Skip to content

T
terraform-aws-vpc
Commit 4ae98060 authored by Anton Babenko's avatar Anton Babenko Committed by GitHub
Browse files
Options

Finally, Terraform 0.12 support (#266) 

* run terraform 0.12upgrade

* Cleanup for Terraform 0.12 (closes #265, #228)
parent 3d33b1fc
Show whitespace changes
Inline Side-by-side
Showing with 1239 additions and 561 deletions
.pre-commit-config.yaml
View file @ 4ae98060
......@@ -3,7 +3,7 @@ repos:
rev: v1.11.0
hooks:
- id: terraform_fmt
- id: terraform_docs
# - id: terraform_docs # not yet compatible with Terraform 0.12
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.2.3
hooks:
......
examples/complete-vpc/main.tf
View file @ 4ae98060
......@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" {
name = "default"
vpc_id = "${module.vpc.vpc_id}"
vpc_id = module.vpc.vpc_id
}
module "vpc" {
......@@ -45,52 +45,52 @@ module "vpc" {
# VPC endpoint for SSM
enable_ssm_endpoint = true
ssm_endpoint_private_dns_enabled = true
ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ssm_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for SSMMESSAGES
enable_ssmmessages_endpoint = true
ssmmessages_endpoint_private_dns_enabled = true
ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ssmmessages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2
enable_ec2_endpoint = true
ec2_endpoint_private_dns_enabled = true
ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ec2_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2MESSAGES
enable_ec2messages_endpoint = true
ec2messages_endpoint_private_dns_enabled = true
ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ec2messages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR API
enable_ecr_api_endpoint = true
ecr_api_endpoint_private_dns_enabled = true
ecr_api_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ecr_api_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR DKR
enable_ecr_dkr_endpoint = true
ecr_dkr_endpoint_private_dns_enabled = true
ecr_dkr_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ecr_dkr_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for KMS
enable_kms_endpoint = true
kms_endpoint_private_dns_enabled = true
kms_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
kms_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS
enable_ecs_endpoint = true
ecs_endpoint_private_dns_enabled = true
ecs_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ecs_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS telemetry
enable_ecs_telemetry_endpoint = true
ecs_telemetry_endpoint_private_dns_enabled = true
ecs_telemetry_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
ecs_telemetry_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for SQS
enable_sqs_endpoint = true
sqs_endpoint_private_dns_enabled = true
sqs_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
sqs_endpoint_security_group_ids = [data.aws_security_group.default.id]
tags = {
Owner = "user"
......@@ -98,3 +98,4 @@ module "vpc" {
Name = "complete"
}
}
examples/complete-vpc/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"]
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"]
value = module.vpc.elasticache_subnets
}
output "redshift_subnets" {
description = "List of IDs of redshift subnets"
value = ["${module.vpc.redshift_subnets}"]
value = module.vpc.redshift_subnets
}
output "intra_subnets" {
description = "List of IDs of intra subnets"
value = ["${module.vpc.intra_subnets}"]
value = module.vpc.intra_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
# VPC endpoints
output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM"
value = "${module.vpc.vpc_endpoint_ssm_id}"
value = module.vpc.vpc_endpoint_ssm_id
}
output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_network_interface_ids}"]
value = module.vpc.vpc_endpoint_ssm_network_interface_ids
}
output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_dns_entry}"]
value = module.vpc.vpc_endpoint_ssm_dns_entry
}
//
......@@ -73,4 +73,3 @@ output "vpc_endpoint_ssm_dns_entry" {
// description = "The DNS entries for the VPC Endpoint for EC2."
// value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"]
//}
examples/issue-108-route-already-exists/main.tf
View file @ 4ae98060
......@@ -19,3 +19,4 @@ module "vpc" {
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
}
examples/issue-108-route-already-exists/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"]
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"]
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
examples/issue-224-vpcendpoint-apigw/main.tf
View file @ 4ae98060
......@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" {
name = "default"
vpc_id = "${module.vpc.vpc_id}"
vpc_id = module.vpc.vpc_id
}
module "vpc" {
......@@ -19,7 +19,7 @@ module "vpc" {
# VPC endpoint for API gateway
enable_apigw_endpoint = true
apigw_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"]
apigw_endpoint_security_group_ids = [data.aws_security_group.default.id]
apigw_endpoint_private_dns_enabled = true
tags = {
......@@ -28,3 +28,4 @@ module "vpc" {
Name = "test-224"
}
}
examples/issue-44-asymmetric-private-subnets/main.tf
View file @ 4ae98060
......@@ -25,3 +25,4 @@ module "vpc" {
Name = "asymmetrical"
}
}
examples/issue-44-asymmetric-private-subnets/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"]
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"]
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
examples/issue-46-no-private-subnets/main.tf
View file @ 4ae98060
......@@ -23,3 +23,4 @@ module "vpc" {
Name = "no-private-subnets"
}
}
examples/issue-46-no-private-subnets/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"]
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"]
value = module.vpc.elasticache_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
examples/manage-default-vpc/main.tf
View file @ 4ae98060
......@@ -11,3 +11,4 @@ module "vpc" {
default_vpc_name = "default"
default_vpc_enable_dns_hostnames = true
}
examples/manage-default-vpc/outputs.tf
View file @ 4ae98060
# Default VPC
output "default_vpc_id" {
description = "The ID of the Default VPC"
value = "${module.vpc.default_vpc_id}"
value = module.vpc.default_vpc_id
}
output "default_vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = "${module.vpc.default_vpc_cidr_block}"
value = module.vpc.default_vpc_cidr_block
}
examples/network-acls/main.tf
View file @ 4ae98060
......@@ -15,8 +15,14 @@ module "vpc" {
elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"]
public_dedicated_network_acl = true
public_inbound_acl_rules = "${concat(local.network_acls["default_inbound"], local.network_acls["public_inbound"])}"
public_outbound_acl_rules = "${concat(local.network_acls["default_outbound"], local.network_acls["public_outbound"])}"
public_inbound_acl_rules = concat(
local.network_acls["default_inbound"],
local.network_acls["public_inbound"],
)
public_outbound_acl_rules = concat(
local.network_acls["default_outbound"],
local.network_acls["public_outbound"],
)
private_dedicated_network_acl = true
......@@ -51,7 +57,6 @@ locals {
cidr_block = "0.0.0.0/0"
},
]
default_outbound = [
{
rule_number = 900
......@@ -62,7 +67,6 @@ locals {
cidr_block = "0.0.0.0/0"
},
]
public_inbound = [
{
rule_number = 100
......@@ -97,7 +101,6 @@ locals {
cidr_block = "0.0.0.0/0"
},
]
public_outbound = [
{
rule_number = 100
......@@ -134,3 +137,4 @@ locals {
]
}
}
examples/network-acls/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# CIDR blocks
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"]
value = module.vpc.vpc_cidr_block
}
//output "vpc_ipv6_cidr_block" {
......@@ -18,37 +18,38 @@ output "vpc_cidr_block" {
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
# Network ACLs
output "public_network_acl_id" {
description = "ID of the public network ACL"
value = "${module.vpc.public_network_acl_id}"
value = module.vpc.public_network_acl_id
}
output "private_network_acl_id" {
description = "ID of the private network ACL"
value = "${module.vpc.private_network_acl_id}"
value = module.vpc.private_network_acl_id
}
output "elasticache_network_acl_id" {
description = "ID of the elasticache network ACL"
value = "${module.vpc.elasticache_network_acl_id}"
value = module.vpc.elasticache_network_acl_id
}
output "default_network_acl_id" {
description = "The ID of the default network ACL"
value = "${module.vpc.default_network_acl_id}"
value = module.vpc.default_network_acl_id
}
examples/secondary-cidr-blocks/main.tf
View file @ 4ae98060
......@@ -31,3 +31,4 @@ module "vpc" {
Name = "vpc-name"
}
}
examples/secondary-cidr-blocks/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# CIDR blocks
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"]
value = module.vpc.vpc_cidr_block
}
output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC"
value = ["${module.vpc.vpc_secondary_cidr_blocks}"]
value = module.vpc.vpc_secondary_cidr_blocks
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
examples/simple-vpc/main.tf
View file @ 4ae98060
......@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" {
name = "default"
vpc_id = "${module.vpc.vpc_id}"
vpc_id = module.vpc.vpc_id
}
module "vpc" {
......@@ -36,3 +36,4 @@ module "vpc" {
Name = "vpc-name"
}
}
examples/simple-vpc/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# CIDR blocks
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"]
value = module.vpc.vpc_cidr_block
}
//output "vpc_ipv6_cidr_block" {
......@@ -18,22 +18,23 @@ output "vpc_cidr_block" {
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
# AZs
output "azs" {
description = "A list of availability zones spefified as argument to this module"
value = ["${module.vpc.azs}"]
value = module.vpc.azs
}
examples/test_fixture/main.tf
View file @ 4ae98060
provider "aws" {
region = "${var.region}"
region = var.region
}
data "aws_availability_zones" "available" {}
data "aws_availability_zones" "available" {
}
module "vpc" {
source = "../.."
name = "test-example"
cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}"]
azs = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true
......@@ -19,3 +20,4 @@ module "vpc" {
Environment = "dev"
}
}
examples/test_fixture/outputs.tf
View file @ 4ae98060
output "region" {
description = "Region we created the resources in."
