A collection of reusable Terraform modules for AWS infrastructure provisioning. These modules follow best practices and provide flexible, production-ready infrastructure components.
aws-terraform-modules/
βββ aws-terraform-vpc/ # VPC infrastructure module
βββ aws-terraform-vpc-endpoint/ # VPC endpoints module
βββ aws-terraform-vpc-peering/ # VPC peering connections module
βββ README.md # This file
Purpose: Comprehensive VPC infrastructure provisioning with subnets, route tables, NAT gateways, internet gateways, and VPC endpoints.
Key Features:
- Dual deployment modes (Simple/Advanced)
- Public, Private, and Database subnets
- Internet Gateway and NAT Gateway support
- VPC Flow Logs and VPC Endpoints
- Flexible subnet configuration
Use Cases: Complete VPC setup for applications requiring network isolation, multi-tier architectures, and secure AWS service access.
Purpose: Secure, private connectivity to AWS services without internet access through VPC endpoints.
Key Features:
- Default SSM connectivity endpoints
- Interface and Gateway endpoint support
- Automatic security group management
- Multi-AZ deployment
- Cost-effective S3 and DynamoDB access
Use Cases: Private AWS service access for EC2 instances, container workloads, and serverless applications.
Purpose: Establish private network connectivity between VPCs within the same or different AWS accounts and regions.
Key Features:
- Cross-account and cross-region peering support
- Automatic peering acceptance and DNS resolution
- Route table management and CIDR routing
- Dual AWS provider configuration
- Comprehensive tagging and naming conventions
Use Cases: Multi-VPC architectures, cross-account resource sharing, disaster recovery setups, and hybrid cloud connectivity.
- Terraform >= 1.14.3
- AWS CLI configured with appropriate permissions
- AWS Provider ~> 6.27.0
module "vpc" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
cidr_block = "10.0.0.0/16"
subnet_bits = 8
name = "my-vpc"
}
module "vpc_endpoints" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"
project_name_prefix = "my-project"
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.subnet_ids["private"]
route_table_ids = [module.vpc.route_table_id["private"]]
}module "vpc" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
cidr_block = "10.0.0.0/16"
subnet_bits = 8
subnet_group = {
"public" = {
is_public = true
nat_gateway = false
}
"private" = {
is_public = false
nat_gateway = true
}
"database" = {
is_public = false
nat_gateway = false
}
}
}module "vpc" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
cidr_block = "10.0.0.0/16"
# Enable VPC endpoints for container services
create_vpc_endpoint = true
add_interface = ["ecr.api", "ecr.dkr", "logs"]
}
module "vpc_endpoints" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"
project_name_prefix = "container-app"
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.subnet_ids["private"]
route_table_ids = [module.vpc.route_table_id["private"]]
add_interface = ["ecr.api", "ecr.dkr", "logs", "secretsmanager"]
}# Main VPC
module "main_vpc" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
cidr_block = "10.0.0.0/16"
name = "main-vpc"
}
# Shared Services VPC
module "shared_vpc" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
cidr_block = "10.1.0.0/16"
name = "shared-services-vpc"
}
# VPC Peering Connection
module "vpc_peering" {
source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-peering"
requester_vpc_id = module.main_vpc.vpc_id
accepter_vpc_id = module.shared_vpc.vpc_id
auto_accept_peering = true
requester_dns_resolution = true
accepter_dns_resolution = true
create_peering_routes = true
route_table_id = module.main_vpc.route_table_id["private"]
destination_cidr_blocks = ["10.1.0.0/16"]
providers = {
aws.this = aws
aws.peer = aws
}
}graph TD
A[aws-terraform-vpc] --> B[aws-terraform-vpc-endpoint]
A --> C[aws-terraform-vpc-peering]
A --> D[Your Application Infrastructure]
B --> D
C --> D
C --> E[Remote VPC]
The VPC module should be deployed first, followed by VPC endpoints and other infrastructure components.
All modules support consistent tagging:
common_tags = {
Environment = "production"
Project = "my-application"
Owner = "platform-team"
ManagedBy = "terraform"
}- Network Segmentation: Use private subnets for application workloads
- VPC Endpoints: Reduce internet traffic with private AWS service access
- Flow Logs: Enable VPC Flow Logs for network monitoring
- Least Privilege: Configure security groups with minimal required access
- Use Gateway endpoints (S3, DynamoDB) instead of Interface endpoints when possible
- Consider NAT Gateway placement and data transfer costs
- Monitor VPC endpoint usage and remove unused endpoints
- AWS VPC Module Documentation
- AWS VPC Endpoint Module Documentation
- AWS VPC Peering Module Documentation
- AWS VPC Best Practices
- AWS VPC Peering Guide
- Terraform AWS Provider Documentation
- Fork the repository
- Create a feature branch
- Make your changes with appropriate tests
- Update documentation
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and questions:
- Create an issue in the GitHub repository
- Check existing examples in module directories
- Review AWS and Terraform documentation
These modules are designed to follow AWS Well-Architected Framework principles and Terraform best practices.