DEV Community

Prashant Gupta
Prashant Gupta

Posted on

AWS Terraform Modules From Basic to Advanced

#aws #terraform #automation

AWS Terraform Modules

A collection of reusable Terraform modules for AWS infrastructure provisioning. These modules follow best practices and provide flexible, production-ready infrastructure components.

πŸ“ Module Directory Structure 

aws-terraform-modules/
β”œβ”€β”€ aws-terraform-vpc/              # VPC infrastructure module
β”œβ”€β”€ aws-terraform-vpc-endpoint/     # VPC endpoints module
β”œβ”€β”€ aws-terraform-vpc-peering/      # VPC peering connections module
└── README.md                       # This file
Enter fullscreen mode Exit fullscreen mode

πŸ—οΈ Available Modules

AWS VPC Module

Purpose: Comprehensive VPC infrastructure provisioning with subnets, route tables, NAT gateways, internet gateways, and VPC endpoints.

Key Features:

  • Dual deployment modes (Simple/Advanced)
  • Public, Private, and Database subnets
  • Internet Gateway and NAT Gateway support
  • VPC Flow Logs and VPC Endpoints
  • Flexible subnet configuration

Use Cases: Complete VPC setup for applications requiring network isolation, multi-tier architectures, and secure AWS service access.

AWS VPC Endpoint Module

Purpose: Secure, private connectivity to AWS services without internet access through VPC endpoints.

Key Features:

  • Default SSM connectivity endpoints
  • Interface and Gateway endpoint support
  • Automatic security group management
  • Multi-AZ deployment
  • Cost-effective S3 and DynamoDB access

Use Cases: Private AWS service access for EC2 instances, container workloads, and serverless applications.

AWS VPC Peering Module

Purpose: Establish private network connectivity between VPCs within the same or different AWS accounts and regions.

Key Features:

  • Cross-account and cross-region peering support
  • Automatic peering acceptance and DNS resolution
  • Route table management and CIDR routing
  • Dual AWS provider configuration
  • Comprehensive tagging and naming conventions

Use Cases: Multi-VPC architectures, cross-account resource sharing, disaster recovery setups, and hybrid cloud connectivity.

πŸš€ Quick Start

Prerequisites

  • Terraform >= 1.14.3
  • AWS CLI configured with appropriate permissions
  • AWS Provider ~> 6.27.0

Basic VPC Setup 

module "vpc" {
  source      = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
  cidr_block  = "10.0.0.0/16"
  subnet_bits = 8
  name        = "my-vpc"
}

module "vpc_endpoints" {
  source              = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"
  project_name_prefix = "my-project"
  vpc_id              = module.vpc.vpc_id
  subnet_ids          = module.vpc.subnet_ids["private"]
  route_table_ids     = [module.vpc.route_table_id["private"]]
}
Enter fullscreen mode Exit fullscreen mode

πŸ“‹ Common Usage Patterns

1. Simple Three-Tier Architecture 

module "vpc" {
  source      = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
  cidr_block  = "10.0.0.0/16"
  subnet_bits = 8

  subnet_group = {
    "public" = {
      is_public   = true
      nat_gateway = false
    }
    "private" = {
      is_public   = false
      nat_gateway = true
    }
    "database" = {
      is_public   = false
      nat_gateway = false
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

2. Container-Ready Infrastructure 

module "vpc" {
  source     = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
  cidr_block = "10.0.0.0/16"

  # Enable VPC endpoints for container services
  create_vpc_endpoint = true
  add_interface       = ["ecr.api", "ecr.dkr", "logs"]
}

module "vpc_endpoints" {
  source              = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-endpoint"
  project_name_prefix = "container-app"
  vpc_id              = module.vpc.vpc_id
  subnet_ids          = module.vpc.subnet_ids["private"]
  route_table_ids     = [module.vpc.route_table_id["private"]]

  add_interface = ["ecr.api", "ecr.dkr", "logs", "secretsmanager"]
}
Enter fullscreen mode Exit fullscreen mode

3. Multi-VPC Architecture with Peering 

# Main VPC
module "main_vpc" {
  source      = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
  cidr_block  = "10.0.0.0/16"
  name        = "main-vpc"
}

# Shared Services VPC
module "shared_vpc" {
  source      = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc"
  cidr_block  = "10.1.0.0/16"
  name        = "shared-services-vpc"
}

# VPC Peering Connection
module "vpc_peering" {
  source = "git::https://github.com/prashantgupta123/aws-terraform-modules.git?ref=v1.0.0//aws-terraform-vpc-peering"

  requester_vpc_id = module.main_vpc.vpc_id
  accepter_vpc_id  = module.shared_vpc.vpc_id

  auto_accept_peering      = true
  requester_dns_resolution = true
  accepter_dns_resolution  = true

  create_peering_routes    = true
  route_table_id          = module.main_vpc.route_table_id["private"]
  destination_cidr_blocks = ["10.1.0.0/16"]

  providers = {
    aws.this = aws
    aws.peer = aws
  }
}
Enter fullscreen mode Exit fullscreen mode

πŸ”§ Module Dependencies 

graph TD
    A[aws-terraform-vpc] --> B[aws-terraform-vpc-endpoint]
    A --> C[aws-terraform-vpc-peering]
    A --> D[Your Application Infrastructure]
    B --> D
    C --> D
    C --> E[Remote VPC]
Enter fullscreen mode Exit fullscreen mode

The VPC module should be deployed first, followed by VPC endpoints and other infrastructure components.

🏷️ Tagging Strategy

All modules support consistent tagging:

common_tags = {
  Environment = "production"
  Project     = "my-application"
  Owner       = "platform-team"
  ManagedBy   = "terraform"
}
Enter fullscreen mode Exit fullscreen mode

πŸ”’ Security Best Practices

  1. Network Segmentation: Use private subnets for application workloads
  2. VPC Endpoints: Reduce internet traffic with private AWS service access
  3. Flow Logs: Enable VPC Flow Logs for network monitoring
  4. Least Privilege: Configure security groups with minimal required access

πŸ’° Cost Optimization

  • Use Gateway endpoints (S3, DynamoDB) instead of Interface endpoints when possible
  • Consider NAT Gateway placement and data transfer costs
  • Monitor VPC endpoint usage and remove unused endpoints

πŸ“– Documentation Links

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes with appropriate tests
  4. Update documentation
  5. Submit a pull request

πŸ“„ Github Link

https://github.com/prashantgupta123/aws-terraform-modules/tree/main

πŸ†˜ Support

For issues and questions:

  • Create an issue in the GitHub repository
  • Check existing examples in module directories
  • Review AWS and Terraform documentation

These modules are designed to follow AWS Well-Architected Framework principles and Terraform best practices.

Top comments (0)