Skip to content

T
terraform-aws-vpc
Commit 4ae98060 authored by Anton Babenko's avatar Anton Babenko Committed by GitHub
Browse files
Options

Finally, Terraform 0.12 support (#266) 

* run terraform 0.12upgrade

* Cleanup for Terraform 0.12 (closes #265, #228)
parent 3d33b1fc
Hide whitespace changes
Inline Side-by-side
Showing with 1239 additions and 561 deletions
.pre-commit-config.yaml
View file @ 4ae98060
...@@ -3,7 +3,7 @@ repos: ...@@ -3,7 +3,7 @@ repos:
rev: v1.11.0 rev: v1.11.0
hooks: hooks:
- id: terraform_fmt - id: terraform_fmt
- id: terraform_docs # - id: terraform_docs # not yet compatible with Terraform 0.12
- repo: git://github.com/pre-commit/pre-commit-hooks - repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.2.3 rev: v2.2.3
hooks: hooks:
......
examples/complete-vpc/main.tf
View file @ 4ae98060
...@@ -4,7 +4,7 @@ provider "aws" { ...@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" { data "aws_security_group" "default" {
name = "default" name = "default"
vpc_id = "${module.vpc.vpc_id}" vpc_id = module.vpc.vpc_id
} }
module "vpc" { module "vpc" {
...@@ -45,52 +45,52 @@ module "vpc" { ...@@ -45,52 +45,52 @@ module "vpc" {
# VPC endpoint for SSM # VPC endpoint for SSM
enable_ssm_endpoint = true enable_ssm_endpoint = true
ssm_endpoint_private_dns_enabled = true ssm_endpoint_private_dns_enabled = true
ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ssm_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for SSMMESSAGES # VPC endpoint for SSMMESSAGES
enable_ssmmessages_endpoint = true enable_ssmmessages_endpoint = true
ssmmessages_endpoint_private_dns_enabled = true ssmmessages_endpoint_private_dns_enabled = true
ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ssmmessages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2 # VPC Endpoint for EC2
enable_ec2_endpoint = true enable_ec2_endpoint = true
ec2_endpoint_private_dns_enabled = true ec2_endpoint_private_dns_enabled = true
ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ec2_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for EC2MESSAGES # VPC Endpoint for EC2MESSAGES
enable_ec2messages_endpoint = true enable_ec2messages_endpoint = true
ec2messages_endpoint_private_dns_enabled = true ec2messages_endpoint_private_dns_enabled = true
ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ec2messages_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR API # VPC Endpoint for ECR API
enable_ecr_api_endpoint = true enable_ecr_api_endpoint = true
ecr_api_endpoint_private_dns_enabled = true ecr_api_endpoint_private_dns_enabled = true
ecr_api_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ecr_api_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC Endpoint for ECR DKR # VPC Endpoint for ECR DKR
enable_ecr_dkr_endpoint = true enable_ecr_dkr_endpoint = true
ecr_dkr_endpoint_private_dns_enabled = true ecr_dkr_endpoint_private_dns_enabled = true
ecr_dkr_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ecr_dkr_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for KMS # VPC endpoint for KMS
enable_kms_endpoint = true enable_kms_endpoint = true
kms_endpoint_private_dns_enabled = true kms_endpoint_private_dns_enabled = true
kms_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] kms_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS # VPC endpoint for ECS
enable_ecs_endpoint = true enable_ecs_endpoint = true
ecs_endpoint_private_dns_enabled = true ecs_endpoint_private_dns_enabled = true
ecs_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ecs_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for ECS telemetry # VPC endpoint for ECS telemetry
enable_ecs_telemetry_endpoint = true enable_ecs_telemetry_endpoint = true
ecs_telemetry_endpoint_private_dns_enabled = true ecs_telemetry_endpoint_private_dns_enabled = true
ecs_telemetry_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] ecs_telemetry_endpoint_security_group_ids = [data.aws_security_group.default.id]
# VPC endpoint for SQS # VPC endpoint for SQS
enable_sqs_endpoint = true enable_sqs_endpoint = true
sqs_endpoint_private_dns_enabled = true sqs_endpoint_private_dns_enabled = true
sqs_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] sqs_endpoint_security_group_ids = [data.aws_security_group.default.id]
tags = { tags = {
Owner = "user" Owner = "user"
...@@ -98,3 +98,4 @@ module "vpc" { ...@@ -98,3 +98,4 @@ module "vpc" {
Name = "complete" Name = "complete"
} }
} }
examples/complete-vpc/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"] value = module.vpc.database_subnets
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"] value = module.vpc.elasticache_subnets
} }
output "redshift_subnets" { output "redshift_subnets" {
description = "List of IDs of redshift subnets" description = "List of IDs of redshift subnets"
value = ["${module.vpc.redshift_subnets}"] value = module.vpc.redshift_subnets
} }
output "intra_subnets" { output "intra_subnets" {
description = "List of IDs of intra subnets" description = "List of IDs of intra subnets"
value = ["${module.vpc.intra_subnets}"] value = module.vpc.intra_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
# VPC endpoints # VPC endpoints
output "vpc_endpoint_ssm_id" { output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM" description = "The ID of VPC endpoint for SSM"
value = "${module.vpc.vpc_endpoint_ssm_id}" value = module.vpc.vpc_endpoint_ssm_id
} }
output "vpc_endpoint_ssm_network_interface_ids" { output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM." description = "One or more network interfaces for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_network_interface_ids}"] value = module.vpc.vpc_endpoint_ssm_network_interface_ids
} }
output "vpc_endpoint_ssm_dns_entry" { output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM." description = "The DNS entries for the VPC Endpoint for SSM."
value = ["${module.vpc.vpc_endpoint_ssm_dns_entry}"] value = module.vpc.vpc_endpoint_ssm_dns_entry
} }
// //
...@@ -73,4 +73,3 @@ output "vpc_endpoint_ssm_dns_entry" { ...@@ -73,4 +73,3 @@ output "vpc_endpoint_ssm_dns_entry" {
// description = "The DNS entries for the VPC Endpoint for EC2." // description = "The DNS entries for the VPC Endpoint for EC2."
