Initial draft of Terraform VPC

terraform/.gitignore

@@ -0,0 +1 @@
+.terraform/

terraform/aws/us-east-1/dev/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region="us-east-1"
+}

terraform/aws/us-east-1/dev/vpc/main.tf

@@ -0,0 +1,77 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.64.0"
+
+  # Fail safe for now, flip to true or delete the following line to deploy this configuration.
+  create_vpc = false
+  
+  name = "rocky-dev-us-east-1"
+  cidr = "10.16.224.0/20"
+
+  # IPv6, set to true and Amazon will provision a /56 for this VPC
+  enable_ipv6 = false
+
+  azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
+
+  # Subnets
+  ## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
+  ## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
+  public_subnets = ["10.16.224.0/24", "10.16.225.0/24", "10.16.226.0/24", "10.16.227.0/24"]
+  private_subnets = ["10.16.228.0/24", "10.16.229.0/24", "10.16.230.0/24", "10.16.231.0/24"]
+  intra_subnets = ["10.16.232.0/24", "10.16.233.0/24", "10.16.234.0/24", "10.16.235.0/24"]
+
+  ## We might want these, we might not. If not, I would make the private subnets /23s instead and fill the space that way.
+  database_subnets = ["10.16.236.0/26", "10.16.236.64/26", "10.16.236.128/26", "10.16.236.192/26"]
+  elasticache_subnets = ["10.16.237.0/26", "10.16.237.64/26", "10.16.237.128/26", "10.16.237.192/26"]
+  redshift_subnets = ["10.16.238.0/26", "10.16.238.64/26", "10.16.238.128/26", "10.16.238.192/26"]
+
+  ## There is one /24 remaining at 10.16.239.0/24 for any other usage we might need.
+
+  # VPC Options
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  
+  # NAT Gateway: 1 per AZ
+  enable_nat_gateway = true
+  single_nat_gateway = false
+  one_nat_gateway_per_az = true
+
+  # NAT Gateway: 1 per subnet
+  # enable_nat_gateway = true
+  # single_nat_gateway = false
+  # one_nat_gateway_per_az = false
+
+  # NAT Gateway: 1 per VPC
+  # enable_nat_gateway = true
+  # single_nat_gateway = true
+  # one_nat_gateway_per_az = false
+
+  # DHCP
+  enable_dhcp_options              = true
+  dhcp_options_domain_name         = "dev.us-east-1.aws.rockylinux.org"
+  dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = [{}]
+  default_security_group_egress  = [{}]
+
+  # Product-specific configs:
+  ## Database, flip these 3 vars to true to make RDS instances available publicly.
+  create_database_subnet_group = false
+  create_database_subnet_route_table     = false
+  create_database_internet_gateway_route = false
+
+  ## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
+  create_elasticache_subnet_group = false
+  create_elasticache_subnet_route_table = false
+
+  ## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
+  create_redshift_subnet_group = false
+  create_redshift_subnet_route_table = false
+}

terraform/aws/us-east-1/dev/vpc/outputs.tf

@@ -0,0 +1,42 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = module.vpc.elasticache_subnets
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of redshift subnets"
+  value       = module.vpc.redshift_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+# NAT Gateway
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

terraform/aws/us-east-1/etc/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region="us-east-1"
+}

