From 9dd07993b489d0e7e5fea08c2e8d9b81471fefb7 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Tue, 3 Sep 2019 16:40:35 +0300 Subject: [PATCH 1/6] add new endpoints --- outputs.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 946d081e1..c6c35d640 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1002,7 +1002,6 @@ output "vpc_endpoint_cloud_directory_dns_entry" { value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry) } - # Static values (arguments) output "azs" { description = "A list of availability zones specified as argument to this module" From 27643f00fecc22ebe01cc40d6dc149ed1cc1124e Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Thu, 5 Dec 2019 13:18:30 +0200 Subject: [PATCH 2/6] fix --- outputs.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/outputs.tf b/outputs.tf index c6c35d640..946d081e1 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1002,6 +1002,7 @@ output "vpc_endpoint_cloud_directory_dns_entry" { value = flatten(aws_vpc_endpoint.cloud_directory.*.dns_entry) } + # Static values (arguments) output "azs" { description = "A list of availability zones specified as argument to this module" From aedae35e019e8ae2bca0fa49f62e967f1fa877e5 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Thu, 5 Dec 2019 17:52:34 +0200 Subject: [PATCH 3/6] us az ids --- main.tf | 18 ++++++++++++------ variables.tf | 6 ++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index 396afb323..677b1beab 100644 --- a/main.tf +++ b/main.tf @@ -285,7 +285,8 @@ resource "aws_subnet" "public" { vpc_id = local.vpc_id cidr_block = element(concat(var.public_subnets, [""]), count.index) - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null map_public_ip_on_launch = var.map_public_ip_on_launch assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation @@ -312,7 +313,8 @@ resource "aws_subnet" "private" { vpc_id = local.vpc_id cidr_block = var.private_subnets[count.index] - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null @@ -338,7 +340,8 @@ resource "aws_subnet" "database" { vpc_id = local.vpc_id cidr_block = var.database_subnets[count.index] - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null @@ -380,7 +383,8 @@ resource "aws_subnet" "redshift" { vpc_id = local.vpc_id cidr_block = var.redshift_subnets[count.index] - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null @@ -422,7 +426,8 @@ resource "aws_subnet" "elasticache" { vpc_id = local.vpc_id cidr_block = var.elasticache_subnets[count.index] - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null @@ -456,7 +461,8 @@ resource "aws_subnet" "intra" { vpc_id = local.vpc_id cidr_block = var.intra_subnets[count.index] - availability_zone = element(var.azs, count.index) + availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null + availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null diff --git a/variables.tf b/variables.tf index 856e2a25c..48d2585f5 100644 --- a/variables.tf +++ b/variables.tf @@ -244,6 +244,12 @@ variable "azs" { default = [] } +variable "use_az_ids" { + description = "Whether to use availability zone ids" + type = bool + default = false +} + variable "enable_dns_hostnames" { description = "Should be true to enable DNS hostnames in the VPC" type = bool From 9dd944caa6e774a97df432d9055ef32f22f48ee6 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Sat, 8 Feb 2020 18:53:23 +0200 Subject: [PATCH 4/6] add az id example --- examples/simple-vpc-az-id/README.md | 43 ++++++++++++++++++++++++++++ examples/simple-vpc-az-id/main.tf | 37 ++++++++++++++++++++++++ examples/simple-vpc-az-id/outputs.tf | 40 ++++++++++++++++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 examples/simple-vpc-az-id/README.md create mode 100644 examples/simple-vpc-az-id/main.tf create mode 100644 examples/simple-vpc-az-id/outputs.tf diff --git a/examples/simple-vpc-az-id/README.md b/examples/simple-vpc-az-id/README.md new file mode 100644 index 000000000..e15344148 --- /dev/null +++ b/examples/simple-vpc-az-id/README.md @@ -0,0 +1,43 @@ +# Simple VPC with AZ IDs + +Configuration in this directory creates set of VPC resources which may be sufficient for development environment. + +There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones. + +This configuration uses Availability Zone IDs instead on names to allow specifying exact Availability Zone and not a randomized one. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. + + +## Providers + +| Name | Version | +|------|---------| +| aws | n/a | + +## Inputs + +No input. + +## Outputs + +| Name | Description | +|------|-------------| +| azs | A list of availability zones spefified as argument to this module | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | + + diff --git a/examples/simple-vpc-az-id/main.tf b/examples/simple-vpc-az-id/main.tf new file mode 100644 index 000000000..1c961989d --- /dev/null +++ b/examples/simple-vpc-az-id/main.tf @@ -0,0 +1,37 @@ +provider "aws" { + region = "eu-west-1" +} + +data "aws_security_group" "default" { + name = "default" + vpc_id = module.vpc.vpc_id +} + +module "vpc" { + source = "../../" + + name = "simple-example" + + cidr = "10.0.0.0/16" + use_az_ids = true + azs = ["euw1-az1", "euw1-az2", "euw1-az3"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + Name = "overridden-name-public" + } + + tags = { + Owner = "user" + Environment = "dev" + } + + vpc_tags = { + Name = "vpc-name" + } +} + diff --git a/examples/simple-vpc-az-id/outputs.tf b/examples/simple-vpc-az-id/outputs.tf new file mode 100644 index 000000000..251969ca2 --- /dev/null +++ b/examples/simple-vpc-az-id/outputs.tf @@ -0,0 +1,40 @@ +# VPC +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +# CIDR blocks +output "vpc_cidr_block" { + description = "The CIDR block of the VPC" + value = module.vpc.vpc_cidr_block +} + +//output "vpc_ipv6_cidr_block" { +// description = "The IPv6 CIDR block" +// value = ["${module.vpc.vpc_ipv6_cidr_block}"] +//} + +# Subnets +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} + +# NAT gateways +output "nat_public_ips" { + description = "List of public Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_public_ips +} + +# AZs +output "azs" { + description = "A list of availability zones spefified as argument to this module" + value = module.vpc.azs +} + From dff62e2cda2c53d0343a3fefa3d683bfefc799b2 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Sat, 8 Feb 2020 18:56:38 +0200 Subject: [PATCH 5/6] update readme --- README.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index de7199b57..853d9cc5f 100644 --- a/README.md +++ b/README.md @@ -270,8 +270,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | customer\_gateways | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | | database\_acl\_tags | Additional tags for the database subnets network ACL | `map(string)` | `{}` | no | | database\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no | -| database\_inbound\_acl\_rules | Database subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| database\_outbound\_acl\_rules | Database subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| database\_inbound\_acl\_rules | Database subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| database\_outbound\_acl\_rules | Database subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | database\_route\_table\_tags | Additional tags for the database route tables | `map(string)` | `{}` | no | | database\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | database\_subnet\_group\_tags | Additional tags for the database subnet group | `map(string)` | `{}` | no | @@ -279,8 +279,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | database\_subnet\_suffix | Suffix to append to database subnets name | `string` | `"db"` | no | | database\_subnet\_tags | Additional tags for the database subnets | `map(string)` | `{}` | no | | database\_subnets | A list of database subnets | `list(string)` | `[]` | no | -| default\_network\_acl\_egress | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | -| default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | +| default\_network\_acl\_egress | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | +| default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | | default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no | | default\_network\_acl\_tags | Additional tags for the Default Network ACL | `map(string)` | `{}` | no | | default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | `bool` | `false` | no | @@ -289,7 +289,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | default\_vpc\_name | Name to be used on the Default VPC | `string` | `""` | no | | default\_vpc\_tags | Additional tags for the Default VPC | `map(string)` | `{}` | no | | dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | -| dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\_dhcp\_options set to true) | `list(string)` | 
[
  "AmazonProvidedDNS"
]
| no | +| dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\_dhcp\_options set to true) | `list(string)` | 
[
  "AmazonProvidedDNS"
]
| no | | dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | | dhcp\_options\_netbios\_node\_type | Specify netbios node\_type for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set (requires enable\_dhcp\_options set to true) | `list(string)` | `[]` | no | @@ -320,8 +320,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | efs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no | | elasticache\_acl\_tags | Additional tags for the elasticache subnets network ACL | `map(string)` | `{}` | no | | elasticache\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | `bool` | `false` | no | -| elasticache\_inbound\_acl\_rules | Elasticache subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| elasticache\_outbound\_acl\_rules | Elasticache subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| elasticache\_inbound\_acl\_rules | Elasticache subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| elasticache\_outbound\_acl\_rules | Elasticache subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | `map(string)` | `{}` | no | | elasticache\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | elasticache\_subnet\_ipv6\_prefixes | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no | @@ -398,8 +398,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | instance\_tenancy | A tenancy option for instances launched into the VPC | `string` | `"default"` | no | | intra\_acl\_tags | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no | | intra\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for intra subnets | `bool` | `false` | no | -| intra\_inbound\_acl\_rules | Intra subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| intra\_outbound\_acl\_rules | Intra subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| intra\_inbound\_acl\_rules | Intra subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| intra\_outbound\_acl\_rules | Intra subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | intra\_route\_table\_tags | Additional tags for the intra route tables | `map(string)` | `{}` | no | | intra\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | intra\_subnet\_ipv6\_prefixes | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no | @@ -430,8 +430,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no | | private\_acl\_tags | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no | | private\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no | -| private\_inbound\_acl\_rules | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| private\_inbound\_acl\_rules | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | private\_route\_table\_tags | Additional tags for the private route tables | `map(string)` | `{}` | no | | private\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | private\_subnet\_ipv6\_prefixes | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no | @@ -442,8 +442,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | `bool` | `false` | no | | public\_acl\_tags | Additional tags for the public subnets network ACL | `map(string)` | `{}` | no | | public\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for public subnets | `bool` | `false` | no | -| public\_inbound\_acl\_rules | Public subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| public\_inbound\_acl\_rules | Public subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | public\_route\_table\_tags | Additional tags for the public route tables | `map(string)` | `{}` | no | | public\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | public\_subnet\_ipv6\_prefixes | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no | @@ -452,8 +452,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | public\_subnets | A list of public subnets inside the VPC | `list(string)` | `[]` | no | | redshift\_acl\_tags | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no | | redshift\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no | -| redshift\_inbound\_acl\_rules | Redshift subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | -| redshift\_outbound\_acl\_rules | Redshift subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| redshift\_inbound\_acl\_rules | Redshift subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| redshift\_outbound\_acl\_rules | Redshift subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | redshift\_route\_table\_tags | Additional tags for the redshift route tables | `map(string)` | `{}` | no | | redshift\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | n/a | yes | | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | `map(string)` | `{}` | no | @@ -508,6 +508,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | `bool` | `false` | no | | transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | `list(string)` | `[]` | no | | transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | +| use\_az\_ids | Whether to use availability zone ids | `bool` | `false` | no | | vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | `map(string)` | `{}` | no | | vpc\_tags | Additional tags for the VPC | `map(string)` | `{}` | no | | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | `string` | `""` | no | From a11a2c50602b4fd89677de8c5f215ee7fbf4d546 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Mon, 2 Mar 2020 11:53:08 +0100 Subject: [PATCH 6/6] Added support for mixed values in azs (names and ids) --- .pre-commit-config.yaml | 4 +-- README.md | 3 +- examples/simple-vpc-az-id/README.md | 43 ---------------------------- examples/simple-vpc-az-id/main.tf | 37 ------------------------ examples/simple-vpc-az-id/outputs.tf | 40 -------------------------- examples/simple-vpc/README.md | 4 +++ examples/simple-vpc/main.tf | 2 +- main.tf | 24 ++++++++-------- variables.tf | 8 +----- 9 files changed, 21 insertions(+), 144 deletions(-) delete mode 100644 examples/simple-vpc-az-id/README.md delete mode 100644 examples/simple-vpc-az-id/main.tf delete mode 100644 examples/simple-vpc-az-id/outputs.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6e0989d42..48bcea8e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.24.0 + rev: v1.26.0 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v2.4.0 + rev: v2.5.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 853d9cc5f..f4935482f 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | athena\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint | `bool` | `false` | no | | athena\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Athena endpoint | `list(string)` | `[]` | no | | athena\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | -| azs | A list of availability zones in the region | `list(string)` | `[]` | no | +| azs | A list of availability zones names or ids in the region | `list(string)` | `[]` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no | | cloud\_directory\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint | `bool` | `false` | no | | cloud\_directory\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Cloud Directory endpoint | `list(string)` | `[]` | no | @@ -508,7 +508,6 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | transferserver\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint | `bool` | `false` | no | | transferserver\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Transfer Server endpoint | `list(string)` | `[]` | no | | transferserver\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | -| use\_az\_ids | Whether to use availability zone ids | `bool` | `false` | no | | vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | `map(string)` | `{}` | no | | vpc\_tags | Additional tags for the VPC | `map(string)` | `{}` | no | | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | `string` | `""` | no | diff --git a/examples/simple-vpc-az-id/README.md b/examples/simple-vpc-az-id/README.md deleted file mode 100644 index e15344148..000000000 --- a/examples/simple-vpc-az-id/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Simple VPC with AZ IDs - -Configuration in this directory creates set of VPC resources which may be sufficient for development environment. - -There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones. - -This configuration uses Availability Zone IDs instead on names to allow specifying exact Availability Zone and not a randomized one. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - - -## Providers - -| Name | Version | -|------|---------| -| aws | n/a | - -## Inputs - -No input. - -## Outputs - -| Name | Description | -|------|-------------| -| azs | A list of availability zones spefified as argument to this module | -| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | -| private\_subnets | List of IDs of private subnets | -| public\_subnets | List of IDs of public subnets | -| vpc\_cidr\_block | The CIDR block of the VPC | -| vpc\_id | The ID of the VPC | - - diff --git a/examples/simple-vpc-az-id/main.tf b/examples/simple-vpc-az-id/main.tf deleted file mode 100644 index 1c961989d..000000000 --- a/examples/simple-vpc-az-id/main.tf +++ /dev/null @@ -1,37 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -data "aws_security_group" "default" { - name = "default" - vpc_id = module.vpc.vpc_id -} - -module "vpc" { - source = "../../" - - name = "simple-example" - - cidr = "10.0.0.0/16" - use_az_ids = true - azs = ["euw1-az1", "euw1-az2", "euw1-az3"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - Name = "overridden-name-public" - } - - tags = { - Owner = "user" - Environment = "dev" - } - - vpc_tags = { - Name = "vpc-name" - } -} - diff --git a/examples/simple-vpc-az-id/outputs.tf b/examples/simple-vpc-az-id/outputs.tf deleted file mode 100644 index 251969ca2..000000000 --- a/examples/simple-vpc-az-id/outputs.tf +++ /dev/null @@ -1,40 +0,0 @@ -# VPC -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -# CIDR blocks -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -//output "vpc_ipv6_cidr_block" { -// description = "The IPv6 CIDR block" -// value = ["${module.vpc.vpc_ipv6_cidr_block}"] -//} - -# Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -# NAT gateways -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -# AZs -output "azs" { - description = "A list of availability zones spefified as argument to this module" - value = module.vpc.azs -} - diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index 1ca9c36e8..e70f173b8 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -4,6 +4,10 @@ Configuration in this directory creates set of VPC resources which may be suffic There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones. +This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs. + +[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). + ## Usage To run this example you need to execute: diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf index d96df4696..5f577ae8c 100644 --- a/examples/simple-vpc/main.tf +++ b/examples/simple-vpc/main.tf @@ -14,7 +14,7 @@ module "vpc" { cidr = "10.0.0.0/16" - azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + azs = ["eu-west-1a", "eu-west-1b", "euw1-az3"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] diff --git a/main.tf b/main.tf index 677b1beab..49a2e0227 100644 --- a/main.tf +++ b/main.tf @@ -285,8 +285,8 @@ resource "aws_subnet" "public" { vpc_id = local.vpc_id cidr_block = element(concat(var.public_subnets, [""]), count.index) - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null map_public_ip_on_launch = var.map_public_ip_on_launch assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation @@ -313,8 +313,8 @@ resource "aws_subnet" "private" { vpc_id = local.vpc_id cidr_block = var.private_subnets[count.index] - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null @@ -340,8 +340,8 @@ resource "aws_subnet" "database" { vpc_id = local.vpc_id cidr_block = var.database_subnets[count.index] - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null @@ -383,8 +383,8 @@ resource "aws_subnet" "redshift" { vpc_id = local.vpc_id cidr_block = var.redshift_subnets[count.index] - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null @@ -426,8 +426,8 @@ resource "aws_subnet" "elasticache" { vpc_id = local.vpc_id cidr_block = var.elasticache_subnets[count.index] - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null @@ -461,8 +461,8 @@ resource "aws_subnet" "intra" { vpc_id = local.vpc_id cidr_block = var.intra_subnets[count.index] - availability_zone = var.use_az_ids == false ? element(var.azs, count.index) : null - availability_zone_id = var.use_az_ids ? element(var.azs, count.index) : null + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null diff --git a/variables.tf b/variables.tf index 48d2585f5..f36dab3a8 100644 --- a/variables.tf +++ b/variables.tf @@ -239,17 +239,11 @@ variable "create_database_nat_gateway_route" { } variable "azs" { - description = "A list of availability zones in the region" + description = "A list of availability zones names or ids in the region" type = list(string) default = [] } -variable "use_az_ids" { - description = "Whether to use availability zone ids" - type = bool - default = false -} - variable "enable_dns_hostnames" { description = "Should be true to enable DNS hostnames in the VPC" type = bool