// value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"] // value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"]
//} //}
examples/issue-108-route-already-exists/main.tf
View file @ 4ae98060
...@@ -19,3 +19,4 @@ module "vpc" { ...@@ -19,3 +19,4 @@ module "vpc" {
enable_s3_endpoint = true enable_s3_endpoint = true
enable_dynamodb_endpoint = true enable_dynamodb_endpoint = true
} }
examples/issue-108-route-already-exists/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"] value = module.vpc.database_subnets
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"] value = module.vpc.elasticache_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
examples/issue-224-vpcendpoint-apigw/main.tf
View file @ 4ae98060
...@@ -4,7 +4,7 @@ provider "aws" { ...@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" { data "aws_security_group" "default" {
name = "default" name = "default"
vpc_id = "${module.vpc.vpc_id}" vpc_id = module.vpc.vpc_id
} }
module "vpc" { module "vpc" {
...@@ -19,7 +19,7 @@ module "vpc" { ...@@ -19,7 +19,7 @@ module "vpc" {
# VPC endpoint for API gateway # VPC endpoint for API gateway
enable_apigw_endpoint = true enable_apigw_endpoint = true
apigw_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] apigw_endpoint_security_group_ids = [data.aws_security_group.default.id]
apigw_endpoint_private_dns_enabled = true apigw_endpoint_private_dns_enabled = true
tags = { tags = {
...@@ -28,3 +28,4 @@ module "vpc" { ...@@ -28,3 +28,4 @@ module "vpc" {
Name = "test-224" Name = "test-224"
} }
} }
examples/issue-44-asymmetric-private-subnets/main.tf
View file @ 4ae98060
...@@ -25,3 +25,4 @@ module "vpc" { ...@@ -25,3 +25,4 @@ module "vpc" {
Name = "asymmetrical" Name = "asymmetrical"
} }
} }
examples/issue-44-asymmetric-private-subnets/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"] value = module.vpc.database_subnets
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"] value = module.vpc.elasticache_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
examples/issue-46-no-private-subnets/main.tf
View file @ 4ae98060
...@@ -23,3 +23,4 @@ module "vpc" { ...@@ -23,3 +23,4 @@ module "vpc" {
Name = "no-private-subnets" Name = "no-private-subnets"
} }
} }
examples/issue-46-no-private-subnets/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"] value = module.vpc.database_subnets
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"] value = module.vpc.elasticache_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
examples/manage-default-vpc/main.tf
View file @ 4ae98060
...@@ -11,3 +11,4 @@ module "vpc" { ...@@ -11,3 +11,4 @@ module "vpc" {
default_vpc_name = "default" default_vpc_name = "default"
default_vpc_enable_dns_hostnames = true default_vpc_enable_dns_hostnames = true
} }
examples/manage-default-vpc/outputs.tf
View file @ 4ae98060
# Default VPC # Default VPC
output "default_vpc_id" { output "default_vpc_id" {
description = "The ID of the Default VPC" description = "The ID of the Default VPC"
value = "${module.vpc.default_vpc_id}" value = module.vpc.default_vpc_id
} }
output "default_vpc_cidr_block" { output "default_vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = "${module.vpc.default_vpc_cidr_block}" value = module.vpc.default_vpc_cidr_block
} }
examples/network-acls/main.tf
View file @ 4ae98060
...@@ -15,8 +15,14 @@ module "vpc" { ...@@ -15,8 +15,14 @@ module "vpc" {
elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"] elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"]
public_dedicated_network_acl = true public_dedicated_network_acl = true
public_inbound_acl_rules = "${concat(local.network_acls["default_inbound"], local.network_acls["public_inbound"])}" public_inbound_acl_rules = concat(
public_outbound_acl_rules = "${concat(local.network_acls["default_outbound"], local.network_acls["public_outbound"])}" local.network_acls["default_inbound"],
local.network_acls["public_inbound"],
)
public_outbound_acl_rules = concat(
local.network_acls["default_outbound"],
local.network_acls["public_outbound"],
)
private_dedicated_network_acl = true private_dedicated_network_acl = true
...@@ -51,7 +57,6 @@ locals { ...@@ -51,7 +57,6 @@ locals {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
}, },
] ]
default_outbound = [ default_outbound = [
{ {
rule_number = 900 rule_number = 900
...@@ -62,7 +67,6 @@ locals { ...@@ -62,7 +67,6 @@ locals {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
}, },
] ]
public_inbound = [ public_inbound = [
{ {
rule_number = 100 rule_number = 100
...@@ -97,7 +101,6 @@ locals { ...@@ -97,7 +101,6 @@ locals {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
}, },
] ]
public_outbound = [ public_outbound = [
{ {
rule_number = 100 rule_number = 100
...@@ -134,3 +137,4 @@ locals { ...@@ -134,3 +137,4 @@ locals {
] ]
} }
} }
examples/network-acls/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# CIDR blocks # CIDR blocks
output "vpc_cidr_block" { output "vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"] value = module.vpc.vpc_cidr_block
} }
//output "vpc_ipv6_cidr_block" { //output "vpc_ipv6_cidr_block" {
...@@ -18,37 +18,38 @@ output "vpc_cidr_block" { ...@@ -18,37 +18,38 @@ output "vpc_cidr_block" {
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
# Network ACLs # Network ACLs
output "public_network_acl_id" { output "public_network_acl_id" {
description = "ID of the public network ACL" description = "ID of the public network ACL"
value = "${module.vpc.public_network_acl_id}" value = module.vpc.public_network_acl_id
} }
output "private_network_acl_id" { output "private_network_acl_id" {
description = "ID of the private network ACL" description = "ID of the private network ACL"
value = "${module.vpc.private_network_acl_id}" value = module.vpc.private_network_acl_id
} }
output "elasticache_network_acl_id" { output "elasticache_network_acl_id" {
description = "ID of the elasticache network ACL" description = "ID of the elasticache network ACL"
value = "${module.vpc.elasticache_network_acl_id}" value = module.vpc.elasticache_network_acl_id
} }
output "default_network_acl_id" { output "default_network_acl_id" {
description = "The ID of the default network ACL" description = "The ID of the default network ACL"
value = "${module.vpc.default_network_acl_id}" value = module.vpc.default_network_acl_id
} }
examples/secondary-cidr-blocks/main.tf
View file @ 4ae98060
...@@ -31,3 +31,4 @@ module "vpc" { ...@@ -31,3 +31,4 @@ module "vpc" {
Name = "vpc-name" Name = "vpc-name"
} }
} }
examples/secondary-cidr-blocks/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# CIDR blocks # CIDR blocks
output "vpc_cidr_block" { output "vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"] value = module.vpc.vpc_cidr_block
} }
output "vpc_secondary_cidr_blocks" { output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC" description = "List of secondary CIDR blocks of the VPC"
value = ["${module.vpc.vpc_secondary_cidr_blocks}"] value = module.vpc.vpc_secondary_cidr_blocks
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
examples/simple-vpc/main.tf
View file @ 4ae98060
...@@ -4,7 +4,7 @@ provider "aws" { ...@@ -4,7 +4,7 @@ provider "aws" {
data "aws_security_group" "default" { data "aws_security_group" "default" {
name = "default" name = "default"
vpc_id = "${module.vpc.vpc_id}" vpc_id = module.vpc.vpc_id
} }
module "vpc" { module "vpc" {
...@@ -36,3 +36,4 @@ module "vpc" { ...@@ -36,3 +36,4 @@ module "vpc" {
Name = "vpc-name" Name = "vpc-name"
} }
} }
examples/simple-vpc/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# CIDR blocks # CIDR blocks
output "vpc_cidr_block" { output "vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = ["${module.vpc.vpc_cidr_block}"] value = module.vpc.vpc_cidr_block
} }
//output "vpc_ipv6_cidr_block" { //output "vpc_ipv6_cidr_block" {
...@@ -18,22 +18,23 @@ output "vpc_cidr_block" { ...@@ -18,22 +18,23 @@ output "vpc_cidr_block" {
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
# AZs # AZs
output "azs" { output "azs" {
description = "A list of availability zones spefified as argument to this module" description = "A list of availability zones spefified as argument to this module"
value = ["${module.vpc.azs}"] value = module.vpc.azs
} }
examples/test_fixture/main.tf
View file @ 4ae98060
provider "aws" { provider "aws" {
region = "${var.region}" region = var.region
} }
data "aws_availability_zones" "available" {} data "aws_availability_zones" "available" {
}
module "vpc" { module "vpc" {
source = "../.." source = "../.."
name = "test-example" name = "test-example"
cidr = "10.0.0.0/16" cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}"] azs = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true enable_nat_gateway = true
...@@ -19,3 +20,4 @@ module "vpc" { ...@@ -19,3 +20,4 @@ module "vpc" {
Environment = "dev" Environment = "dev"
} }
} }
examples/test_fixture/outputs.tf
View file @ 4ae98060
output "region" { output "region" {
description = "Region we created the resources in." description = "Region we created the resources in."