terraform/aws/us-east-1/etc/vpc/main.tf

@@ -0,0 +1,77 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.64.0"
+
+  # Fail safe for now, flip to true or delete the following line to deploy this configuration.
+  create_vpc = false
+  
+  name = "rocky-etc-us-east-1"
+  cidr = "10.16.240.0/20"
+
+  # IPv6, set to true and Amazon will provision a /56 for this VPC
+  enable_ipv6 = false
+
+  azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
+
+  # Subnets
+  ## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
+  ## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
+  public_subnets = ["10.16.240.0/24", "10.16.241.0/24", "10.16.242.0/24", "10.16.243.0/24"]
+  private_subnets = ["10.16.244.0/24", "10.16.245.0/24", "10.16.246.0/24", "10.16.247.0/24"]
+  intra_subnets = ["10.16.248.0/24", "10.16.249.0/24", "10.16.250.0/24", "10.16.251.0/24"]
+
+  ## We might want these, we might not. If not, I would make the private subnets /23s instead and fill the space that way.
+  database_subnets = ["10.16.252.0/26", "10.16.252.64/26", "10.16.252.128/26", "10.16.252.192/26"]
+  elasticache_subnets = ["10.16.253.0/26", "10.16.253.64/26", "10.16.253.128/26", "10.16.253.192/26"]
+  redshift_subnets = ["10.16.254.0/26", "10.16.254.64/26", "10.16.254.128/26", "10.16.254.192/26"]
+
+  ## There is one /24 remaining at 10.16.255.0/24 for any other usage we might need.
+
+  # VPC Options
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  
+  # NAT Gateway: 1 per AZ
+  enable_nat_gateway = true
+  single_nat_gateway = false
+  one_nat_gateway_per_az = true
+
+  # NAT Gateway: 1 per subnet
+  # enable_nat_gateway = true
+  # single_nat_gateway = false
+  # one_nat_gateway_per_az = false
+
+  # NAT Gateway: 1 per VPC
+  # enable_nat_gateway = true
+  # single_nat_gateway = true
+  # one_nat_gateway_per_az = false
+
+  # DHCP
+  enable_dhcp_options              = true
+  dhcp_options_domain_name         = "etc.us-east-1.aws.rockylinux.org"
+  dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = [{}]
+  default_security_group_egress  = [{}]
+
+  # Product-specific configs:
+  ## Database, flip these 3 vars to true to make RDS instances available publicly.
+  create_database_subnet_group = false
+  create_database_subnet_route_table     = false
+  create_database_internet_gateway_route = false
+
+  ## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
+  create_elasticache_subnet_group = false
+  create_elasticache_subnet_route_table = false
+
+  ## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
+  create_redshift_subnet_group = false
+  create_redshift_subnet_route_table = false
+}

terraform/aws/us-east-1/etc/vpc/outputs.tf

@@ -0,0 +1,42 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = module.vpc.elasticache_subnets
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of redshift subnets"
+  value       = module.vpc.redshift_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+# NAT Gateway
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

terraform/aws/us-east-1/prod/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region="us-east-1"
+}

terraform/aws/us-east-1/prod/vpc/main.tf

@@ -0,0 +1,77 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.64.0"
+
+  # Fail safe for now, flip to true or delete the following line to deploy this configuration.
+  create_vpc = false
+  
+  name = "rocky-prod-us-east-1"
+  cidr = "10.16.0.0/17"
+
+  # IPv6, set to true and Amazon will provision a /56 for this VPC
+  enable_ipv6 = false
+
+  azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
+
+  # Subnets
+  ## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
+  ## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
+  public_subnets = ["10.16.0.0/21", "10.16.8.0/21", "10.16.16.0/21", "10.16.24.0/21"]
+  private_subnets = ["10.16.32.0/21", "10.16.40.0/21", "10.16.48.0/21", "10.16.56.0/21"]
+  intra_subnets = ["10.16.64.0/21", "10.16.72.0/21", "10.16.80.0/21", "10.16.88.0/21"]
+
+  ## We might want these, we might not. If not, I would make the private subnets /20s instead and fill the space that way.
+  database_subnets = ["10.16.96.0/23", "10.16.98.0/23", "10.16.100.0/23", "10.16.102.0/23"]
+  elasticache_subnets = ["10.16.104.0/23", "10.16.106.0/23", "10.16.108.0/23", "10.16.110.0/23"]
+  redshift_subnets = ["10.16.112.0/23", "10.16.114.0/23", "10.16.116.0/23", "10.16.118.0/23"]
+
+  ## There is one /21 remaining at 10.16.120.0/21 for any other usage we might need.
+
+  # VPC Options
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  
+  # NAT Gateway: 1 per AZ
+  enable_nat_gateway = true
+  single_nat_gateway = false
+  one_nat_gateway_per_az = true
+
+  # NAT Gateway: 1 per subnet
+  # enable_nat_gateway = true
+  # single_nat_gateway = false
+  # one_nat_gateway_per_az = false
+
+  # NAT Gateway: 1 per VPC
+  # enable_nat_gateway = true
+  # single_nat_gateway = true
+  # one_nat_gateway_per_az = false
+
+  # DHCP
+  enable_dhcp_options              = true
+  dhcp_options_domain_name         = "prod.us-east-1.aws.rockylinux.org"
+  dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = [{}]
+  default_security_group_egress  = [{}]
+
+  # Product-specific configs:
+  ## Database, flip these 3 vars to true to make RDS instances available publicly.
+  create_database_subnet_group = false
+  create_database_subnet_route_table     = false
+  create_database_internet_gateway_route = false
+
+  ## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
+  create_elasticache_subnet_group = false
+  create_elasticache_subnet_route_table = false
+
+  ## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
+  create_redshift_subnet_group = false
+  create_redshift_subnet_route_table = false
+}

