Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Necessary Security Group not Created for SSM, KMS and ECR DKR Endpoints #249

Closed
markmsmith opened this issue Apr 29, 2019 · 10 comments
Closed

Comments

@markmsmith
Copy link

Problem

When creating interface VPC Endpoints for SSM, KMS and ECR DKR (using the module variables enable_ssm_endpoint, enable_kms_endpoint and enable_ecr_dkr_endpoint respectively), the necessary security groups are not created, resulting in the errors:

module.network.module.vpc.aws_vpc_endpoint.ssm: 1 error(s) occurred:
* aws_vpc_endpoint.ssm: An Interface VPC Endpoint must always have at least one Security Group
* module.network.module.vpc.aws_vpc_endpoint.kms: 1 error(s) occurred:
* aws_vpc_endpoint.kms: An Interface VPC Endpoint must always have at least one Security Group
* module.network.module.vpc.aws_vpc_endpoint.ecr_dkr: 1 error(s) occurred:
* aws_vpc_endpoint.ecr_dkr: An Interface VPC Endpoint must always have at least one Security Group

There are already variables exposed to allow passing in pre-existing security groups for each of these, but since the security groups require the field vpc_id to be specified and we haven't created the VPC yet, there's no way to create one prior to invoking this module (unless I'm missing something).

Desired Behavior

A security group with the necessary ports (443 inbound etc) is created and associated to the endpoints whenever one or more interface VPC Endpoints are enabled, and is exposed as an output.

@markmsmith markmsmith changed the title Necessary Security Group not Created for KMS and ECR DKR Endpoints Necessary Security Group not Created for SSM, KMS and ECR DKR Endpoints Apr 29, 2019
@markmsmith
Copy link
Author

As some additional detail, if I attempt to omit the vpc_id field on the aws_security_group resource, I get the error:

* aws_security_group.vpc_endpoint: Error creating Security Group: VPCIdNotSpecified: No default VPC for this user
        status code: 400, request id: 04c59b28-501d-443f-a627-0ecf59b1a4b1

which I believe is due to it trying to fallback to using the default VPC, which we've deleted for this region (and would be the wrong VPC anyway).

@joan-s-molas
Copy link

joan-s-molas commented Jun 11, 2019

I was having the same issue then had a look at:

https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/examples/issue-224-vpcendpoint-apigw/main.tf

Creating an aws_security_group data resource pointing to default then referencing it in the module should help you - although I admit the security groups should probably be generated by the module itself.

@markmsmith
Copy link
Author

Thanks for the suggestion @joan-serra .
I'm still learning all the terraform tricks, can you help me understand why that doesn't setup create a circular reference between the security group's reference to the vpc module and the vpc module's reference to that security group? Looking at the data source lifecycle docs it seems like the data source's vpc reference won't resolve until apply time, but I don't follow why the vpc module wouldn't be blocked until its apigw_endpoint_security_group_ids property can be resolved, causing a deadlock.

Also, won't that just use the default security group that's created with a new VPC, which allows all traffic out and any port in the same SG? Is there any way to use a different security group, or do we just have to modify the rules on the default one?

@joan-s-molas
Copy link

I haven't dug further - using the default group from a data resource does seem like a workaround. Unless there is another way to do it which I haven't figured out I'd say that the security group should indeed be created by the module...

@markmsmith
Copy link
Author

Ok, thanks. For now I'm just going to stick with creating the VPC Endpoints externally so that I can control the Security Groups. Hopefully they'll get a chance to fix this soon.

@antonbabenko
Copy link
Member

Security groups should be created externally.

I have updated the example to demonstrate how VPC endpoint can be created in ef915dc.

v2.6.0 has been just released.

@markmsmith
Copy link
Author

I have to admit, I don't understand why that doesn't count as a cyclic dependency between module. http_sg.vpc_id and module.vpc. apigw_endpoint_security_group_ids, but ok.
Thanks.

@antonbabenko
Copy link
Member

Mark, this is easy to explain. Dependencies are calculated between resources and not between modules (as a whole).