value = "${var.region}" value = var.region
} }
examples/test_fixture/variables.tf
View file @ 4ae98060
variable "region" { variable "region" {
default = "eu-west-1" default = "eu-west-1"
} }
examples/vpc-separate-private-route-tables/main.tf
View file @ 4ae98060
...@@ -29,3 +29,4 @@ module "vpc" { ...@@ -29,3 +29,4 @@ module "vpc" {
Name = "separate-private-route-tables" Name = "separate-private-route-tables"
} }
} }
examples/vpc-separate-private-route-tables/outputs.tf
View file @ 4ae98060
# VPC # VPC
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${module.vpc.vpc_id}" value = module.vpc.vpc_id
} }
# Subnets # Subnets
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${module.vpc.private_subnets}"] value = module.vpc.private_subnets
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${module.vpc.public_subnets}"] value = module.vpc.public_subnets
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${module.vpc.database_subnets}"] value = module.vpc.database_subnets
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.elasticache_subnets}"] value = module.vpc.elasticache_subnets
} }
output "redshift_subnets" { output "redshift_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${module.vpc.redshift_subnets}"] value = module.vpc.redshift_subnets
} }
# NAT gateways # NAT gateways
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${module.vpc.nat_public_ips}"] value = module.vpc.nat_public_ips
} }
main.tf
View file @ 4ae98060
terraform {
required_version = ">= 0.10.3" # introduction of Local Values configuration language feature
}
locals { locals {
max_subnet_length = "${max(length(var.private_subnets), length(var.elasticache_subnets), length(var.database_subnets), length(var.redshift_subnets))}" max_subnet_length = max(
nat_gateway_count = "${var.single_nat_gateway ? 1 : (var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length)}" length(var.private_subnets),
length(var.elasticache_subnets),
length(var.database_subnets),
length(var.redshift_subnets),
)
nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
# Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
vpc_id = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(
concat(
aws_vpc_ipv4_cidr_block_association.this.*.vpc_id,
aws_vpc.this.*.id,
[""],
),
0,
)
} }
###### ######
# VPC # VPC
###### ######
resource "aws_vpc" "this" { resource "aws_vpc" "this" {
count = "${var.create_vpc ? 1 : 0}" count = var.create_vpc ? 1 : 0
cidr_block = "${var.cidr}" cidr_block = var.cidr
instance_tenancy = "${var.instance_tenancy}" instance_tenancy = var.instance_tenancy
enable_dns_hostnames = "${var.enable_dns_hostnames}" enable_dns_hostnames = var.enable_dns_hostnames
enable_dns_support = "${var.enable_dns_support}" enable_dns_support = var.enable_dns_support
assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.vpc_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.vpc_tags,
)
} }
resource "aws_vpc_ipv4_cidr_block_association" "this" { resource "aws_vpc_ipv4_cidr_block_association" "this" {
count = "${var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0}" count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0
vpc_id = "${aws_vpc.this.id}" vpc_id = aws_vpc.this[0].id
cidr_block = "${element(var.secondary_cidr_blocks, count.index)}" cidr_block = element(var.secondary_cidr_blocks, count.index)
} }
################### ###################
# DHCP Options Set # DHCP Options Set
################### ###################
resource "aws_vpc_dhcp_options" "this" { resource "aws_vpc_dhcp_options" "this" {
count = "${var.create_vpc && var.enable_dhcp_options ? 1 : 0}" count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
domain_name = "${var.dhcp_options_domain_name}" domain_name = var.dhcp_options_domain_name
domain_name_servers = ["${var.dhcp_options_domain_name_servers}"] domain_name_servers = var.dhcp_options_domain_name_servers
ntp_servers = ["${var.dhcp_options_ntp_servers}"] ntp_servers = var.dhcp_options_ntp_servers
netbios_name_servers = ["${var.dhcp_options_netbios_name_servers}"] netbios_name_servers = var.dhcp_options_netbios_name_servers
netbios_node_type = "${var.dhcp_options_netbios_node_type}" netbios_node_type = var.dhcp_options_netbios_node_type
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.dhcp_options_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.dhcp_options_tags,
)
} }
############################### ###############################
# DHCP Options Set Association # DHCP Options Set Association
############################### ###############################
resource "aws_vpc_dhcp_options_association" "this" { resource "aws_vpc_dhcp_options_association" "this" {
count = "${var.create_vpc && var.enable_dhcp_options ? 1 : 0}" count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
dhcp_options_id = "${aws_vpc_dhcp_options.this.id}" dhcp_options_id = aws_vpc_dhcp_options.this[0].id
} }
################### ###################
# Internet Gateway # Internet Gateway
################### ###################
resource "aws_internet_gateway" "this" { resource "aws_internet_gateway" "this" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.igw_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.igw_tags,
)
} }
################ ################
# Publiс routes # Publiс routes
################ ################
resource "aws_route_table" "public" { resource "aws_route_table" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}", var.name)), var.tags, var.public_route_table_tags)}" tags = merge(
{
"Name" = format("%s-${var.public_subnet_suffix}", var.name)
},
var.tags,
var.public_route_table_tags,
)
} }
resource "aws_route" "public_internet_gateway" { resource "aws_route" "public_internet_gateway" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
route_table_id = "${aws_route_table.public.id}" route_table_id = aws_route_table.public[0].id
destination_cidr_block = "0.0.0.0/0" destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.this.id}" gateway_id = aws_internet_gateway.this[0].id
timeouts { timeouts {
create = "5m" create = "5m"
...@@ -97,16 +129,26 @@ resource "aws_route" "public_internet_gateway" { ...@@ -97,16 +129,26 @@ resource "aws_route" "public_internet_gateway" {
# There are as many routing tables as the number of NAT gateways # There are as many routing tables as the number of NAT gateways
################# #################
resource "aws_route_table" "private" { resource "aws_route_table" "private" {
count = "${var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0}" count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(map("Name", (var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format("%s-${var.private_subnet_suffix}-%s", var.name, element(var.azs, count.index)))), var.tags, var.private_route_table_tags)}" tags = merge(
{
"Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format(
"%s-${var.private_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.private_route_table_tags,
)
lifecycle { lifecycle {
# When attaching VPN gateways it is common to define aws_vpn_gateway_route_propagation # When attaching VPN gateways it is common to define aws_vpn_gateway_route_propagation
# resources that manipulate the attributes of the routing table (typically for the private subnets) # resources that manipulate the attributes of the routing table (typically for the private subnets)
ignore_changes = ["propagating_vgws"] ignore_changes = [propagating_vgws]
} }
} }
...@@ -114,19 +156,25 @@ resource "aws_route_table" "private" { ...@@ -114,19 +156,25 @@ resource "aws_route_table" "private" {
# Database routes # Database routes
################# #################
resource "aws_route_table" "database" { resource "aws_route_table" "database" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}" tags = merge(
var.tags,
var.database_route_table_tags,
{
"Name" = "${var.name}-${var.database_subnet_suffix}"
},
)
} }
resource "aws_route" "database_internet_gateway" { resource "aws_route" "database_internet_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && ! var.create_database_nat_gateway_route ? 1 : 0}" count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && false == var.create_database_nat_gateway_route ? 1 : 0
route_table_id = "${aws_route_table.database.id}" route_table_id = aws_route_table.database[0].id
destination_cidr_block = "0.0.0.0/0" destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.this.id}" gateway_id = aws_internet_gateway.this[0].id
timeouts { timeouts {
create = "5m" create = "5m"
...@@ -134,10 +182,11 @@ resource "aws_route" "database_internet_gateway" { ...@@ -134,10 +182,11 @@ resource "aws_route" "database_internet_gateway" {
} }
resource "aws_route" "database_nat_gateway" { resource "aws_route" "database_nat_gateway" {
count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && ! var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0}" count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && false == var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0
route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
route_table_id = element(aws_route_table.private.*.id, count.index)
destination_cidr_block = "0.0.0.0/0" destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}" nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
timeouts { timeouts {
create = "5m" create = "5m"
...@@ -148,157 +197,279 @@ resource "aws_route" "database_nat_gateway" { ...@@ -148,157 +197,279 @@ resource "aws_route" "database_nat_gateway" {
# Redshift routes # Redshift routes
################# #################