value = "${var.region}"
value = var.region
}
examples/test_fixture/variables.tf
View file @ 4ae98060
variable "region" {
default = "eu-west-1"
}
examples/vpc-separate-private-route-tables/main.tf
View file @ 4ae98060
......@@ -29,3 +29,4 @@ module "vpc" {
Name = "separate-private-route-tables"
}
}
examples/vpc-separate-private-route-tables/outputs.tf
View file @ 4ae98060
# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = "${module.vpc.vpc_id}"
value = module.vpc.vpc_id
}
# Subnets
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"]
value = module.vpc.private_subnets
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"]
value = module.vpc.public_subnets
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"]
value = module.vpc.database_subnets
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"]
value = module.vpc.elasticache_subnets
}
output "redshift_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${module.vpc.redshift_subnets}"]
value = module.vpc.redshift_subnets
}
# NAT gateways
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"]
value = module.vpc.nat_public_ips
}
main.tf
View file @ 4ae98060
terraform {
required_version = ">= 0.10.3" # introduction of Local Values configuration language feature
}
locals {
max_subnet_length = "${max(length(var.private_subnets), length(var.elasticache_subnets), length(var.database_subnets), length(var.redshift_subnets))}"
nat_gateway_count = "${var.single_nat_gateway ? 1 : (var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length)}"
max_subnet_length = max(
length(var.private_subnets),
length(var.elasticache_subnets),
length(var.database_subnets),
length(var.redshift_subnets),
)
nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
# Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
vpc_id = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}"
vpc_id = element(
concat(
aws_vpc_ipv4_cidr_block_association.this.*.vpc_id,
aws_vpc.this.*.id,
[""],
),
0,
)
}
######
# VPC
######
resource "aws_vpc" "this" {
count = "${var.create_vpc ? 1 : 0}"
count = var.create_vpc ? 1 : 0
cidr_block = "${var.cidr}"
instance_tenancy = "${var.instance_tenancy}"
enable_dns_hostnames = "${var.enable_dns_hostnames}"
enable_dns_support = "${var.enable_dns_support}"
assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}"
cidr_block = var.cidr
instance_tenancy = var.instance_tenancy
enable_dns_hostnames = var.enable_dns_hostnames
enable_dns_support = var.enable_dns_support
assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.vpc_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.vpc_tags,
)
}
resource "aws_vpc_ipv4_cidr_block_association" "this" {
count = "${var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0}"
count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0
vpc_id = "${aws_vpc.this.id}"
vpc_id = aws_vpc.this[0].id
cidr_block = "${element(var.secondary_cidr_blocks, count.index)}"
cidr_block = element(var.secondary_cidr_blocks, count.index)
}
###################
# DHCP Options Set
###################
resource "aws_vpc_dhcp_options" "this" {
count = "${var.create_vpc && var.enable_dhcp_options ? 1 : 0}"
count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
domain_name = "${var.dhcp_options_domain_name}"
domain_name_servers = ["${var.dhcp_options_domain_name_servers}"]
ntp_servers = ["${var.dhcp_options_ntp_servers}"]
netbios_name_servers = ["${var.dhcp_options_netbios_name_servers}"]
netbios_node_type = "${var.dhcp_options_netbios_node_type}"
domain_name = var.dhcp_options_domain_name
domain_name_servers = var.dhcp_options_domain_name_servers
ntp_servers = var.dhcp_options_ntp_servers
netbios_name_servers = var.dhcp_options_netbios_name_servers
netbios_node_type = var.dhcp_options_netbios_node_type
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.dhcp_options_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.dhcp_options_tags,
)
}
###############################
# DHCP Options Set Association
###############################
resource "aws_vpc_dhcp_options_association" "this" {
count = "${var.create_vpc && var.enable_dhcp_options ? 1 : 0}"
count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
vpc_id = "${local.vpc_id}"
dhcp_options_id = "${aws_vpc_dhcp_options.this.id}"
vpc_id = local.vpc_id
dhcp_options_id = aws_vpc_dhcp_options.this[0].id
}
###################
# Internet Gateway
###################
resource "aws_internet_gateway" "this" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.igw_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.igw_tags,
)
}
################
# Publiс routes
################
resource "aws_route_table" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}", var.name)), var.tags, var.public_route_table_tags)}"
tags = merge(
{
"Name" = format("%s-${var.public_subnet_suffix}", var.name)
},
var.tags,
var.public_route_table_tags,
)
}
resource "aws_route" "public_internet_gateway" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
route_table_id = "${aws_route_table.public.id}"
route_table_id = aws_route_table.public[0].id
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.this.id}"
gateway_id = aws_internet_gateway.this[0].id
timeouts {
create = "5m"
......@@ -97,16 +129,26 @@ resource "aws_route" "public_internet_gateway" {
# There are as many routing tables as the number of NAT gateways
#################
resource "aws_route_table" "private" {
count = "${var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0}"
vpc_id = "${local.vpc_id}"
tags = "${merge(map("Name", (var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format("%s-${var.private_subnet_suffix}-%s", var.name, element(var.azs, count.index)))), var.tags, var.private_route_table_tags)}"
count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
vpc_id = local.vpc_id
tags = merge(
{
"Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format(
"%s-${var.private_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.private_route_table_tags,
)
lifecycle {
# When attaching VPN gateways it is common to define aws_vpn_gateway_route_propagation
# resources that manipulate the attributes of the routing table (typically for the private subnets)
ignore_changes = ["propagating_vgws"]
ignore_changes = [propagating_vgws]
}
}
......@@ -114,19 +156,25 @@ resource "aws_route_table" "private" {
# Database routes
#################
resource "aws_route_table" "database" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}"
tags = merge(
var.tags,
var.database_route_table_tags,
{
"Name" = "${var.name}-${var.database_subnet_suffix}"
},
)
}
resource "aws_route" "database_internet_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && ! var.create_database_nat_gateway_route ? 1 : 0}"
count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && false == var.create_database_nat_gateway_route ? 1 : 0
route_table_id = "${aws_route_table.database.id}"
route_table_id = aws_route_table.database[0].id
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.this.id}"
gateway_id = aws_internet_gateway.this[0].id
timeouts {
create = "5m"
......@@ -134,10 +182,11 @@ resource "aws_route" "database_internet_gateway" {
}
resource "aws_route" "database_nat_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && ! var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0}"
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && false == var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0
route_table_id = element(aws_route_table.private.*.id, count.index)
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}"
nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
timeouts {
create = "5m"
......@@ -148,157 +197,279 @@ resource "aws_route" "database_nat_gateway" {
# Redshift routes
#################
resource "aws_route_table" "redshift" {
count = "${var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(var.tags, var.redshift_route_table_tags, map("Name", "${var.name}-${var.redshift_subnet_suffix}"))}"
tags = merge(
var.tags,
var.redshift_route_table_tags,
{
"Name" = "${var.name}-${var.redshift_subnet_suffix}"
},
)
}
#################
# Elasticache routes
#################
resource "aws_route_table" "elasticache" {
count = "${var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(var.tags, var.elasticache_route_table_tags, map("Name", "${var.name}-${var.elasticache_subnet_suffix}"))}"
tags = merge(
var.tags,
var.elasticache_route_table_tags,
{
"Name" = "${var.name}-${var.elasticache_subnet_suffix}"
},
)
}
#################
# Intra routes
#################
resource "aws_route_table" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}"
vpc_id = local.vpc_id
tags = "${merge(map("Name", "${var.name}-${var.intra_subnet_suffix}"), var.tags, var.intra_route_table_tags)}"
tags = merge(
{
"Name" = "${var.name}-${var.intra_subnet_suffix}"
},
var.tags,
var.intra_route_table_tags,
)
}
################
# Public subnet
################
resource "aws_subnet" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 && (! var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0}"
vpc_id = "${local.vpc_id}"
cidr_block = "${element(concat(var.public_subnets, list("")), count.index)}"
availability_zone = "${element(var.azs, count.index)}"
map_public_ip_on_launch = "${var.map_public_ip_on_launch}"
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.public_subnet_tags)}"
count = var.create_vpc && length(var.public_subnets) > 0 && false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs) ? length(var.public_subnets) : 0
vpc_id = local.vpc_id
cidr_block = element(concat(var.public_subnets, [""]), count.index)
availability_zone = element(var.azs, count.index)
map_public_ip_on_launch = var.map_public_ip_on_launch
tags = merge(
{
"Name" = format(
"%s-${var.public_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.public_subnet_tags,
)
}
#################
# Private subnet
#################
resource "aws_subnet" "private" {
count = "${var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0}"
count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
vpc_id = "${local.vpc_id}"
cidr_block = "${var.private_subnets[count.index]}"
availability_zone = "${element(var.azs, count.index)}"
vpc_id = local.vpc_id
cidr_block = var.private_subnets[count.index]
availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.private_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.private_subnet_tags)}"
tags = merge(
{
"Name" = format(
"%s-${var.private_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.private_subnet_tags,
)
}
##################
# Database subnet
##################
resource "aws_subnet" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}"
count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
vpc_id = "${local.vpc_id}"
cidr_block = "${var.database_subnets[count.index]}"
availability_zone = "${element(var.azs, count.index)}"
vpc_id = local.vpc_id
cidr_block = var.database_subnets[count.index]
availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.database_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.database_subnet_tags)}"
tags = merge(
{
"Name" = format(
"%s-${var.database_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.database_subnet_tags,
)
}
resource "aws_db_subnet_group" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0}"
count = var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0
name = "${lower(var.name)}"
name = lower(var.name)
description = "Database subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.database.*.id}"]
subnet_ids = aws_subnet.database.*.id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.database_subnet_group_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.database_subnet_group_tags,
)
}
##################
# Redshift subnet
##################
resource "aws_subnet" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0}"
count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0
vpc_id = "${local.vpc_id}"
cidr_block = "${var.redshift_subnets[count.index]}"
availability_zone = "${element(var.azs, count.index)}"
vpc_id = local.vpc_id
cidr_block = var.redshift_subnets[count.index]
availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.redshift_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.redshift_subnet_tags)}"
tags = merge(
{
"Name" = format(
"%s-${var.redshift_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.redshift_subnet_tags,
)
}
resource "aws_redshift_subnet_group" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0}"
count = var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0
name = "${lower(var.name)}"
name = lower(var.name)
description = "Redshift subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.redshift.*.id}"]
subnet_ids = aws_subnet.redshift.*.id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.redshift_subnet_group_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.redshift_subnet_group_tags,
)
}
#####################
# ElastiCache subnet
#####################
resource "aws_subnet" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}"
count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
vpc_id = "${local.vpc_id}"
cidr_block = "${var.elasticache_subnets[count.index]}"
availability_zone = "${element(var.azs, count.index)}"
vpc_id = local.vpc_id
cidr_block = var.elasticache_subnets[count.index]
availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.elasticache_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.elasticache_subnet_tags)}"
tags = merge(
{
"Name" = format(
"%s-${var.elasticache_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.elasticache_subnet_tags,
)
}
resource "aws_elasticache_subnet_group" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0}"
count = var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0
name = "${var.name}"
name = var.name
description = "ElastiCache subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.elasticache.*.id}"]
subnet_ids = aws_subnet.elasticache.*.id
}
#####################################################
# intra subnets - private subnet without NAT gateway
#####################################################
resource "aws_subnet" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0}"
count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
vpc_id = "${local.vpc_id}"
cidr_block = "${var.intra_subnets[count.index]}"
availability_zone = "${element(var.azs, count.index)}"
vpc_id = local.vpc_id
cidr_block = var.intra_subnets[count.index]
availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}"
tags = merge(
{
"Name" = format(
"%s-${var.intra_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.intra_subnet_tags,
)
}
#######################
# Default Network ACLs
#######################
resource "aws_default_network_acl" "this" {
count = "${var.create_vpc && var.manage_default_network_acl ? 1 : 0}"
default_network_acl_id = "${element(concat(aws_vpc.this.*.default_network_acl_id, list("")), 0)}"
