squareops
diff --git a/‎README.md
Lines changed: 17 additions & 1 deletion b/‎README.md
Lines changed: 17 additions & 1 deletion
diff --git a/‎examples/ipam-managed-vpc/README.md
Lines changed: 52 additions & 0 deletions b/‎examples/ipam-managed-vpc/README.md
Lines changed: 52 additions & 0 deletions
diff --git a/‎examples/ipam-managed-vpc/main.tf
Lines changed: 27 additions & 0 deletions b/‎examples/ipam-managed-vpc/main.tf
Lines changed: 27 additions & 0 deletions
diff --git a/‎examples/ipam-managed-vpc/output.tf
Lines changed: 19 additions & 0 deletions b/‎examples/ipam-managed-vpc/output.tf
Lines changed: 19 additions & 0 deletions
diff --git a/‎examples/vpc-with-ipv6/providers.tf renamed to ‎examples/ipam-managed-vpc/providers.tf b/‎examples/vpc-with-ipv6/providers.tf renamed to ‎examples/ipam-managed-vpc/providers.tf
diff --git a/‎examples/vpc-with-ipv6/README.md renamed to ‎examples/vpc-dualstack/README.md b/‎examples/vpc-with-ipv6/README.md renamed to ‎examples/vpc-dualstack/README.md
diff --git a/‎examples/vpc-with-ipv6/main.tf renamed to ‎examples/vpc-dualstack/main.tf b/‎examples/vpc-with-ipv6/main.tf renamed to ‎examples/vpc-dualstack/main.tf
diff --git a/‎examples/vpc-with-ipv6/outputs.tf renamed to ‎examples/vpc-dualstack/outputs.tf b/‎examples/vpc-with-ipv6/outputs.tf renamed to ‎examples/vpc-dualstack/outputs.tf
diff --git a/‎examples/vpc-dualstack/providers.tf
Lines changed: 6 additions & 0 deletions b/‎examples/vpc-dualstack/providers.tf
Lines changed: 6 additions & 0 deletions
diff --git a/‎examples/vpc-native-ipv6/README.md
Lines changed: 55 additions & 0 deletions b/‎examples/vpc-native-ipv6/README.md
Lines changed: 55 additions & 0 deletions
diff --git a/‎examples/vpc-native-ipv6/main.tf
Lines changed: 31 additions & 0 deletions b/‎examples/vpc-native-ipv6/main.tf
Lines changed: 31 additions & 0 deletions
diff --git a/‎examples/vpc-native-ipv6/outputs.tf
Lines changed: 44 additions & 0 deletions b/‎examples/vpc-native-ipv6/outputs.tf
Lines changed: 44 additions & 0 deletions
diff --git a/‎examples/vpc-native-ipv6/providers.tf
Lines changed: 6 additions & 0 deletions b/‎examples/vpc-native-ipv6/providers.tf
Lines changed: 6 additions & 0 deletions
diff --git a/‎examples/vpc-with-secondary-cidr/README.md
Lines changed: 52 additions & 0 deletions b/‎examples/vpc-with-secondary-cidr/README.md
Lines changed: 52 additions & 0 deletions
diff --git a/‎examples/vpc-with-secondary-cidr/main.tf
Lines changed: 28 additions & 0 deletions b/‎examples/vpc-with-secondary-cidr/main.tf
Lines changed: 28 additions & 0 deletions
@@ -27,9 +27,11 @@ module "vpc" {
   vpc_cidr                                        = "10.0.0.0/16"
   environment                                     = "production"
   ipv6_enabled                                    = true
+  create_ipam_pool                                = false
+  ipam_enabled                                    = false
   flow_log_enabled                                = true
   vpn_key_pair_name                               = module.key_pair_vpn.key_pair_name
-  availability_zones                              = 2
+  availability_zones                              = ["us-east-1a", "us-east-1b"]
   vpn_server_enabled                              = false
   intra_subnet_enabled                            = true
   auto_assign_public_ip                           = true
@@ -205,6 +207,9 @@ In this module, we have implemented the following CIS Compliance checks for VPC:
 
 | Name | Type |
 |------|------|
+| [aws_vpc_ipam.ipam](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource |
+| [aws_vpc_ipam_pool.ipam_pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
+| [aws_vpc_ipam_pool_cidr.ipam_pool_cidr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_ec2_instance_type.arch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_instance_type) | data source |
 
@@ -214,19 +219,26 @@ In this module, we have implemented the following CIS Compliance checks for VPC:
 |------|-------------|------|---------|:--------:|
