~/codewithstu

// open_source

AWS VPC

OpenTofu module for provisioning AWS VPCs with public and private subnets, NAT gateways, DNS firewall, VPC endpoints, and optional load balancer

View on GitHub

Overview

This module creates AWS VPCs with public and private subnets, NAT gateways, DNS firewall, VPC endpoints, and an optional Application Load Balancer.

Key Features

  • Public and private subnets across multiple availability zones
  • NAT gateway strategies: single (cost-optimized) or per-AZ (high availability)
  • Route53 Resolver DNS Firewall with allow/block domain lists
  • VPC interface and gateway endpoints per subnet
  • Optional Network ACLs with configurable rules
  • Optional Application Load Balancer
  • Internet gateway and egress-only internet gateway support

Usage

module "vpc" {
  source = "git::https://github.com/Im5tu/opentofu-aws-vpc.git?ref=main"
 
  name = "my-vpc"
  cidr = "10.0.0.0/16"
 
  public_subnets = [{
    cidr              = "10.0.1.0/24"
    availability_zone = "eu-west-2a"
  }]
 
  private_subnets = [{
    cidr              = "10.0.10.0/24"
    availability_zone = "eu-west-2a"
  }]
 
  enable_internet_gateway = true
  nat_gateway_strategy    = "single"
}