ingress = "${var.default_network_acl_ingress}"
egress = "${var.default_network_acl_egress}"
count = var.create_vpc && var.manage_default_network_acl ? 1 : 0
default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0)
dynamic "ingress" {
for_each = var.default_network_acl_ingress
content {
action = ingress.value.action
cidr_block = lookup(ingress.value, "cidr_block", null)
from_port = ingress.value.from_port
icmp_code = lookup(ingress.value, "icmp_code", null)
icmp_type = lookup(ingress.value, "icmp_type", null)
ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null)
protocol = ingress.value.protocol
rule_no = ingress.value.rule_no
to_port = ingress.value.to_port
}
}
dynamic "egress" {
for_each = var.default_network_acl_egress
content {
action = egress.value.action
cidr_block = lookup(egress.value, "cidr_block", null)
from_port = egress.value.from_port
icmp_code = lookup(egress.value, "icmp_code", null)
icmp_type = lookup(egress.value, "icmp_type", null)
ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null)
protocol = egress.value.protocol
rule_no = egress.value.rule_no
to_port = egress.value.to_port
}
}
tags = "${merge(map("Name", format("%s", var.default_network_acl_name)), var.tags, var.default_network_acl_tags)}"
tags = merge(
{
"Name" = format("%s", var.default_network_acl_name)
},
var.tags,
var.default_network_acl_tags,
)
lifecycle {
ignore_changes = ["subnet_ids"]
ignore_changes = [subnet_ids]
}
}
......@@ -306,240 +477,276 @@ resource "aws_default_network_acl" "this" {
# Public Network ACLs
########################
resource "aws_network_acl" "public" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.public.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.public.*.id
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}", var.name)), var.tags, var.public_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.public_subnet_suffix}", var.name)
},
var.tags,
var.public_acl_tags,
)
}
resource "aws_network_acl_rule" "public_inbound" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0}"
count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.public.id}"
network_acl_id = aws_network_acl.public[0].id
egress = false
rule_number = "${lookup(var.public_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.public_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.public_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.public_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.public_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.public_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
from_port = var.public_inbound_acl_rules[count.index]["from_port"]
to_port = var.public_inbound_acl_rules[count.index]["to_port"]
protocol = var.public_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "public_outbound" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0}"
count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.public.id}"
network_acl_id = aws_network_acl.public[0].id
egress = true
rule_number = "${lookup(var.public_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.public_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.public_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.public_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.public_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.public_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
from_port = var.public_outbound_acl_rules[count.index]["from_port"]
to_port = var.public_outbound_acl_rules[count.index]["to_port"]
protocol = var.public_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.public_outbound_acl_rules[count.index]["cidr_block"]
}
#######################
# Private Network ACLs
#######################
resource "aws_network_acl" "private" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.private.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.private.*.id
tags = "${merge(map("Name", format("%s-${var.private_subnet_suffix}", var.name)), var.tags, var.private_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.private_subnet_suffix}", var.name)
},
var.tags,
var.private_acl_tags,
)
}
resource "aws_network_acl_rule" "private_inbound" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0}"
count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.private.id}"
network_acl_id = aws_network_acl.private[0].id
egress = false
rule_number = "${lookup(var.private_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.private_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.private_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.private_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.private_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.private_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
from_port = var.private_inbound_acl_rules[count.index]["from_port"]
to_port = var.private_inbound_acl_rules[count.index]["to_port"]
protocol = var.private_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "private_outbound" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0}"
count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.private.id}"
network_acl_id = aws_network_acl.private[0].id
egress = true
rule_number = "${lookup(var.private_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.private_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.private_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.private_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.private_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.private_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
from_port = var.private_outbound_acl_rules[count.index]["from_port"]
to_port = var.private_outbound_acl_rules[count.index]["to_port"]
protocol = var.private_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.private_outbound_acl_rules[count.index]["cidr_block"]
}
########################
# Intra Network ACLs
########################
resource "aws_network_acl" "intra" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.intra.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.intra.*.id
tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}", var.name)), var.tags, var.intra_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.intra_subnet_suffix}", var.name)
},
var.tags,
var.intra_acl_tags,
)
}
resource "aws_network_acl_rule" "intra_inbound" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0}"
count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.intra.id}"
network_acl_id = aws_network_acl.intra[0].id
egress = false
rule_number = "${lookup(var.intra_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.intra_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.intra_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.intra_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.intra_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.intra_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"]
from_port = var.intra_inbound_acl_rules[count.index]["from_port"]
to_port = var.intra_inbound_acl_rules[count.index]["to_port"]
protocol = var.intra_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "intra_outbound" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0}"
count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.intra.id}"
network_acl_id = aws_network_acl.intra[0].id
egress = true
rule_number = "${lookup(var.intra_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.intra_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.intra_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.intra_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.intra_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.intra_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"]
from_port = var.intra_outbound_acl_rules[count.index]["from_port"]
to_port = var.intra_outbound_acl_rules[count.index]["to_port"]
protocol = var.intra_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.intra_outbound_acl_rules[count.index]["cidr_block"]
}
########################
# Database Network ACLs
########################
resource "aws_network_acl" "database" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.database.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.database.*.id
tags = "${merge(map("Name", format("%s-${var.database_subnet_suffix}", var.name)), var.tags, var.database_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.database_subnet_suffix}", var.name)
},
var.tags,
var.database_acl_tags,
)
}
resource "aws_network_acl_rule" "database_inbound" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0}"
count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.database.id}"
network_acl_id = aws_network_acl.database[0].id
egress = false
rule_number = "${lookup(var.database_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.database_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.database_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.database_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.database_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.database_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
from_port = var.database_inbound_acl_rules[count.index]["from_port"]
to_port = var.database_inbound_acl_rules[count.index]["to_port"]
protocol = var.database_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "database_outbound" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0}"
count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.database.id}"
network_acl_id = aws_network_acl.database[0].id
egress = true
rule_number = "${lookup(var.database_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.database_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.database_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.database_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.database_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.database_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
from_port = var.database_outbound_acl_rules[count.index]["from_port"]
to_port = var.database_outbound_acl_rules[count.index]["to_port"]
protocol = var.database_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.database_outbound_acl_rules[count.index]["cidr_block"]
}
########################
# Redshift Network ACLs
########################
resource "aws_network_acl" "redshift" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.redshift.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.redshift.*.id
tags = "${merge(map("Name", format("%s-${var.redshift_subnet_suffix}", var.name)), var.tags, var.redshift_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.redshift_subnet_suffix}", var.name)
},
var.tags,
var.redshift_acl_tags,
)
}
resource "aws_network_acl_rule" "redshift_inbound" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0}"
count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.redshift.id}"
network_acl_id = aws_network_acl.redshift[0].id
egress = false
rule_number = "${lookup(var.redshift_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.redshift_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.redshift_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.redshift_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.redshift_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
from_port = var.redshift_inbound_acl_rules[count.index]["from_port"]
to_port = var.redshift_inbound_acl_rules[count.index]["to_port"]
protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "redshift_outbound" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0}"
count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.redshift.id}"
network_acl_id = aws_network_acl.redshift[0].id
egress = true
rule_number = "${lookup(var.redshift_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.redshift_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.redshift_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.redshift_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.redshift_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
from_port = var.redshift_outbound_acl_rules[count.index]["from_port"]
to_port = var.redshift_outbound_acl_rules[count.index]["to_port"]
protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.redshift_outbound_acl_rules[count.index]["cidr_block"]
}
###########################
# Elasticache Network ACLs
###########################
resource "aws_network_acl" "elasticache" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
subnet_ids = ["${aws_subnet.elasticache.*.id}"]
vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = aws_subnet.elasticache.*.id
tags = "${merge(map("Name", format("%s-${var.elasticache_subnet_suffix}", var.name)), var.tags, var.elasticache_acl_tags)}"
tags = merge(
{
"Name" = format("%s-${var.elasticache_subnet_suffix}", var.name)
},
var.tags,
var.elasticache_acl_tags,
)
}
resource "aws_network_acl_rule" "elasticache_inbound" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0}"
count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.elasticache.id}"
network_acl_id = aws_network_acl.elasticache[0].id
egress = false
rule_number = "${lookup(var.elasticache_inbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.elasticache_inbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.elasticache_inbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.elasticache_inbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.elasticache_inbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
from_port = var.elasticache_inbound_acl_rules[count.index]["from_port"]
to_port = var.elasticache_inbound_acl_rules[count.index]["to_port"]
protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_inbound_acl_rules[count.index]["cidr_block"]
}
resource "aws_network_acl_rule" "elasticache_outbound" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0}"
count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.elasticache.id}"
network_acl_id = aws_network_acl.elasticache[0].id
egress = true
rule_number = "${lookup(var.elasticache_outbound_acl_rules[count.index], "rule_number")}"
rule_action = "${lookup(var.elasticache_outbound_acl_rules[count.index], "rule_action")}"
from_port = "${lookup(var.elasticache_outbound_acl_rules[count.index], "from_port")}"
to_port = "${lookup(var.elasticache_outbound_acl_rules[count.index], "to_port")}"
protocol = "${lookup(var.elasticache_outbound_acl_rules[count.index], "protocol")}"
cidr_block = "${lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block")}"
rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
from_port = var.elasticache_outbound_acl_rules[count.index]["from_port"]
to_port = var.elasticache_outbound_acl_rules[count.index]["to_port"]
protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
cidr_block = var.elasticache_outbound_acl_rules[count.index]["cidr_block"]
}
##############
......@@ -554,34 +761,63 @@ resource "aws_network_acl_rule" "elasticache_outbound" {