Roughly speaking the order is like this: module.vpc.vpc_id => module.http_sg.this_security_group_id => module.vpc.apigw_endpoint_security_group_ids

@markmsmith
Copy link
Author

Thanks Anton, that helps.

guneriu added a commit to Yilu-Archive/terraform-aws-vpc that referenced this issue May 14, 2021
* Fixing typo overriden -> overridden (terraform-aws-modules#150)

just a typo in the docs and in the
public_subnet_tags in the simple example

* Provide separate route tables for db/elasticache/redshift (terraform-aws-modules#155)

* Provide separate route tables for db/elasticache/redshift

* Added example for saperate routes

* Updated PR with suggestions

* Make redshift to use separate subnet route table also

* More cleanup and updates

* Fixed one more spelling mistake

* Add minimum support for IPv6 to VPC (terraform-aws-modules#156)

* Added support for IPv6 to VPC

* Removed IPv6 from outputs (fixed terraform-aws-modules#157) (terraform-aws-modules#158)

* Add secondary CIDR block support (terraform-aws-modules#163)

* Add secondary CIDR block support using a local variable to derive the vpc id to ensure the CIDR block operations are applied before the CIDR operations

* Add secondary cidr block outputs to module output

* Add the wonderful examples from matthiasr's PR located at terraform-aws-modules#162 all credit goes to them for this wonderful example

* From copy and paste accidentally used variable name that differed from these variables

* Resolve typo in secondary_cidr_blocks

* Fixed README formatting

* Followups for terraform-aws-modules#161

* Added local.vpc_id with description

* add vars for custom subnet and route table names (terraform-aws-modules#168)

* add vars for custom subnet and route table names

* revert db suffix to "db"

* Added cloudcraft.co as a sponsor for this module

* Added cloudcraft.co as a sponsor for this module

* Removed comments starting from # to fix README

* Updated link to cloudcraft

* Updated link to cloudcraft

* Reordering tag merging (terraform-aws-modules#148)

* Added amazon_side_asn to vpn_gateway (terraform-aws-modules#159)

* Added amazon_side_asn to vpn_gateway

* change to Amazon default ASN (as per API) (terraform-aws-modules#176)

https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpn-gateway.html

* Updated README.md after merge

* Fixed terraform-aws-modules#177 - public_subnets should not always be validated

* Fix for the error: module.vpc.aws_redshift_subnet_group.redshift: only lowercase alphanumeric characters and hyphens allowed in name

Read more: terraform-aws-modules#180

* Updated pre-commit version with new terraform-docs script

* Added IGW route for DB subnets (based on terraform-aws-modules#179)

* Reverted complete-example

* Added azs to outputs which is an argument

* Added possibility to control creation of elasticache and redshift subnet groups

* Added SSM and EC2 VPC endpoints (fixes terraform-aws-modules#195, terraform-aws-modules#194)

* adding option to create a route to nat gateway in database subnets

* Reordered vars in count for database_nat_gateway route

* add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm.

* fix typo

* add additional endpoints to examples

* add files updated by pre-commit

* switch to terraform-docs v0.6.0

* Added option to create ECR api and dkr endpoints

* Added subnet ids to ecr endpoints

* Fixed formatting after terraform-aws-modules#205

* Fixed formatting after terraform-aws-modules#213

* Added intra subnet suffix. (terraform-aws-modules#220)

* Added intra subnet suffix.

* Fixed duplicate intra

* Fixed tag

* Added CHANGELOG.md (terraform-aws-modules#221)

* Bump version

* API gateway Endpoint (terraform-aws-modules#225)

* Updated changelog

* docs: Update comment in docs (terraform-aws-modules#226)

* Redshift public subnets (terraform-aws-modules#222)

* add public subnet for redshift to enable access for kinesis

* fix redshift subnet group name

* fix redshift public association

* add public redshift to documentation

* fix doc typo

* update code after review

* Redshift public subnets (terraform-aws-modules#222)

* Resolved conflicts after merge

* Updated changelog

* Network ACLs (terraform-aws-modules#238)

* Add variables for network ACLs

Add variables for specifying network ACLs for public, private, and
intra subnets. The ACLs are defined in a list, with sets of seven
elements for the rule number, rule action, from port, to port,
protocol, and cidr block.

* Add variables for network ACL tags

Add variables to specify additional tags for public, private, and intra
network ACL resources.

* Add resources for network ACLs

Add aws_network_acl and aws_network_acl_rule resources to specify
inbound and outbound network ACL rules for public, private, and intra
subnets.

* Add resource for default network ACL

Add a aws_default_network_acl resource to adopt the default network ACL
in the VPC.

* Adjust spacing to match code style

Remove the empty lines after comment blocks for network ACLs to match
the style of the rest of this module.

