diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..8207150
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,25 @@
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+# Override for Makefile
+[{Makefile, makefile, GNUmakefile, Makefile.*}]
+tab_width = 2
+indent_style = tab
+indent_size = 4
+
+[COMMIT_EDITMSG]
+max_line_length = 0
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 2537f2f..6f64b5a 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -15,8 +15,8 @@
# Cloud Posse must review any changes to standard context definition,
# but some changes can be rubber-stamped.
-**/*.tf @cloudposse/engineering @cloudposse/approvers
-README.yaml @cloudposse/engineering @cloudposse/approvers
+**/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
diff --git a/.github/auto-release.yml b/.github/auto-release.yml
index c78a4d8..ba0c226 100644
--- a/.github/auto-release.yml
+++ b/.github/auto-release.yml
@@ -46,7 +46,7 @@ template: |
replacers:
# Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/---\s+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
replace: ''
# Remove Renovate bot banner image
- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
diff --git a/.github/mergify.yml b/.github/mergify.yml
index b010656..ef15545 100644
--- a/.github/mergify.yml
+++ b/.github/mergify.yml
@@ -56,3 +56,10 @@ pull_request_rules:
changes_requested: true
approved: true
message: "This Pull Request has been updated, so we're dismissing all reviews."
+
+- name: "close Pull Requests without files changed"
+ conditions:
+ - "#files=0"
+ actions:
+ close:
+ message: "This pull request has been automatically closed by Mergify because there are no longer any changes."
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
index 990abed..375d0fd 100644
--- a/.github/workflows/auto-format.yml
+++ b/.github/workflows/auto-format.yml
@@ -6,7 +6,7 @@ on:
jobs:
auto-format:
runs-on: ubuntu-latest
- container: cloudposse/build-harness:slim-latest
+ container: cloudposse/build-harness:latest
steps:
# Checkout the pull request branch
# "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
@@ -29,6 +29,8 @@ jobs:
- name: Auto Format
if: github.event.pull_request.state == 'open'
shell: bash
+ env:
+ GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
# Commit changes (if any) to the PR branch
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 3f48017..1d06d9b 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -3,17 +3,25 @@ name: auto-release
on:
push:
branches:
- - master
+ - main
+ - master
+ - production
jobs:
publish:
runs-on: ubuntu-latest
steps:
- # Drafts your next Release notes as Pull Requests are merged into "master"
- - uses: release-drafter/release-drafter@v5
- with:
- publish: true
- prerelease: false
- config-name: auto-release.yml
- env:
- GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ # Get PR from merged commit to master
+ - uses: actions-ecosystem/action-get-merged-pull-request@v1
+ id: get-merged-pull-request
+ with:
+ github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+ # Drafts your next Release notes as Pull Requests are merged into "main"
+ - uses: release-drafter/release-drafter@v5
+ if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')"
+ with:
+ publish: true
+ prerelease: false
+ config-name: auto-release.yml
+ env:
+ GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 386eb28..c5193b6 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -1,5 +1,7 @@
name: Validate Codeowners
on:
+ workflow_dispatch:
+
pull_request:
jobs:
diff --git a/README.md b/README.md
index 166948b..86a6fa1 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+
# terraform-aws-named-subnets [](https://github.com/cloudposse/terraform-aws-named-subnets/releases/latest) [](https://slack.cloudposse.com)
@@ -29,7 +30,6 @@
Terraform module for named [`subnets`](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) provisioning.
-
---
This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
@@ -60,7 +60,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
-
## Security & Compliance [
](https://bridgecrew.io/)
Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
@@ -372,84 +371,89 @@ Available targets:
| Name | Version |
|------|---------|
-| terraform | >= 0.13.0 |
-| aws | >= 2.0 |
-| null | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [aws](#requirement\_aws) | >= 2.0 |
+| [null](#requirement\_null) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| aws | >= 2.0 |
+| [aws](#provider\_aws) | >= 2.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| private_label | cloudposse/label/null | 0.24.1 |
-| public_label | cloudposse/label/null | 0.24.1 |
-| this | cloudposse/label/null | 0.24.1 |
+| [private\_label](#module\_private\_label) | cloudposse/label/null | 0.24.1 |
+| [public\_label](#module\_public\_label) | cloudposse/label/null | 0.24.1 |
+| [this](#module\_this) | cloudposse/label/null | 0.24.1 |
## Resources
-| Name |
-|------|
-| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/eip) |
-| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/nat_gateway) |
-| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/network_acl) |
-| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route) |
-| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route_table) |
-| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route_table_association) |
-| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/subnet) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/data-sources/vpc) |
+| Name | Type |
+|------|------|
+| [aws_eip.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_nat_gateway.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |
+| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_route.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| availability\_zone | Availability Zone | `string` | n/a | yes |
-| cidr\_block | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| eni\_id | An ID of a network interface which is used as a default route in private route tables (\_e.g.\_ `eni-9c26a123`) | `string` | `""` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| igw\_id | Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). Conflicts with `ngw_id` | `string` | `""` | no |
-| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no |
-| map\_public\_ip\_on\_launch\_enabled | Enable/disable map\_public\_ip\_on\_launch subnet attribute. | `bool` | `false` | no |
-| max\_subnets | Maximum number of subnets which can be created. This variable is being used for CIDR blocks calculation. Defaults to length of `subnet_names` argument | `number` | `16` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| nat\_enabled | Enable/disable NAT Gateway | `bool` | `true` | no |
-| ngw\_id | NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `igw_id` | `string` | `""` | no |
-| private\_network\_acl\_egress | Private network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| private\_network\_acl\_id | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
-| private\_network\_acl\_ingress | Private network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| public\_network\_acl\_egress | Public network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| public\_network\_acl\_id | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
-| public\_network\_acl\_ingress | Public network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| subnet\_names | List of subnet names (e.g. `['apples', 'oranges', 'grapes']`) | `list(string)` | n/a | yes |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| type | Type of subnets (`private` or `public`) | `string` | `"private"` | no |
-| vpc\_id | VPC ID | `string` | n/a | yes |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| [availability\_zone](#input\_availability\_zone) | Availability Zone | `string` | n/a | yes |
+| [cidr\_block](#input\_cidr\_block) | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [eni\_id](#input\_eni\_id) | An ID of a network interface which is used as a default route in private route tables (\_e.g.\_ `eni-9c26a123`). Conflicts with `ngw_id`. | `string` | `""` | no |
+| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [igw\_id](#input\_igw\_id) | Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). | `string` | `""` | no |
+| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no |
+| [map\_public\_ip\_on\_launch\_enabled](#input\_map\_public\_ip\_on\_launch\_enabled) | Enable/disable map\_public\_ip\_on\_launch subnet attribute. | `bool` | `false` | no |
+| [max\_subnets](#input\_max\_subnets) | Maximum number of subnets which can be created. This variable is being used for CIDR blocks calculation. Defaults to length of `subnet_names` argument | `number` | `16` | no |
+| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| [nat\_enabled](#input\_nat\_enabled) | Enable/disable NAT Gateway | `bool` | `true` | no |
+| [ngw\_id](#input\_ngw\_id) | NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `eni_id`. | `string` | `""` | no |
+| [private\_network\_acl\_egress](#input\_private\_network\_acl\_egress) | Private network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [private\_network\_acl\_id](#input\_private\_network\_acl\_id) | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
+| [private\_network\_acl\_ingress](#input\_private\_network\_acl\_ingress) | Private network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [public\_network\_acl\_egress](#input\_public\_network\_acl\_egress) | Public network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [public\_network\_acl\_id](#input\_public\_network\_acl\_id) | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