#
# but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id.
locals {
nat_gateway_ips = "${split(",", (var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id)))}"
nat_gateway_ips = split(
",",
var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id),
)
}
resource "aws_eip" "nat" {
count = "${var.create_vpc && (var.enable_nat_gateway && ! var.reuse_nat_ips) ? local.nat_gateway_count : 0}"
count = var.create_vpc && var.enable_nat_gateway && false == var.reuse_nat_ips ? local.nat_gateway_count : 0
vpc = true
tags = "${merge(map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))), var.tags, var.nat_eip_tags)}"
tags = merge(
{
"Name" = format(
"%s-%s",
var.name,
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
var.tags,
var.nat_eip_tags,
)
}
resource "aws_nat_gateway" "this" {
count = "${var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0}"
allocation_id = "${element(local.nat_gateway_ips, (var.single_nat_gateway ? 0 : count.index))}"
subnet_id = "${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}"
tags = "${merge(map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))), var.tags, var.nat_gateway_tags)}"
depends_on = ["aws_internet_gateway.this"]
count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
allocation_id = element(
local.nat_gateway_ips,
var.single_nat_gateway ? 0 : count.index,
)
subnet_id = element(
aws_subnet.public.*.id,
var.single_nat_gateway ? 0 : count.index,
)
tags = merge(
{
"Name" = format(
"%s-%s",
var.name,
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
var.tags,
var.nat_gateway_tags,
)
depends_on = [aws_internet_gateway.this]
}
resource "aws_route" "private_nat_gateway" {
count = "${var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0}"
count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
route_table_id = element(aws_route_table.private.*.id, count.index)
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}"
nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
timeouts {
create = "5m"
......@@ -592,74 +828,95 @@ resource "aws_route" "private_nat_gateway" {
# VPC Endpoint for S3
######################
data "aws_vpc_endpoint_service" "s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
service = "s3"
}
resource "aws_vpc_endpoint" "s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.s3[0].service_name
}
resource "aws_vpc_endpoint_route_table_association" "private_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0}"
count = var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = element(aws_route_table.private.*.id, count.index)
}
resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
route_table_id = "${element(aws_route_table.intra.*.id, 0)}"
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = element(aws_route_table.intra.*.id, 0)
}
resource "aws_vpc_endpoint_route_table_association" "public_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
route_table_id = "${aws_route_table.public.id}"
vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = aws_route_table.public[0].id
}
############################
# VPC Endpoint for DynamoDB
############################
data "aws_vpc_endpoint_service" "dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
service = "dynamodb"
}
resource "aws_vpc_endpoint" "dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
}
resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0}"
count = var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = element(aws_route_table.private.*.id, count.index)
}
resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
route_table_id = "${element(aws_route_table.intra.*.id, 0)}"
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = element(aws_route_table.intra.*.id, 0)
}
resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
route_table_id = "${aws_route_table.public.id}"
vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = aws_route_table.public[0].id
}
#######################
# VPC Endpoint for SQS
#######################
data "aws_vpc_endpoint_service" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
service = "sqs"
}
resource "aws_vpc_endpoint" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sqs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sqs_endpoint_security_group_ids
subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sqs_endpoint_private_dns_enabled
}
#######################
......@@ -687,168 +944,233 @@ resource "aws_vpc_endpoint" "sqs" {
# VPC Endpoint for SSM
#######################
data "aws_vpc_endpoint_service" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
service = "ssm"
}
resource "aws_vpc_endpoint" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ssm.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ssm[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ssm_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
security_group_ids = var.ssm_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssm_endpoint_private_dns_enabled
}
###############################
# VPC Endpoint for SSMMESSAGES
###############################
data "aws_vpc_endpoint_service" "ssmmessages" {
count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
service = "ssmmessages"
}
resource "aws_vpc_endpoint" "ssmmessages" {
count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ssmmessages_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}"
security_group_ids = var.ssmmessages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for EC2
#######################
data "aws_vpc_endpoint_service" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
service = "ec2"
}
resource "aws_vpc_endpoint" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ec2.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ec2[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ec2_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
security_group_ids = var.ec2_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ec2_endpoint_private_dns_enabled
}
###############################
# VPC Endpoint for EC2MESSAGES
###############################
data "aws_vpc_endpoint_service" "ec2messages" {
count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
service = "ec2messages"
}
resource "aws_vpc_endpoint" "ec2messages" {
count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ec2messages.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ec2messages[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ec2messages_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}"
security_group_ids = var.ec2messages_endpoint_security_group_ids
subnet_ids = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
}
###########################
# VPC Endpoint for ECR API
###########################
data "aws_vpc_endpoint_service" "ecr_api" {
count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
service = "ecr.api"
}
resource "aws_vpc_endpoint" "ecr_api" {
count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecr_api[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}"
security_group_ids = var.ecr_api_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
}
###########################
# VPC Endpoint for ECR DKR
###########################
data "aws_vpc_endpoint_service" "ecr_dkr" {
count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
service = "ecr.dkr"
}
resource "aws_vpc_endpoint" "ecr_dkr" {
count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}"
security_group_ids = var.ecr_dkr_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for API Gateway
#######################
data "aws_vpc_endpoint_service" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
service = "execute-api"
}
resource "aws_vpc_endpoint" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.apigw.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.apigw[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.apigw_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}"
security_group_ids = var.apigw_endpoint_security_group_ids
subnet_ids = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.apigw_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for KMS
#######################
data "aws_vpc_endpoint_service" "kms" {
count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
service = "kms"
}
resource "aws_vpc_endpoint" "kms" {
count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}"
count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}"
service_name = "${data.aws_vpc_endpoint_service.kms.service_name}"
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.kms[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.kms_endpoint_security_group_ids
subnet_ids = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.kms_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS
#######################
data "aws_vpc_endpoint_service" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
service = "ecs"
}
resource "aws_vpc_endpoint" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS Agent
#######################
data "aws_vpc_endpoint_service" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
service = "ecs-agent"
}
resource "aws_vpc_endpoint" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = ["${var.kms_endpoint_security_group_ids}"]
subnet_ids = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}"
security_group_ids = var.ecs_agent_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS Telemetry
#######################
data "aws_vpc_endpoint_service" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
service = "ecs-telemetry"
}
resource "aws_vpc_endpoint" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_telemetry_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
}
......@@ -921,96 +1243,139 @@ resource "aws_vpc_endpoint" "ecs_telemetry" {
# Route table association
##########################
resource "aws_route_table_association" "private" {
count = "${var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0}"
count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
subnet_id = element(aws_subnet.private.*.id, count.index)
route_table_id = element(
aws_route_table.private.*.id,
var.single_nat_gateway ? 0 : count.index,
)
}
resource "aws_route_table_association" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}"
count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
