x-vpc¶
Define a new VPC for your services or use an existing one¶
Syntax Reference¶
x-vpc:
Create: {}
Lookup: {}
Use: {}
Create¶
x-vpc:
Create:
SingleNat: true
VpcCidr: 172.6.7.42/24
Endpoints:
AwsServices:
- service: s3
- service: ecr.api
- service: ecr.dkr
VpcCidr¶
The CIDR you want to use. Default is 100.127.254.0/24.
SingleNat¶
Whether you want to have 1 NAT per AZ for your application subnets. Reduces the costs for dev environments!
Endpoints¶
List of VPC Endpoints from AWS Services you want to create. Default will create Endpoints for ECR (DKR and API).
EnableFlowLogs¶
Whether you want to have a VPC Flow Log created for the VPC. It will create a new LogGroup and IAM Role to allow logging to CloudWatch.
FlowLogsRoleBoundary¶
For those of you who require IAM PermissionsBoundary for your IAM Roles, this allows to set the boundary. If it starts with arn:aws it will assume this is a valid ARN, otherwise, it will use the value as policy name.
Lookup¶
x-vpc:
Lookup:
VpcId:
Tags:
- key: value
PublicSubnets:
Tags:
- vpc::usage: public
AppSubnets:
Tags:
- vpc::usage: application
StorageSubnets:
Tags:
- vpc::usage: storage0
Warning
When using Use or Lookup you MUST define all 4 settings: * VpcId * StorageSubnets * AppSubnets * PublicSubnets
Warning
When creating newly defined subnets groups, the name must be in the format ^[a-zA-Z0-9]+$
Hint
You can define extra subnet groups based on different tags and map them to your services for override when using Lookup or Use
x-vpc:
Lookup:
VpcId: {}
AppSubnets: {}
StorageSubnets: {}
PublicSubnets: {}
Custom01:
Tags: {}
networks:
custom01:
x-vpc: Custom01
services:
serviceA:
networks:
- custom01
Use¶
x-vpc:
Use:
VpcId: vpc-id
AppSubnets:
- subnet-id
- subnet-id
StorageSubnets:
- subnet-id
- subnet-id
PublicSubnets:
- subnet-id
- subnet-id
Default VPC Network design¶
The design of the VPC generated is very simple 3-tiers:
Public subnets, 1/4 of the available IPs of the VPC CIDR Range
Storage subnets, 1/4 of the available IPs of the VPC CIDR Range
Application subnets, 1/2 of the available IPs of the VPC CIDR Range
Default range¶
The default CIDR range for the VPC is 100.127.254.0/24 This leaves a just under 120 IP address for the EC2 hosts and/or Docker containers.
Hint
The range can be changed via VpcCidr but not the structure detailed above. Works for all RFC 1918 and the 100.64.0.0/10 ranges.