* Copy simple-vpc example as network-acls

Copy the simple-vpc example and adapt it to demonstrate the
configuration of network ACLs. A set of inbound and outbound ACLs are
specified in main.tf.

* Rename variables from _acls to _acl_rules

Clarify the variables for specifying ACL rules by renaming them from
*_acls to *_acl_rules. The values are used to create rules, not create
ACLs.

* Add nacl resources and variables for other subnets

Add aws_network_acl and aws_network_acl_rule resources for database,
redshift, and elasticache subnets, along with corresponding variables.
This provides network ACL coverage to all subnet types produced by this
module.

* Create ACLs only if there are subnets

For each subnet type, only create ACL resources if there are subnets
defined. For example, if database_subnets is empty, then don't create
ACL resources for database subnets.

* Add missing variables for ACL tags

Add the missing variable declarations for database_acl_tags,
redshift_acl_tags, and elasticache_acl_tags.

* Make ACL singular in description for _acl_tags

A single ACL is created for each of the subnet types. Update the
variable descriptions to reflect this.

* Convert rules to nested list of maps

Convert the NACL rule specifications from a list of lists to a list of
maps, as suggested by @jczerniak. This improves the readability of
rules.

* Restructure example config to use locals

Restructure the network ACL rules in the network-acls example to use
local variables to specify the rules, split between default and custom
rules.

* Follow-up for terraform-aws-modules#174

* Updated CHANGELOG

* Added missing VPC endpoints outputs (resolves terraform-aws-modules#246) (terraform-aws-modules#247)

* Updated CHANGELOG

* Add support for KMS VPC endpoint creation (terraform-aws-modules#243)

* Updated CHANGELOG

* Added ARN of VPC in module output (terraform-aws-modules#245)

I need in my policy generator the arn of vpc so I would like to include this

* Fixed formatting

* Updated CHANGELOG

* Add Output Of Subnet ARNs (terraform-aws-modules#242)

* Add Output Of Subnet ARNs

Facilitates resource access manager, subnet sharing across accounts

* Update Readme For Subnet ARN Output

* Fixed formatting

* Updated CHANGELOG

* Improving DHCP options docs (terraform-aws-modules#260)

* Improving DHCP options docs

* generating README from variables description

* Updated CHANGELOG

* ECS endpoint (terraform-aws-modules#261)

* add ecs vpc endpoints

* add ecs vpcendpoints outputs

* add ecs vpc endpoints to readme inputs/outputs table

* add ecs vpc endpoints to readme endpoint list

* Added VPC endpoints for SQS (closes terraform-aws-modules#248)

* Updated CHANGELOG

* Finally, Terraform 0.12 support (terraform-aws-modules#266)

* run terraform 0.12upgrade

* Cleanup for Terraform 0.12 (closes terraform-aws-modules#265, terraform-aws-modules#228)

* Fixed merge conflicts

* Updated CHANGELOG

* Upgrade Docker Image to fix CI (terraform-aws-modules#270)

* Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch (terraform-aws-modules#269)

* Updated CHANGELOG

* Updated Terraform versions in README

* Updated CHANGELOG

* Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12)

* Updated CHANGELOG

* Fixed broken 2.3.0

* Updated CHANGELOG

* Updated CHANGELOG

* Update tflint to 0.8.2 for circleci task (terraform-aws-modules#280)

* Updated VPC endpoint example (fixed terraform-aws-modules#249)

* Updated CHANGELOG

* Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 (terraform-aws-modules#288)