subnet_id = "${element(aws_subnet.database.*.id, count.index)}"
route_table_id = "${element(coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index))}"
subnet_id = element(aws_subnet.database.*.id, count.index)
route_table_id = element(
coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id),
var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index,
)
}
resource "aws_route_table_association" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && ! var.enable_public_redshift ? length(var.redshift_subnets) : 0}"
count = var.create_vpc && length(var.redshift_subnets) > 0 && false == var.enable_public_redshift ? length(var.redshift_subnets) : 0
subnet_id = "${element(aws_subnet.redshift.*.id, count.index)}"
route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}"
subnet_id = element(aws_subnet.redshift.*.id, count.index)
route_table_id = element(
coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id),
var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
)
}
resource "aws_route_table_association" "redshift_public" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0}"
count = var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0
subnet_id = "${element(aws_subnet.redshift.*.id, count.index)}"
route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}"
subnet_id = element(aws_subnet.redshift.*.id, count.index)
route_table_id = element(
coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id),
var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
)
}
resource "aws_route_table_association" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}"
count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
subnet_id = "${element(aws_subnet.elasticache.*.id, count.index)}"
route_table_id = "${element(coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index))}"
subnet_id = element(aws_subnet.elasticache.*.id, count.index)
route_table_id = element(
coalescelist(
aws_route_table.elasticache.*.id,
aws_route_table.private.*.id,
),
var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index,
)
}
resource "aws_route_table_association" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0}"
count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
subnet_id = "${element(aws_subnet.intra.*.id, count.index)}"
route_table_id = "${element(aws_route_table.intra.*.id, 0)}"
subnet_id = element(aws_subnet.intra.*.id, count.index)
route_table_id = element(aws_route_table.intra.*.id, 0)
}
resource "aws_route_table_association" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0}"
count = var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0
subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
route_table_id = "${aws_route_table.public.id}"
subnet_id = element(aws_subnet.public.*.id, count.index)
route_table_id = aws_route_table.public[0].id
}
##############
# VPN Gateway
##############
resource "aws_vpn_gateway" "this" {
count = "${var.create_vpc && var.enable_vpn_gateway ? 1 : 0}"
count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0
vpc_id = "${local.vpc_id}"
amazon_side_asn = "${var.amazon_side_asn}"
vpc_id = local.vpc_id
amazon_side_asn = var.amazon_side_asn
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.vpn_gateway_tags)}"
tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.vpn_gateway_tags,
)
}
resource "aws_vpn_gateway_attachment" "this" {
count = "${var.vpn_gateway_id != "" ? 1 : 0}"
count = var.vpn_gateway_id != "" ? 1 : 0
vpc_id = "${local.vpc_id}"
vpn_gateway_id = "${var.vpn_gateway_id}"
vpc_id = local.vpc_id
vpn_gateway_id = var.vpn_gateway_id
}
resource "aws_vpn_gateway_route_propagation" "public" {
count = "${var.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0}"
count = var.create_vpc && var.propagate_public_route_tables_vgw && var.enable_vpn_gateway || var.vpn_gateway_id != "" ? 1 : 0
route_table_id = "${element(aws_route_table.public.*.id, count.index)}"
vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}"
route_table_id = element(aws_route_table.public.*.id, count.index)
vpn_gateway_id = element(
concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
),
count.index,
)
}
resource "aws_vpn_gateway_route_propagation" "private" {
count = "${var.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.private_subnets) : 0}"
count = var.create_vpc && var.propagate_private_route_tables_vgw && var.enable_vpn_gateway || var.vpn_gateway_id != "" ? length(var.private_subnets) : 0
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}"
route_table_id = element(aws_route_table.private.*.id, count.index)
vpn_gateway_id = element(
concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
),
count.index,
)
}
###########
# Defaults
###########
resource "aws_default_vpc" "this" {
count = "${var.manage_default_vpc ? 1 : 0}"
count = var.manage_default_vpc ? 1 : 0
enable_dns_support = "${var.default_vpc_enable_dns_support}"
enable_dns_hostnames = "${var.default_vpc_enable_dns_hostnames}"
enable_classiclink = "${var.default_vpc_enable_classiclink}"
enable_dns_support = var.default_vpc_enable_dns_support
enable_dns_hostnames = var.default_vpc_enable_dns_hostnames
enable_classiclink = var.default_vpc_enable_classiclink
tags = "${merge(map("Name", format("%s", var.default_vpc_name)), var.tags, var.default_vpc_tags)}"
tags = merge(
{
"Name" = format("%s", var.default_vpc_name)
},
var.tags,
var.default_vpc_tags,
)
}
outputs.tf
View file @ 4ae98060
output "vpc_id" {
description = "The ID of the VPC"
value = "${element(concat(aws_vpc.this.*.id, list("")), 0)}"
value = concat(aws_vpc.this.*.id, [""])[0]
}
output "vpc_arn" {
description = "The ARN of the VPC"
value = "${element(concat(aws_vpc.this.*.arn, list("")), 0)}"
value = concat(aws_vpc.this.*.arn, [""])[0]
}
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = "${element(concat(aws_vpc.this.*.cidr_block, list("")), 0)}"
value = concat(aws_vpc.this.*.cidr_block, [""])[0]
}
output "default_security_group_id" {
description = "The ID of the security group created by default on VPC creation"
value = "${element(concat(aws_vpc.this.*.default_security_group_id, list("")), 0)}"
value = concat(aws_vpc.this.*.default_security_group_id, [""])[0]
}
output "default_network_acl_id" {
description = "The ID of the default network ACL"
value = "${element(concat(aws_vpc.this.*.default_network_acl_id, list("")), 0)}"
value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0]
}
output "default_route_table_id" {
description = "The ID of the default route table"
value = "${element(concat(aws_vpc.this.*.default_route_table_id, list("")), 0)}"
value = concat(aws_vpc.this.*.default_route_table_id, [""])[0]
}
output "vpc_instance_tenancy" {
description = "Tenancy of instances spin up within VPC"
value = "${element(concat(aws_vpc.this.*.instance_tenancy, list("")), 0)}"
value = concat(aws_vpc.this.*.instance_tenancy, [""])[0]
}
output "vpc_enable_dns_support" {
description = "Whether or not the VPC has DNS support"
value = "${element(concat(aws_vpc.this.*.enable_dns_support, list("")), 0)}"
value = concat(aws_vpc.this.*.enable_dns_support, [""])[0]
}
output "vpc_enable_dns_hostnames" {
description = "Whether or not the VPC has DNS hostname support"
value = "${element(concat(aws_vpc.this.*.enable_dns_hostnames, list("")), 0)}"
value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0]
}
//output "vpc_enable_classiclink" {
......@@ -50,7 +50,7 @@ output "vpc_enable_dns_hostnames" {
output "vpc_main_route_table_id" {
description = "The ID of the main route table associated with this VPC"
value = "${element(concat(aws_vpc.this.*.main_route_table_id, list("")), 0)}"
value = concat(aws_vpc.this.*.main_route_table_id, [""])[0]
}
//output "vpc_ipv6_association_id" {
......@@ -65,212 +65,216 @@ output "vpc_main_route_table_id" {
output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC"
value = ["${aws_vpc_ipv4_cidr_block_association.this.*.cidr_block}"]
value = aws_vpc_ipv4_cidr_block_association.this.*.cidr_block
}
output "private_subnets" {
description = "List of IDs of private subnets"
value = ["${aws_subnet.private.*.id}"]
value = aws_subnet.private.*.id
}
output "private_subnet_arns" {
description = "List of ARNs of private subnets"
value = ["${aws_subnet.private.*.arn}"]
value = aws_subnet.private.*.arn
}
output "private_subnets_cidr_blocks" {
description = "List of cidr_blocks of private subnets"
value = ["${aws_subnet.private.*.cidr_block}"]
value = aws_subnet.private.*.cidr_block
}
output "public_subnets" {
description = "List of IDs of public subnets"
value = ["${aws_subnet.public.*.id}"]
value = aws_subnet.public.*.id
}
output "public_subnet_arns" {
description = "List of ARNs of public subnets"
value = ["${aws_subnet.public.*.arn}"]
value = aws_subnet.public.*.arn
}
output "public_subnets_cidr_blocks" {
description = "List of cidr_blocks of public subnets"
value = ["${aws_subnet.public.*.cidr_block}"]
value = aws_subnet.public.*.cidr_block
}
output "database_subnets" {
description = "List of IDs of database subnets"
value = ["${aws_subnet.database.*.id}"]
value = aws_subnet.database.*.id
}
output "database_subnet_arns" {
description = "List of ARNs of database subnets"
value = ["${aws_subnet.database.*.arn}"]
value = aws_subnet.database.*.arn
}
output "database_subnets_cidr_blocks" {
description = "List of cidr_blocks of database subnets"
value = ["${aws_subnet.database.*.cidr_block}"]
value = aws_subnet.database.*.cidr_block
}
output "database_subnet_group" {
description = "ID of database subnet group"
value = "${element(concat(aws_db_subnet_group.database.*.id, list("")), 0)}"
value = concat(aws_db_subnet_group.database.*.id, [""])[0]
}
output "redshift_subnets" {
description = "List of IDs of redshift subnets"
value = ["${aws_subnet.redshift.*.id}"]
value = aws_subnet.redshift.*.id
}
output "redshift_subnet_arns" {
description = "List of ARNs of redshift subnets"
value = ["${aws_subnet.redshift.*.arn}"]
value = aws_subnet.redshift.*.arn
}
output "redshift_subnets_cidr_blocks" {
description = "List of cidr_blocks of redshift subnets"
value = ["${aws_subnet.redshift.*.cidr_block}"]
value = aws_subnet.redshift.*.cidr_block
}
output "redshift_subnet_group" {
description = "ID of redshift subnet group"
value = "${element(concat(aws_redshift_subnet_group.redshift.*.id, list("")), 0)}"
