> folder of any repo using the <a href=\"/repos/gruntwork-installer\" class=\"preview__body--description--blue\">Gruntwork\nInstaller</a>. For example, if the scripts you want to install are\nin the <code>modules/ecs-scripts</code> folder of the https://github.com/gruntwork-io/module-ecs repo, you could install them\nas follows:</p>\n<pre><span class=\"hljs-string\">gruntwork-install </span><span class=\"hljs-built_in\">--module-name</span> <span class=\"hljs-string\">\"ecs-scripts\"</span> <span class=\"hljs-built_in\">--repo</span> <span class=\"hljs-string\">\"https://github.com/gruntwork-io/module-ecs\"</span> <span class=\"hljs-built_in\">--tag</span> <span class=\"hljs-string\">\"0.0.1\"</span>\n</pre>\n<p>See the docs for each script & binary for detailed instructions on how to use them.</p>\n<h2 class=\"preview__body--subtitle\" id=\"whats-a-vpc\">What's a VPC?</h2>\n<p>A <a href=\"https://aws.amazon.com/vpc/\" class=\"preview__body--description--blue\" target=\"_blank\">VPC</a> or Virtual Private Cloud is a logically isolated section of your AWS cloud. Each\nVPC defines a virtual network within which you run your AWS resources, as well as rules for what can go in and out of\nthat network. This includes subnets, route tables that tell those subnets how to route inbound and outbound traffic,\nsecurity groups, firewalls for the subnet (known as "Network ACLs"), and any other network components such as VPN connections.</p>\n<h4 id=\"learn-more-about-vp-cs\">Learn More about VPCs</h4>\n<p>See the READMEs for the <a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-app\" class=\"preview__body--description--blue\">vpc-app</a> and <a href=\"/repos/v0.10.2/terraform-aws-vpc/modules/vpc-mgmt\" class=\"preview__body--description--blue\">vpc-mgmt</a> modules for detailed info on a VPC,\nalong with best practices.</p>\n<h2 class=\"preview__body--subtitle\" id=\"developing-a-module\">Developing a module</h2>\n<h4 id=\"versioning\">Versioning</h4>\n<p>We are following the principles of <a href=\"http://semver.org/\" class=\"preview__body--description--blue\" target=\"_blank\">Semantic Versioning</a>. During initial development, the major\nversion is to 0 (e.g., <code>0.x.y</code>), which indicates the code does not yet have a stable API. Once we hit <code>1.0.0</code>, we will\nfollow these rules:</p>\n<ol>\n<li>Increment the patch version for backwards-compatible bug fixes (e.g., <code>v1.0.8 -> v1.0.9</code>).</li>\n<li>Increment the minor version for new features that are backwards-compatible (e.g., <code>v1.0.8 -> 1.1.0</code>).</li>\n<li>Increment the major version for any backwards-incompatible changes (e.g. <code>1.0.8 -> 2.0.0</code>).</li>\n</ol>\n<p>The version is defined using Git tags. Use GitHub to create a release, which will have the effect of adding a git tag.</p>\n<h4 id=\"tests\">Tests</h4>\n<p>See the <a href=\"/repos/v0.10.2/terraform-aws-vpc/test\" class=\"preview__body--description--blue\">test</a> folder for details.</p>\n<h2 class=\"preview__body--subtitle\" id=\"license\">License</h2>\n<p>Please see <a href=\"/repos/v0.10.2/terraform-aws-vpc/LICENSE.txt\" class=\"preview__body--description--blue\">LICENSE.txt</a> for details on how the code in this repo is licensed.</p>\n","repoName":"terraform-aws-vpc","repoRef":"v0.11.0","serviceDescriptor":{"serviceName":"Virtual Private Cloud (VPC)","serviceRepoName":"terraform-aws-vpc","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Create a Virtual Private Cloud (VPC). Includes multiple subnet tiers, NACLs, NAT gateways, Internet Gateways, and VPC peering.","imageUrl":"vpc.png","licenseType":"subscriber","technologies":["Terraform"],"compliance":[],"tags":[""]},"serviceCategoryName":"Networking","fileName":"README.md","filePath":"","title":"Repo Browser: Virtual Private Cloud (VPC)","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}