From 6eddcad72867cd9df536d13ea8fdac15e0eebbd4 Mon Sep 17 00:00:00 2001 From: drewmullen Date: Sun, 25 Sep 2022 13:13:12 -0400 Subject: [PATCH] feat: Add IPAM IPv4 support (#716) --- .pre-commit-config.yaml | 2 +- README.md | 58 +- examples/complete-vpc/README.md | 6 +- examples/complete-vpc/main.tf | 11 +- examples/complete-vpc/outputs.tf | 2 +- examples/complete-vpc/versions.tf | 2 +- examples/ipam-vpc/README.md | 171 ++++++ examples/ipam-vpc/main.tf | 80 +++ examples/ipam-vpc/outputs.tf | 535 ++++++++++++++++++ examples/ipam-vpc/variables.tf | 0 examples/ipam-vpc/versions.tf | 10 + examples/ipv6/README.md | 4 +- examples/ipv6/main.tf | 12 +- examples/ipv6/outputs.tf | 2 +- examples/ipv6/versions.tf | 2 +- examples/issues/README.md | 2 +- examples/issues/main.tf | 19 +- examples/issues/versions.tf | 2 +- examples/manage-default-vpc/README.md | 4 +- examples/manage-default-vpc/main.tf | 9 + examples/manage-default-vpc/outputs.tf | 2 +- examples/manage-default-vpc/versions.tf | 2 +- examples/network-acls/README.md | 4 +- examples/network-acls/main.tf | 14 +- examples/network-acls/outputs.tf | 2 +- examples/network-acls/versions.tf | 2 +- examples/outpost/README.md | 6 +- examples/outpost/main.tf | 14 +- examples/outpost/outputs.tf | 2 +- examples/outpost/versions.tf | 2 +- examples/secondary-cidr-blocks/README.md | 4 +- examples/secondary-cidr-blocks/main.tf | 14 +- examples/secondary-cidr-blocks/outputs.tf | 2 +- examples/secondary-cidr-blocks/versions.tf | 2 +- examples/simple-vpc/README.md | 4 +- examples/simple-vpc/main.tf | 14 +- examples/simple-vpc/outputs.tf | 2 +- examples/simple-vpc/versions.tf | 2 +- examples/vpc-flow-logs/main.tf | 35 +- .../README.md | 4 +- .../vpc-separate-private-route-tables/main.tf | 15 +- .../outputs.tf | 2 +- .../versions.tf | 2 +- main.tf | 4 +- outputs.tf | 2 +- variables.tf | 8 +- versions.tf | 2 +- 47 files changed, 996 insertions(+), 105 deletions(-) create mode 100644 examples/ipam-vpc/README.md create mode 100644 examples/ipam-vpc/main.tf create mode 100644 examples/ipam-vpc/outputs.tf create mode 100644 examples/ipam-vpc/variables.tf create mode 100644 examples/ipam-vpc/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 27d478d22..6a8a23ae4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.72.1 + rev: v1.75.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 1cacc02c2..0e1bc949f 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,54 @@ Sometimes it is handy to have public access to Redshift clusters (for example if It is possible to integrate this VPC module with [terraform-aws-transit-gateway module](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway) which handles the creation of TGW resources and VPC attachments. See [complete example there](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete). +## VPC CIDR from AWS IP Address Manager (IPAM) + +It is possible to have your VPC CIDR assigned from an [AWS IPAM Pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool). However, In order to build subnets within this module Terraform must know subnet CIDRs to properly plan the amount of resources to build. Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. You can get around this by "previewing" the CIDR and then using that as the subnet values. + +_Note: Due to race conditions with `terraform plan`, it is not possible to use `ipv4_netmask_length` or a pools `allocation_default_netmask_length` within this module. You must explicitly set the CIDRs for a pool to use._ + +```hcl +# Find the pool RAM shared to your account +# Info on RAM sharing pools: https://docs.aws.amazon.com/vpc/latest/ipam/share-pool-ipam.html +data "aws_vpc_ipam_pool" "ipv4_example" { + filter { + name = "description" + values = ["*mypool*"] + } + + filter { + name = "address-family" + values = ["ipv4"] + } +} + +# Preview next CIDR from pool +data "aws_vpc_ipam_preview_next_cidr" "previewed_cidr" { + ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id + netmask_length = 24 +} + +data "aws_region" "current" {} + +# Calculate subnet cidrs from previewed IPAM CIDR +locals { + partition = cidrsubnets(data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr, 2, 2) + private_subnets = cidrsubnets(local.partition[0], 2, 2) + public_subnets = cidrsubnets(local.partition[1], 2, 2) + azs = formatlist("${data.aws_region.current.name}%s", ["a", "b"]) +} + +module "vpc_cidr_from_ipam" { + source = "terraform-aws-modules/vpc/aws" + name = "vpc-cidr-from-ipam" + ipv4_ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id + azs = local.azs + cidr = data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr + private_subnets = local.private_subnets + public_subnets = local.public_subnets +} +``` + ## Examples - [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple-vpc) @@ -190,6 +238,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway - [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls) - [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs) - [VPC with Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost) +- [VPC CIDR from IPAM](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipam-vpc) - [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc) - [Few tests and edge case examples](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issues) @@ -205,13 +254,13 @@ Full contributing [guidelines are covered here](.github/contributing.md). | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.63 | +| [aws](#provider\_aws) | >= 3.73 | ## Modules @@ -306,7 +355,7 @@ No modules. | [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no | | [assign\_ipv6\_address\_on\_creation](#input\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no | | [azs](#input\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no | -| [cidr](#input\_cidr) | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no | +| [cidr](#input\_cidr) | (Optional) The IPv4 CIDR block for the VPC. | `string` | `"0.0.0.0/0"` | no | | [create\_database\_internet\_gateway\_route](#input\_create\_database\_internet\_gateway\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no | | [create\_database\_nat\_gateway\_route](#input\_create\_database\_nat\_gateway\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no | | [create\_database\_subnet\_group](#input\_create\_database\_subnet\_group) | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no | @@ -405,6 +454,7 @@ No modules. | [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no | | [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no | | [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no | +| [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. | `string` | `null` | no | | [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no | | [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no | | [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no | @@ -560,7 +610,7 @@ No modules. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index e0d88fdcf..a2f01eec1 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.63 | +| [aws](#provider\_aws) | >= 3.73 | ## Modules @@ -136,7 +136,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 73af73caf..c8ea60493 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -1,14 +1,15 @@ provider "aws" { - region = "eu-west-1" + region = local.region } locals { - name = "complete-example" + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + tags = { - Owner = "user" - Environment = "staging" - Name = "complete" + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" } } diff --git a/examples/complete-vpc/outputs.tf b/examples/complete-vpc/outputs.tf index 285539d2b..5cc0acdd0 100644 --- a/examples/complete-vpc/outputs.tf +++ b/examples/complete-vpc/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/complete-vpc/versions.tf b/examples/complete-vpc/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/complete-vpc/versions.tf +++ b/examples/complete-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/ipam-vpc/README.md b/examples/ipam-vpc/README.md new file mode 100644 index 000000000..3ce818a1f --- /dev/null +++ b/examples/ipam-vpc/README.md @@ -0,0 +1,171 @@ +# VPC with IPAM pool + +Configuration in this directory creates set of VPC resources using the CIDR provided by an IPAM pool. + +Note: Due to the nature of vending CIDR blocks from an IPAM pool, the IPAM pool must exist prior to creating a VPC using one of the CIDRs from the pool. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply -target=aws_vpc_ipam_preview_next_cidr.this # CIDR pool must exist before assigning CIDR from pool +$ terraform apply +``` + +To destroy this example you can execute: + +```bash +$ terraform destroy -target=module.vpc # destroy VPC that uses the IPAM pool CIDR first +$ terraform destroy +``` + +Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.73 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.73 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [vpc](#module\_vpc) | ../.. | n/a | + +## Resources + +| Name | Type | +|------|------| +| [aws_vpc_ipam.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource | +| [aws_vpc_ipam_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource | +| [aws_vpc_ipam_pool_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource | +| [aws_vpc_ipam_preview_next_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_preview_next_cidr) | resource | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway | +| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | +| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route | +| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route | +| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route | +| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL | +| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL | +| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association | +| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables | +| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets | +| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group | +| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group | +| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets | +| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets | +| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC | +| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL | +| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table | +| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation | +| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC | +| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC | +| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC | +| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC | +| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation | +| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support | +| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support | +| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC | +| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC | +| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC | +| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options | +| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway | +| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL | +| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL | +| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association | +| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables | +| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets | +| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group | +| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | +| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets | +| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets | +| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC | +| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway | +| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway | +| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL | +| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL | +| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association | +| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables | +| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets | +| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets | +| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets | +| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC | +| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | +| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | +| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | +| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | +| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | +| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | +| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | +| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | +| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | +| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route | +| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route | +| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | +| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL | +| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association | +| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables | +| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | +| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | +| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | +| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC | +| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route | +| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route | +| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL | +| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL | +| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association | +| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables | +| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets | +| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | +| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets | +| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | +| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | +| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | +| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | +| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | +| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | +| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group | +| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets | +| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets | +| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC | +| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes | +| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway | +| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway | +| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | +| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | +| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | +| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | +| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | +| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | +| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | +| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | +| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | +| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC | +| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block | +| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block | +| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC | +| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC | +| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC | + diff --git a/examples/ipam-vpc/main.tf b/examples/ipam-vpc/main.tf new file mode 100644 index 000000000..9daadf2f0 --- /dev/null +++ b/examples/ipam-vpc/main.tf @@ -0,0 +1,80 @@ +provider "aws" { + region = local.region +} + +locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" + region = "eu-west-1" + + partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2) + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } +} + +################################################################################ +# VPC Module +################################################################################ + +module "vpc" { + source = "../.." + + name = local.name + + private_subnets = cidrsubnets(local.partition[0], 2, 2) + public_subnets = cidrsubnets(local.partition[1], 2, 2) + + ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id + azs = ["${local.region}a", "${local.region}b"] + cidr = aws_vpc_ipam_preview_next_cidr.this.cidr + + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ + +/* +NOTES ON IPAM USAGE: + +In order to build subnets with your VPC Terraform must know subnet CIDRs to properly plan # of resources to build. +Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. +We can get around this by "previewing" the CIDR and then using that as the subnet values. + +In the example above we use `cidrsubnets()` to calculate a public and private "partitions" (group of cidrs) then calculate the specific +CIDRs for each subnet type. + +For an explanation on prolonged delete times on IPAM pools see 2nd +*note* in terraform docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr +*/ + +resource "aws_vpc_ipam" "this" { + operating_regions { + region_name = local.region + } +} + +resource "aws_vpc_ipam_pool" "this" { + address_family = "ipv4" + ipam_scope_id = aws_vpc_ipam.this.private_default_scope_id + locale = local.region + allocation_default_netmask_length = 24 +} + +resource "aws_vpc_ipam_pool_cidr" "this" { + ipam_pool_id = aws_vpc_ipam_pool.this.id + cidr = "10.0.0.0/16" +} + +resource "aws_vpc_ipam_preview_next_cidr" "this" { + ipam_pool_id = aws_vpc_ipam_pool.this.id + netmask_length = 20 + + depends_on = [ + aws_vpc_ipam_pool_cidr.this + ] +} diff --git a/examples/ipam-vpc/outputs.tf b/examples/ipam-vpc/outputs.tf new file mode 100644 index 000000000..77f244a90 --- /dev/null +++ b/examples/ipam-vpc/outputs.tf @@ -0,0 +1,535 @@ +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +output "vpc_arn" { + description = "The ARN of the VPC" + value = module.vpc.vpc_arn +} + +output "vpc_cidr_block" { + description = "The CIDR block of the VPC" + value = module.vpc.vpc_cidr_block +} + +output "default_security_group_id" { + description = "The ID of the security group created by default on VPC creation" + value = module.vpc.default_security_group_id +} + +output "default_network_acl_id" { + description = "The ID of the default network ACL" + value = module.vpc.default_network_acl_id +} + +output "default_route_table_id" { + description = "The ID of the default route table" + value = module.vpc.default_route_table_id +} + +output "vpc_instance_tenancy" { + description = "Tenancy of instances spin up within VPC" + value = module.vpc.vpc_instance_tenancy +} + +output "vpc_enable_dns_support" { + description = "Whether or not the VPC has DNS support" + value = module.vpc.vpc_enable_dns_support +} + +output "vpc_enable_dns_hostnames" { + description = "Whether or not the VPC has DNS hostname support" + value = module.vpc.vpc_enable_dns_hostnames +} + +output "vpc_main_route_table_id" { + description = "The ID of the main route table associated with this VPC" + value = module.vpc.vpc_main_route_table_id +} + +output "vpc_ipv6_association_id" { + description = "The association ID for the IPv6 CIDR block" + value = module.vpc.vpc_ipv6_association_id +} + +output "vpc_ipv6_cidr_block" { + description = "The IPv6 CIDR block" + value = module.vpc.vpc_ipv6_cidr_block +} + +output "vpc_secondary_cidr_blocks" { + description = "List of secondary CIDR blocks of the VPC" + value = module.vpc.vpc_secondary_cidr_blocks +} + +output "vpc_owner_id" { + description = "The ID of the AWS account that owns the VPC" + value = module.vpc.vpc_owner_id +} + +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "private_subnet_arns" { + description = "List of ARNs of private subnets" + value = module.vpc.private_subnet_arns +} + +output "private_subnets_cidr_blocks" { + description = "List of cidr_blocks of private subnets" + value = module.vpc.private_subnets_cidr_blocks +} + +output "private_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC" + value = module.vpc.private_subnets_ipv6_cidr_blocks +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} + +output "public_subnet_arns" { + description = "List of ARNs of public subnets" + value = module.vpc.public_subnet_arns +} + +output "public_subnets_cidr_blocks" { + description = "List of cidr_blocks of public subnets" + value = module.vpc.public_subnets_cidr_blocks +} + +output "public_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC" + value = module.vpc.public_subnets_ipv6_cidr_blocks +} + +output "outpost_subnets" { + description = "List of IDs of outpost subnets" + value = module.vpc.outpost_subnets +} + +output "outpost_subnet_arns" { + description = "List of ARNs of outpost subnets" + value = module.vpc.outpost_subnet_arns +} + +output "outpost_subnets_cidr_blocks" { + description = "List of cidr_blocks of outpost subnets" + value = module.vpc.outpost_subnets_cidr_blocks +} + +output "outpost_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" + value = module.vpc.outpost_subnets_ipv6_cidr_blocks +} + +output "database_subnets" { + description = "List of IDs of database subnets" + value = module.vpc.database_subnets +} + +output "database_subnet_arns" { + description = "List of ARNs of database subnets" + value = module.vpc.database_subnet_arns +} + +output "database_subnets_cidr_blocks" { + description = "List of cidr_blocks of database subnets" + value = module.vpc.database_subnets_cidr_blocks +} + +output "database_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC" + value = module.vpc.database_subnets_ipv6_cidr_blocks +} + +output "database_subnet_group" { + description = "ID of database subnet group" + value = module.vpc.database_subnet_group +} + +output "database_subnet_group_name" { + description = "Name of database subnet group" + value = module.vpc.database_subnet_group_name +} + +output "redshift_subnets" { + description = "List of IDs of redshift subnets" + value = module.vpc.redshift_subnets +} + +output "redshift_subnet_arns" { + description = "List of ARNs of redshift subnets" + value = module.vpc.redshift_subnet_arns +} + +output "redshift_subnets_cidr_blocks" { + description = "List of cidr_blocks of redshift subnets" + value = module.vpc.redshift_subnets_cidr_blocks +} + +output "redshift_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC" + value = module.vpc.redshift_subnets_ipv6_cidr_blocks +} + +output "redshift_subnet_group" { + description = "ID of redshift subnet group" + value = module.vpc.redshift_subnet_group +} + +output "elasticache_subnets" { + description = "List of IDs of elasticache subnets" + value = module.vpc.elasticache_subnets +} + +output "elasticache_subnet_arns" { + description = "List of ARNs of elasticache subnets" + value = module.vpc.elasticache_subnet_arns +} + +output "elasticache_subnets_cidr_blocks" { + description = "List of cidr_blocks of elasticache subnets" + value = module.vpc.elasticache_subnets_cidr_blocks +} + +output "elasticache_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC" + value = module.vpc.elasticache_subnets_ipv6_cidr_blocks +} + +output "intra_subnets" { + description = "List of IDs of intra subnets" + value = module.vpc.intra_subnets +} + +output "intra_subnet_arns" { + description = "List of ARNs of intra subnets" + value = module.vpc.intra_subnet_arns +} + +output "intra_subnets_cidr_blocks" { + description = "List of cidr_blocks of intra subnets" + value = module.vpc.intra_subnets_cidr_blocks +} + +output "intra_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC" + value = module.vpc.intra_subnets_ipv6_cidr_blocks +} + +output "elasticache_subnet_group" { + description = "ID of elasticache subnet group" + value = module.vpc.elasticache_subnet_group +} + +output "elasticache_subnet_group_name" { + description = "Name of elasticache subnet group" + value = module.vpc.elasticache_subnet_group_name +} + +output "public_route_table_ids" { + description = "List of IDs of public route tables" + value = module.vpc.public_route_table_ids +} + +output "private_route_table_ids" { + description = "List of IDs of private route tables" + value = module.vpc.private_route_table_ids +} + +output "database_route_table_ids" { + description = "List of IDs of database route tables" + value = module.vpc.database_route_table_ids +} + +output "redshift_route_table_ids" { + description = "List of IDs of redshift route tables" + value = module.vpc.redshift_route_table_ids +} + +output "elasticache_route_table_ids" { + description = "List of IDs of elasticache route tables" + value = module.vpc.elasticache_route_table_ids +} + +output "intra_route_table_ids" { + description = "List of IDs of intra route tables" + value = module.vpc.intra_route_table_ids +} + +output "public_internet_gateway_route_id" { + description = "ID of the internet gateway route" + value = module.vpc.public_internet_gateway_route_id +} + +output "public_internet_gateway_ipv6_route_id" { + description = "ID of the IPv6 internet gateway route" + value = module.vpc.public_internet_gateway_ipv6_route_id +} + +output "database_internet_gateway_route_id" { + description = "ID of the database internet gateway route" + value = module.vpc.database_internet_gateway_route_id +} + +output "database_nat_gateway_route_ids" { + description = "List of IDs of the database nat gateway route" + value = module.vpc.database_nat_gateway_route_ids +} + +output "database_ipv6_egress_route_id" { + description = "ID of the database IPv6 egress route" + value = module.vpc.database_ipv6_egress_route_id +} + +output "private_nat_gateway_route_ids" { + description = "List of IDs of the private nat gateway route" + value = module.vpc.private_nat_gateway_route_ids +} + +output "private_ipv6_egress_route_ids" { + description = "List of IDs of the ipv6 egress route" + value = module.vpc.private_ipv6_egress_route_ids +} + +output "private_route_table_association_ids" { + description = "List of IDs of the private route table association" + value = module.vpc.private_route_table_association_ids +} + +output "database_route_table_association_ids" { + description = "List of IDs of the database route table association" + value = module.vpc.database_route_table_association_ids +} + +output "redshift_route_table_association_ids" { + description = "List of IDs of the redshift route table association" + value = module.vpc.redshift_route_table_association_ids +} + +output "redshift_public_route_table_association_ids" { + description = "List of IDs of the public redshift route table association" + value = module.vpc.redshift_public_route_table_association_ids +} + +output "elasticache_route_table_association_ids" { + description = "List of IDs of the elasticache route table association" + value = module.vpc.elasticache_route_table_association_ids +} + +output "intra_route_table_association_ids" { + description = "List of IDs of the intra route table association" + value = module.vpc.intra_route_table_association_ids +} + +output "public_route_table_association_ids" { + description = "List of IDs of the public route table association" + value = module.vpc.public_route_table_association_ids +} + +output "dhcp_options_id" { + description = "The ID of the DHCP options" + value = module.vpc.dhcp_options_id +} + +output "nat_ids" { + description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_ids +} + +output "nat_public_ips" { + description = "List of public Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_public_ips +} + +output "natgw_ids" { + description = "List of NAT Gateway IDs" + value = module.vpc.natgw_ids +} + +output "igw_id" { + description = "The ID of the Internet Gateway" + value = module.vpc.igw_id +} + +output "igw_arn" { + description = "The ARN of the Internet Gateway" + value = module.vpc.igw_arn +} + +output "egress_only_internet_gateway_id" { + description = "The ID of the egress only Internet Gateway" + value = module.vpc.egress_only_internet_gateway_id +} + +output "cgw_ids" { + description = "List of IDs of Customer Gateway" + value = module.vpc.cgw_ids +} + +output "cgw_arns" { + description = "List of ARNs of Customer Gateway" + value = module.vpc.cgw_arns +} + +output "this_customer_gateway" { + description = "Map of Customer Gateway attributes" + value = module.vpc.this_customer_gateway +} + +output "vgw_id" { + description = "The ID of the VPN Gateway" + value = module.vpc.vgw_id +} + +output "vgw_arn" { + description = "The ARN of the VPN Gateway" + value = module.vpc.vgw_arn +} + +output "default_vpc_id" { + description = "The ID of the Default VPC" + value = module.vpc.default_vpc_id +} + +output "default_vpc_arn" { + description = "The ARN of the Default VPC" + value = module.vpc.default_vpc_arn +} + +output "default_vpc_cidr_block" { + description = "The CIDR block of the Default VPC" + value = module.vpc.default_vpc_cidr_block +} + +output "default_vpc_default_security_group_id" { + description = "The ID of the security group created by default on Default VPC creation" + value = module.vpc.default_vpc_default_security_group_id +} + +output "default_vpc_default_network_acl_id" { + description = "The ID of the default network ACL of the Default VPC" + value = module.vpc.default_vpc_default_network_acl_id +} + +output "default_vpc_default_route_table_id" { + description = "The ID of the default route table of the Default VPC" + value = module.vpc.default_vpc_default_route_table_id +} + +output "default_vpc_instance_tenancy" { + description = "Tenancy of instances spin up within Default VPC" + value = module.vpc.default_vpc_instance_tenancy +} + +output "default_vpc_enable_dns_support" { + description = "Whether or not the Default VPC has DNS support" + value = module.vpc.default_vpc_enable_dns_support +} + +output "default_vpc_enable_dns_hostnames" { + description = "Whether or not the Default VPC has DNS hostname support" + value = module.vpc.default_vpc_enable_dns_hostnames +} + +output "default_vpc_main_route_table_id" { + description = "The ID of the main