This example deploys two versions of the vpc module. One with support for HIPAA/PCI compliance based on the requirements for the VPC Network foundation including a the three-tier approach that provides flexibility to the network spaces with configurable CIDR for subnets, access control list for each subnet and flow logs capabilities for network monitoring.

The second example is a simplify version of the vpc module with only two availibility zones, without multiple nat gateways nor vpc flow logs to reduce costs but still providing best practices on the vpc configuration and security practices.

Architecture Diagram


Best Practices

The architecture built by this module supports AWS best practices for high availability and security:

  • Multi-AZ architecture intended for high availability
  • Isolation of instances between private/public subnets
  • Security groups limiting access to only necessary services
  • Network access control list (ACL) rules to filter traffic into subnets as an additional layer of network security
  • VPC Flow logs capabilities
  • VPC Endpoints for internal traffic on common services like ecs, ecr, s3 and ssm

Modules used