* Updated CHANGELOG

* Enable backwards compatibility

* KAN-380 terraform 0.12 upgrade

* enable backwards compatibility

Co-authored-by: Tristan Escalada <tristan@escalada.us>
Co-authored-by: Anton Babenko <anton@antonbabenko.com>
Co-authored-by: Rupert Broad <rupert.broad@exact.com>
Co-authored-by: Scott Crooks <sc250024@users.noreply.github.com>
Co-authored-by: Mayur Nagekar <mayur@meetbeam.com>
Co-authored-by: ebarault <eric.barault@gmail.com>
Co-authored-by: tbugfinder <github@online.ms>
Co-authored-by: Michiel Dhadamus <michiel.dhadamus@dataminded.be>
Co-authored-by: Kinnaird McQuade <kmcquade@users.noreply.github.com>
Co-authored-by: tharun-allu <tharun-allu@users.noreply.github.com>
Co-authored-by: Kyle <1kylecameron@gmail.com>
Co-authored-by: bmihaescu <bmihaescu@gmail.com>
Co-authored-by: Nikos Loutas <nloutas@gmail.com>
Co-authored-by: Rafael Bernardo <rafaelbernardo@protonmail.com>
Co-authored-by: Blaine Schanfeldt <git@blaines.me>
Co-authored-by: Andreas Wittig <andreas@widdix.de>
Co-authored-by: Ilia Lazebnik <Ilia.lazebnik@gmail.com>
Co-authored-by: Niklas Wagner <Skaro@Skaronator.com>
Co-authored-by: Sebastian Geidies <sebastian.geidies@bcgdv.com>
Co-authored-by: ugur.guneri <ugur.guneri@yiluhub.com>
mayank-aggarwal-yilu added a commit to Yilu-Archive/terraform-aws-vpc that referenced this issue Nov 25, 2021
* Fixed formatting

* Updated CHANGELOG

* Add Output Of Subnet ARNs (terraform-aws-modules#242)

* Add Output Of Subnet ARNs

Facilitates resource access manager, subnet sharing across accounts

* Update Readme For Subnet ARN Output

* Fixed formatting

* Updated CHANGELOG

* Improving DHCP options docs (terraform-aws-modules#260)

* Improving DHCP options docs

* generating README from variables description

* Updated CHANGELOG

* ECS endpoint (terraform-aws-modules#261)

* add ecs vpc endpoints

* add ecs vpcendpoints outputs

* add ecs vpc endpoints to readme inputs/outputs table

* add ecs vpc endpoints to readme endpoint list

* Added VPC endpoints for SQS (closes terraform-aws-modules#248)

* Updated CHANGELOG

* Finally, Terraform 0.12 support (terraform-aws-modules#266)

* run terraform 0.12upgrade

* Cleanup for Terraform 0.12 (closes terraform-aws-modules#265, terraform-aws-modules#228)

* Fixed merge conflicts

* Updated CHANGELOG

* Upgrade Docker Image to fix CI (terraform-aws-modules#270)

* Added VPC Endpoints for SNS, Cloudtrail, ELB, Cloudwatch (terraform-aws-modules#269)

* Updated CHANGELOG

* Updated Terraform versions in README

* Updated CHANGELOG

* Fixed opportunity to create the vpc, vpn gateway routes (bug during upgrade to 0.12)

* Updated CHANGELOG

* Fixed broken 2.3.0

* Updated CHANGELOG

* Updated CHANGELOG

* Update tflint to 0.8.2 for circleci task (terraform-aws-modules#280)

* Updated VPC endpoint example (fixed terraform-aws-modules#249)

* Updated CHANGELOG

* Updated pre-commit-terraform to support terraform-docs and Terraform 0.12 (terraform-aws-modules#288)

* Updated CHANGELOG

* Updated version of pre-commit-terraform

* adding secrets manager vpc end point support

* adding config vpc end point support

* adding codebuild, codecommit and git-codecommit vpc end point support

* adding transfer server vpc end point support

* Added Kinesis streams and firehose VPC endpoints (terraform-aws-modules#301)

* Fixed README after merge

* Updated CHANGELOG

* Output var.name (terraform-aws-modules#303)

* Fixed README after merge

* Updated CHANGELOG

* Add IPv6 support (terraform-aws-modules#317)

* IPv6 support

Add variable "enable_ipv6" to allow enabling IPv6 support (resulting in
passing "assign_generated_ipv6_cidr_block" to aws_vpc.

Enabling IPv6 support further results in an Egress-only internet gateway
being provisioned and routing tables of subnets being adjusted.

Additional variables allow to choose the indices out of the /64 subnets
based on the assigned /56 range.

* Add example for IPv6 usage

* Remove redundant parameter assign_generated_ipv6_cidr_block

This is needed exactly when var.enable_ipv6 is true.

* Set subnet ipv6_cidr_block to null if unused

* Be picky about spelling

* Revert unrelated change

* More IPv6 spelling

* Added IPv6 support to VPC module

* Added IPv6 support to VPC module

* Updated CHANGELOG

* Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs (terraform-aws-modules#311)

* AWS Glue VPC endpoint

* sagemaker notebook vpc endpoint

* correct service name for notebook endpoint

* added outputs kinesis

* added endpoints output glue, fix readme

* endpoint for STS

* endpoint for STS (variables)

* Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs

* Updated CHANGELOG

* Added tags to VPC Endpoints (terraform-aws-modules#292)

* Add tags to VPC Endpoints

* Update variables.tf

add new line between variables

* centralize vpce tag param

* fix s3 tags

* Updated README

* Updated README

* Updated README

* Updated CHANGELOG

* Added support for ICMP rules in Network ACL (terraform-aws-modules#286)

* Added icmp_code and icmp_type values to non default acl rules.

