This example builds a VPC with public and private subnets in 3 availability zones, creates a nat gateway in each AZ and appropriately routes from each private to the nat gateway. It creates an internet gateway and appropriately routes subnet traffic from "0.0.0.0/0" to the IGW. It creates encrypted VPC Flow Logs that are sent to cloud-watch and retained for 180 days.
At this point, only cloud-watch logs are support, pending: aws-ia/terraform-aws-vpc#35
Name | Version |
---|---|
terraform | >= 1.3.0 |
aws | >= 3.73.0 |
Name | Version |
---|---|
aws | >= 3.73.0 |
Name | Source | Version |
---|---|---|
vpc | aws-ia/vpc/aws | >= 3.0.2 |
Name | Type |
---|---|
aws_availability_zones.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
kms_key_id | KMS Key ID | string |
null |
no |
vpc_flow_logs | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". | object({ |
{ |
no |
Name | Description |
---|---|
private_subnets | Map of private subnet attributes grouped by az. |
private_subnets_tags_length | Count of private subnet tags for a single az. |
public_subnets | Map of public subnet attributes grouped by az. |
public_subnets_tags_length | Count of public subnet tags for a single az. |