terraform/aws/us-east-1/prod/vpc/outputs.tf

@@ -0,0 +1,42 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = module.vpc.elasticache_subnets
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of redshift subnets"
+  value       = module.vpc.redshift_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+# NAT Gateway
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

terraform/aws/us-east-1/qa/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region="us-east-1"
+}

terraform/aws/us-east-1/qa/vpc/main.tf

@@ -0,0 +1,77 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.64.0"
+
+  # Fail safe for now, flip to true or delete the following line to deploy this configuration.
+  create_vpc = false
+  
+  name = "rocky-qa-us-east-1"
+  cidr = "10.16.192.0/19"
+
+  # IPv6, set to true and Amazon will provision a /56 for this VPC
+  enable_ipv6 = false
+
+  azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
+
+  # Subnets
+  ## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
+  ## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
+  public_subnets = ["10.16.192.0/23", "10.16.194.0/23", "10.16.196.0/23", "10.16.198.0/23"]
+  private_subnets = ["10.16.200.0/23", "10.16.202.0/23", "10.16.204.0/23", "10.16.206.0/23"]
+  intra_subnets = ["10.16.208.0/23", "10.16.210.0/23", "10.16.212.0/23", "10.16.214.0/23"]
+
+  ## We might want these, we might not. If not, I would make the private subnets /22s instead and fill the space that way.
+  database_subnets = ["10.16.216.0/25", "10.16.216.128/25", "10.16.217.0/25", "10.16.217.128/25"]
+  elasticache_subnets = ["10.16.218.0/25", "10.16.218.128/25", "10.16.219.0/25", "10.16.219.128/25"]
+  redshift_subnets = ["10.16.220.0/25", "10.16.220.128/25", "10.16.221.0/25", "10.16.221.128/25"]
+
+  ## There is one /23 remaining at 10.16.222.0/23 for any other usage we might need.
+
+  # VPC Options
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  
+  # NAT Gateway: 1 per AZ
+  enable_nat_gateway = true
+  single_nat_gateway = false
+  one_nat_gateway_per_az = true
+
+  # NAT Gateway: 1 per subnet
+  # enable_nat_gateway = true
+  # single_nat_gateway = false
+  # one_nat_gateway_per_az = false
+
+  # NAT Gateway: 1 per VPC
+  # enable_nat_gateway = true
+  # single_nat_gateway = true
+  # one_nat_gateway_per_az = false
+
+  # DHCP
+  enable_dhcp_options              = true
+  dhcp_options_domain_name         = "qa.us-east-1.aws.rockylinux.org"
+  dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = [{}]
+  default_security_group_egress  = [{}]
+
+  # Product-specific configs:
+  ## Database, flip these 3 vars to true to make RDS instances available publicly.
+  create_database_subnet_group = false
+  create_database_subnet_route_table     = false
+  create_database_internet_gateway_route = false
+
+  ## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
+  create_elasticache_subnet_group = false
+  create_elasticache_subnet_route_table = false
+
+  ## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
+  create_redshift_subnet_group = false
+  create_redshift_subnet_route_table = false
+}

terraform/aws/us-east-1/qa/vpc/outputs.tf

@@ -0,0 +1,42 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = module.vpc.elasticache_subnets
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of redshift subnets"
+  value       = module.vpc.redshift_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+# NAT Gateway
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}

terraform/aws/us-east-1/staging/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+    region="us-east-1"
+}