* Added support for both ICMP and non-ICMP rules in NACL

* Updated CHANGELOG

* Added support for EC2 ClassicLink (terraform-aws-modules#322)

* Updated CHANGELOG

* Add VPC endpoints for CloudFormation, CodePipeline, Storage Gateway, AppMesh, Transfer, Service Catalog & SageMaker(Runtime & API) (terraform-aws-modules#324)

* add new endpoints

* merge change from master

* Updated CHANGELOG

* Added VPC Endpoints for AppStream, Athena & Rekognition (terraform-aws-modules#335)

* Updated CHANGELOG

* Added support for `ipv6_cidr_block` in network acls (terraform-aws-modules#329)

Add support for `ipv6_cidr_block` in `*_{in|out}bound_acl_rules`.  As a
conseqeunce, the (ipv4) `cidr_block` is made optional.

* Updated network-acls example with IPv6 rules

* Updated CHANGELOG

* Fixed spelling mistakes

* Updated CHANGELOG

* Add Elastic File System & Cloud Directory VPC Endpoints (terraform-aws-modules#355)

* Updated CHANGELOG

* Update TFLint to v0.12.1 for circleci (terraform-aws-modules#351)

Update TFLint to v0.12.1

* Added Customer Gateway resource (terraform-aws-modules#360)

* Updated CHANGELOG

* fix ipv6 enable (terraform-aws-modules#340)

* Updated CHANGELOG

* Added note about Transit Gateway integration (terraform-aws-modules#386)

* Updated CHANGELOG

* Updated pre-commit-terraform with terraform-docs 0.8.0 support (terraform-aws-modules#388)

* Updated CHANGELOG

* Set minimum terraform version to 0.12.6 (fixes circleci) (terraform-aws-modules#390)

* Updated CHANGELOG

* Added support for both types of values in azs (names and ids) (terraform-aws-modules#370)

* Updated CHANGELOG

* Add VPC Flow Logs capabilities (terraform-aws-modules#316)

* Updated CHANGELOG

* Fixed output of aws_flow_log

* Updated CHANGELOG

* Add support for specifying AZ in VPN Gateway (terraform-aws-modules#401)

* Updated CHANGELOG

* Added tagging for VPC Flow Logs (terraform-aws-modules#407)

* Updated CHANGELOG

* [ci skip] Create "LICENSE".

* [ci skip] Create ".pre-commit-config.yaml".

* [ci skip] Create "Makefile".

* [ci skip] Create ".gitignore".

* [ci skip] Create ".editorconfig".

* [ci skip] Create ".chglog/CHANGELOG.tpl.md".

* Updated CHANGELOG

* chore: Add badge for latest version number (terraform-aws-modules#384)

* Updated CHANGELOG

* feat: Add intra subnet VPN route propagation (terraform-aws-modules#421)

* Updated CHANGELOG

* docs: Document create_database_subnet_group requiring database_subnets (terraform-aws-modules#424)

I ran into the same issue as terraform-aws-modules#126 because there's nothing in the documentation making it clear that `create_database_subnet_group` only has an effect if you also specify `database_subnets`.

* feat: Add EC2 Auto Scaling VPC endpoint (terraform-aws-modules#374)

* docs: Updated required versions of Terraform

* Updated CHANGELOG

* added owner_id output (#1)

* fix: Updated outputs in ipv6 example (terraform-aws-modules#375)

* feat: Add routes table association and route attachment outputs (terraform-aws-modules#398)

* Updated CHANGELOG

* feat: Add VPC Endpoint for SES (terraform-aws-modules#449)

* Updated CHANGELOG

* feat: Added support for more VPC endpoints (terraform-aws-modules#369)

* Updated CHANGELOG

* fix: Fix wrong ACM PCA output (terraform-aws-modules#450)

* Updated CHANGELOG

* Updated description of vpc_owner_id

* docs: Fixed README

* Updated CHANGELOG

* feat: Enable support for Terraform 0.13 as a valid version by setting minimum version required (terraform-aws-modules#455)

