Terraform AWS: Create a VPC with High Availability Networking
AWS VPC Terraform Module
On This Page
INTRODUCTION
Create a VPC with public and private networking options suitable for Kubernetes clusters, Fargate deployments or any other use case that needs highly available and fault tolerant architecture.
This module is published on Terraform Registry and has default settings that create a VPC with 2 public subnets and 4 private subnets. NAT Gateway and VPC Endpoints are disabled by default but easily changed in variables.tf
.
Other modules to go with it but not required are Application Loadbalancer, AWS Fargate modules for deploying containerized applications with private networking using this VPC.
QUICK START
No inputs required unless you want to change defaults. This will create a VPC named TF_VPC
in us-east-1
. The module is hosted on a public Terraform registry so all you have to do to get started is put this in a main.tf
file and run terraform init
An example configuration using more options is at the end of this README
The Github Repo is available here.
NETWORKING DEFAULTS
INTERNET ACCESS
An Internet Gateway is created by default so anything you create in a public subnet will be able to reach that through settings in the route table.
NAT Gateway
is optional, you can enable NAT at the use_nat_gateway
option in variables.tf which will also create an Elastic IP.
VPC Endpoints
are optional and can be changed at use_vpc_endpoints
in the variables.tf file
A VPC Endpoint can either be a Gateway Endpoint
or Interface Endpoint
you can see an example in the bottom of variables.tf. Also keep in mind VPC Endpoints can cost money like NAT Gateway. Both are options for getting internet traffic to your resources running in private subnets.
Changing Defaults
Most defaults can be changed in variables.tf
VPC CIDR
The default VPC CIDR is 10.10.0.0/20
and can be changed at variable "vpc_cidr"
The subnets are using /25
which give a total of 32 possible subnets.
Note about Reserved IP addresses in each subnet:
- 10.10.0.0 - the network address
- 10.10.0.1 - Reserved by AWS - VPC Router
- 10.10.0.2 - Reserved by AWS - DNS server
- 10.10.0.3 - Reserved by AWS - future use / spare capacity
- 10.0.0.255 - Network broadcast address although broadcast is not supported in AWS VPCs.
Number of subnets to create
In variables.tf
there are three variables to change. If you want to add more or less subnets, just add a new CIDR like 10.10.8.0/25
to the list of public or private subnets. I’ll add a list of possible compatible /25 subnets at the end of this section.
PUBLIC SUBNET DEFAULTS
Defaults: [ "10.10.1.0/25/25", "10.10.3.0/25" ]
variable "count_public_cidrs"
PRIVATE SUBNET DEFAULTS
Defaults: [ "10.10.2.0/25", "10.10.4.0/25" ]
variable "count_private_cidrs"
DATABASE SUBNET DEFAULTS
Defaults: [ "10.10.10.0/25", "10.10.11.0/25" ]
variable "count_database_cidrs"
With the 10.10.0.0/20
VPC CIDR, there are 32 possible subnets to use. This is a list of possible /25s you can use for public, private and database CIDR variables:
“10.10.0.0/25”, “10.10.0.128/25”, “10.10.1.0/25”, “10.10.1.128/25”, “10.10.2.0/25”, “10.10.2.128/25”, “10.10.3.0/25”, “10.10.3.128/25”, “10.10.4.0/25”, “10.10.4.128/25”, “10.10.5.0/25”, “10.10.5.128/25”, “10.10.6.0/25”, “10.10.6.128/25”, “10.10.7.0/25”, “10.10.7.128/25”, “10.10.8.0/25”, “10.10.8.128/25”, “10.10.9.0/25”, “10.10.9.128/25”, “10.10.10.0/25”, “10.10.10.128/25”, “10.10.11.0/25”, “10.10.11.128/25”, “10.10.12.0/25”, “10.10.12.128/25”, “10.10.13.0/25”, “10.10.13.128/25”, “10.10.14.0/25”, “10.10.14.128/25”, “10.10.15.0/25”, “10.10.15.128/25”
Example VPC
An example showing NAT Gateway enabled, custom VPC Name and tags. It also adds additional public and private subnets, if you want to add more, pick /25 CIDRs from the list above. The current