You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Refer ```examples``` directory for more reference.
22
+
28
23
## Network Scenarios
29
24
30
25
This module supports three scenarios for creating Network resource on AWS. Each will be explained in further detail in the corresponding sections.
@@ -73,14 +68,13 @@ If both `single_nat_gateway` and `one_nat_gateway_per_az` are set to `true`, the
73
68
74
69
Make sure whenever you set `one_nat_gateway_per_az` to `true` you should have as many public subnets as we have AZ in the region or else this module will fail cause some `region` has more than 3 AZ like N.Virginia and we bydefault provisoning only 3 public subnets
75
70
76
-
- To create ***CIS compliant VPC*** set the variable ***create_cis_vpc*** to ***true*** in the .tfvars file.
77
71
78
72
- To add SSL to the Pritunl endpoint:
79
73
80
-
Create a DNS record mapping to the vpn host public IP.
81
-
Login to pritunl from the credentials in the pritunl-info.txt in the pritunl folder.
82
-
After login,in the Initial setup window, add the record created in the 'Lets Encrypt Domain' field.
83
-
Pritunl will automatically configure a signed SSL certificate from Lets Encrypt.
74
+
1. Create a DNS record mapping to the vpn host public IP
75
+
2. Login to pritunl from the credentials in the pritunl-info.txt in the pritunl folder.
76
+
3. After login,in the Initial setup window, add the record created in the 'Lets Encrypt Domain' field.
77
+
4. Pritunl will automatically configure a signed SSL certificate from Lets Encrypt.
84
78
85
79
NOTE: Port 80 to be open publicly in the vpn security group to verify and renewing the domain certificate.
86
80
# CIS COMPLIANCE
@@ -130,19 +124,19 @@ server administration ports (Automated)
130
124
131
125
| Name | Description | Type | Default | Required |
| <aname="input_azs"></a> [azs](#input\_azs)| List of Availability Zone to be used by VPC |`list(any)`|`[]`|no|
127
+
| <aname="input_azs"></a> [azs](#input\_azs)| List of Availability Zone to be used by VPC |`list(any)`|n/a|yes|
134
128
| <aname="input_database_subnet_cidrs"></a> [database\_subnet\_cidrs](#input\_database\_subnet\_cidrs)| Database Tier subnet CIDRs to be created |`list(any)`|`[]`| no |
135
129
| <aname="input_default_network_acl_ingress"></a> [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress)| List of maps of ingress rules to set on the Default Network ACL |`list(map(string))`| <pre>[<br> {<br> "action": "deny",<br> "cidr_block": "0.0.0.0/0",<br> "from_port": 22,<br> "protocol": "tcp",<br> "rule_no": 98,<br> "to_port": 22<br> },<br> {<br> "action": "deny",<br> "cidr_block": "0.0.0.0/0",<br> "from_port": 3389,<br> "protocol": "tcp",<br> "rule_no": 99,<br> "to_port": 3389<br> },<br> {<br> "action": "allow",<br> "cidr_block": "0.0.0.0/0",<br> "from_port": 0,<br> "protocol": "-1",<br> "rule_no": 100,<br> "to_port": 0<br> },<br> {<br> "action": "allow",<br> "from_port": 0,<br> "ipv6_cidr_block": "::/0",<br> "protocol": "-1",<br> "rule_no": 101,<br> "to_port": 0<br> }<br>]</pre> | no |
136
130
| <aname="input_enable_database_subnet"></a> [enable\_database\_subnet](#input\_enable\_database\_subnet)| Set true to enable database subnets |`bool`|`false`| no |
137
131
| <aname="input_enable_flow_log"></a> [enable\_flow\_log](#input\_enable\_flow\_log)| Whether or not to enable VPC Flow Logs |`bool`|`false`| no |
138
132
| <aname="input_enable_intra_subnet"></a> [enable\_intra\_subnet](#input\_enable\_intra\_subnet)| Set true to enable intra subnets |`bool`|`false`| no |
139
133
| <aname="input_enable_private_subnet"></a> [enable\_private\_subnet](#input\_enable\_private\_subnet)| Set true to enable private subnets |`bool`|`false`| no |
140
134
| <aname="input_enable_public_subnet"></a> [enable\_public\_subnet](#input\_enable\_public\_subnet)| Set true to enable public subnets |`bool`|`false`| no |
141
-
| <aname="input_environment"></a> [environment](#input\_environment)| Specify the environment indentifier for the VPC |`string`|`""`|no|
135
+
| <aname="input_environment"></a> [environment](#input\_environment)| Specify the environment indentifier for the VPC |`string`|n/a|yes|
142
136
| <aname="input_flow_log_cloudwatch_log_group_retention_in_days"></a> [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days)| Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. |`number`|`null`| no |
143
137
| <aname="input_flow_log_max_aggregation_interval"></a> [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval)| The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. |`number`|`60`| no |
144
138
| <aname="input_intra_subnet_cidrs"></a> [intra\_subnet\_cidrs](#input\_intra\_subnet\_cidrs)| A list of intra subnets CIDR to be created |`list(any)`|`[]`| no |
145
-
| <aname="input_name"></a> [name](#input\_name)| Specify the name of the VPC |`string`|`""`|no|
139
+
| <aname="input_name"></a> [name](#input\_name)| Specify the name of the VPC |`string`|n/a|yes|
146
140
| <aname="input_one_nat_gateway_per_az"></a> [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az)| Set to true if a NAT Gateway is required per availability zone for Private Subnet Tier |`bool`|`false`| no |
147
141
| <aname="input_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#input\_private\_subnet\_cidrs)| A list of private subnets CIDR to be created inside the VPC |`list(any)`|`[]`| no |
148
142
| <aname="input_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs)| A list of public subnets CIDR to be created inside the VPC |`list(any)`|`[]`| no |
0 commit comments