value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0]
}
output "elasticache_subnets" {
description = "List of IDs of elasticache subnets"
value = ["${aws_subnet.elasticache.*.id}"]
value = aws_subnet.elasticache.*.id
}
output "elasticache_subnet_arns" {
description = "List of ARNs of elasticache subnets"
value = ["${aws_subnet.elasticache.*.arn}"]
value = aws_subnet.elasticache.*.arn
}
output "elasticache_subnets_cidr_blocks" {
description = "List of cidr_blocks of elasticache subnets"
value = ["${aws_subnet.elasticache.*.cidr_block}"]
value = aws_subnet.elasticache.*.cidr_block
}
output "intra_subnets" {
description = "List of IDs of intra subnets"
value = ["${aws_subnet.intra.*.id}"]
value = aws_subnet.intra.*.id
}
output "intra_subnet_arns" {
description = "List of ARNs of intra subnets"
value = ["${aws_subnet.intra.*.arn}"]
value = aws_subnet.intra.*.arn
}
output "intra_subnets_cidr_blocks" {
description = "List of cidr_blocks of intra subnets"
value = ["${aws_subnet.intra.*.cidr_block}"]
value = aws_subnet.intra.*.cidr_block
}
output "elasticache_subnet_group" {
description = "ID of elasticache subnet group"
value = "${element(concat(aws_elasticache_subnet_group.elasticache.*.id, list("")), 0)}"
value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0]
}
output "elasticache_subnet_group_name" {
description = "Name of elasticache subnet group"
value = "${element(concat(aws_elasticache_subnet_group.elasticache.*.name, list("")), 0)}"
value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0]
}
output "public_route_table_ids" {
description = "List of IDs of public route tables"
value = ["${aws_route_table.public.*.id}"]
value = aws_route_table.public.*.id
}
output "private_route_table_ids" {
description = "List of IDs of private route tables"
value = ["${aws_route_table.private.*.id}"]
value = aws_route_table.private.*.id
}
output "database_route_table_ids" {
description = "List of IDs of database route tables"
value = ["${coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id)}"]
value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id
}
output "redshift_route_table_ids" {
description = "List of IDs of redshift route tables"
value = ["${coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id)}"]
value = length(aws_route_table.redshift.*.id) > 0 ? aws_route_table.redshift.*.id : aws_route_table.private.*.id
}
output "elasticache_route_table_ids" {
description = "List of IDs of elasticache route tables"
value = ["${coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id)}"]
value = length(aws_route_table.elasticache.*.id) > 0 ? aws_route_table.elasticache.*.id : aws_route_table.private.*.id
}
output "intra_route_table_ids" {
description = "List of IDs of intra route tables"
value = ["${aws_route_table.intra.*.id}"]
value = aws_route_table.intra.*.id
}
output "nat_ids" {
description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
value = ["${aws_eip.nat.*.id}"]
value = aws_eip.nat.*.id
}
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${aws_eip.nat.*.public_ip}"]
value = aws_eip.nat.*.public_ip
}
output "natgw_ids" {
description = "List of NAT Gateway IDs"
value = ["${aws_nat_gateway.this.*.id}"]
value = aws_nat_gateway.this.*.id
}
output "igw_id" {
description = "The ID of the Internet Gateway"
value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}"
value = concat(aws_internet_gateway.this.*.id, [""])[0]
}
output "vgw_id" {
description = "The ID of the VPN Gateway"
value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}"
value = concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
[""],
)[0]
}
output "default_vpc_id" {
description = "The ID of the VPC"
value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}"
value = concat(aws_default_vpc.this.*.id, [""])[0]
}
output "default_vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = "${element(concat(aws_default_vpc.this.*.cidr_block, list("")), 0)}"
value = concat(aws_default_vpc.this.*.cidr_block, [""])[0]
}
output "default_vpc_default_security_group_id" {
description = "The ID of the security group created by default on VPC creation"
value = "${element(concat(aws_default_vpc.this.*.default_security_group_id, list("")), 0)}"
value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0]
}
output "default_vpc_default_network_acl_id" {
description = "The ID of the default network ACL"
value = "${element(concat(aws_default_vpc.this.*.default_network_acl_id, list("")), 0)}"
value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0]
}
output "default_vpc_default_route_table_id" {
description = "The ID of the default route table"
value = "${element(concat(aws_default_vpc.this.*.default_route_table_id, list("")), 0)}"
value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0]
}
output "default_vpc_instance_tenancy" {
description = "Tenancy of instances spin up within VPC"
value = "${element(concat(aws_default_vpc.this.*.instance_tenancy, list("")), 0)}"
value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0]
}
output "default_vpc_enable_dns_support" {
description = "Whether or not the VPC has DNS support"
value = "${element(concat(aws_default_vpc.this.*.enable_dns_support, list("")), 0)}"
value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0]
}
output "default_vpc_enable_dns_hostnames" {
description = "Whether or not the VPC has DNS hostname support"
value = "${element(concat(aws_default_vpc.this.*.enable_dns_hostnames, list("")), 0)}"
value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0]
}
//output "default_vpc_enable_classiclink" {
......@@ -280,7 +284,7 @@ output "default_vpc_enable_dns_hostnames" {
output "default_vpc_main_route_table_id" {
description = "The ID of the main route table associated with this VPC"
value = "${element(concat(aws_default_vpc.this.*.main_route_table_id, list("")), 0)}"
value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0]
}
//output "default_vpc_ipv6_association_id" {
......@@ -295,53 +299,68 @@ output "default_vpc_main_route_table_id" {
output "public_network_acl_id" {
description = "ID of the public network ACL"
value = "${element(concat(aws_network_acl.public.*.id, list("")), 0)}"
value = concat(aws_network_acl.public.*.id, [""])[0]
}
output "private_network_acl_id" {
description = "ID of the private network ACL"
value = "${element(concat(aws_network_acl.private.*.id, list("")), 0)}"
value = concat(aws_network_acl.private.*.id, [""])[0]
}
output "intra_network_acl_id" {
description = "ID of the intra network ACL"
value = "${element(concat(aws_network_acl.intra.*.id, list("")), 0)}"
value = concat(aws_network_acl.intra.*.id, [""])[0]
}
output "database_network_acl_id" {
description = "ID of the database network ACL"
value = "${element(concat(aws_network_acl.database.*.id, list("")), 0)}"
value = concat(aws_network_acl.database.*.id, [""])[0]
}
output "redshift_network_acl_id" {
description = "ID of the redshift network ACL"
value = "${element(concat(aws_network_acl.redshift.*.id, list("")), 0)}"
value = concat(aws_network_acl.redshift.*.id, [""])[0]
}
output "elasticache_network_acl_id" {
description = "ID of the elasticache network ACL"
value = "${element(concat(aws_network_acl.elasticache.*.id, list("")), 0)}"
value = concat(aws_network_acl.elasticache.*.id, [""])[0]
}
# VPC Endpoints
output "vpc_endpoint_s3_id" {
description = "The ID of VPC endpoint for S3"
value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.s3.*.id, [""])[0]
}
output "vpc_endpoint_s3_pl_id" {
description = "The prefix list for the S3 VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}"
value = concat(aws_vpc_endpoint.s3.*.prefix_list_id, [""])[0]
}
output "vpc_endpoint_dynamodb_id" {
description = "The ID of VPC endpoint for DynamoDB"
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.dynamodb.*.id, [""])[0]
}
output "vpc_endpoint_dynamodb_pl_id" {
description = "The prefix list for the DynamoDB VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}"
value = concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, [""])[0]
}
output "vpc_endpoint_sqs_id" {
description = "The ID of VPC endpoint for SQS"
value = concat(aws_vpc_endpoint.sqs.*.id, [""])[0]
}
output "vpc_endpoint_sqs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)
}
output "vpc_endpoint_sqs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.dns_entry)
}
output "vpc_endpoint_sqs_id" {
......@@ -361,122 +380,167 @@ output "vpc_endpoint_sqs_dns_entry" {
output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM"
value = "${element(concat(aws_vpc_endpoint.ssm.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ssm.*.id, [""])[0]
}
output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)
}
output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ssm.*.dns_entry)
}
output "vpc_endpoint_ssmmessages_id" {
description = "The ID of VPC endpoint for SSMMESSAGES"
value = "${element(concat(aws_vpc_endpoint.ssmmessages.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ssmmessages.*.id, [""])[0]
}
output "vpc_endpoint_ssmmessages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES."
value = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)
}
output "vpc_endpoint_ssmmessages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSMMESSAGES."
value = "${flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)
}
output "vpc_endpoint_ec2_id" {
description = "The ID of VPC endpoint for EC2"
value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ec2.*.id, [""])[0]
}
output "vpc_endpoint_ec2_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2"
value = "${flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)
}
output "vpc_endpoint_ec2_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2."
value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ec2.*.dns_entry)
}
output "vpc_endpoint_ec2messages_id" {
description = "The ID of VPC endpoint for EC2MESSAGES"
value = "${element(concat(aws_vpc_endpoint.ec2messages.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ec2messages.*.id, [""])[0]
}
output "vpc_endpoint_ec2messages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES"
value = "${flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)
}
output "vpc_endpoint_ec2messages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2MESSAGES."
