AWS Network Module

Overview

The AWS Network Module provides a reusable and scalable way to provision and manage complete networking infrastructure using Terraform.
It enables you to configure VPCs, subnets, route tables, internet gateways, NAT gateways, VPNs, VPC endpoints, and security groups in a modular and maintainable way.

This module supports both resource creation and data sources for all networking components, ensuring secure and highly available network architecture.

---

Features

• 🚀 Reusable & Modular – Predefined structure for all networking resources.
• 🌐 Flexible Networking – Configure public, private, and isolated subnets across multiple Availability Zones.
• 🔒 Secure by Default – Integrates security groups, NACLs, and VPC endpoints for granular access control.
• 🔄 Highly Available – Supports multi-AZ design, NAT gateways, and VPN connectivity.
• 📜 Tagging & Documentation – Consistent tags and naming conventions across all network resources.
• 🧩 Extensible – Can be integrated with other modules like EKS, Auto Scaling, ELB, and RDS.

---

Core Concepts

1. Resources Module

   • Creates and manages the following networking components:
     • VPCs
     • Public, private, and isolated subnets
     • Route tables and routes
     • Internet Gateways
     • NAT Gateways
     • VPC Endpoints (Interface & Gateway)
     • VPN Gateways and Customer Gateways
     • Transit Gateways (optional)
     • Security Groups
     • Network ACLs

2. Data Module

   • Fetches information about existing network resources.
   • Useful for referencing attributes like VPC ID, subnet IDs, security groups, and route table IDs.

3. Separation of Concerns

   • resources/ handles creation of networking components.
   • data/ is focused on reading and referencing existing network resources.
   • Ensures clarity, reusability, and modular design.

---

Sample Usage

Terraform

# DEPLOY COMPLETE AWS NETWORK MODULE

module "network" {
  source = "github.com/anantacloud/terraform-aws-network-module/modules/resources"

  # ==========================
  # REQUIRED VARIABLES
  # ==========================
  vpc_name        = "my-vpc"
  cidr_block      = "10.0.0.0/16"
  public_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
  private_subnets = ["10.0.3.0/24", "10.0.4.0/24"]
  isolated_subnets = ["10.0.5.0/24", "10.0.6.0/24"]

  # ==========================
  # OPTIONAL VARIABLES
  # ==========================
  enable_nat_gateway   = true
  enable_vpn           = false
  enable_transit_gateway = false
  enable_vpc_endpoints = true

  tags = {
    Environment = "dev"
    Project     = "my-app"
  }
}

Terragrunt

# terragrunt.hcl

terraform {
  source = "github.com/anantacloud/terraform-aws-network-module/modules/resources"
}

inputs = {
  vpc_name        = "my-vpc"
  cidr_block      = "10.0.0.0/16"
  public_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
  private_subnets = ["10.0.3.0/24", "10.0.4.0/24"]
  isolated_subnets = ["10.0.5.0/24", "10.0.6.0/24"]

  enable_nat_gateway     = true
  enable_vpn             = false
  enable_transit_gateway = false
  enable_vpc_endpoints   = true

  tags = {
    Environment = "dev"
    Project     = "my-app"
  }
}

Opentofu

# Opentofu.hcl

terraform {
  source = "github.com/anantacloud/terraform-aws-network-module/modules/resources"
}

inputs = {
  vpc_name        = "my-vpc"
  cidr_block      = "10.0.0.0/16"
  public_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
  private_subnets = ["10.0.3.0/24", "10.0.4.0/24"]
  isolated_subnets = ["10.0.5.0/24", "10.0.6.0/24"]

  enable_nat_gateway     = true
  enable_vpn             = false
  enable_transit_gateway = false
  enable_vpc_endpoints   = true

  tags = {
    Environment = "dev"
    Project     = "my-app"
  }
}

Inputs

Required

Name	Description	Type	Example
vpc_name	Name of the VPC	string	"my-vpc"
cidr_block	CIDR block for the VPC	string	"10.0.0.0/16"
public_subnets	List of public subnet CIDRs	list	["10.0.1.0/24"]
private_subnets	List of private subnet CIDRs	list	["10.0.3.0/24"]
isolated_subnets	List of isolated subnet CIDRs	list	["10.0.5.0/24"]

Optional

Name	Description	Type	Default
enable_nat_gateway	Create NAT gateways for private subnets	bool	false
enable_vpn	Create VPN connections	bool	false
enable_transit_gateway	Create Transit Gateway	bool	false
enable_vpc_endpoints	Create VPC endpoints for services like S3, DynamoDB	bool	false
tags	Key-value tags to apply to all network resources	map	{}

Outputs

Name	Description
vpc_id	The ID of the VPC
public_subnet_ids	List of public subnet IDs
private_subnet_ids	List of private subnet IDs
isolated_subnet_ids	List of isolated subnet IDs
route_table_ids	List of route table IDs
internet_gateway_id	The ID of the Internet Gateway
nat_gateway_ids	List of NAT Gateway IDs
vpn_gateway_id	The ID of the VPN Gateway (if enabled)
transit_gateway_id	The ID of the Transit Gateway (if enabled)
vpc_endpoint_ids	List of VPC Endpoint IDs (if enabled)
security_group_ids	List of Security Group IDs
network_acl_ids	List of Network ACL IDs