Skip to main content

environments-networks json explained

Overview

Our core-vpc terraform consumes the contents of our environments-networks/*.json files to populate local values used in the creation of resources.

This page explains how the options are used, with links to the relevant Terraform where possible.

Template example

We maintain a template of the environments-networks/*.json files here.

The cidr key

The cidr key defines values used in the creation of networking resources:

  • transit_gateway has been deprecated as of this pull request.
  • protected has likewise been deprecated as of this pull request.
  • subnet_sets key contains its own nested keys to define additional networking values.
    • Nested keys such as general provide further values that are consumed by the “vpc” module in terraform/environments/core-vpc.
    • cidr defines the network address to be used to create a VPC. This network address is further subdivided to create subnets in the VPC
    • accounts defines member account names associated with the relevant business unit.

The options key

The options key defines values used in the creation of supplementary configuration items:

  • bastion_linux is a boolean which determines if a business-unit bastion instance should be created
  • additional_cidrs is used by the vpc-nacls module to allow access from external CIDRs such as PSN address ranges.
  • aditional_endpoints is used by the “vpc” module in terraform/environments/core-vpc to supply VPC endpoint names.
  • additional_private_zones is used by the dns-zone-extend-private to create additional private DNS zones. > In practice, additional_private_zones are created directly by customers, leveraging the core-vpc provider rather than defining them here.
  • additional_vpcs is used by the vpc-nacls module to allow access from internal CIDRs such as other Modernisation Platform address ranges. > In practice, the use of additional_vpcs is something we want to avoid as we want to restrict the possibility of east/west traffic movement inside the Modernisation Platform.
This page was last reviewed on 4 July 2024. It needs to be reviewed again on 4 January 2025 by the page owner #modernisation-platform .
This page was set to be reviewed before 4 January 2025 by the page owner #modernisation-platform. This might mean the content is out of date.