## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= v1.3.9 |
| [aws](#requirement\_aws) | >= 4.56.0 |
| [local](#requirement\_local) | 2.2.3 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.63.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [shared\_services\_vpc](#module\_shared\_services\_vpc) | aws-ia/vpc/aws | >= 4.2.0 |
| [shared\_tgw](#module\_shared\_tgw) | ../transit_gw | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_ec2_managed_prefix_list.nss_pl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list) | resource |
| [aws_ec2_managed_prefix_list.nw_segment_pl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list) | resource |
| [aws_ec2_managed_prefix_list_entry.nss_pl_nss_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list_entry) | resource |
| [aws_ec2_managed_prefix_list_entry.nw_segment_pl_nss_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list_entry) | resource |
| [aws_ec2_transit_gateway_route_table.nss_vpc_tgw_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table) | resource |
| [aws_ec2_transit_gateway_route_table.nw_segment_tgw_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table) | resource |
| [aws_ec2_transit_gateway_route_table_association.nss_vpc_tgw_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
| [aws_ec2_transit_gateway_route_table_propagation.nss_propagation_to_nw_segment_tgw_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
| [aws_ram_principal_association.account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association) | resource |
| [aws_ram_principal_association.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association) | resource |
| [aws_ram_principal_association.ou](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association) | resource |
| [aws_ram_resource_association.nss_pl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_association) | resource |
| [aws_ram_resource_association.nw_segment_pl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_association) | resource |
| [aws_ram_resource_share.pl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_share) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cidr\_block](#input\_cidr\_block) | CIDR block for the VPC hosting the Network Shared Services (NSS).
The CIDR block should be in the range of /16 to /20 | `string` | n/a | yes |
| [env\_name](#input\_env\_name) | Environment name e.g. dev, prod, used for resource identification. | `string` | n/a | yes |
| [project](#input\_project) | Project name, used as prefix/suffix for resource identification. | `string` | n/a | yes |
| [tags](#input\_tags) | Common and mandatory tags for the resources. | `map(string)` | n/a | yes |
| [amazon\_side\_asn](#input\_amazon\_side\_asn) | Private Autonomous System Number (ASN) for the Amazon side of a BGP session. | `string` | `"64512"` | no |
| [az\_count](#input\_az\_count) | Number of AZs to spread the Networks Shared Services (NSS) to.
Assumes AZs sorted a-z. Max 6 AZs. | `number` | `3` | no |
| [dnse\_cidrs](#input\_dnse\_cidrs) | List of CIDRs for the subnet(s) hosting the DNS resolver endpoint(s).
If not provided, it will be calculated at position 4.
The recommended CIDR block range is /28. | `list(string)` | `[]` | no |
| [dnse\_subnet\_tags](#input\_dnse\_subnet\_tags) | Extra tags to add to the dns resolver endpoint subnet(s) | `map(string)` | `{}` | no |
| [enable\_dnse](#input\_enable\_dnse) | If enabled, subnet(s) for DNS resolver endpoints will be created. | `bool` | `false` | no |
| [enable\_vpce](#input\_enable\_vpce) | If enabled, subnet(s) for VPC endpoints will be created. | `bool` | `false` | no |
| [nat\_gateway\_config](#input\_nat\_gateway\_config) | NAT Gateways spread to be created.
Network Shared Services (NSS) requires NAT GW. Valid values = "single\_az", "all\_azs"
There is soft limit of 5 EIPs per VPC per account. | `string` | `"single_az"` | no |
| [public\_cidrs](#input\_public\_cidrs) | List of CIDRs for the public subnet(s) hosting the NAT GW.
If not provided, it will be calculated at position 1. | `list(string)` | `[]` | no |
| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Extra tags to add to the public subnet(s) | `map(string)` | `{}` | no |
| [share\_with\_accounts](#input\_share\_with\_accounts) | Share the services with list of AWS Accounts. like 111111111111
If `share_with_org` is true then `share_with_accounts` is ignored.
Provided list of AWS Account Ids that are not part of any AWS Organizations OUs in the `share_with_ous`
The master account for the AWS Organization must have enabled sharing in the AWS Resource Access Manager (RAM).
e.g. `aws ram enable-sharing-with-aws-organization` | `list(string)` | `[]` | no |
| [share\_with\_org](#input\_share\_with\_org) | Share the services at the Organization level.