resource "aws_route_table" "redshift" { resource "aws_route_table" "redshift" {
count = "${var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(var.tags, var.redshift_route_table_tags, map("Name", "${var.name}-${var.redshift_subnet_suffix}"))}" tags = merge(
var.tags,
var.redshift_route_table_tags,
{
"Name" = "${var.name}-${var.redshift_subnet_suffix}"
},
)
} }
################# #################
# Elasticache routes # Elasticache routes
################# #################
resource "aws_route_table" "elasticache" { resource "aws_route_table" "elasticache" {
count = "${var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(var.tags, var.elasticache_route_table_tags, map("Name", "${var.name}-${var.elasticache_subnet_suffix}"))}" tags = merge(
var.tags,
var.elasticache_route_table_tags,
{
"Name" = "${var.name}-${var.elasticache_subnet_suffix}"
},
)
} }
################# #################
# Intra routes # Intra routes
################# #################
resource "aws_route_table" "intra" { resource "aws_route_table" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0}" count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
tags = "${merge(map("Name", "${var.name}-${var.intra_subnet_suffix}"), var.tags, var.intra_route_table_tags)}" tags = merge(
{
"Name" = "${var.name}-${var.intra_subnet_suffix}"
},
var.tags,
var.intra_route_table_tags,
)
} }
################ ################
# Public subnet # Public subnet
################ ################
resource "aws_subnet" "public" { resource "aws_subnet" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 && (! var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0}" count = var.create_vpc && length(var.public_subnets) > 0 && false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs) ? length(var.public_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${element(concat(var.public_subnets, list("")), count.index)}" cidr_block = element(concat(var.public_subnets, [""]), count.index)
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
map_public_ip_on_launch = "${var.map_public_ip_on_launch}" map_public_ip_on_launch = var.map_public_ip_on_launch
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.public_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.public_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.public_subnet_tags,
)
} }
################# #################
# Private subnet # Private subnet
################# #################
resource "aws_subnet" "private" { resource "aws_subnet" "private" {
count = "${var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0}" count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${var.private_subnets[count.index]}" cidr_block = var.private_subnets[count.index]
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.private_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.private_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.private_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.private_subnet_tags,
)
} }
################## ##################
# Database subnet # Database subnet
################## ##################
resource "aws_subnet" "database" { resource "aws_subnet" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}" count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${var.database_subnets[count.index]}" cidr_block = var.database_subnets[count.index]
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.database_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.database_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.database_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.database_subnet_tags,
)
} }
resource "aws_db_subnet_group" "database" { resource "aws_db_subnet_group" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0}" count = var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0
name = "${lower(var.name)}" name = lower(var.name)
description = "Database subnet group for ${var.name}" description = "Database subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.database.*.id}"] subnet_ids = aws_subnet.database.*.id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.database_subnet_group_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.database_subnet_group_tags,
)
} }
################## ##################
# Redshift subnet # Redshift subnet
################## ##################
resource "aws_subnet" "redshift" { resource "aws_subnet" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0}" count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${var.redshift_subnets[count.index]}" cidr_block = var.redshift_subnets[count.index]
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.redshift_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.redshift_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.redshift_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.redshift_subnet_tags,
)
} }
resource "aws_redshift_subnet_group" "redshift" { resource "aws_redshift_subnet_group" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0}" count = var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0
name = "${lower(var.name)}" name = lower(var.name)
description = "Redshift subnet group for ${var.name}" description = "Redshift subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.redshift.*.id}"] subnet_ids = aws_subnet.redshift.*.id
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.redshift_subnet_group_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.redshift_subnet_group_tags,
)
} }
##################### #####################
# ElastiCache subnet # ElastiCache subnet
##################### #####################
resource "aws_subnet" "elasticache" { resource "aws_subnet" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}" count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${var.elasticache_subnets[count.index]}" cidr_block = var.elasticache_subnets[count.index]
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.elasticache_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.elasticache_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.elasticache_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.elasticache_subnet_tags,
)
} }
resource "aws_elasticache_subnet_group" "elasticache" { resource "aws_elasticache_subnet_group" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0}" count = var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0
name = "${var.name}" name = var.name
description = "ElastiCache subnet group for ${var.name}" description = "ElastiCache subnet group for ${var.name}"
subnet_ids = ["${aws_subnet.elasticache.*.id}"] subnet_ids = aws_subnet.elasticache.*.id
} }
##################################################### #####################################################
# intra subnets - private subnet without NAT gateway # intra subnets - private subnet without NAT gateway
##################################################### #####################################################
resource "aws_subnet" "intra" { resource "aws_subnet" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0}" count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
cidr_block = "${var.intra_subnets[count.index]}" cidr_block = var.intra_subnets[count.index]
availability_zone = "${element(var.azs, count.index)}" availability_zone = element(var.azs, count.index)
tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}" tags = merge(
{
"Name" = format(
"%s-${var.intra_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.intra_subnet_tags,
)
} }
####################### #######################
# Default Network ACLs # Default Network ACLs
####################### #######################
resource "aws_default_network_acl" "this" { resource "aws_default_network_acl" "this" {
count = "${var.create_vpc && var.manage_default_network_acl ? 1 : 0}" count = var.create_vpc && var.manage_default_network_acl ? 1 : 0
default_network_acl_id = "${element(concat(aws_vpc.this.*.default_network_acl_id, list("")), 0)}" default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0)
ingress = "${var.default_network_acl_ingress}" dynamic "ingress" {
egress = "${var.default_network_acl_egress}" for_each = var.default_network_acl_ingress
content {
action = ingress.value.action
cidr_block = lookup(ingress.value, "cidr_block", null)
from_port = ingress.value.from_port
icmp_code = lookup(ingress.value, "icmp_code", null)
icmp_type = lookup(ingress.value, "icmp_type", null)
ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null)
protocol = ingress.value.protocol
rule_no = ingress.value.rule_no
to_port = ingress.value.to_port
}
}
dynamic "egress" {
for_each = var.default_network_acl_egress
content {
action = egress.value.action
cidr_block = lookup(egress.value, "cidr_block", null)
from_port = egress.value.from_port
icmp_code = lookup(egress.value, "icmp_code", null)
icmp_type = lookup(egress.value, "icmp_type", null)
ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null)
protocol = egress.value.protocol
rule_no = egress.value.rule_no
to_port = egress.value.to_port
}
}
tags = "${merge(map("Name", format("%s", var.default_network_acl_name)), var.tags, var.default_network_acl_tags)}" tags = merge(
{
"Name" = format("%s", var.default_network_acl_name)
},
var.tags,
var.default_network_acl_tags,
)
lifecycle { lifecycle {
ignore_changes = ["subnet_ids"] ignore_changes = [subnet_ids]
} }
} }
...@@ -306,240 +477,276 @@ resource "aws_default_network_acl" "this" { ...@@ -306,240 +477,276 @@ resource "aws_default_network_acl" "this" {
# Public Network ACLs # Public Network ACLs
######################## ########################