* Updated CHANGELOG

* feat: Add support for tagging egress only internet gateway (terraform-aws-modules#430)

* feat: Add support for VPC flow log max_aggregation_interval (terraform-aws-modules#431)

* Updated pre-commit hooks

* Updated CHANGELOG

* fix: Output list of external_nat_ips when using external eips (terraform-aws-modules#432)

* Updated CHANGELOG

* fix: Reorder tags to allow overriding Name tag in route tables (terraform-aws-modules#458)

* Updated CHANGELOG

* feat: add support for disabling IGW for public subnets (terraform-aws-modules#457)

* Updated CHANGELOG

* feat: manage default security group (terraform-aws-modules#382)

* Updated CHANGELOG

* docs: Fix typo in nat_public_ips (terraform-aws-modules#460)

* fix: bumping terraform version from 0.12.6 to 0.12.7 in circleci to include regexall function (terraform-aws-modules#474)

* feat: bump version of aws provider version to support 3.* (terraform-aws-modules#479)

* Updated CHANGELOG

* fix: InvalidServiceName for elasticbeanstalk_health (terraform-aws-modules#484)

* Updated CHANGELOG

* feat: add arn outputs for: igw, cgw, vgw, default vpc, acls (terraform-aws-modules#471)

* Updated CHANGELOG

* fix: Use database route table instead of private route table for NAT gateway route (terraform-aws-modules#476)

* Updated CHANGELOG

* feat: Add ability to create RDS endpoint to VPC (terraform-aws-modules#499)

* Updated CHANGELOG

* feat: Add ability to create CodeDeploy endpoint to VPC (terraform-aws-modules#501)

* Updated CHANGELOG

* feat: add enable_public_s3_endpoint variable for S3 VPC Endpoint for public subnets (terraform-aws-modules#502)

* Updated CHANGELOG

* feat: Added tflint as pre-commit hook (terraform-aws-modules#507)

* Updated CHANGELOG

* feat: Add support for security groups ids in default sg's rules (terraform-aws-modules#491)

* Updated CHANGELOG

* fix: Split appstream to appstream_api and appstream_streaming (terraform-aws-modules#508)

* Updated CHANGELOG

* feat: Added Textract vpc endpoint (terraform-aws-modules#509)

* docs: Updated docs with pre-commit

* Updated CHANGELOG

* fix: Create only required number of NAT gateways (terraform-aws-modules#492)

* Updated CHANGELOG

* revert: Create only required number of NAT gateways (terraform-aws-modules#492) (terraform-aws-modules#517)

* Updated CHANGELOG

* feat: Added support for Terraform 0.14 (terraform-aws-modules#525)

* Updated CHANGELOG

* fix: Removed ignore_changes to work with Terraform 0.14 (terraform-aws-modules#526)

* Updated CHANGELOG

* fix: Resource aws_default_network_acl orphaned subnet_ids (terraform-aws-modules#530)

* Updated CHANGELOG

* Fixed circleci configs

* fix: Updated min required version of Terraform to 0.12.21 (terraform-aws-modules#532)

* Updated CHANGELOG

* feat: Added Codeartifact API/Repo vpc endpoints (terraform-aws-modules#515)

* Updated README

* Updated CHANGELOG

* feat: Lambda VPC Endpoint (terraform-aws-modules#534)

* Updated CHANGELOG

* docs: Updated README and pre-commit (terraform-aws-modules#537)

* Updated CHANGELOG

* feat: Adding vpc_flow_log_permissions_boundary (terraform-aws-modules#536)

* Updated CHANGELOG

* docs: Clarifies default_vpc attributes (terraform-aws-modules#552)

* Updated CHANGELOG

* fix: Adding missing RDS endpoint to output.tf (terraform-aws-modules#563)

* feat: Adding VPC endpoint for DMS (terraform-aws-modules#564)

* Updated CHANGELOG

* fix: Fixed wrong count in DMS endpoint (terraform-aws-modules#566)

* Updated CHANGELOG

* fix: Specify an endpoint type for S3 VPC endpoint (terraform-aws-modules#573)

* Updated CHANGELOG

* feat: Upgraded minimum required versions of AWS provider to 3.10 (terraform-aws-modules#574)

* Updated CHANGELOG

* chore: update documentation based on latest `terraform-docs` which includes module and resource sections (terraform-aws-modules#594)

