Isolated VPC

module "vpc_isolated" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/vpc/aws"
  version = "1.2.0"

  availability_zones = ["us-east-1a", "us-east-1b"]
  enable_nat_gateway = false  # No internet access

  tags = {
    Environment = "secure"
    Compliance  = "pci-dss"
  }
}

# Use VPC endpoints for AWS services
resource "aws_vpc_endpoint" "s3" {
  vpc_id       = module.vpc_isolated.vpc_id
  service_name = "com.amazonaws.us-east-1.s3"
}

resource "aws_vpc_endpoint" "dynamodb" {
  vpc_id       = module.vpc_isolated.vpc_id
  service_name = "com.amazonaws.us-east-1.dynamodb"
}