resource "aws_network_acl" "public" { resource "aws_network_acl" "public" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.public.*.id}"] subnet_ids = aws_subnet.public.*.id
tags = "${merge(map("Name", format("%s-${var.public_subnet_suffix}", var.name)), var.tags, var.public_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.public_subnet_suffix}", var.name)
},
var.tags,
var.public_acl_tags,
)
} }
resource "aws_network_acl_rule" "public_inbound" { resource "aws_network_acl_rule" "public_inbound" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0}" count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.public.id}" network_acl_id = aws_network_acl.public[0].id
egress = false egress = false
rule_number = "${lookup(var.public_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.public_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.public_inbound_acl_rules[count.index], "from_port")}" from_port = var.public_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.public_inbound_acl_rules[count.index], "to_port")}" to_port = var.public_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.public_inbound_acl_rules[count.index], "protocol")}" protocol = var.public_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.public_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.public_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "public_outbound" { resource "aws_network_acl_rule" "public_outbound" {
count = "${var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0}" count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.public.id}" network_acl_id = aws_network_acl.public[0].id
egress = true egress = true
rule_number = "${lookup(var.public_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.public_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.public_outbound_acl_rules[count.index], "from_port")}" from_port = var.public_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.public_outbound_acl_rules[count.index], "to_port")}" to_port = var.public_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.public_outbound_acl_rules[count.index], "protocol")}" protocol = var.public_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.public_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.public_outbound_acl_rules[count.index]["cidr_block"]
} }
####################### #######################
# Private Network ACLs # Private Network ACLs
####################### #######################
resource "aws_network_acl" "private" { resource "aws_network_acl" "private" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.private.*.id}"] subnet_ids = aws_subnet.private.*.id
tags = "${merge(map("Name", format("%s-${var.private_subnet_suffix}", var.name)), var.tags, var.private_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.private_subnet_suffix}", var.name)
},
var.tags,
var.private_acl_tags,
)
} }
resource "aws_network_acl_rule" "private_inbound" { resource "aws_network_acl_rule" "private_inbound" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0}" count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.private.id}" network_acl_id = aws_network_acl.private[0].id
egress = false egress = false
rule_number = "${lookup(var.private_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.private_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.private_inbound_acl_rules[count.index], "from_port")}" from_port = var.private_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.private_inbound_acl_rules[count.index], "to_port")}" to_port = var.private_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.private_inbound_acl_rules[count.index], "protocol")}" protocol = var.private_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.private_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.private_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "private_outbound" { resource "aws_network_acl_rule" "private_outbound" {
count = "${var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0}" count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.private.id}" network_acl_id = aws_network_acl.private[0].id
egress = true egress = true
rule_number = "${lookup(var.private_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.private_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.private_outbound_acl_rules[count.index], "from_port")}" from_port = var.private_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.private_outbound_acl_rules[count.index], "to_port")}" to_port = var.private_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.private_outbound_acl_rules[count.index], "protocol")}" protocol = var.private_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.private_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.private_outbound_acl_rules[count.index]["cidr_block"]
} }
######################## ########################
# Intra Network ACLs # Intra Network ACLs
######################## ########################
resource "aws_network_acl" "intra" { resource "aws_network_acl" "intra" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.intra.*.id}"] subnet_ids = aws_subnet.intra.*.id
tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}", var.name)), var.tags, var.intra_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.intra_subnet_suffix}", var.name)
},
var.tags,
var.intra_acl_tags,
)
} }
resource "aws_network_acl_rule" "intra_inbound" { resource "aws_network_acl_rule" "intra_inbound" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0}" count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.intra.id}" network_acl_id = aws_network_acl.intra[0].id
egress = false egress = false
rule_number = "${lookup(var.intra_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.intra_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.intra_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.intra_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.intra_inbound_acl_rules[count.index], "from_port")}" from_port = var.intra_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.intra_inbound_acl_rules[count.index], "to_port")}" to_port = var.intra_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.intra_inbound_acl_rules[count.index], "protocol")}" protocol = var.intra_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.intra_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.intra_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "intra_outbound" { resource "aws_network_acl_rule" "intra_outbound" {
count = "${var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0}" count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.intra.id}" network_acl_id = aws_network_acl.intra[0].id
egress = true egress = true
rule_number = "${lookup(var.intra_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.intra_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.intra_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.intra_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.intra_outbound_acl_rules[count.index], "from_port")}" from_port = var.intra_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.intra_outbound_acl_rules[count.index], "to_port")}" to_port = var.intra_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.intra_outbound_acl_rules[count.index], "protocol")}" protocol = var.intra_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.intra_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.intra_outbound_acl_rules[count.index]["cidr_block"]
} }
######################## ########################
# Database Network ACLs # Database Network ACLs
######################## ########################
resource "aws_network_acl" "database" { resource "aws_network_acl" "database" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.database.*.id}"] subnet_ids = aws_subnet.database.*.id
tags = "${merge(map("Name", format("%s-${var.database_subnet_suffix}", var.name)), var.tags, var.database_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.database_subnet_suffix}", var.name)
},
var.tags,
var.database_acl_tags,
)
} }
resource "aws_network_acl_rule" "database_inbound" { resource "aws_network_acl_rule" "database_inbound" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0}" count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.database.id}" network_acl_id = aws_network_acl.database[0].id
egress = false egress = false
rule_number = "${lookup(var.database_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.database_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.database_inbound_acl_rules[count.index], "from_port")}" from_port = var.database_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.database_inbound_acl_rules[count.index], "to_port")}" to_port = var.database_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.database_inbound_acl_rules[count.index], "protocol")}" protocol = var.database_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.database_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.database_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "database_outbound" { resource "aws_network_acl_rule" "database_outbound" {
count = "${var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0}" count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.database.id}" network_acl_id = aws_network_acl.database[0].id
egress = true egress = true