* Updated CHANGELOG

* chore: add ci-cd workflow for pre-commit checks (terraform-aws-modules#598)

* fix: Correctly manage route tables for database subnets when multiple NAT gateways present (terraform-aws-modules#518)

* Updated CHANGELOG

* fix: aws_default_security_group was always dirty when manage_default_security_group was set  (terraform-aws-modules#591)

* chore: Adds database_subnet_group_name as an output variable (terraform-aws-modules#592)

* Updated CHANGELOG

* chore: Updated the conditional creation section of the README (terraform-aws-modules#584)

* fix: use filter for getting service type for S3 endpoint and update to allow s3 to use interface endpoint types (terraform-aws-modules#597)

* Updated CHANGELOG

* feat: add vpc endpoint policies to supported services (terraform-aws-modules#601)

* feat: add vpc endpoint policies to supported services

* chore: empty commit to re-run

* chore: Run pre-commit terraform_docs hook

Co-authored-by: Anton Babenko <anton@antonbabenko.com>

* Updated CHANGELOG

* fix: Remove CreateLogGroup permission from service role (terraform-aws-modules#550)

* Updated CHANGELOG

* feat: add default route table resource to manage default route table, its tags, routes, etc. (terraform-aws-modules#599)

* Updated CHANGELOG

* chore: align ci-cd static checks to use individual minimum Terraform versions (terraform-aws-modules#606)

* chore: update documentation and pin `terraform_docs` version to avoid future changes (terraform-aws-modules#619)

* feat: Add outpost support (subnet, NACL, IPv6) (terraform-aws-modules#542)

* Updated CHANGELOG

* refactor: remove existing vpc endpoint configurations from base module and move into sub-module (terraform-aws-modules#635)

* Updated CHANGELOG

* chore: update CI/CD to use stable `terraform-docs` release artifact and discoverable Apache2.0 license (terraform-aws-modules#643)

* chore: Private DNS cannot be used with S3 endpoint (terraform-aws-modules#651)

* chore: Removed link to cloudcraft

* Updated CHANGELOG

* feat: Added database_subnet_group_name variable (terraform-aws-modules#656)

* Updated CHANGELOG

* fix: Fixed SID for assume role policy for flow logs (terraform-aws-modules#670)

* fix: Fixed mistake in separate private route tables example (terraform-aws-modules#664)

* docs: Added ID of aws_vpc_dhcp_options to outputs (terraform-aws-modules#669)

Co-authored-by: Anton Babenko <anton@antonbabenko.com>

* Updated CHANGELOG

* fix: Update the terraform to support new provider signatures (terraform-aws-modules#678)

* Updated CHANGELOG

* fix: Return correct route table when enable_public_redshift is set (terraform-aws-modules#337)

* Updated CHANGELOG

* feat: Added device_name to customer gateway object. (terraform-aws-modules#681)

* Updated CHANGELOG

* feat: Add support for naming and tagging subnet groups (terraform-aws-modules#688)

* Updated CHANGELOG

* Updated pre-commit

* chore: Updated outputs in example (terraform-aws-modules#690)

* docs: Fixed docs in simple-vpc

* Updated CHANGELOG

* feat: Added support for VPC Flow Logs in Parquet format (terraform-aws-modules#700)

* Updated CHANGELOG

* feat: Added timeout block to aws_default_route_table resource (terraform-aws-modules#701)

* Updated CHANGELOG

* fix: Enabled destination_options only for VPC Flow Logs on S3 (terraform-aws-modules#703)

* Updated CHANGELOG

* feat: Add tags to VPC flow logs IAM policy (terraform-aws-modules#706)

* Updated CHANGELOG

* fix: update CI/CD process to enable auto-release workflow (terraform-aws-modules#711)