route table associated with the Default VPC" + value = module.vpc.default_vpc_main_route_table_id +} + +output "public_network_acl_id" { + description = "ID of the public network ACL" + value = module.vpc.public_network_acl_id +} + +output "public_network_acl_arn" { + description = "ARN of the public network ACL" + value = module.vpc.public_network_acl_arn +} + +output "private_network_acl_id" { + description = "ID of the private network ACL" + value = module.vpc.private_network_acl_id +} + +output "private_network_acl_arn" { + description = "ARN of the private network ACL" + value = module.vpc.private_network_acl_arn +} + +output "outpost_network_acl_id" { + description = "ID of the outpost network ACL" + value = module.vpc.outpost_network_acl_id +} + +output "outpost_network_acl_arn" { + description = "ARN of the outpost network ACL" + value = module.vpc.outpost_network_acl_arn +} + +output "intra_network_acl_id" { + description = "ID of the intra network ACL" + value = module.vpc.intra_network_acl_id +} + +output "intra_network_acl_arn" { + description = "ARN of the intra network ACL" + value = module.vpc.intra_network_acl_arn +} + +output "database_network_acl_id" { + description = "ID of the database network ACL" + value = module.vpc.database_network_acl_id +} + +output "database_network_acl_arn" { + description = "ARN of the database network ACL" + value = module.vpc.database_network_acl_arn +} + +output "redshift_network_acl_id" { + description = "ID of the redshift network ACL" + value = module.vpc.redshift_network_acl_id +} + +output "redshift_network_acl_arn" { + description = "ARN of the redshift network ACL" + value = module.vpc.redshift_network_acl_arn +} + +output "elasticache_network_acl_id" { + description = "ID of the elasticache network ACL" + value = module.vpc.elasticache_network_acl_id +} + +output "elasticache_network_acl_arn" { + description = "ARN of the elasticache network ACL" + value = module.vpc.elasticache_network_acl_arn +} + +# VPC flow log +output "vpc_flow_log_id" { + description = "The ID of the Flow Log resource" + value = module.vpc.vpc_flow_log_id +} + +output "vpc_flow_log_destination_arn" { + description = "The ARN of the destination for VPC Flow Logs" + value = module.vpc.vpc_flow_log_destination_arn +} + +output "vpc_flow_log_destination_type" { + description = "The type of the destination for VPC Flow Logs" + value = module.vpc.vpc_flow_log_destination_type +} + +output "vpc_flow_log_cloudwatch_iam_role_arn" { + description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group" + value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn +} diff --git a/examples/ipam-vpc/variables.tf b/examples/ipam-vpc/variables.tf new file mode 100644 index 000000000..e69de29bb diff --git a/examples/ipam-vpc/versions.tf b/examples/ipam-vpc/versions.tf new file mode 100644 index 000000000..979baa847 --- /dev/null +++ b/examples/ipam-vpc/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 0.13.1" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.73" + } + } +} diff --git a/examples/ipv6/README.md b/examples/ipv6/README.md index fab3f34ca..318fc4d40 100644 --- a/examples/ipv6/README.md +++ b/examples/ipv6/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -125,7 +125,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/ipv6/main.tf b/examples/ipv6/main.tf index ce6709921..60f885196 100644 --- a/examples/ipv6/main.tf +++ b/examples/ipv6/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -35,8 +42,5 @@ module "vpc" { private_subnet_ipv6_prefixes = [2, 3] database_subnet_ipv6_prefixes = [4, 5] - tags = { - Owner = "user" - Environment = "dev" - } + tags = local.tags } diff --git a/examples/ipv6/outputs.tf b/examples/ipv6/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/ipv6/outputs.tf +++ b/examples/ipv6/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/ipv6/versions.tf b/examples/ipv6/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/ipv6/versions.tf +++ b/examples/ipv6/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/issues/README.md b/examples/issues/README.md index b689ca62e..db0005bf7 100644 --- a/examples/issues/README.md +++ b/examples/issues/README.md @@ -25,7 +25,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers diff --git a/examples/issues/main.tf b/examples/issues/main.tf index a838239d3..f031d62cd 100644 --- a/examples/issues/main.tf +++ b/examples/issues/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -24,10 +31,10 @@ module "vpc_issue_44" { create_database_subnet_group = true enable_nat_gateway = true - tags = { + tags = merge({ Issue = "44" Name = "asymmetrical" - } + }, local.tags) } ################################################################################ @@ -50,10 +57,10 @@ module "vpc_issue_46" { enable_dns_hostnames = true enable_nat_gateway = false - tags = { + tags = merge({ Issue = "46" Name = "no-private-subnets" - } + }, local.tags) } ################################################################################ @@ -73,8 +80,8 @@ module "vpc_issue_108" { single_nat_gateway = true enable_nat_gateway = true - tags = { + tags = merge({ Issue = "108" Name = "route-already-exists" - } + }, local.tags) } diff --git a/examples/issues/versions.tf b/examples/issues/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/issues/versions.tf +++ b/examples/issues/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index 89536d704..84d13f378 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -22,7 +22,7 @@ Run `terraform destroy` when you don't need these resources. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -127,7 +127,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/manage-default-vpc/main.tf b/examples/manage-default-vpc/main.tf index 2ea6bc9c9..98034a049 100644 --- a/examples/manage-default-vpc/main.tf +++ b/examples/manage-default-vpc/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -18,4 +25,6 @@ module "vpc" { manage_default_vpc = true default_vpc_name = "default" default_vpc_enable_dns_hostnames = true + + tags = local.tags } diff --git a/examples/manage-default-vpc/outputs.tf b/examples/manage-default-vpc/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/manage-default-vpc/outputs.tf +++ b/examples/manage-default-vpc/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/manage-default-vpc/versions.tf b/examples/manage-default-vpc/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/manage-default-vpc/versions.tf +++ b/examples/manage-default-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md index 1be9662ae..a8cd19f4a 100644 --- a/examples/network-acls/README.md +++ b/examples/network-acls/README.md @@ -24,7 +24,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -129,7 +129,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/network-acls/main.tf b/examples/network-acls/main.tf index 0d820aac8..b285a9b1e 100644 --- a/examples/network-acls/main.tf +++ b/examples/network-acls/main.tf @@ -3,8 +3,15 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } + network_acls = { default_inbound = [ { @@ -162,7 +169,7 @@ locals { module "vpc" { source = "../../" - name = "network-acls-example" + name = local.name cidr = "10.0.0.0/16" azs = ["${local.region}a", "${local.region}b", "${local.region}c"] @@ -189,10 +196,7 @@ module "vpc" { Name = "overridden-name-public" } - tags = { - Owner = "user" - Environment = "dev" - } + tags = local.tags vpc_tags = { Name = "vpc-name" diff --git a/examples/network-acls/outputs.tf b/examples/network-acls/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/network-acls/outputs.tf +++ b/examples/network-acls/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/network-acls/versions.tf b/examples/network-acls/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/network-acls/versions.tf +++ b/examples/network-acls/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/outpost/README.md b/examples/outpost/README.md index 58383547b..7c534ef16 100644 --- a/examples/outpost/README.md +++ b/examples/outpost/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.63 | +| [aws](#provider\_aws) | >= 3.73 | ## Modules @@ -134,7 +134,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/outpost/main.tf b/examples/outpost/main.tf index d923e083d..f5e04361f 100644 --- a/examples/outpost/main.tf +++ b/examples/outpost/main.tf @@ -7,8 +7,15 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } + network_acls = { outpost_inbound = [ { @@ -122,7 +129,7 @@ data "aws_availability_zones" "available" {} module "vpc" { source = "../../" - name = "outpost-example" + name = local.name cidr = "10.0.0.0/16" azs = [ @@ -152,8 +159,5 @@ module "vpc" { outpost_inbound_acl_rules = local.network_acls["outpost_inbound"] outpost_outbound_acl_rules = local.network_acls["outpost_outbound"] - tags = { - Owner = "user" - Environment = "dev" - } + tags = local.tags } diff --git a/examples/outpost/outputs.tf b/examples/outpost/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/outpost/outputs.tf +++ b/examples/outpost/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/outpost/versions.tf b/examples/outpost/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/outpost/versions.tf +++ b/examples/outpost/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index ec1d13789..58cbef9f1 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -127,7 +127,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/secondary-cidr-blocks/main.tf b/examples/secondary-cidr-blocks/main.tf index 76cb4c551..9aabe2ad0 100644 --- a/examples/secondary-cidr-blocks/main.tf +++ b/examples/secondary-cidr-blocks/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -13,7 +20,7 @@ locals { module "vpc" { source = "../../" - name = "secondary-cidr-blocks-example" + name = local.name cidr = "10.0.0.0/16" secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"] @@ -31,10 +38,7 @@ module "vpc" { Name = "overridden-name-public" } - tags = { - Owner = "user" - Environment = "dev" - } + tags = local.tags vpc_tags = { Name = "vpc-name" diff --git a/examples/secondary-cidr-blocks/outputs.tf b/examples/secondary-cidr-blocks/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/secondary-cidr-blocks/outputs.tf +++ b/examples/secondary-cidr-blocks/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/secondary-cidr-blocks/versions.tf b/examples/secondary-cidr-blocks/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/secondary-cidr-blocks/versions.tf +++ b/examples/secondary-cidr-blocks/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index a2b803a4a..9584de634 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -26,7 +26,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -131,7 +131,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf index 63de4446e..5473a92e2 100644 --- a/examples/simple-vpc/main.tf +++ b/examples/simple-vpc/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -13,7 +20,7 @@ locals { module "vpc" { source = "../../" - name = "simple-example" + name = local.name cidr = "10.0.0.0/16" azs = ["${local.region}a", "${local.region}b", "${local.region}c"] @@ -29,10 +36,7 @@ module "vpc" { Name = "overridden-name-public" } - tags = { - Owner = "user" - Environment = "dev" - } + tags = local.tags vpc_tags = { Name = "vpc-name" diff --git a/examples/simple-vpc/outputs.tf b/examples/simple-vpc/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/simple-vpc/outputs.tf +++ b/examples/simple-vpc/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/simple-vpc/versions.tf b/examples/simple-vpc/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/simple-vpc/versions.tf +++ b/examples/simple-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf index fafc4a8de..9a524e6d1 100644 --- a/examples/vpc-flow-logs/main.tf +++ b/examples/vpc-flow-logs/main.tf @@ -3,8 +3,15 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } + s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}" cloudwatch_log_group_name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}" } @@ -16,7 +23,7 @@ locals { module "vpc_with_flow_logs_s3_bucket" { source = "../../" - name = "vpc-flow-logs-s3-bucket" + name = local.name cidr = "10.30.0.0/16" azs = ["${local.region}a"] @@ -26,15 +33,13 @@ module "vpc_with_flow_logs_s3_bucket" { flow_log_destination_type = "s3" flow_log_destination_arn = module.s3_bucket.s3_bucket_arn - vpc_flow_log_tags = { - Name = "vpc-flow-logs-s3-bucket" - } + vpc_flow_log_tags = local.tags } module "vpc_with_flow_logs_s3_bucket_parquet" { source = "../../" - name = "vpc-flow-logs-s3-bucket" + name = "${local.name}-parquet" cidr = "10.30.0.0/16" azs = ["${local.region}a"] @@ -45,16 +50,14 @@ module "vpc_with_flow_logs_s3_bucket_parquet" { flow_log_destination_arn = module.s3_bucket.s3_bucket_arn flow_log_file_format = "parquet" - vpc_flow_log_tags = { - Name = "vpc-flow-logs-s3-bucket" - } + vpc_flow_log_tags = local.tags } # CloudWatch Log Group and IAM role created automatically module "vpc_with_flow_logs_cloudwatch_logs_default" { source = "../../" - name = "vpc-flow-logs-cloudwatch-logs-default" + name = "${local.name}-cloudwatch-logs-default" cidr = "10.10.0.0/16" azs = ["${local.region}a"] @@ -66,16 +69,14 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" { create_flow_log_cloudwatch_iam_role = true flow_log_max_aggregation_interval = 60 - vpc_flow_log_tags = { - Name = "vpc-flow-logs-cloudwatch-logs-default" - } + vpc_flow_log_tags = local.tags } # CloudWatch Log Group and IAM role created separately module "vpc_with_flow_logs_cloudwatch_logs" { source = "../../" - name = "vpc-flow-logs-cloudwatch-logs" + name = "${local.name}-cloudwatch-logs" cidr = "10.20.0.0/16" azs = ["${local.region}a"] @@ -86,9 +87,7 @@ module "vpc_with_flow_logs_cloudwatch_logs" { flow_log_destination_arn = aws_cloudwatch_log_group.flow_log.arn flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn - vpc_flow_log_tags = { - Name = "vpc-flow-logs-cloudwatch-logs" - } + vpc_flow_log_tags = local.tags } ################################################################################ @@ -108,9 +107,7 @@ module "s3_bucket" { policy = data.aws_iam_policy_document.flow_log_s3.json force_destroy = true - tags = { - Name = "vpc-flow-logs-s3-bucket" - } + tags = local.tags } data "aws_iam_policy_document" "flow_log_s3" { diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md index 41b1d15e7..0b2765a48 100644 --- a/examples/vpc-separate-private-route-tables/README.md +++ b/examples/vpc-separate-private-route-tables/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.63 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers @@ -127,7 +127,7 @@ No inputs. | [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC | | [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL | | [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL | -| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association | +| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association | | [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association | | [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables | | [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets | diff --git a/examples/vpc-separate-private-route-tables/main.tf b/examples/vpc-separate-private-route-tables/main.tf index b9536fdd2..dc1a75274 100644 --- a/examples/vpc-separate-private-route-tables/main.tf +++ b/examples/vpc-separate-private-route-tables/main.tf @@ -3,7 +3,14 @@ provider "aws" { } locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-vpc" + GithubOrg = "terraform-aws-modules" + } } ################################################################################ @@ -13,7 +20,7 @@ locals { module "vpc" { source = "../../" - name = "vpc-separate-private-route-tables" + name = local.name cidr = "10.10.0.0/16" @@ -31,9 +38,5 @@ module "vpc" { single_nat_gateway = true enable_nat_gateway = true - tags = { - Owner = "user" - Environment = "staging" - Name = "separate-private-route-tables" - } + tags = local.tags } diff --git a/examples/vpc-separate-private-route-tables/outputs.tf b/examples/vpc-separate-private-route-tables/outputs.tf index dc74e2f68..77f244a90 100644 --- a/examples/vpc-separate-private-route-tables/outputs.tf +++ b/examples/vpc-separate-private-route-tables/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = module.vpc.redshift_public_route_table_association_ids } diff --git a/examples/vpc-separate-private-route-tables/versions.tf b/examples/vpc-separate-private-route-tables/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/examples/vpc-separate-private-route-tables/versions.tf +++ b/examples/vpc-separate-private-route-tables/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } } diff --git a/main.tf b/main.tf index 7cf27cfd1..3fff7485a 100644 --- a/main.tf +++ b/main.tf @@ -20,7 +20,9 @@ locals { resource "aws_vpc" "this" { count = local.create_vpc ? 1 : 0 - cidr_block = var.cidr + cidr_block = var.cidr + ipv4_ipam_pool_id = var.ipv4_ipam_pool_id + instance_tenancy = var.instance_tenancy enable_dns_hostnames = var.enable_dns_hostnames enable_dns_support = var.enable_dns_support diff --git a/outputs.tf b/outputs.tf index 271360413..9d93dda4b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" { } output "redshift_public_route_table_association_ids" { - description = "List of IDs of the public redshidt route table association" + description = "List of IDs of the public redshift route table association" value = aws_route_table_association.redshift_public[*].id } diff --git a/variables.tf b/variables.tf index 66d78584f..d43671c65 100644 --- a/variables.tf +++ b/variables.tf @@ -11,7 +11,7 @@ variable "name" { } variable "cidr" { - description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden" + description = "(Optional) The IPv4 CIDR block for the VPC." type = string default = "0.0.0.0/0" } @@ -1190,6 +1190,12 @@ variable "flow_log_per_hour_partition" { default = false } +variable "ipv4_ipam_pool_id" { + description = "(Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR." + type = string + default = null +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool diff --git a/versions.tf b/versions.tf index 5a9fd0fc5..979baa847 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.63" + version = ">= 3.73" } } }