rule_number = "${lookup(var.database_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.database_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.database_outbound_acl_rules[count.index], "from_port")}" from_port = var.database_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.database_outbound_acl_rules[count.index], "to_port")}" to_port = var.database_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.database_outbound_acl_rules[count.index], "protocol")}" protocol = var.database_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.database_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.database_outbound_acl_rules[count.index]["cidr_block"]
} }
######################## ########################
# Redshift Network ACLs # Redshift Network ACLs
######################## ########################
resource "aws_network_acl" "redshift" { resource "aws_network_acl" "redshift" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.redshift.*.id}"] subnet_ids = aws_subnet.redshift.*.id
tags = "${merge(map("Name", format("%s-${var.redshift_subnet_suffix}", var.name)), var.tags, var.redshift_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.redshift_subnet_suffix}", var.name)
},
var.tags,
var.redshift_acl_tags,
)
} }
resource "aws_network_acl_rule" "redshift_inbound" { resource "aws_network_acl_rule" "redshift_inbound" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0}" count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.redshift.id}" network_acl_id = aws_network_acl.redshift[0].id
egress = false egress = false
rule_number = "${lookup(var.redshift_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.redshift_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.redshift_inbound_acl_rules[count.index], "from_port")}" from_port = var.redshift_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.redshift_inbound_acl_rules[count.index], "to_port")}" to_port = var.redshift_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.redshift_inbound_acl_rules[count.index], "protocol")}" protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.redshift_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "redshift_outbound" { resource "aws_network_acl_rule" "redshift_outbound" {
count = "${var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0}" count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.redshift.id}" network_acl_id = aws_network_acl.redshift[0].id
egress = true egress = true
rule_number = "${lookup(var.redshift_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.redshift_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.redshift_outbound_acl_rules[count.index], "from_port")}" from_port = var.redshift_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.redshift_outbound_acl_rules[count.index], "to_port")}" to_port = var.redshift_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.redshift_outbound_acl_rules[count.index], "protocol")}" protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.redshift_outbound_acl_rules[count.index]["cidr_block"]
} }
########################### ###########################
# Elasticache Network ACLs # Elasticache Network ACLs
########################### ###########################
resource "aws_network_acl" "elasticache" { resource "aws_network_acl" "elasticache" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0
vpc_id = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
subnet_ids = ["${aws_subnet.elasticache.*.id}"] subnet_ids = aws_subnet.elasticache.*.id
tags = "${merge(map("Name", format("%s-${var.elasticache_subnet_suffix}", var.name)), var.tags, var.elasticache_acl_tags)}" tags = merge(
{
"Name" = format("%s-${var.elasticache_subnet_suffix}", var.name)
},
var.tags,
var.elasticache_acl_tags,
)
} }
resource "aws_network_acl_rule" "elasticache_inbound" { resource "aws_network_acl_rule" "elasticache_inbound" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0}" count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.elasticache.id}" network_acl_id = aws_network_acl.elasticache[0].id
egress = false egress = false
rule_number = "${lookup(var.elasticache_inbound_acl_rules[count.index], "rule_number")}" rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.elasticache_inbound_acl_rules[count.index], "rule_action")}" rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.elasticache_inbound_acl_rules[count.index], "from_port")}" from_port = var.elasticache_inbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.elasticache_inbound_acl_rules[count.index], "to_port")}" to_port = var.elasticache_inbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.elasticache_inbound_acl_rules[count.index], "protocol")}" protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.elasticache_inbound_acl_rules[count.index]["cidr_block"]
} }
resource "aws_network_acl_rule" "elasticache_outbound" { resource "aws_network_acl_rule" "elasticache_outbound" {
count = "${var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0}" count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0
network_acl_id = "${aws_network_acl.elasticache.id}" network_acl_id = aws_network_acl.elasticache[0].id
egress = true egress = true
rule_number = "${lookup(var.elasticache_outbound_acl_rules[count.index], "rule_number")}" rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
rule_action = "${lookup(var.elasticache_outbound_acl_rules[count.index], "rule_action")}" rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
from_port = "${lookup(var.elasticache_outbound_acl_rules[count.index], "from_port")}" from_port = var.elasticache_outbound_acl_rules[count.index]["from_port"]
to_port = "${lookup(var.elasticache_outbound_acl_rules[count.index], "to_port")}" to_port = var.elasticache_outbound_acl_rules[count.index]["to_port"]
protocol = "${lookup(var.elasticache_outbound_acl_rules[count.index], "protocol")}" protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
cidr_block = "${lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block")}" cidr_block = var.elasticache_outbound_acl_rules[count.index]["cidr_block"]
} }
############## ##############
...@@ -554,34 +761,63 @@ resource "aws_network_acl_rule" "elasticache_outbound" { ...@@ -554,34 +761,63 @@ resource "aws_network_acl_rule" "elasticache_outbound" {
# #
# but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id. # but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id.
locals { locals {
nat_gateway_ips = "${split(",", (var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id)))}" nat_gateway_ips = split(
",",
var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id),
)
} }
resource "aws_eip" "nat" { resource "aws_eip" "nat" {
count = "${var.create_vpc && (var.enable_nat_gateway && ! var.reuse_nat_ips) ? local.nat_gateway_count : 0}" count = var.create_vpc && var.enable_nat_gateway && false == var.reuse_nat_ips ? local.nat_gateway_count : 0
vpc = true vpc = true
tags = "${merge(map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))), var.tags, var.nat_eip_tags)}" tags = merge(
{
"Name" = format(
"%s-%s",
var.name,
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
var.tags,
var.nat_eip_tags,
)
} }
resource "aws_nat_gateway" "this" { resource "aws_nat_gateway" "this" {
count = "${var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0}" count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
allocation_id = "${element(local.nat_gateway_ips, (var.single_nat_gateway ? 0 : count.index))}" allocation_id = element(
subnet_id = "${element(aws_subnet.public.*.id, (var.single_nat_gateway ? 0 : count.index))}" local.nat_gateway_ips,
var.single_nat_gateway ? 0 : count.index,
tags = "${merge(map("Name", format("%s-%s", var.name, element(var.azs, (var.single_nat_gateway ? 0 : count.index)))), var.tags, var.nat_gateway_tags)}" )
subnet_id = element(
depends_on = ["aws_internet_gateway.this"] aws_subnet.public.*.id,
var.single_nat_gateway ? 0 : count.index,
)
tags = merge(
{
"Name" = format(
"%s-%s",
var.name,
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
var.tags,
var.nat_gateway_tags,
)
depends_on = [aws_internet_gateway.this]
} }
resource "aws_route" "private_nat_gateway" { resource "aws_route" "private_nat_gateway" {
count = "${var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0}" count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" route_table_id = element(aws_route_table.private.*.id, count.index)
destination_cidr_block = "0.0.0.0/0" destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}" nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
timeouts { timeouts {
create = "5m" create = "5m"
...@@ -592,74 +828,95 @@ resource "aws_route" "private_nat_gateway" { ...@@ -592,74 +828,95 @@ resource "aws_route" "private_nat_gateway" {
# VPC Endpoint for S3 # VPC Endpoint for S3
###################### ######################
data "aws_vpc_endpoint_service" "s3" { data "aws_vpc_endpoint_service" "s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
service = "s3" service = "s3"
} }
resource "aws_vpc_endpoint" "s3" { resource "aws_vpc_endpoint" "s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_s3_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.s3.service_name}" service_name = data.aws_vpc_endpoint_service.s3[0].service_name
} }
resource "aws_vpc_endpoint_route_table_association" "private_s3" { resource "aws_vpc_endpoint_route_table_association" "private_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0}" count = var.create_vpc && var.enable_s3_endpoint ? local.nat_gateway_count : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}" vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" route_table_id = element(aws_route_table.private.*.id, count.index)
} }