terraform/aws/us-east-1/staging/vpc/main.tf

@@ -0,0 +1,77 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.64.0"
+
+  # Fail safe for now, flip to true or delete the following line to deploy this configuration.
+  create_vpc = false
+  
+  name = "rocky-staging-us-east-1"
+  cidr = "10.16.128.0/18"
+
+  # IPv6, set to true and Amazon will provision a /56 for this VPC
+  enable_ipv6 = false
+
+  azs = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
+
+  # Subnets
+  ## A private subnet includes a route to get to the internet via a NAT Gateway, an intra subnet does not.
+  ## More info: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#private-versus-intra-subnets
+  public_subnets = ["10.16.128.0/22", "10.16.132.0/22", "10.16.136.0/22", "10.16.140.0/22"]
+  private_subnets = ["10.16.144.0/22", "10.16.148.0/22", "10.16.152.0/22", "10.16.156.0/22"]
+  intra_subnets = ["10.16.160.0/22", "10.16.164.0/22", "10.16.168.0/22", "10.16.172.0/22"]
+
+  ## We might want these, we might not. If not, I would make the private subnets /21s instead and fill the space that way.
+  database_subnets = ["10.16.176.0/24", "10.16.177.0/24", "10.16.178.0/24", "10.16.179.0/24"]
+  elasticache_subnets = ["10.16.180.0/24", "10.16.181.0/24", "10.16.182.0/24", "10.16.183.0/24"]
+  redshift_subnets = ["10.16.184.0/24", "10.16.185.0/24", "10.16.186.0/24", "10.16.187.0/24"]
+
+  ## There is one /22 remaining at 10.16.188.0/22 for any other usage we might need.
+
+  # VPC Options
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  enable_flow_log                      = true
+  create_flow_log_cloudwatch_log_group = true
+  create_flow_log_cloudwatch_iam_role  = true
+  
+  # NAT Gateway: 1 per AZ
+  enable_nat_gateway = true
+  single_nat_gateway = false
+  one_nat_gateway_per_az = true
+
+  # NAT Gateway: 1 per subnet
+  # enable_nat_gateway = true
+  # single_nat_gateway = false
+  # one_nat_gateway_per_az = false
+
+  # NAT Gateway: 1 per VPC
+  # enable_nat_gateway = true
+  # single_nat_gateway = true
+  # one_nat_gateway_per_az = false
+
+  # DHCP
+  enable_dhcp_options              = true
+  dhcp_options_domain_name         = "staging.us-east-1.aws.rockylinux.org"
+  dhcp_options_domain_name_servers = ["10.16.244.6", "10.16.245.6", "10.16.246.6", "10.16.247.6"]
+
+  # Default security group - ingress/egress rules cleared to deny all
+  manage_default_security_group  = true
+  default_security_group_ingress = [{}]
+  default_security_group_egress  = [{}]
+
+  # Product-specific configs:
+  ## Database, flip these 3 vars to true to make RDS instances available publicly.
+  create_database_subnet_group = false
+  create_database_subnet_route_table     = false
+  create_database_internet_gateway_route = false
+
+  ## Elasticache, flip these to true to have AWS manage the subnet and routing for EC
+  create_elasticache_subnet_group = false
+  create_elasticache_subnet_route_table = false
+
+  ## Redshift, flip these to true to have AWS manage the subnet and routing for Redshift
+  create_redshift_subnet_group = false
+  create_redshift_subnet_route_table = false
+}

terraform/aws/us-east-1/staging/vpc/outputs.tf

@@ -0,0 +1,42 @@
+# VPC
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+# Subnets
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "database_subnets" {
+  description = "List of IDs of database subnets"
+  value       = module.vpc.database_subnets
+}
+
+output "elasticache_subnets" {
+  description = "List of IDs of elasticache subnets"
+  value       = module.vpc.elasticache_subnets
+}
+
+output "redshift_subnets" {
+  description = "List of IDs of redshift subnets"
+  value       = module.vpc.redshift_subnets
+}
+
+output "intra_subnets" {
+  description = "List of IDs of intra subnets"
+  value       = module.vpc.intra_subnets
+}
+
+# NAT Gateway
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}