terraform-aws-truefoundry-network

Truefoundry AWS Network Module

Requirements

Name	Version
terraform	~> 1.4
aws	~> 5.57

Providers

Name	Version
aws	~> 5.57

Modules

Name	Source	Version
aws-vpc-module	terraform-aws-modules/vpc/aws	5.19.0
vpc_flow_logs_bucket	terraform-aws-modules/s3-bucket/aws	3.7.0

Resources

Name	Type
aws_vpc_endpoint.s3	resource
aws_iam_policy_document.flow_logs_bucket_policy	data source
aws_subnet.private_subnets	data source
aws_subnet.public_subnets	data source

Inputs

Name	Description	Type	Default	Required
_validate_subnet_tags	Boolean to validate all subnets have the required Kubernetes tags for proper ELB and cluster integration.	bool	true	no
aws_account_id	AWS account ID	string	n/a	yes
aws_region	VPC region	string	n/a	yes
azs	Availability Zones	list(string)	n/a	yes
cluster_name	AWS EKS cluster name needed for Shared cluster	string	""	no
enable_nat_gateway	Enable NAT Gateway - This is necessary for the cluster to work	bool	true	no
flow_logs_bucket_enable_override	Enable override for s3 bucket name. You must pass flow_logs_bucket_override_name	bool	false	no
flow_logs_bucket_encryption_algorithm	Algorithm used for encrypting the default bucket.	string	"AES256"	no
flow_logs_bucket_encryption_key_arn	ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm.	string	null	no
flow_logs_bucket_force_destroy	Force destroy for the default bucket.	bool	false	no
flow_logs_bucket_override_name	Override name for s3 bucket. flow_logs_bucket_enable_override must be set true	string	""	no
flow_logs_enable	Enable VPC flow logs	bool	false	no
one_nat_gateway_per_az	One NAT Gateway for each AZ.	bool	false	no
private_subnet_extra_tags	Extra tags for VPC private subnets	map(string)	{}	no
private_subnets_cidrs	Assigns IPv4 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list	list(string)	[]	no
private_subnets_ids	SHIM: Private Subnets IDs	list(string)	[]	no
public_subnet_extra_tags	Extra tags for VPC public subnets	map(string)	{}	no
public_subnets_cidrs	Assigns IPv4 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list	list(string)	[]	no
public_subnets_ids	SHIM: Public Subnets IDs	list(string)	[]	no
shim	If true will not create the network and forward the input values to the same outputs.	bool	false	no
single_nat_gateway	Single NAT Gateway, shared for all AZ and subnets	bool	true	no
tags	AWS Tags common to all the resources created	map(string)	{}	no
vpc_cidr	The CIDR block for the VPC.	string	""	no
vpc_id	SHIM: VPC Id	string	""	no

Outputs

Name	Description
availability_zones	List of availability zones for VPC
private_subnets_cidrs	List of private subnet CIDRs in the VPC
private_subnets_id	List of private subnet IDs in the VPC
public_subnets_cidrs	List of public subnet CIDRs in the VPC
public_subnets_id	List of public subnet IDs in the VPC
region	AWS region of VPC
validate_private_subnet_tags	Validates that all private subnets have the required Kubernetes tags for proper ELB and cluster integration
validate_public_subnet_tags	Validates that all public subnets have the required Kubernetes tags for proper ELB and cluster integration
vpc_id	VPC ID of the network

Subnet Tag Validation (Shim Mode)

When using the module in shim mode (with existing subnets), the following outputs are available:

• private_subnets_tags: List of tag maps for each private subnet
• public_subnets_tags: List of tag maps for each public subnet

You should check these outputs to ensure your subnets have the required tags:

Private Subnets:

• kubernetes.io/cluster/$CLUSTER_NAME: "shared"
• subnet: "private"
• kubernetes.io/role/internal-elb: "1"

Public Subnets:

• kubernetes.io/cluster/$CLUSTER_NAME: "shared"
• subnet: "public"
• kubernetes.io/role/elb: "1"

If any subnet is missing these tags, you must add them manually in the AWS console or via CLI.