 | <a name="input_auto_assign_public_ip"></a> [auto\_assign\_public\_ip](#input\_auto\_assign\_public\_ip) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. | `bool` | `false` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | Number of Availability Zone to be used by VPC Subnets | `list(any)` | `[]` | no |
+| <a name="input_create_ipam_pool"></a> [create\_ipam\_pool](#input\_create\_ipam\_pool) | Whether create new IPAM pool | `bool` | `true` | no |
 | <a name="input_database_subnet_assign_ipv6_address_on_creation"></a> [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | <a name="input_database_subnet_cidrs"></a> [database\_subnet\_cidrs](#input\_database\_subnet\_cidrs) | Database Tier subnet CIDRs to be created | `list(any)` | `[]` | no |
 | <a name="input_database_subnet_enabled"></a> [database\_subnet\_enabled](#input\_database\_subnet\_enabled) | Set true to enable database subnets | `bool` | `false` | no |
 | <a name="input_default_network_acl_ingress"></a> [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "deny",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 22,<br>    "protocol": "tcp",<br>    "rule_no": 98,<br>    "to_port": 22<br>  },<br>  {<br>    "action": "deny",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 3389,<br>    "protocol": "tcp",<br>    "rule_no": 99,<br>    "to_port": 3389<br>  },<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
+| <a name="input_enable_database_subnet_group"></a> [enable\_database\_subnet\_group](#input\_enable\_database\_subnet\_group) | Whether create database subnet groups | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Specify the environment indentifier for the VPC | `string` | `""` | no |
+| <a name="input_existing_ipam_managed_cidr"></a> [existing\_ipam\_managed\_cidr](#input\_existing\_ipam\_managed\_cidr) | The existing IPAM pool CIDR | `string` | `""` | no |
 | <a name="input_flow_log_cloudwatch_log_group_kms_key_arn"></a> [flow\_log\_cloudwatch\_log\_group\_kms\_key\_arn](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no |
 | <a name="input_flow_log_cloudwatch_log_group_retention_in_days"></a> [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no |
 | <a name="input_flow_log_enabled"></a> [flow\_log\_enabled](#input\_flow\_log\_enabled) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no |
 | <a name="input_flow_log_max_aggregation_interval"></a> [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `60` | no |
 | <a name="input_intra_subnet_assign_ipv6_address_on_creation"></a> [intra\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_intra\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | <a name="input_intra_subnet_cidrs"></a> [intra\_subnet\_cidrs](#input\_intra\_subnet\_cidrs) | A list of intra subnets CIDR to be created | `list(any)` | `[]` | no |
 | <a name="input_intra_subnet_enabled"></a> [intra\_subnet\_enabled](#input\_intra\_subnet\_enabled) | Set true to enable intra subnets | `bool` | `false` | no |
+| <a name="input_ipam_enabled"></a> [ipam\_enabled](#input\_ipam\_enabled) | Whether enable IPAM managed VPC or not | `bool` | `false` | no |
+| <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | The existing IPAM pool id if any | `string` | `null` | no |
+| <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | The netmask length for IPAM managed VPC | `number` | `16` | no |
 | <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no |
+| <a name="input_ipv6_only"></a> [ipv6\_only](#input\_ipv6\_only) | Enable it for deploying native IPv6 network | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Specify the name of the VPC | `string` | `""` | no |
 | <a name="input_one_nat_gateway_per_az"></a> [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Set to true if a NAT Gateway is required per availability zone for Private Subnet Tier | `bool` | `false` | no |
 | <a name="input_private_subnet_assign_ipv6_address_on_creation"></a> [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
@@ -235,6 +247,9 @@ In this module, we have implemented the following CIS Compliance checks for VPC:
 | <a name="input_public_subnet_assign_ipv6_address_on_creation"></a> [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | <a name="input_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | A list of public subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |
 | <a name="input_public_subnet_enabled"></a> [public\_subnet\_enabled](#input\_public\_subnet\_enabled) | Set true to enable public subnets | `bool` | `false` | no |
+| <a name="input_region"></a> [region](#input\_region) | The AWS region name | `string` | `null` | no |
+| <a name="input_secondary_cidr_blocks"></a> [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of the secondary CIDR blocks which can be at most 5 | `list(string)` | `[]` | no |
+| <a name="input_secondry_cidr_enabled"></a> [secondry\_cidr\_enabled](#input\_secondry\_cidr\_enabled) | Whether enable secondary CIDR with VPC | `bool` | `false` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block of the VPC | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vpn_key_pair_name"></a> [vpn\_key\_pair\_name](#input\_vpn\_key\_pair\_name) | Specify the name of AWS Keypair to be used for VPN Server | `string` | `""` | no |
 | <a name="input_vpn_server_enabled"></a> [vpn\_server\_enabled](#input\_vpn\_server\_enabled) | Set to true if you want to deploy VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
@@ -252,6 +267,7 @@ In this module, we have implemented the following CIS Compliance checks for VPC:
 | <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | IPV4 CIDR Block for this VPC |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
 | <a name="output_vpc_ipv6_association_id"></a> [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| <a name="output_vpc_secondary_cidr_blocks"></a> [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
 | <a name="output_vpn_host_public_ip"></a> [vpn\_host\_public\_ip](#output\_vpn\_host\_public\_ip) | IP Address of VPN Server |
 | <a name="output_vpn_security_group"></a> [vpn\_security\_group](#output\_vpn\_security\_group) | Security Group ID of VPN Server |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
@@ -0,0 +1,52 @@
+# IPAM VPC
+
+Configuration in this directory creates set of VPC resources with IPAM managed CIDRs
+
+IPAM pool with desired CIDR and its allocation which restricts the overlapping of CIDRs
+
+[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones).
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc_ipam"></a> [vpc\_ipam](#module\_vpc\_ipam) | squareops/vpc/aws | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| <a name="output_region"></a> [region](#output\_region) | AWS Region |
+| <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | AWS Region |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,27 @@
+locals {
+  region      = "us-east-1"
+  environment = "stage"
+  name        = "skaf"
+  additional_aws_tags = {
+    Owner      = "SquareOps"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  vpc_cidr     = "10.10.0.0/16"
+  ipam_enabled = true
+}
+
+module "vpc_ipam" {
+  source = "squareops/vpc/aws"
+
+  name = local.name
+
+  ipam_enabled       = local.ipam_enabled
+  region             = local.region
+  create_ipam_pool   = true
+  vpc_cidr           = local.vpc_cidr
+  availability_zones = ["us-east-1a", "us-east-1b"]
+
+  private_subnet_enabled = true
+  public_subnet_enabled  = true
+}
@@ -0,0 +1,19 @@
+output "region" {
+  description = "AWS Region"
+  value       = local.region
+}
+
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc_ipam.vpc_id
+}
+
+output "vpc_cidr_block" {
+  description = "AWS Region"
+  value       = module.vpc_ipam.vpc_cidr_block
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc_ipam.public_subnets
+}
@@ -0,0 +1,6 @@
+provider "aws" {
+  region = local.region
+  default_tags {
+    tags = local.additional_aws_tags
+  }
+}
@@ -0,0 +1,55 @@
+# VPC with Native IPv6 support
+
+
+VPC with native IPv6 which includes public and private subnet will be created per availability zone in addition to single NAT Gateway shared between all availability zones.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| <a name="output_intra_subnets"></a> [intra\_subnets](#output\_intra\_subnets) | List of IDs of Intra subnets |