value = "${flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)
}
output "vpc_endpoint_kms_id" {
description = "The ID of VPC endpoint for KMS"
value = "${element(concat(aws_vpc_endpoint.kms.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.kms.*.id, [""])[0]
}
output "vpc_endpoint_kms_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for KMS."
value = "${flatten(aws_vpc_endpoint.kms.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.kms.*.network_interface_ids)
}
output "vpc_endpoint_kms_dns_entry" {
description = "The DNS entries for the VPC Endpoint for KMS."
value = "${flatten(aws_vpc_endpoint.kms.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.kms.*.dns_entry)
}
output "vpc_endpoint_ecr_api_id" {
description = "The ID of VPC endpoint for ECR API"
value = "${element(concat(aws_vpc_endpoint.ecr_api.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ecr_api.*.id, [""])[0]
}
output "vpc_endpoint_ecr_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR API."
value = "${flatten(aws_vpc_endpoint.ecr_api.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ecr_api.*.network_interface_ids)
}
output "vpc_endpoint_ecr_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR API."
value = "${flatten(aws_vpc_endpoint.ecr_api.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ecr_api.*.dns_entry)
}
output "vpc_endpoint_ecr_dkr_id" {
description = "The ID of VPC endpoint for ECR DKR"
value = "${element(concat(aws_vpc_endpoint.ecr_dkr.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.ecr_dkr.*.id, [""])[0]
}
output "vpc_endpoint_ecr_dkr_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR DKR."
value = "${flatten(aws_vpc_endpoint.ecr_dkr.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.ecr_dkr.*.network_interface_ids)
}
output "vpc_endpoint_ecr_dkr_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR DKR."
value = "${flatten(aws_vpc_endpoint.ecr_dkr.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.ecr_dkr.*.dns_entry)
}
output "vpc_endpoint_apigw_id" {
description = "The ID of VPC endpoint for APIGW"
value = "${element(concat(aws_vpc_endpoint.apigw.*.id, list("")), 0)}"
value = concat(aws_vpc_endpoint.apigw.*.id, [""])[0]
}
output "vpc_endpoint_apigw_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for APIGW."
value = "${flatten(aws_vpc_endpoint.apigw.*.network_interface_ids)}"
value = flatten(aws_vpc_endpoint.apigw.*.network_interface_ids)
}
output "vpc_endpoint_apigw_dns_entry" {
description = "The DNS entries for the VPC Endpoint for APIGW."
value = "${flatten(aws_vpc_endpoint.apigw.*.dns_entry)}"
value = flatten(aws_vpc_endpoint.apigw.*.dns_entry)
}
output "vpc_endpoint_ecs_id" {
description = "The ID of VPC endpoint for ECS"
value = concat(aws_vpc_endpoint.ecs.*.id, [""])[0]
}
output "vpc_endpoint_ecs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.network_interface_ids)
}
output "vpc_endpoint_ecs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.dns_entry)
}
output "vpc_endpoint_ecs_agent_id" {
description = "The ID of VPC endpoint for ECS Agent"
value = concat(aws_vpc_endpoint.ecs_agent.*.id, [""])[0]
}
output "vpc_endpoint_ecs_agent_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids)
}
output "vpc_endpoint_ecs_agent_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry)
}
output "vpc_endpoint_ecs_telemetry_id" {
description = "The ID of VPC endpoint for ECS Telemetry"
value = concat(aws_vpc_endpoint.ecs_telemetry.*.id, [""])[0]
}
output "vpc_endpoint_ecs_telemetry_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids)
}
output "vpc_endpoint_ecs_telemetry_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry)
}
output "vpc_endpoint_ecs_id" {
......@@ -527,5 +591,6 @@ output "vpc_endpoint_ecs_telemetry_dns_entry" {
# Static values (arguments)
output "azs" {
description = "A list of availability zones specified as argument to this module"
value = "${var.azs}"
value = var.azs
}
variables.tf
View file @ 4ae98060
variable "create_vpc" {
description = "Controls if VPC should be created (it affects almost all resources)"
type = bool
default = true
}
......@@ -15,172 +16,225 @@ variable "cidr" {
variable "assign_generated_ipv6_cidr_block" {
description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block"
type = bool
default = false
}
variable "secondary_cidr_blocks" {
description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
type = list(string)
default = []
}
variable "instance_tenancy" {
description = "A tenancy option for instances launched into the VPC"
type = string
default = "default"
}
variable "public_subnet_suffix" {
description = "Suffix to append to public subnets name"
type = string
default = "public"
}
variable "private_subnet_suffix" {
description = "Suffix to append to private subnets name"
type = string
default = "private"
}
variable "intra_subnet_suffix" {
description = "Suffix to append to intra subnets name"
type = string
default = "intra"
}
variable "database_subnet_suffix" {
description = "Suffix to append to database subnets name"
type = string
default = "db"
}
variable "redshift_subnet_suffix" {
description = "Suffix to append to redshift subnets name"
type = string
default = "redshift"
}
variable "elasticache_subnet_suffix" {
description = "Suffix to append to elasticache subnets name"
type = string
default = "elasticache"
}
variable "public_subnets" {
description = "A list of public subnets inside the VPC"
type = list(string)
default = []
}
variable "private_subnets" {
description = "A list of private subnets inside the VPC"
type = list(string)
default = []
}
variable "database_subnets" {
description = "A list of database subnets"
type = list(string)
default = []
}
variable "redshift_subnets" {
description = "A list of redshift subnets"
type = list(string)
default = []
}
variable "elasticache_subnets" {
description = "A list of elasticache subnets"
type = list(string)
default = []
}
variable "intra_subnets" {
description = "A list of intra subnets"
type = list(string)
default = []
}
variable "create_database_subnet_route_table" {
description = "Controls if separate route table for database should be created"
type = bool
default = false
}
variable "create_redshift_subnet_route_table" {
description = "Controls if separate route table for redshift should be created"
type = bool
default = false
}
variable "enable_public_redshift" {
description = "Controls if redshift should have public routing table"
type = bool
default = false
}
variable "create_elasticache_subnet_route_table" {
description = "Controls if separate route table for elasticache should be created"
type = bool
default = false
}
variable "create_database_subnet_group" {
description = "Controls if database subnet group should be created"
type = bool
default = true
}
variable "create_elasticache_subnet_group" {
description = "Controls if elasticache subnet group should be created"
type = bool
default = true
}
variable "create_redshift_subnet_group" {
description = "Controls if redshift subnet group should be created"
type = bool
default = true
}
variable "create_database_internet_gateway_route" {
description = "Controls if an internet gateway route for public database access should be created"
type = bool
default = false
}
variable "create_database_nat_gateway_route" {
description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
type = bool
default = false
}
variable "azs" {
description = "A list of availability zones in the region"
type = list(string)
default = []
}
variable "enable_dns_hostnames" {
description = "Should be true to enable DNS hostnames in the VPC"
type = bool
default = false
}
variable "enable_dns_support" {
description = "Should be true to enable DNS support in the VPC"
type = bool
default = true
}
variable "enable_nat_gateway" {
description = "Should be true if you want to provision NAT Gateways for each of your private networks"
type = bool
default = false
}
variable "single_nat_gateway" {
description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
type = bool
default = false
}
variable "one_nat_gateway_per_az" {
description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
type = bool
default = false
}
variable "reuse_nat_ips" {
description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
type = bool
default = false
}
variable "external_nat_ip_ids" {
description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
type = list(string)
default = []
}
variable "enable_dynamodb_endpoint" {
description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
type = bool
default = false
}
variable "enable_s3_endpoint" {
description = "Should be true if you want to provision an S3 endpoint to the VPC"
type = bool
default = false
}
variable "enable_sqs_endpoint" {
description = "Should be true if you want to provision an SQS endpoint to the VPC"
default = false
}
variable "sqs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
default = []
}
variable "sqs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
default = []
}
variable "sqs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
default = false
}
......@@ -206,161 +260,265 @@ variable "sqs_endpoint_private_dns_enabled" {
variable "enable_ssm_endpoint" {
description = "Should be true if you want to provision an SSM endpoint to the VPC"
type = bool
default = false
}
variable "ssm_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
type = list(string)
default = []
}
variable "ssm_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ssm_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
type = bool
default = false
}
variable "enable_ssmmessages_endpoint" {
description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
type = bool
default = false
}
variable "enable_apigw_endpoint" {
description = "Should be true if you want to provision an api gateway endpoint to the VPC"
type = bool
default = false
}
variable "apigw_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
type = list(string)
default = []
}
variable "apigw_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
type = bool
default = false
}
variable "apigw_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ssmmessages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
type = list(string)
default = []
}
variable "ssmmessages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ssmmessages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
type = bool
default = false
}
variable "enable_ec2_endpoint" {
description = "Should be true if you want to provision an EC2 endpoint to the VPC"
type = bool
default = false
}
variable "ec2_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
type = list(string)
default = []
}
variable "ec2_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
type = bool
default = false
}
variable "ec2_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ec2messages_endpoint" {
description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
type = bool
default = false
}
variable "ec2messages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
type = list(string)
default = []
}
variable "ec2messages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
type = bool
default = false
}
variable "ec2messages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "enable_ecr_api_endpoint" {
description = "Should be true if you want to provision an ecr api endpoint to the VPC"
type = bool
default = false
}
variable "ecr_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecr_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
type = bool
