Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/mcamacho97/terraform-mean-stack-aws/llms.txt

Use this file to discover all available pages before exploring further.

The network module is the foundational layer of the MEAN stack infrastructure. It provisions the entire AWS networking topology — a single VPC with DNS resolution and hostnames enabled, two public-facing subnets spread across two Availability Zones for high availability, one private subnet for the MongoDB instance, an Internet Gateway for public egress and ingress, a NAT Gateway so the private subnet can reach the internet without being reachable from it, and all associated route tables and their subnet associations.

Resources Created

The module manages the following AWS resources:
ResourceTerraform nameDescription
aws_vpcthisVPC with DNS support and hostnames enabled
aws_internet_gatewaythisIGW attached to the VPC
aws_subnetpublic_1Public subnet A (AZ1), map_public_ip_on_launch = true
aws_subnetpublic_2Public subnet B (AZ2), map_public_ip_on_launch = true
aws_subnetprivatePrivate subnet (AZ1), no public IP on launch
aws_eipnatElastic IP allocated in the VPC domain for the NAT Gateway
aws_nat_gatewaythisNAT Gateway in public subnet 1; depends on the IGW
aws_route_tablepublicRoutes 0.0.0.0/0 to the Internet Gateway
aws_route_tableprivateRoutes 0.0.0.0/0 to the NAT Gateway
aws_route_table_associationpublic_1Associates public_1 subnet with the public route table
aws_route_table_associationpublic_2Associates public_2 subnet with the public route table
aws_route_table_associationprivateAssociates private subnet with the private route table
The NAT Gateway has an explicit depends_on = [aws_internet_gateway.this] to ensure the IGW is fully attached before the NAT Gateway is created. Terraform’s implicit dependency graph alone is not sufficient here.

Input Variables

project_name
string
required
Prefix applied to all resource Name tags created by this module (e.g. terraform-mean produces terraform-mean-vpc).
environment
string
required
Deployment environment label (e.g. dev, staging, prod). Passed through to resource tags for environment identification.
vpc_cidr
string
required
CIDR block for the VPC (e.g. 10.0.0.0/16). All subnets must be contained within this range.
public_subnet_1_cidr
string
required
CIDR block for the first public subnet, placed in availability_zone_1 (e.g. 10.0.1.0/24).
public_subnet_2_cidr
string
required
CIDR block for the second public subnet, placed in availability_zone_2 (e.g. 10.0.2.0/24).
private_subnet_cidr
string
required
CIDR block for the private subnet, placed in availability_zone_1 (e.g. 10.0.3.0/24). MongoDB runs here with no public IP.
availability_zone_1
string
required
AWS Availability Zone for public subnet A and the private subnet (e.g. us-east-1a). Also where the NAT Gateway is placed.
availability_zone_2
string
required
AWS Availability Zone for public subnet B (e.g. us-east-1b). Using a second AZ allows the ALB to span multiple AZs.

Outputs

vpc_id
string
The ID of the created VPC. Consumed by the security and alb modules.
public_subnet_1_id
string
The ID of public subnet A (AZ1). Used as the subnet for node_1 and one of the two ALB subnets.
public_subnet_2_id
string
The ID of public subnet B (AZ2). Used as the subnet for node_2 and the second ALB subnet.
private_subnet_id
string
The ID of the private subnet (AZ1). Used as the subnet for the mongodb EC2 instance.
nat_gateway_public_ip
string
The public IP address of the Elastic IP attached to the NAT Gateway. Useful for allowlisting outbound traffic from private instances in external firewalls.

Module Call

The following shows exactly how the root main.tf invokes the network module:
module "network" {
  source = "./modules/network"

  project_name = var.project_name
  environment  = var.environment

  vpc_cidr = var.vpc_cidr

  public_subnet_1_cidr = var.public_subnet_1_cidr
  public_subnet_2_cidr = var.public_subnet_2_cidr
  private_subnet_cidr  = var.private_subnet_cidr

  availability_zone_1 = var.availability_zone_1
  availability_zone_2 = var.availability_zone_2
}
Reference module.network.nat_gateway_public_ip after terraform apply to get the static outbound IP for the private subnet. You can add this IP to external allowlists for MongoDB Atlas or third-party APIs.

Build docs developers (and LLMs) love