Terraform module which creates Yandex Cloud VPC resources.
This Terraform module provides the following types of networks:
- intra: If you need private subnets that should have no Internet routing (in the sense of RFC1918 Category 1 subnets),
intra_subnetsshould be specified. These networks does not have any routes to NAT. It also recommended to configure security group to restrict public inbound/outbound access at these networks. - private: These networks have a route to NAT Gateway (NAT Instance). It means, that instances with private IPs will have access to the Internet via the NAT Gateway (NAT Instance). It also recommended to configure security group to restrict public inbound access at these networks.
- public: These networks do not have a route to NAT Gateway (NAT Instance). It means, that the access to/from the VM will be available only in case of attached public IP.
VPC layout with NAT Gateway
VPC layout with NAT Instance
If single_nat_instance = true, then all private subnets will route their Internet traffic through this single NAT gateway. The NAT gateway will be placed in the first public subnet in your public_subnets block.
Examples codified under
the examples are intended
to give users references for how to use the module(s) as well as testing/validating changes to the source code of the
module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow
maintainers to test your changes and to keep the examples up to date for users. Thank you!
| Name | Version |
|---|---|
| terraform | >= 1.3 |
| yandex | >= 0.72.0 |
| Name | Version |
|---|---|
| yandex | >= 0.72.0 |
| Name | Source | Version |
|---|---|---|
| nat_instance | git::https://github.com/terraform-yacloud-modules/terraform-yandex-instance.git | v0.24.0 |
| Name | Type |
|---|---|
| yandex_compute_image.nat_instance | resource |
| yandex_vpc_address.nat_instance | resource |
| yandex_vpc_gateway.nat | resource |
| yandex_vpc_network.main | resource |
| yandex_vpc_route_table.intra | resource |
| yandex_vpc_route_table.private | resource |
| yandex_vpc_route_table.public | resource |
| yandex_vpc_security_group.nat_instance | resource |
| yandex_vpc_security_group_rule.nat_instance | resource |
| yandex_vpc_security_group_rule.nat_instance_ssh | resource |
| yandex_vpc_subnet.intra | resource |
| yandex_vpc_subnet.private | resource |
| yandex_vpc_subnet.public | resource |
| yandex_vpc_network.main | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azs | A list of availability zones names or ids in the region | list(string) |
[] |
no |
| blank_name | Blank name which will be used for all resources | string |
n/a | yes |
| create_intra_route_table | Controls if route tables should be created for intra subnets | bool |
true |
no |
| create_nat_gateway | If true, NAT Gateway will be created | bool |
false |
no |
| create_nat_instance | If true, NAT Instance will be created | bool |
false |
no |
| create_private_route_table | Controls if route tables should be created for private subnets | bool |
true |
no |
| create_public_route_table | Controls if route tables should be created for public subnets | bool |
true |
no |
| create_subnets | Controls if subnets should be created | bool |
true |
no |
| create_vpc | Controls if VPC should be created | bool |
true |
no |
| dhcp | DHCP options | object({ |
null |
no |
| folder_id | Folder ID | string |
null |
no |
| intra_routes | Map of routes for intra subnets | list(object({ |
[] |
no |
| intra_subnet_suffix | Suffix to append to intra subnets name | string |
"intra" |
no |
| intra_subnets | Map of intra subnets | list(list(string)) |
[] |
no |
| labels | A set of labels | map(string) |
{} |
no |
| nat_instance_allow_ssh | If true, ssh access will be enabled at NAT Instances | bool |
false |
no |
| nat_instance_family | VM family for NAT Instance. By default, it's Yandex official NAT Instance family: https://yandex.cloud/ru/marketplace/products/yc/nat-instance-ubuntu-22-04-lts | string |
"nat-instance-ubuntu-2204" |
no |
| nat_instance_vm | A set of default VM options for NAT Instances' VMs | object({ |
{ |
no |
| private_routes | Map of routes for private subnets | list(object({ |
[] |
no |
| private_subnet_suffix | Suffix to append to private subnets name | string |
"prv" |
no |
| private_subnets | Map of private subnets | list(list(string)) |
[] |
no |
| public_routes | Map of routes for public subnets | list(object({ |
[] |
no |
| public_subnet_suffix | Suffix to append to public subnets name | string |
"pub" |
no |
| public_subnets | Map of public subnets | list(list(string)) |
[] |
no |
| single_nat_instance | Should be true if you want to provision a single shared NAT Instance across all of your private networks | bool |
false |
no |
| vpc_id | If create_vpc set to false you may provide vpc_id to use existing VPC | string |
"" |
no |
| Name | Description |
|---|---|
| intra_rt | Intra route tables info |
| intra_subnets | Raw information about intra subnets |
| intra_subnets_cidr_blocks | List of intra subnets cidr_blocks |
| intra_subnets_ids | List of intra subnets IDs |
| intra_subnets_ipv6_cidr_blocks | List of intra subnets IPv6 cidr_blocks |
| nat_gw_id | NAT |
| nat_id | NAT Gateway ID |
| nat_instance_ip | n/a |
| nat_instance_sg_id | n/a |
| private_rt | Private route tables info |
| private_subnets | Raw information about private subnets |
| private_subnets_cidr_blocks | List of private subnets cidr_blocks |
| private_subnets_ids | List of private subnets IDs |
| private_subnets_ipv6_cidr_blocks | List of private subnets IPv6 cidr_blocks |
| public_rt | Public route tables info |
| public_subnets | Raw information about public subnets |
| public_subnets_cidr_blocks | List of public subnets cidr_blocks |
| public_subnets_ids | List of public subnets IDs |
| public_subnets_ipv6_cidr_blocks | List of public subnets IPv6 cidr_blocks |
| vpc_id | VPC ID |
| vpc_name | VPC Name |
Apache-2.0 Licensed. See LICENSE.