environments-networks json explained
Overview
Our core-vpc terraform consumes the contents of our environments-networks/*.json files to populate local values used in the creation of resources.
This page explains how the options are used, with links to the relevant Terraform where possible.
Template example
We maintain a template of the environments-networks/*.json files here.
The cidr key
The cidr key defines values used in the creation of networking resources:
transit_gatewayhas been deprecated as of this pull request.protectedhas likewise been deprecated as of this pull request.subnet_setskey contains its own nested keys to define additional networking values.- Nested keys such as
generalprovide further values that are consumed by the “vpc” module interraform/environments/core-vpc. cidrdefines the network address to be used to create a VPC. This network address is further subdivided to create subnets in the VPCaccountsdefines member account names associated with the relevant business unit.
- Nested keys such as
The options key
The options key defines values used in the creation of supplementary configuration items:
bastion_linuxis a boolean which determines if a business-unit bastion instance should be createdadditional_cidrsis used by the vpc-nacls module to allow access from external CIDRs such as PSN address ranges.additional_endpointsis used by the vpc module interraform/environments/core-vpcto supply VPC endpoint names.additional_private_zonesis used by the dns-zone-extend-private module to create additional private DNS zones.
In practice,
additional_private_zonesare created directly by customers, leveraging thecore-vpcprovider rather than defining them here.
additional_vpcsis used by the vpc-nacls module to allow access from internal CIDRs such as other Modernisation Platform address ranges.
In practice, the use of
additional_vpcsis something we want to avoid as we want to restrict the possibility of east/west traffic movement inside the Modernisation Platform.