AWS Virtual Private Cloud (VPC) Terraform Module

Terraform module to provision VPC Resources on AWS.

This module contains VPC Peering as sub-modules under modules folder. In order to create a VPC Peering connection, you need to create a requester VPC and a accepter VPC first.


Simple setup

Create a simple VPC with default configurations.

    module "vpc" {
        source                  = ""
        version                 = "0.1.7"
        multi_nat_gw            = false
        vpc_settings            = {
            application_subnets = ["", ""]
            public_subnets      = ["", ""]
            dns_hostnames       = true
            data_subnets        = []
            dns_support         = true
            tenancy             = "default"
            cidr                = ""
        identifier              = "example"
        region                  = "us-east-1"
        tags                    = {
            Owner = "sysops"
            env   = "dev"

For more details on a working example, please visit examples/simple

Advanced Setup

If you want to create VPC with enhanced configuration e.g VPC Flowlogs etc., you can use the module like this:

Create a S3 bucket for VPC Flowlogs

    module "s3" {
        source      = ""
        version     = "0.1.2"
        identifier  = "example-s3-bucket-for-flow-logs-123"
        tags        = {
            Owner   = "sysops"
            env     = "dev"

Create a VPC

    module "vpc" {
        source                      = ""
        version                     = "0.1.7"
        multi_nat_gw                = true
        s3_flow_log_bucket          = module.s3.output.bucket.arn
        flow_log_settings           = {
            log_destination_type    = "s3"
            enable_flow_log         = true
            traffic_type            = "ALL"
        vpc_settings = {
            application_subnets = ["", "", ""]
            public_subnets      = ["", "", ""]
            data_subnets        = ["", "", ""]
            dns_hostnames       = true
            dns_support         = true
            tenancy             = "default"
            cidr                = ""
        identifier              = "example"
        region                  = "us-east-1"
        tags                    = {
            Owner               = "sysops"
            env                 = "dev"

For more options refer to a working example at examples/advanced


Here are some working examples of using this module:


Name Version
terraform >= 0.12


Name Version
aws n/a


No modules.


Name Type
aws_eip.nat_gw resource
aws_flow_log.logs resource
aws_internet_gateway.igw resource
aws_nat_gateway.nat_gw resource
aws_network_acl.application_layer resource
aws_network_acl.data_layer resource
aws_network_acl.public_layer resource
aws_network_acl_rule.egress-all-app resource
aws_network_acl_rule.egress-all-data resource
aws_network_acl_rule.egress-all-public resource
aws_network_acl_rule.ingress-all-ephemmeral-tcp-app resource
aws_network_acl_rule.ingress-all-ephemmeral-tcp-data resource
aws_network_acl_rule.ingress-all-ephemmeral-tcp-public resource
aws_network_acl_rule.ingress-all-ephemmeral-udp-app resource
aws_network_acl_rule.ingress-all-ephemmeral-udp-data resource
aws_network_acl_rule.ingress-all-internal-app resource
aws_network_acl_rule.ingress-all-internal-data resource
aws_network_acl_rule.ingress-custom-internal-application resource
aws_network_acl_rule.ingress-custom-internal-data resource
aws_route.application_nat_gateway_route resource
aws_route.data_nat_gateway_route resource
aws_route.internet_gateway_route resource
aws_route_table.application resource
aws_route_table.data_subnets resource
aws_route_table.public resource
aws_route_table_association.application_subnets resource
aws_route_table_association.data_subnets resource
aws_route_table_association.public_subnet resource
aws_security_group.endpoint_sg resource
aws_subnet.application_subnets resource
aws_subnet.data_subnets resource
aws_subnet.public_subnets resource
aws_vpc.vpc resource
aws_vpc_endpoint.ecr_api resource
aws_vpc_endpoint.ecr_dkr resource
aws_vpc_endpoint.ecs resource
aws_vpc_endpoint.s3 resource
aws_vpc_endpoint.ssm resource
aws_availability_zones.available data source
aws_vpc_endpoint_service.ecr_api data source
aws_vpc_endpoint_service.ecr_dkr data source
aws_vpc_endpoint_service.ssm data source


Name Description Type Default Required
allowed_cird_blocks_application List of allowed CIDR blocks into application subnets via NACL list(string) [] no
allowed_cird_blocks_data List of allowed CIDR blocks into data subnets via NACL list(string) [] no
append_workspace Appends the terraform workspace at the end of resource names, - bool true no
create_private_endpoints Set to true to create private endpoints bool true no
description A description for the VPC string "VPC created by terraform" no
flow_log_settings Map of VPC Flow Logs settings
log_destination_type = string,
enable_flow_log = bool,
traffic_type = string,
“enable_flow_log”: false,
“log_destination_type”: “s3”,
“traffic_type”: “ALL”
identifier Name of the VPC string n/a yes
kubernetes_tagging Set to true to enable kubernetes required tags for subnets bool false no
multi_nat_gw Set to true to create a nat gateway per availability zone, symmetrical subnets are required for best performance, try to avoid different subnet count between layers bool false no
region Region where the VPC will be deployed string n/a yes
s3_flow_log_bucket S3 bucket where flow logs will be sent string "" no
tags Tags to be applied to the resource map(any) {} no
vpc_settings Map of AWS VPC settings
application_subnets = list(string)
public_subnets = list(string)
data_subnets = list(string)
dns_hostnames = bool,
dns_support = bool,
tenancy = string,
cidr = string
“application_subnets”: [
“cidr”: “”,
“data_subnets”: [
“dns_hostnames”: true,
“dns_support”: true,
“public_subnets”: [
“tenancy”: “default”


Name Description
output n/a


If you want to contribute to this repository check all the guidelines specified here before submitting a new PR.