* Downgraded provider version to match current version in main repo

* Removing Error Blocks

* Renamed VPC

* Upgraded AWS provider version

* Downgraded AWS provider version

Co-authored-by: Anton Babenko <anton@antonbabenko.com>
Co-authored-by: Blaine Schanfeldt <git@blaines.me>
Co-authored-by: Andreas Wittig <andreas@widdix.de>
Co-authored-by: Ilia Lazebnik <Ilia.lazebnik@gmail.com>
Co-authored-by: Niklas Wagner <Skaro@Skaronator.com>
Co-authored-by: Christian Kemper <christian.kemper@me.com>
Co-authored-by: Edward Viaene <ward.viaene@gmail.com>
Co-authored-by: Ben Sykes <hootieben@gmail.com>
Co-authored-by: Edward Viaene <ward@in4it.io>
Co-authored-by: Thomas Baumann <thomas@thomasbaumann.me>
Co-authored-by: Bas Zoetekouw <bas.zoetekouw@surfnet.nl>
Co-authored-by: Günter Grodotzki <gunter@grodotzki.co.za>
Co-authored-by: Eytan Hanig <eytanhanig@users.noreply.github.com>
Co-authored-by: Miguel Ferreira <miguelf@backbase.com>
Co-authored-by: betajobot <anton+betajobot@antonbabenko.com>
Co-authored-by: Betajobot <28572351+betajobot@users.noreply.github.com>
Co-authored-by: Christoph Bünte <info@christophbuente.de>
Co-authored-by: Chris Adams <chris@improbable.org>
Co-authored-by: Pablo Serrano <pablo@pabloserrano.cc>
Co-authored-by: V Malinics <47030027+vmalinics-managemy@users.noreply.github.com>
Co-authored-by: Allan Simon <allan.simon@supinfo.com>
Co-authored-by: quentin9696 <quentin9696@users.noreply.github.com>
Co-authored-by: Jarosław Wygoda <wygoda.jaroslaw@gmail.com>
Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
Co-authored-by: Clément L <porkepix@gmail.com>
Co-authored-by: Jonas Kint <kint.jonas@gmail.com>
Co-authored-by: Michal Schott <schott.michal@gmail.com>
Co-authored-by: Xaaris <xaaris@googlemail.com>
Co-authored-by: Bradley Mickunas <bmickunas@gmail.com>
Co-authored-by: Hao CHEN <ilff8chen@gmail.com>
Co-authored-by: Volodymyr Zahorniak <7808206+zahorniak@users.noreply.github.com>
Co-authored-by: Yauheni Batsianouski <yauheni.batsianouski@gmail.com>
Co-authored-by: Hao CHEN <hao.chen@vector.co.nz>
Co-authored-by: Pablo Serrano <info@pabloserrano.net>
Co-authored-by: Jeremy Ciak <51718240+jeremyciak@users.noreply.github.com>
Co-authored-by: Larry Aiello <lawrence.aiello@laiello.com>
Co-authored-by: Kelsey M <kelseymok@gmail.com>
Co-authored-by: Lucas Albertine de Godoi <lucasag@hotmail.com.br>
Co-authored-by: Andor Markus <51825189+andormarkus@users.noreply.github.com>
Co-authored-by: Mohamed El Mouctar Haidara <elmhaidara@gmail.com>
Co-authored-by: Diego Rodriguez <diego@noteable.io>
Co-authored-by: Oliver L Schoenborn <oliver.schoenborn@gmail.com>
Co-authored-by: Damien Gustave <delovan@gmail.com>
Co-authored-by: ae-ou <jakero9513@googlemail.com>
Co-authored-by: Léo Gillot-Lamure <leo.gillot@navaati.net>
Co-authored-by: Alex Bryant <37807219+brylex418@users.noreply.github.com>
Co-authored-by: Rob Lazzurs <rob@lazzurs.org>
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: hieultan <hieu.ltan@gmail.com>
Co-authored-by: Dmytro Oboznyi <55382034+DOboznyi@users.noreply.github.com>
Co-authored-by: Jamie Starke <github@jamiestarke.com>
Co-authored-by: Sebastian Korfmann <sebastian@korfmann.net>
Co-authored-by: Joao Gilberto Magalhaes <joao@byjg.com.br>
Co-authored-by: Juho Majasaari <j.majasaari@gmail.com>
Co-authored-by: itsmeremz <itsmeremz@gmail.com>
Co-authored-by: drewmullen <mullen.drew@gmail.com>
Co-authored-by: Mukesh Sharma <mukeshsharma24@gmail.com>
Co-authored-by: Kamil Aliev <kamilaliev@hotmail.com>
Co-authored-by: rajgandhi9 <82183844+rajgandhi9@users.noreply.github.com>
Co-authored-by: Mayank Aggarwal <aggarwal.mayank@yiluhub.com>
@github-actions
Copy link

github-actions bot commented Nov 4, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 4, 2022
waddamski pushed a commit to hmrc/terraform-aws-vpc that referenced this issue Jul 5, 2024
waddamski pushed a commit to hmrc/terraform-aws-vpc that referenced this issue Jul 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants