Add map_public_ip_on_launch variable #23
Conversation
alexjurkiewicz
requested review from
Gowiem and
aknysh
and removed request for
a team
alexjurkiewicz
force-pushed
the
patch-1
branch
from
cbfa952 to
1640a3e
Compare
|
Thanks for the advice about README updating. I've extended this variable to work for both public & private subnets. The use-cases for private subnets with public IPs are pretty niche (self-managed network gateways, other?) but they do exist, and it was a special case to not support this anyway. |
|
/test all |
|
@alexjurkiewicz Ah sorry to do it to you after already asking for changes, but can also ask you to add separate variables for private vs public subnets? I worry that if folks go to enable this, they won't expect it to take effect on their private subnets, which could in turn create a security issue for them. |
|
Since this module can only create public or private subnets (not both at the same time), what sort of scenario are you thinking of where people could enable this accidentally on private subnets? I'm guessing you're thinking of some scenario with module "subnets" {
for_each = toset(["public", "private"])
source = "git::https://github.com/cloudposse/terraform-aws-named-subnets.git?ref=master"
# other params skipped
type = each.key
map_public_ip_on_launch = each.key == "public"
}You would be performing similar logic for other params like |
|
@alexjurkiewicz Solid point! I haven't used this module personally (I typically use terraform-aws-dynamic-subnets), so I didn't know that it was meant to create one set of subnet type or another. |
|
@alexjurkiewicz |
what
map_public_ip_on_launchfor public subnetswhy
nat_enabled = false