Terraform and AWS: Create a VPC with High Availability Networking

Terraform and AWS: Create a VPC with High Availability Networking

AWS VPC Terraform Kubernetes

AWS VPC Terraform Module

On This Page


Quickly create a VPC with public and private networking options suitable for Kubernetes clusters, Fargate deployments or any other use case for launching multiple servers across multiple availability zones.

This module is published on Terraform Registry and has default settings that create a VPC with 2 public subnets and 4 private subnets. NAT Gateway and VPC Endpoints are disabled by default but easily changed in variables.tf.

Other modules to go with it but not required are Application Loadbalancer, AWS Fargate modules for deploying containerized applications with private networking using this VPC.


No inputs required unless you want to change defaults. This will create a VPC named TF_VPC in us-east-1. The module is hosted on a public Terraform registry so all you have to do to get started is put this in a main.tf file and run terraform init

module "vpc" {
  source  = "ryanef/vpc/aws"
  version = "1.3.2"

An example configuration using more options is at the end of this README

The Github Repo is available here.



An Internet Gateway is created by default so anything you create in a public subnet will be able to reach that through settings in the route table.

NAT Gateway is optional, you can enable NAT at the use_nat_gateway option in variables.tf which will also create an Elastic IP.

VPC Endpoints are optional and can be changed at use_vpc_endpoints in the variables.tf file

A VPC Endpoint can either be a Gateway Endpoint or Interface Endpoint you can see an example in the bottom of variables.tf. Also keep in mind VPC Endpoints can cost money like NAT Gateway. Both are options for getting internet traffic to your resources running in private subnets.

Changing Defaults

Most defaults can be changed in variables.tf


The default VPC CIDR is and can be changed at variable "vpc_cidr"

The subnets are using /25 which give a total of 32 possible subnets.

Note about Reserved IP addresses in each subnet:

  • - the network address
  • - Reserved by AWS - VPC Router
  • - Reserved by AWS - DNS server
  • - Reserved by AWS - future use / spare capacity
  • - Network broadcast address although broadcast is not supported in AWS VPCs.

Number of subnets to create

In variables.tf there are three variables to change. If you want to add more or less subnets, just add a new CIDR like to the list of public or private subnets. I’ll add a list of possible compatible /25 subnets at the end of this section.


Defaults: [ "", "" ]

variable "count_public_cidrs"


Defaults: [ "", "" ]

variable "count_private_cidrs"


Defaults: [ "", "" ]

variable "count_database_cidrs"

With the VPC CIDR, there are 32 possible subnets to use. This is a list of possible /25s you can use for public, private and database CIDR variables:

“”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”, “”

Example VPC

An example showing NAT Gateway enabled, custom VPC Name and tags. It also adds additional public and private subnets, if you want to add more, pick /25 CIDRs from the list above. The current

module "vpc" {
  source  = "ryanef/vpc/aws"
  version = "1.3.2"

  vpc_cidr = ""
  # public subnets
  count_public_cidrs = ["", "", "", ""]
  # private subnets
  count_private_cidrs = ["", "", "10.10.5/0/25"]
  # database subnets
  count_database_cidrs = ["", ""]

  environment = "production"

  use_nat_gateway = true
  use_vpc_endpoints = false

  vpc_name = "MyNewVPC"