aws_base

Previous Next

aws_base

Provision networking (VPC), subnets across AZs, flow logs, NAT, and a default KMS key + log bucket for the environment.

What it does

  • Creates a new VPC (or imports an existing one) with public/private subnets across three AZs.
  • Adds internet/NAT gateways and route tables for public/private egress.
  • Enables VPC flow logs to the log bucket and provisions a default KMS key.
  • Creates a log bucket for access/flow logs used by other modules.

Bring your own VPC

To use an existing VPC, set vpc_id, public_subnet_ids, and private_subnet_ids. Public subnets must route to an internet gateway and assign public IPs. Private subnets must route 0.0.0.0/0 to a NAT gateway with a public IP. Misconfigured routes may yield Terraform errors like "No routes matching supplied arguments found in Route Table". IPv6 imports are not validated; dual-stack may work but is not verified.

Providers

Name Version
aws 6.27.0
random 3.7.2

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.vpc_flow_log resource
aws_db_subnet_group.main resource
aws_default_security_group.default resource
aws_docdb_subnet_group.main resource
aws_ebs_encryption_by_default.default resource
aws_eip.nat_eips resource
aws_elasticache_subnet_group.main resource
aws_flow_log.vpc resource
aws_iam_role.vpc_flow_log resource
aws_iam_role_policy.vpc_flow_log resource
aws_iam_service_linked_role.autoscaling resource
aws_internet_gateway.igw resource
aws_kms_alias.alias resource
aws_kms_key.key resource
aws_nat_gateway.nat_gateways resource
aws_route.nat_routes resource
aws_route_table.private_route_tables resource
aws_route_table.public_route_table resource
aws_route_table_association.private_associations resource
aws_route_table_association.public_association resource
aws_s3_bucket.log_bucket resource
aws_s3_bucket_acl.log_bucket resource
aws_s3_bucket_lifecycle_configuration.log_bucket resource
aws_s3_bucket_ownership_controls.log_bucket resource
aws_s3_bucket_policy.log_bucket_policy resource
aws_s3_bucket_public_access_block.log_bucket resource
aws_s3_bucket_server_side_encryption_configuration.log_bucket resource
aws_s3_bucket_versioning.log_bucket resource
aws_security_group.db resource
aws_security_group.documentdb resource
aws_security_group.elasticache resource
aws_subnet.private_subnets resource
aws_subnet.public_subnets resource
aws_vpc.vpc resource
aws_vpc_endpoint.s3 resource
aws_vpc_endpoint_route_table_association.s3 resource
random_id.bucket_suffix resource
random_id.vpc_flow_log_suffix resource

Inputs

Name Description Type
env_name Env name string
layer_name Layer name string
module_name Module name string
private_ipv4_cidr_blocks Cidr blocks for private subnets. One for each desired AZ list(string)
private_subnet_ids List of pre-existing private subnets to use instead of creating new subnets for pltf. Required when var.vpc_id is set. list(string)
public_ipv4_cidr_blocks Cidr blocks for public subnets. One for each desired AZ list(string)
public_subnet_ids List of pre-existing public subnets to use instead of creating new subnets for pltf. Required when var.vpc_id is set. list(string)
total_ipv4_cidr_block Cidr block to reserve for whole vpc string
vpc_id The ID of an pre-existing VPC to use instead of creating a new VPC for pltf string
vpc_log_retention n/a number

Outputs

Name Description
db_aws_security_group n/a
documentdb_aws_security_group n/a
elasticache_aws_security_group n/a
kms_account_key_arn n/a
kms_account_key_id n/a
kms_key_alias n/a
private_subnet_ids n/a
public_nat_ips n/a
public_subnets_ids n/a
s3_log_bucket_name n/a
vpc_id n/a
EKS Upgrade aws_dns