Examples
These examples demonstrate practical, real-world usage patterns for the vpc module. Each example is self-contained and ready to run—simply copy the configuration, customize the values for your environment, and apply.
Getting Started
To run any example, follow these steps:
- Authenticate with the registry:
terraform login registry.patterneddesigns.ca - Initialize the working directory:
terraform init - Review the execution plan:
terraform plan - Apply the configuration:
terraform apply
Usage Examples
Minimal VPC with default settings
module "vpc" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
availability_zones = ["us-east-1a", "us-east-1b"]
}
output "vpc_id" {
value = module.vpc.vpc_id
}
output "private_subnets" {
value = module.vpc.private_subnet_ids
}
Cost-optimized VPC for non-production
module "vpc_dev" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
vpc_cidr = "10.10.0.0/20" # Smaller CIDR
availability_zones = ["us-east-1a", "us-east-1b"]
# Single NAT gateway saves ~$30/month per AZ
enable_nat_gateway = true
single_nat_gateway = true
tags = {
Environment = "development"
}
}
High-availability VPC for production workloads
module "vpc_prod" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
vpc_cidr = "10.0.0.0/16"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
# One NAT gateway per AZ for high availability
enable_nat_gateway = true
single_nat_gateway = false
enable_dns_hostnames = true
tags = {
Environment = "production"
CostCenter = "platform-12345"
}
}
Dual-stack networking for modern applications
module "vpc_ipv6" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
availability_zones = ["us-east-1a", "us-east-1b"]
enable_ipv6 = true
tags = {
Environment = "production"
}
}
output "ipv6_cidr" {
value = module.vpc_ipv6.ipv6_cidr_block
}
Private subnets without internet access for highly restricted workloads
module "vpc_isolated" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
availability_zones = ["us-east-1a", "us-east-1b"]
enable_nat_gateway = false # No internet access
tags = {
Environment = "secure"
Compliance = "pci-dss"
}
}
# Use VPC endpoints for AWS services
resource "aws_vpc_endpoint" "s3" {
vpc_id = module.vpc_isolated.vpc_id
service_name = "com.amazonaws.us-east-1.s3"
}
resource "aws_vpc_endpoint" "dynamodb" {
vpc_id = module.vpc_isolated.vpc_id
service_name = "com.amazonaws.us-east-1.dynamodb"
}
VPC designed for Transit Gateway connectivity
module "hub_vpc" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
vpc_cidr = "10.255.0.0/16"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
enable_nat_gateway = true
single_nat_gateway = false
enable_dns_hostnames = true
tags = {
Environment = "network"
Purpose = "transit-hub"
}
}
resource "aws_ec2_transit_gateway_vpc_attachment" "hub" {
subnet_ids = module.hub_vpc.private_subnet_ids
transit_gateway_id = aws_ec2_transit_gateway.main.id
vpc_id = module.hub_vpc.vpc_id
}
VPC with all supporting infrastructure
# VPC
module "vpc" {
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
vpc_cidr = "10.0.0.0/16"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
tags = {
Application = "my-app"
Environment = "production"
}
}
# Security Groups
resource "aws_security_group" "alb" {
name_prefix = "alb-"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "app" {
name_prefix = "app-"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = [aws_security_group.alb.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "db" {
name_prefix = "db-"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [aws_security_group.app.id]
}
}
# Application Load Balancer
resource "aws_lb" "main" {
name = "my-app"
load_balancer_type = "application"
subnets = module.vpc.public_subnet_ids
security_groups = [aws_security_group.alb.id]
}
# Database
resource "aws_db_subnet_group" "main" {
name = "my-app"
subnet_ids = module.vpc.private_subnet_ids
}
resource "aws_db_instance" "main" {
identifier = "my-app"
engine = "postgres"
engine_version = "15"
instance_class = "db.t3.micro"
allocated_storage = 20
db_subnet_group_name = aws_db_subnet_group.main.name
vpc_security_group_ids = [aws_security_group.db.id]
}
Using for_each for multiple VPCs
locals {
environments = {
dev = {
cidr = "10.10.0.0/20"
azs = ["us-east-1a", "us-east-1b"]
single_nat_gateway = true
}
staging = {
cidr = "10.20.0.0/18"
azs = ["us-east-1a", "us-east-1b"]
single_nat_gateway = true
}
prod = {
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
single_nat_gateway = false
}
}
}
module "vpc" {
for_each = local.environments
source = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
version = "1.2.0"
vpc_cidr = each.value.cidr
availability_zones = each.value.azs
single_nat_gateway = each.value.single_nat_gateway
tags = {
Environment = each.key
}
}
output "vpc_ids" {
value = { for k, v in module.vpc : k => v.vpc_id }
}