+| [public\_network\_acl\_ingress](#input\_public\_network\_acl\_ingress) | Public network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [subnet\_names](#input\_subnet\_names) | List of subnet names (e.g. `['apples', 'oranges', 'grapes']`) | `list(string)` | n/a | yes |
+| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| [type](#input\_type) | Type of subnets (`private` or `public`) | `string` | `"private"` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
-| named\_subnet\_ids | Map of subnet names to subnet IDs |
-| ngw\_id | NAT Gateway ID |
-| ngw\_private\_ip | Private IP address of the NAT Gateway |
-| ngw\_public\_ip | Public IP address of the NAT Gateway |
-| route\_table\_ids | Route table IDs |
-| subnet\_ids | Subnet IDs |
+| [named\_subnet\_ids](#output\_named\_subnet\_ids) | Map of subnet names to subnet IDs |
+| [ngw\_id](#output\_ngw\_id) | NAT Gateway ID |
+| [ngw\_private\_ip](#output\_ngw\_private\_ip) | Private IP address of the NAT Gateway |
+| [ngw\_public\_ip](#output\_ngw\_public\_ip) | Public IP address of the NAT Gateway |
+| [route\_table\_ids](#output\_route\_table\_ids) | Route table IDs |
+| [subnet\_ids](#output\_subnet\_ids) | Subnet IDs |
diff --git a/docs/terraform.md b/docs/terraform.md
index 4affbbe..8f73b48 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,82 +3,87 @@
| Name | Version |
|------|---------|
-| terraform | >= 0.13.0 |
-| aws | >= 2.0 |
-| null | >= 2.0 |
+| [terraform](#requirement\_terraform) | >= 0.13.0 |
+| [aws](#requirement\_aws) | >= 2.0 |
+| [null](#requirement\_null) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| aws | >= 2.0 |
+| [aws](#provider\_aws) | >= 2.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| private_label | cloudposse/label/null | 0.24.1 |
-| public_label | cloudposse/label/null | 0.24.1 |
-| this | cloudposse/label/null | 0.24.1 |
+| [private\_label](#module\_private\_label) | cloudposse/label/null | 0.24.1 |
+| [public\_label](#module\_public\_label) | cloudposse/label/null | 0.24.1 |
+| [this](#module\_this) | cloudposse/label/null | 0.24.1 |
## Resources
-| Name |
-|------|
-| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/eip) |
-| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/nat_gateway) |
-| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/network_acl) |
-| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route) |
-| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route_table) |
-| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/route_table_association) |
-| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/resources/subnet) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.0/docs/data-sources/vpc) |
+| Name | Type |
+|------|------|
+| [aws_eip.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_nat_gateway.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource |
+| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_route.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route_table.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| availability\_zone | Availability Zone | `string` | n/a | yes |
-| cidr\_block | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| eni\_id | An ID of a network interface which is used as a default route in private route tables (\_e.g.\_ `eni-9c26a123`) | `string` | `""` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| igw\_id | Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). Conflicts with `ngw_id` | `string` | `""` | no |
-| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no |
-| map\_public\_ip\_on\_launch\_enabled | Enable/disable map\_public\_ip\_on\_launch subnet attribute. | `bool` | `false` | no |
-| max\_subnets | Maximum number of subnets which can be created. This variable is being used for CIDR blocks calculation. Defaults to length of `subnet_names` argument | `number` | `16` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| nat\_enabled | Enable/disable NAT Gateway | `bool` | `true` | no |
-| ngw\_id | NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `igw_id` | `string` | `""` | no |
-| private\_network\_acl\_egress | Private network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| private\_network\_acl\_id | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
-| private\_network\_acl\_ingress | Private network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| public\_network\_acl\_egress | Public network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| public\_network\_acl\_id | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
-| public\_network\_acl\_ingress | Public network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| subnet\_names | List of subnet names (e.g. `['apples', 'oranges', 'grapes']`) | `list(string)` | n/a | yes |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| type | Type of subnets (`private` or `public`) | `string` | `"private"` | no |
-| vpc\_id | VPC ID | `string` | n/a | yes |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| [availability\_zone](#input\_availability\_zone) | Availability Zone | `string` | n/a | yes |
+| [cidr\_block](#input\_cidr\_block) | Base CIDR block which will be divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [eni\_id](#input\_eni\_id) | An ID of a network interface which is used as a default route in private route tables (\_e.g.\_ `eni-9c26a123`). Conflicts with `ngw_id`. | `string` | `""` | no |
+| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [igw\_id](#input\_igw\_id) | Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). | `string` | `""` | no |
+| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no |
+| [map\_public\_ip\_on\_launch\_enabled](#input\_map\_public\_ip\_on\_launch\_enabled) | Enable/disable map\_public\_ip\_on\_launch subnet attribute. | `bool` | `false` | no |
+| [max\_subnets](#input\_max\_subnets) | Maximum number of subnets which can be created. This variable is being used for CIDR blocks calculation. Defaults to length of `subnet_names` argument | `number` | `16` | no |
+| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| [nat\_enabled](#input\_nat\_enabled) | Enable/disable NAT Gateway | `bool` | `true` | no |
+| [ngw\_id](#input\_ngw\_id) | NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `eni_id`. | `string` | `""` | no |
+| [private\_network\_acl\_egress](#input\_private\_network\_acl\_egress) | Private network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [private\_network\_acl\_id](#input\_private\_network\_acl\_id) | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
+| [private\_network\_acl\_ingress](#input\_private\_network\_acl\_ingress) | Private network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [public\_network\_acl\_egress](#input\_public\_network\_acl\_egress) | Public network egress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [public\_network\_acl\_id](#input\_public\_network\_acl\_id) | Network ACL ID that will be added to the subnets. If empty, a new ACL will be created | `string` | `""` | no |
+| [public\_network\_acl\_ingress](#input\_public\_network\_acl\_ingress) | Public network ingress ACL rules | list(object(
{
rule_no = number
action = string
cidr_block = string
from_port = number
to_port = number
protocol = string
}))
| [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
}
]
| no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [subnet\_names](#input\_subnet\_names) | List of subnet names (e.g. `['apples', 'oranges', 'grapes']`) | `list(string)` | n/a | yes |
+| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| [type](#input\_type) | Type of subnets (`private` or `public`) | `string` | `"private"` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
-| named\_subnet\_ids | Map of subnet names to subnet IDs |
-| ngw\_id | NAT Gateway ID |
-| ngw\_private\_ip | Private IP address of the NAT Gateway |
-| ngw\_public\_ip | Public IP address of the NAT Gateway |
-| route\_table\_ids | Route table IDs |
-| subnet\_ids | Subnet IDs |
+| [named\_subnet\_ids](#output\_named\_subnet\_ids) | Map of subnet names to subnet IDs |
+| [ngw\_id](#output\_ngw\_id) | NAT Gateway ID |
+| [ngw\_private\_ip](#output\_ngw\_private\_ip) | Private IP address of the NAT Gateway |
+| [ngw\_public\_ip](#output\_ngw\_public\_ip) | Public IP address of the NAT Gateway |
+| [route\_table\_ids](#output\_route\_table\_ids) | Route table IDs |
+| [subnet\_ids](#output\_subnet\_ids) | Subnet IDs |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 7fa5fb0..635cad2 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -15,5 +15,3 @@ subnet_names = ["subnet1", "subnet2"]
max_subnets = 2
type = "public"
-
-nat_enabled = false
\ No newline at end of file
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index b90bf61..3b0fb3d 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -11,6 +11,7 @@ module "vpc" {
context = module.this.context
}
+# Verify we can make a public subnet with NAT for private subnet
module "subnets" {
source = "../../"
@@ -19,9 +20,26 @@ module "subnets" {
availability_zone = var.availability_zone
vpc_id = module.vpc.vpc_id
igw_id = module.vpc.igw_id
- cidr_block = module.vpc.vpc_cidr_block
+ cidr_block = "172.16.128.0/17"
subnet_names = var.subnet_names
max_subnets = var.max_subnets
- nat_enabled = var.nat_enabled
- type = var.type
+ nat_enabled = true
+ type = "public"
+}
+
+# Verify we can make private subnets connected to the public subnet
+module "subnets_private" {
+ source = "../../"
+
+ context = module.this.context
+
+ availability_zone = var.availability_zone
+ vpc_id = module.vpc.vpc_id
+ igw_id = module.vpc.igw_id
+ cidr_block = "172.16.0.0/17"
+ subnet_names = ["private1"]
+ max_subnets = var.max_subnets
+ nat_enabled = false
+ type = "private"
+ ngw_id = module.subnets.ngw_id
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 930819c..8a9618c 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -17,7 +17,3 @@ variable "max_subnets" {
variable "type" {
type = string
}
-
-variable "nat_enabled" {
- type = bool
-}
diff --git a/private.tf b/private.tf
index b038c9f..f45e6d1 100644
--- a/private.tf
+++ b/private.tf
@@ -41,8 +41,8 @@ resource "aws_route_table" "private" {
resource "aws_route" "private" {
count = local.private_count
route_table_id = aws_route_table.private.*.id[count.index]
- network_interface_id = var.eni_id
- nat_gateway_id = var.ngw_id
+ network_interface_id = var.eni_id == "" ? null : var.eni_id
+ nat_gateway_id = var.ngw_id == "" ? null : var.ngw_id
destination_cidr_block = "0.0.0.0/0"
}
diff --git a/public.tf b/public.tf
index b01e9f6..4982aef 100644
--- a/public.tf
+++ b/public.tf
@@ -42,7 +42,7 @@ resource "aws_route_table" "public" {
resource "aws_route" "public" {
count = local.public_count
route_table_id = aws_route_table.public.*.id[count.index]
- gateway_id = var.igw_id
+ gateway_id = var.igw_id == "" ? null : var.igw_id
destination_cidr_block = "0.0.0.0/0"
}
diff --git a/variables.tf b/variables.tf
index e7bcba5..95cb03c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,13 +32,13 @@ variable "cidr_block" {
variable "igw_id" {
type = string
- description = "Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). Conflicts with `ngw_id`"
+ description = "Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`)."
default = ""
}
variable "ngw_id" {
type = string
- description = "NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `igw_id`"
+ description = "NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `eni_id`."
default = ""
}
@@ -159,7 +159,7 @@ variable "nat_enabled" {
variable "eni_id" {
type = string
default = ""
- description = "An ID of a network interface which is used as a default route in private route tables (_e.g._ `eni-9c26a123`)"
+ description = "An ID of a network interface which is used as a default route in private route tables (_e.g._ `eni-9c26a123`). Conflicts with `ngw_id`."
}
variable "map_public_ip_on_launch_enabled" {