default = false
}
variable "ecr_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
type = list(string)
default = []
}
variable "enable_ecr_dkr_endpoint" {
description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
type = bool
default = false
}
variable "ecr_dkr_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecr_dkr_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
type = bool
default = false
}
variable "ecr_dkr_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
type = list(string)
default = []
}
variable "enable_kms_endpoint" {
description = "Should be true if you want to provision a KMS endpoint to the VPC"
type = bool
default = false
}
variable "kms_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
type = list(string)
default = []
}
variable "kms_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "kms_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
type = bool
default = false
}
variable "enable_ecs_endpoint" {
description = "Should be true if you want to provision a ECS endpoint to the VPC"
type = bool
default = false
}
variable "ecs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
type = list(string)
default = []
}
variable "ecs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
type = bool
default = false
}
variable "enable_ecs_agent_endpoint" {
description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
type = bool
default = false
}
variable "ecs_agent_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
type = list(string)
default = []
}
variable "ecs_agent_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_agent_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
type = bool
default = false
}
variable "enable_ecs_telemetry_endpoint" {
description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
type = bool
default = false
}
variable "ecs_telemetry_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
type = bool
default = false
}
......@@ -426,11 +584,13 @@ variable "ecs_telemetry_endpoint_private_dns_enabled" {
variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch"
type = bool
default = true
}
variable "enable_vpn_gateway" {
description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
type = bool
default = false
}
......@@ -446,261 +606,310 @@ variable "amazon_side_asn" {
variable "propagate_private_route_tables_vgw" {
description = "Should be true if you want route table propagation"
type = bool
default = false
}
variable "propagate_public_route_tables_vgw" {
description = "Should be true if you want route table propagation"
type = bool
default = false
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
variable "vpc_tags" {
description = "Additional tags for the VPC"
type = map(string)
default = {}
}
variable "igw_tags" {
description = "Additional tags for the internet gateway"
type = map(string)
default = {}
}
variable "public_subnet_tags" {
description = "Additional tags for the public subnets"
type = map(string)
default = {}
}
variable "private_subnet_tags" {
description = "Additional tags for the private subnets"
type = map(string)
default = {}
}
variable "public_route_table_tags" {
description = "Additional tags for the public route tables"
type = map(string)
default = {}
}
variable "private_route_table_tags" {
description = "Additional tags for the private route tables"
type = map(string)
default = {}
}
variable "database_route_table_tags" {
description = "Additional tags for the database route tables"
type = map(string)
default = {}
}
variable "redshift_route_table_tags" {
description = "Additional tags for the redshift route tables"
type = map(string)
default = {}
}
variable "elasticache_route_table_tags" {
description = "Additional tags for the elasticache route tables"
type = map(string)
default = {}
}
variable "intra_route_table_tags" {
description = "Additional tags for the intra route tables"
type = map(string)
default = {}
}
variable "database_subnet_tags" {
description = "Additional tags for the database subnets"
type = map(string)
default = {}
}
variable "database_subnet_group_tags" {
description = "Additional tags for the database subnet group"
type = map(string)
default = {}
}
variable "redshift_subnet_tags" {
description = "Additional tags for the redshift subnets"
type = map(string)
default = {}
}
variable "redshift_subnet_group_tags" {
description = "Additional tags for the redshift subnet group"
type = map(string)
default = {}
}
variable "elasticache_subnet_tags" {
description = "Additional tags for the elasticache subnets"
type = map(string)
default = {}
}
variable "intra_subnet_tags" {
description = "Additional tags for the intra subnets"
type = map(string)
default = {}
}
variable "public_acl_tags" {
description = "Additional tags for the public subnets network ACL"
type = map(string)
default = {}
}
variable "private_acl_tags" {
description = "Additional tags for the private subnets network ACL"
type = map(string)
default = {}
}
variable "intra_acl_tags" {
description = "Additional tags for the intra subnets network ACL"
type = map(string)
default = {}
}
variable "database_acl_tags" {
description = "Additional tags for the database subnets network ACL"
type = map(string)
default = {}
}
variable "redshift_acl_tags" {
description = "Additional tags for the redshift subnets network ACL"
type = map(string)
default = {}
}
variable "elasticache_acl_tags" {
description = "Additional tags for the elasticache subnets network ACL"
type = map(string)
default = {}
}
variable "dhcp_options_tags" {
description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
type = map(string)
default = {}
}
variable "nat_gateway_tags" {
description = "Additional tags for the NAT gateways"
type = map(string)
default = {}
}
variable "nat_eip_tags" {
description = "Additional tags for the NAT EIP"
type = map(string)
default = {}
}
variable "vpn_gateway_tags" {
description = "Additional tags for the VPN gateway"
type = map(string)
default = {}
}
variable "enable_dhcp_options" {
description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
type = bool
default = false
}
variable "dhcp_options_domain_name" {
description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
type = string
default = ""
}
variable "dhcp_options_domain_name_servers" {
description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
type = list(string)
default = ["AmazonProvidedDNS"]
}
variable "dhcp_options_ntp_servers" {
description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = []
}
variable "dhcp_options_netbios_name_servers" {
description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = []
}
variable "dhcp_options_netbios_node_type" {
description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
type = string
default = ""
}
variable "manage_default_vpc" {
description = "Should be true to adopt and manage Default VPC"
type = bool
default = false
}
variable "default_vpc_name" {
description = "Name to be used on the Default VPC"
type = string
default = ""
}
variable "default_vpc_enable_dns_support" {
description = "Should be true to enable DNS support in the Default VPC"
type = bool
default = true
}
variable "default_vpc_enable_dns_hostnames" {
description = "Should be true to enable DNS hostnames in the Default VPC"
type = bool
default = false
}
variable "default_vpc_enable_classiclink" {
description = "Should be true to enable ClassicLink in the Default VPC"
type = bool
default = false
}
variable "default_vpc_tags" {
description = "Additional tags for the Default VPC"
type = map(string)
default = {}
}
variable "manage_default_network_acl" {
description = "Should be true to adopt and manage Default Network ACL"
type = bool
default = false
}
variable "default_network_acl_name" {
description = "Name to be used on the Default Network ACL"
type = string
default = ""
}
variable "default_network_acl_tags" {
description = "Additional tags for the Default Network ACL"
type = map(string)
default = {}
}
variable "public_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
type = bool
default = false
}
variable "private_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
type = bool
default = false
}
variable "intra_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
type = bool
default = false
}
variable "database_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
type = bool
default = false
}
variable "redshift_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
type = bool
default = false
}
variable "elasticache_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
type = bool
default = false
}
variable "default_network_acl_ingress" {
description = "List of maps of ingress rules to set on the Default Network ACL"
type = list(map(string))
default = [{
default = [
{
rule_no = 100
action = "allow"
from_port = 0
......@@ -721,8 +930,10 @@ variable "default_network_acl_ingress" {
variable "default_network_acl_egress" {
description = "List of maps of egress rules to set on the Default Network ACL"
type = list(map(string))
default = [{
default = [
{
rule_no = 100
action = "allow"
from_port = 0
......@@ -743,6 +954,7 @@ variable "default_network_acl_egress" {
variable "public_inbound_acl_rules" {
description = "Public subnets inbound network ACLs"
type = list(map(string))
default = [
{
......@@ -758,6 +970,7 @@ variable "public_inbound_acl_rules" {
variable "public_outbound_acl_rules" {
description = "Public subnets outbound network ACLs"
type = list(map(string))
default = [
{
......@@ -773,6 +986,7 @@ variable "public_outbound_acl_rules" {
variable "private_inbound_acl_rules" {
description = "Private subnets inbound network ACLs"
type = list(map(string))
default = [
{
......@@ -788,6 +1002,7 @@ variable "private_inbound_acl_rules" {
variable "private_outbound_acl_rules" {
description = "Private subnets outbound network ACLs"
type = list(map(string))
default = [
{
......@@ -803,6 +1018,7 @@ variable "private_outbound_acl_rules" {
variable "intra_inbound_acl_rules" {
description = "Intra subnets inbound network ACLs"
type = list(map(string))
default = [
{
......@@ -818,6 +1034,7 @@ variable "intra_inbound_acl_rules" {
variable "intra_outbound_acl_rules" {
description = "Intra subnets outbound network ACLs"
type = list(map(string))
default = [
{
......@@ -833,6 +1050,7 @@ variable "intra_outbound_acl_rules" {
variable "database_inbound_acl_rules" {
description = "Database subnets inbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -848,6 +1066,7 @@ variable "database_inbound_acl_rules" {
variable "database_outbound_acl_rules" {
description = "Database subnets outbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -863,6 +1082,7 @@ variable "database_outbound_acl_rules" {
variable "redshift_inbound_acl_rules" {
description = "Redshift subnets inbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -878,6 +1098,7 @@ variable "redshift_inbound_acl_rules" {
variable "redshift_outbound_acl_rules" {
description = "Redshift subnets outbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -893,6 +1114,7 @@ variable "redshift_outbound_acl_rules" {
variable "elasticache_inbound_acl_rules" {
description = "Elasticache subnets inbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -908,6 +1130,7 @@ variable "elasticache_inbound_acl_rules" {
variable "elasticache_outbound_acl_rules" {
description = "Elasticache subnets outbound network ACL rules"
type = list(map(string))
default = [
{
......@@ -920,3 +1143,4 @@ variable "elasticache_outbound_acl_rules" {
},
]
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment