Properties
Optional alb-forwarding
alb-forwarding: boolean
Title: ALB IP Forwarding
Description: Enable ALB to ALB forwarding with IPv4 lookup
Optional central-endpoint
central-endpoint: boolean
Title: Central Endpoint
Description: Use central endpoints for this VPC
Optional cidr
Title: VPC CIDR Range
Description: CIDR range for the VPC.
Optional cidr-src
cidr-src: "provided" | "lookup" | "dynamic"
Title: CIDR Source
Description: One of: Provided, Lookup, Dynamic. Provided retrieves CIDR range from the config file, Lookup queries a DynamoDB table for the CIDR block, Dynamic automatically assigns a new CIDR block from the designated pool.
Optional dedicated-tenancy
dedicated-tenancy: boolean
Title: Dedicated Tenancy
Description: Enables the creation of Dedicated Tenancy VPCs
deploy
deploy: string
Title: Deploy
Description: "local" if being configured inside an account or "shared-network" if being configured inside an OU.
Optional description
description: string
Title: Description
Description: Description field used in the future GUI, and allows customers to provide a purpose for this VPC.
Optional dns-resolver-logging
dns-resolver-logging: boolean
Title: Dns Resolver Logging
Description: Enables DNS resolver logging for this VPC (log all DNS queries made by resources within the VPC)
Optional flow-logs
Title: Flow Logs
Description: Enables VPC flow logging on the VPC. Values: Accept, Reject, or BOTH
Optional gateway-endpoints
Title: Gateway Endpoints
Description: Create gateway endpoints.
Optional igw
igw: boolean
Title: Internet Gateway
Description: Create an Internet Gateway.
Optional interface-endpoints
Title: Interface Endpoints
Description: Deploy interface endpoints. The reference architecture prescribes centralized endpoints in the shared network account that are then shared through the TGW. You can start by adding on initial ones or provide a complete list so that they don’t need to be created in the future. There is a cost per interface endpoint.
Optional log-retention
log-retention: number
Title: Deprecated
Description: Deprecated.
name
name: string
Title: VPC Name
Description: The name of the VPC that will be deployed inside the account.
Optional natgw
Title: NAT Gateway
Description: Create a NAT gateway.
Optional nfw
Title: AWS Network Firewall
Description: Create the AWS NFW
Optional on-premise-rules
Title: On Premises Rules
Description: On Prem DNS zones configuration
Optional opt-in
opt-in: boolean
Title: Opt-In VPC
Description: Enables a VPC to be defined in an OU and created in an account, but only once the account has opted in, will the VPC be created.
Optional pcx
Title: Peering Connection
Description: Create a peering connection.
region
Title: Region
Description: Region for the VPC.
Optional resolvers
Title: Resolvers
Description: Create a Route 53 resolver in this account. You can integrate DNS resolution between the Resolver in the VPC and this resolver
Optional route-tables
Title: Route Tables
Description: Route tables for the VPC.
Optional security-groups
Title: Security Groups
Description: Security groups for theVPC
Optional subnets
Title: Subnets
Description: Subnet definitions for the VPC.
Optional tgw-attach
Title: TGW Attachment
Description: Attach this VPC to a transit gateway.
Optional use-central-endpoints
use-central-endpoints: boolean
Title: Use Central Endpoints
Description: Use VPC endpoints defined by the VPC with the central-endpoint value set to true. Associates the designated endpoint Route53 Zone with this VPC.
Optional vgw
Title: Virtual Gateway
Description: Create a Virtual Gateway.
Optional zones
Title: Zones
Description: Create route 53 hosted zones
Either: a) defines and creates the VPC(s) that will be shared with every account in an OU, or b) defines and creates the VPC(s) in every account in an OU, or c) defines and creates VPC(s) inside an account. VPCs should generally be defined at the OU level (either centrally created and shared, or templated and locally deployed), versus at the account level.