If `share_with_org` is true then `share_with_ous` is ignored.
If `share_with_org` is true then `share_with_accounts` is ignored.
The master account for the AWS Organization must have enabled sharing in the AWS Resource Access Manager (RAM).
e.g. `aws ram enable-sharing-with-aws-organization` | `bool` | `true` | no |
| [share\_with\_ous](#input\_share\_with\_ous) | Share the services with list of AWS Organizations OU, like ou-xyz-abcdefg
If `share_with_org` is true then `share_with_ous` is ignored.
The master account for the AWS Organization must have enabled sharing in the AWS Resource Access Manager (RAM).
e.g. `aws ram enable-sharing-with-aws-organization` | `list(string)` | `[]` | no |
| [super\_net\_cidr\_blocks](#input\_super\_net\_cidr\_blocks) | CIDR blocks for Hub and Spoke super net(s).
Must include On-Premises super net(s), if required.
if empty, individual VPC cidr blocks will be used for routing that may hit the route table entry limits. | `list(string)` | `[]` | no |
| [supported\_network\_segments](#input\_supported\_network\_segments) | List of distinct network segment names for which Transit Gateway route table(s) will be created.
transit gateway route tables are always created for the network segments `ALL` and `ISOLATED` | `list(string)` | [
"ALL",
"ISOLATED"
]
| no |
| [tgw\_cidrs](#input\_tgw\_cidrs) | List of CIDRs for the subnet(s) hosting the TGW endpoints.
If not provided, it will be calculated at position 2.
The recommended CIDR block range is /28. | `list(string)` | `[]` | no |
| [tgw\_subnet\_tags](#input\_tgw\_subnet\_tags) | Extra tags to add to the transit gw subnet(s) | `map(string)` | `{}` | no |
| [tgw\_tags](#input\_tgw\_tags) | Extra tags to add to the transit gateway. | `map(string)` | `{}` | no |
| [vpc\_tags](#input\_vpc\_tags) | Extra tags to add to the Networks Shared Services (NSS) VPC.
These will be carried forward to all subnets too. | `map(string)` | `{}` | no |
| [vpce\_cidrs](#input\_vpce\_cidrs) | List of CIDRs for the subnet(s) hosting the VPC endpoint(s) for the supported AWS Services.
If not provided, it will be calculated at position 3.
The recommended CIDR block range is /24. | `list(string)` | `[]` | no |
| [vpce\_subnet\_tags](#input\_vpce\_subnet\_tags) | Extra tags to add to the vpc endpoint subnet(s) | `map(string)` | `{}` | no |
## Outputs
| Name | Description |
|------|-------------|
| [azs](#output\_azs) | List of AZs where subnets are created. |
| [nw\_segment\_prefix\_list\_ids](#output\_nw\_segment\_prefix\_list\_ids) | Prefix list id for network segment(s). |
| [nw\_segment\_tgw\_route\_table\_ids](#output\_nw\_segment\_tgw\_route\_table\_ids) | TGW route table id for network segment(s). |
| [nw\_shared\_svc\_prefix\_list\_id](#output\_nw\_shared\_svc\_prefix\_list\_id) | Prefix list id for NSS. |
| [nw\_shared\_svc\_tgw\_attachment\_id](#output\_nw\_shared\_svc\_tgw\_attachment\_id) | TGW attachment id for network shared services VPC. |
| [nw\_shared\_svc\_tgw\_id](#output\_nw\_shared\_svc\_tgw\_id) | Transit GW Id that enables network shared services VPC. |
| [nw\_shared\_svc\_tgw\_route\_table\_id](#output\_nw\_shared\_svc\_tgw\_route\_table\_id) | TGW route table id for network shared services VPC. |
| [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | List of private subnet attributes by AZ. |
| [super\_net\_cidr\_blocks](#output\_super\_net\_cidr\_blocks) | Super Net CIDR Blocks used for routing. |
| [supported\_network\_segments](#output\_supported\_network\_segments) | List of supported network segments by NSS. |
| [vpc\_attributes](#output\_vpc\_attributes) | VPC attributes for the provisioned VPC |
| [vpc\_id](#output\_vpc\_id) | VPC Id for the provisioned VPC |