+| <a name="output_ipv6_vpc_cidr_block"></a> [ipv6\_vpc\_cidr\_block](#output\_ipv6\_vpc\_cidr\_block) | The IPv6 CIDR block |
+| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| <a name="output_region"></a> [region](#output\_region) | AWS Region |
+| <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR of the VPC |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| <a name="output_vpc_ipv6_association_id"></a> [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,31 @@
+locals {
+  name        = "skaf"
+  region      = "us-east-1"
+  environment = "stage"
+  additional_aws_tags = {
+    Owner      = "SquareOps"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  vpc_cidr     = "10.10.0.0/16"
+  ipv6_enabled = true
+  ipv6_only    = true
+}
+
+module "vpc" {
+  source                                          = "squareops/vpc/aws"
+  name                                            = local.name
+  vpc_cidr                                        = local.vpc_cidr
+  ipv6_only                                       = local.ipv6_only
+  environment                                     = local.environment
+  ipv6_enabled                                    = local.ipv6_enabled
+  availability_zones                              = ["us-east-1a", "us-east-1b"]
+  public_subnet_enabled                           = true
+  private_subnet_enabled                          = true
+  intra_subnet_enabled                            = true
+  database_subnet_enabled                         = true
+  public_subnet_assign_ipv6_address_on_creation   = true
+  private_subnet_assign_ipv6_address_on_creation  = true
+  database_subnet_assign_ipv6_address_on_creation = true
+  intra_subnet_assign_ipv6_address_on_creation    = true
+}
@@ -0,0 +1,44 @@
+output "region" {
+  description = "AWS Region"
+  value       = local.region
+}
+
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+output "vpc_cidr_block" {
+  description = "The CIDR of the VPC"
+  value       = module.vpc.vpc_cidr_block
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of Intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+output "vpc_ipv6_association_id" {
+  description = "The association ID for the IPv6 CIDR block"
+  value       = module.vpc.vpc_ipv6_association_id
+}
+
+output "ipv6_vpc_cidr_block" {
+  description = "The IPv6 CIDR block"
+  value       = module.vpc.ipv6_vpc_cidr_block
+}
@@ -0,0 +1,6 @@
+provider "aws" {
+  region = local.region
+  default_tags {
+    tags = local.additional_aws_tags
+  }
+}
@@ -0,0 +1,52 @@
+# VPC with Multiple CIDR Supports
+
+
+MUltiple CIDRs can be attached with a VPC in addition of increasing numbers of IPs. A public and private subnet will be created per availability zone in addition to single NAT Gateway shared between all availability zones.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| <a name="output_region"></a> [region](#output\_region) | AWS Region |
+| <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | AWS Region |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| <a name="output_vpc_secondary_cidr_blocks"></a> [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,28 @@
+locals {
+  name        = "skaf"
+  region      = "us-east-1"
+  environment = "stage"
+  additional_aws_tags = {
+    Owner      = "SquareOps"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  vpc_cidr              = "10.10.0.0/16"
+  secondry_cidr_enabled = true
+  secondary_cidr_blocks = ["10.20.0.0/16"]
+}
+
+module "vpc" {
+  source                  = "squareops/vpc/aws"
+  name                    = local.name
+  vpc_cidr                = local.vpc_cidr
+  environment             = local.environment
+  availability_zones      = ["us-east-1a", "us-east-1b"]
+  public_subnet_enabled   = true
+  private_subnet_enabled  = true
+  auto_assign_public_ip   = true
+  intra_subnet_enabled    = true
+  database_subnet_enabled = true
+  secondry_cidr_enabled   = local.secondry_cidr_enabled
+  secondary_cidr_blocks   = local.secondary_cidr_blocks
+}