resource "aws_vpc_endpoint_route_table_association" "intra_s3" { resource "aws_vpc_endpoint_route_table_association" "intra_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.enable_s3_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}" vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = "${element(aws_route_table.intra.*.id, 0)}" route_table_id = element(aws_route_table.intra.*.id, 0)
} }
resource "aws_vpc_endpoint_route_table_association" "public_s3" { resource "aws_vpc_endpoint_route_table_association" "public_s3" {
count = "${var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}" vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
route_table_id = "${aws_route_table.public.id}" route_table_id = aws_route_table.public[0].id
} }
############################ ############################
# VPC Endpoint for DynamoDB # VPC Endpoint for DynamoDB
############################ ############################
data "aws_vpc_endpoint_service" "dynamodb" { data "aws_vpc_endpoint_service" "dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
service = "dynamodb" service = "dynamodb"
} }
resource "aws_vpc_endpoint" "dynamodb" { resource "aws_vpc_endpoint" "dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_dynamodb_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}" service_name = data.aws_vpc_endpoint_service.dynamodb[0].service_name
} }
resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" { resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0}" count = var.create_vpc && var.enable_dynamodb_endpoint ? local.nat_gateway_count : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}" vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" route_table_id = element(aws_route_table.private.*.id, count.index)
} }
resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" { resource "aws_vpc_endpoint_route_table_association" "intra_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.intra_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}" vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = "${element(aws_route_table.intra.*.id, 0)}" route_table_id = element(aws_route_table.intra.*.id, 0)
} }
resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0}" count = var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0
vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}" vpc_endpoint_id = aws_vpc_endpoint.dynamodb[0].id
route_table_id = "${aws_route_table.public.id}" route_table_id = aws_route_table.public[0].id
}
#######################
# VPC Endpoint for SQS
#######################
data "aws_vpc_endpoint_service" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
service = "sqs"
}
resource "aws_vpc_endpoint" "sqs" {
count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.sqs[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.sqs_endpoint_security_group_ids
subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.sqs_endpoint_private_dns_enabled
} }
####################### #######################
...@@ -687,168 +944,233 @@ resource "aws_vpc_endpoint" "sqs" { ...@@ -687,168 +944,233 @@ resource "aws_vpc_endpoint" "sqs" {
# VPC Endpoint for SSM # VPC Endpoint for SSM
####################### #######################
data "aws_vpc_endpoint_service" "ssm" { data "aws_vpc_endpoint_service" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
service = "ssm" service = "ssm"
} }
resource "aws_vpc_endpoint" "ssm" { resource "aws_vpc_endpoint" "ssm" {
count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ssm_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ssm.service_name}" service_name = data.aws_vpc_endpoint_service.ssm[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ssm_endpoint_security_group_ids}"] security_group_ids = var.ssm_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" private_dns_enabled = var.ssm_endpoint_private_dns_enabled
} }
############################### ###############################
# VPC Endpoint for SSMMESSAGES # VPC Endpoint for SSMMESSAGES
############################### ###############################
data "aws_vpc_endpoint_service" "ssmmessages" { data "aws_vpc_endpoint_service" "ssmmessages" {
count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
service = "ssmmessages" service = "ssmmessages"
} }
resource "aws_vpc_endpoint" "ssmmessages" { resource "aws_vpc_endpoint" "ssmmessages" {
count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}" service_name = data.aws_vpc_endpoint_service.ssmmessages[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ssmmessages_endpoint_security_group_ids}"] security_group_ids = var.ssmmessages_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}" private_dns_enabled = var.ssmmessages_endpoint_private_dns_enabled
} }
####################### #######################
# VPC Endpoint for EC2 # VPC Endpoint for EC2
####################### #######################
data "aws_vpc_endpoint_service" "ec2" { data "aws_vpc_endpoint_service" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
service = "ec2" service = "ec2"
} }
resource "aws_vpc_endpoint" "ec2" { resource "aws_vpc_endpoint" "ec2" {
count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ec2_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ec2.service_name}" service_name = data.aws_vpc_endpoint_service.ec2[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ec2_endpoint_security_group_ids}"] security_group_ids = var.ec2_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" private_dns_enabled = var.ec2_endpoint_private_dns_enabled
} }
############################### ###############################
# VPC Endpoint for EC2MESSAGES # VPC Endpoint for EC2MESSAGES
############################### ###############################
data "aws_vpc_endpoint_service" "ec2messages" { data "aws_vpc_endpoint_service" "ec2messages" {
count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
service = "ec2messages" service = "ec2messages"
} }
resource "aws_vpc_endpoint" "ec2messages" { resource "aws_vpc_endpoint" "ec2messages" {
count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ec2messages.service_name}" service_name = data.aws_vpc_endpoint_service.ec2messages[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ec2messages_endpoint_security_group_ids}"] security_group_ids = var.ec2messages_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" private_dns_enabled = var.ec2messages_endpoint_private_dns_enabled
} }
########################### ###########################
# VPC Endpoint for ECR API # VPC Endpoint for ECR API
########################### ###########################
data "aws_vpc_endpoint_service" "ecr_api" { data "aws_vpc_endpoint_service" "ecr_api" {
count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
service = "ecr.api" service = "ecr.api"
} }
resource "aws_vpc_endpoint" "ecr_api" { resource "aws_vpc_endpoint" "ecr_api" {
count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" service_name = data.aws_vpc_endpoint_service.ecr_api[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] security_group_ids = var.ecr_api_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" private_dns_enabled = var.ecr_api_endpoint_private_dns_enabled
} }
########################### ###########################
# VPC Endpoint for ECR DKR # VPC Endpoint for ECR DKR
########################### ###########################
data "aws_vpc_endpoint_service" "ecr_dkr" { data "aws_vpc_endpoint_service" "ecr_dkr" {
count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
service = "ecr.dkr" service = "ecr.dkr"
} }
resource "aws_vpc_endpoint" "ecr_dkr" { resource "aws_vpc_endpoint" "ecr_dkr" {
count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" service_name = data.aws_vpc_endpoint_service.ecr_dkr[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] security_group_ids = var.ecr_dkr_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" private_dns_enabled = var.ecr_dkr_endpoint_private_dns_enabled
} }
####################### #######################
# VPC Endpoint for API Gateway # VPC Endpoint for API Gateway
####################### #######################
data "aws_vpc_endpoint_service" "apigw" { data "aws_vpc_endpoint_service" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
service = "execute-api" service = "execute-api"
} }
resource "aws_vpc_endpoint" "apigw" { resource "aws_vpc_endpoint" "apigw" {
count = "${var.create_vpc && var.enable_apigw_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_apigw_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.apigw.service_name}" service_name = data.aws_vpc_endpoint_service.apigw[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.apigw_endpoint_security_group_ids}"] security_group_ids = var.apigw_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}" private_dns_enabled = var.apigw_endpoint_private_dns_enabled
} }
####################### #######################
# VPC Endpoint for KMS # VPC Endpoint for KMS
####################### #######################
data "aws_vpc_endpoint_service" "kms" { data "aws_vpc_endpoint_service" "kms" {
count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
service = "kms" service = "kms"
} }
resource "aws_vpc_endpoint" "kms" { resource "aws_vpc_endpoint" "kms" {
count = "${var.create_vpc && var.enable_kms_endpoint ? 1 : 0}" count = var.create_vpc && var.enable_kms_endpoint ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
service_name = "${data.aws_vpc_endpoint_service.kms.service_name}" service_name = data.aws_vpc_endpoint_service.kms[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.kms_endpoint_security_group_ids
subnet_ids = coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.kms_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS
#######################
data "aws_vpc_endpoint_service" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
service = "ecs"
}
resource "aws_vpc_endpoint" "ecs" {
count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs[0].service_name
vpc_endpoint_type = "Interface" vpc_endpoint_type = "Interface"
security_group_ids = ["${var.kms_endpoint_security_group_ids}"] security_group_ids = var.ecs_endpoint_security_group_ids
subnet_ids = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"] subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}" private_dns_enabled = var.ecs_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS Agent
#######################
data "aws_vpc_endpoint_service" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
service = "ecs-agent"
}
resource "aws_vpc_endpoint" "ecs_agent" {
count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_agent[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_agent_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled
}
#######################
# VPC Endpoint for ECS Telemetry
#######################
data "aws_vpc_endpoint_service" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
service = "ecs-telemetry"
}
resource "aws_vpc_endpoint" "ecs_telemetry" {
count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0
vpc_id = local.vpc_id
service_name = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name
vpc_endpoint_type = "Interface"
security_group_ids = var.ecs_telemetry_endpoint_security_group_ids
subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)
private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled
} }
...@@ -921,96 +1243,139 @@ resource "aws_vpc_endpoint" "ecs_telemetry" { ...@@ -921,96 +1243,139 @@ resource "aws_vpc_endpoint" "ecs_telemetry" {
# Route table association # Route table association
########################## ##########################
resource "aws_route_table_association" "private" { resource "aws_route_table_association" "private" {
count = "${var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0}" count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
subnet_id = "${element(aws_subnet.private.*.id, count.index)}" subnet_id = element(aws_subnet.private.*.id, count.index)
route_table_id = "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}" route_table_id = element(
aws_route_table.private.*.id,
var.single_nat_gateway ? 0 : count.index,
)
} }
resource "aws_route_table_association" "database" { resource "aws_route_table_association" "database" {
count = "${var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0}" count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
subnet_id = "${element(aws_subnet.database.*.id, count.index)}" subnet_id = element(aws_subnet.database.*.id, count.index)
route_table_id = "${element(coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index))}" route_table_id = element(
coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id),
var.single_nat_gateway || var.create_database_subnet_route_table ? 0 : count.index,
)
} }
resource "aws_route_table_association" "redshift" { resource "aws_route_table_association" "redshift" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && ! var.enable_public_redshift ? length(var.redshift_subnets) : 0}" count = var.create_vpc && length(var.redshift_subnets) > 0 && false == var.enable_public_redshift ? length(var.redshift_subnets) : 0
subnet_id = "${element(aws_subnet.redshift.*.id, count.index)}" subnet_id = element(aws_subnet.redshift.*.id, count.index)
route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}" route_table_id = element(
coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id),
var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
)
} }
resource "aws_route_table_association" "redshift_public" { resource "aws_route_table_association" "redshift_public" {
count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0}" count = var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0
subnet_id = "${element(aws_subnet.redshift.*.id, count.index)}" subnet_id = element(aws_subnet.redshift.*.id, count.index)
route_table_id = "${element(coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id), (var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index))}" route_table_id = element(
coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id),
var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
)
} }
resource "aws_route_table_association" "elasticache" { resource "aws_route_table_association" "elasticache" {
count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0}" count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
subnet_id = "${element(aws_subnet.elasticache.*.id, count.index)}" subnet_id = element(aws_subnet.elasticache.*.id, count.index)
route_table_id = "${element(coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id), (var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index))}" route_table_id = element(
coalescelist(
aws_route_table.elasticache.*.id,
aws_route_table.private.*.id,
),
var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index,
)
} }
resource "aws_route_table_association" "intra" { resource "aws_route_table_association" "intra" {
count = "${var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0}" count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
subnet_id = "${element(aws_subnet.intra.*.id, count.index)}" subnet_id = element(aws_subnet.intra.*.id, count.index)
route_table_id = "${element(aws_route_table.intra.*.id, 0)}" route_table_id = element(aws_route_table.intra.*.id, 0)
} }
resource "aws_route_table_association" "public" { resource "aws_route_table_association" "public" {
count = "${var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0}" count = var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0
subnet_id = "${element(aws_subnet.public.*.id, count.index)}" subnet_id = element(aws_subnet.public.*.id, count.index)
route_table_id = "${aws_route_table.public.id}" route_table_id = aws_route_table.public[0].id
} }
############## ##############
# VPN Gateway # VPN Gateway
############## ##############
resource "aws_vpn_gateway" "this" { resource "aws_vpn_gateway" "this" {
count = "${var.create_vpc && var.enable_vpn_gateway ? 1 : 0}" count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
amazon_side_asn = "${var.amazon_side_asn}" amazon_side_asn = var.amazon_side_asn
tags = "${merge(map("Name", format("%s", var.name)), var.tags, var.vpn_gateway_tags)}" tags = merge(
{
"Name" = format("%s", var.name)
},
var.tags,
var.vpn_gateway_tags,
)
} }
resource "aws_vpn_gateway_attachment" "this" { resource "aws_vpn_gateway_attachment" "this" {
count = "${var.vpn_gateway_id != "" ? 1 : 0}" count = var.vpn_gateway_id != "" ? 1 : 0
vpc_id = "${local.vpc_id}" vpc_id = local.vpc_id
vpn_gateway_id = "${var.vpn_gateway_id}" vpn_gateway_id = var.vpn_gateway_id
} }
resource "aws_vpn_gateway_route_propagation" "public" { resource "aws_vpn_gateway_route_propagation" "public" {
count = "${var.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0}" count = var.create_vpc && var.propagate_public_route_tables_vgw && var.enable_vpn_gateway || var.vpn_gateway_id != "" ? 1 : 0
route_table_id = "${element(aws_route_table.public.*.id, count.index)}" route_table_id = element(aws_route_table.public.*.id, count.index)
vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}" vpn_gateway_id = element(
concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
),
count.index,
)
} }
resource "aws_vpn_gateway_route_propagation" "private" { resource "aws_vpn_gateway_route_propagation" "private" {
count = "${var.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.private_subnets) : 0}" count = var.create_vpc && var.propagate_private_route_tables_vgw && var.enable_vpn_gateway || var.vpn_gateway_id != "" ? length(var.private_subnets) : 0
route_table_id = "${element(aws_route_table.private.*.id, count.index)}" route_table_id = element(aws_route_table.private.*.id, count.index)
vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}" vpn_gateway_id = element(
concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
),
count.index,
)
} }
########### ###########
# Defaults # Defaults
########### ###########
resource "aws_default_vpc" "this" { resource "aws_default_vpc" "this" {
count = "${var.manage_default_vpc ? 1 : 0}" count = var.manage_default_vpc ? 1 : 0
enable_dns_support = "${var.default_vpc_enable_dns_support}" enable_dns_support = var.default_vpc_enable_dns_support
enable_dns_hostnames = "${var.default_vpc_enable_dns_hostnames}" enable_dns_hostnames = var.default_vpc_enable_dns_hostnames
enable_classiclink = "${var.default_vpc_enable_classiclink}" enable_classiclink = var.default_vpc_enable_classiclink
tags = "${merge(map("Name", format("%s", var.default_vpc_name)), var.tags, var.default_vpc_tags)}" tags = merge(
{
"Name" = format("%s", var.default_vpc_name)
},
var.tags,
var.default_vpc_tags,
)
} }
outputs.tf
View file @ 4ae98060
output "vpc_id" { output "vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${element(concat(aws_vpc.this.*.id, list("")), 0)}" value = concat(aws_vpc.this.*.id, [""])[0]
} }
output "vpc_arn" { output "vpc_arn" {
description = "The ARN of the VPC" description = "The ARN of the VPC"
value = "${element(concat(aws_vpc.this.*.arn, list("")), 0)}" value = concat(aws_vpc.this.*.arn, [""])[0]
} }
output "vpc_cidr_block" { output "vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = "${element(concat(aws_vpc.this.*.cidr_block, list("")), 0)}" value = concat(aws_vpc.this.*.cidr_block, [""])[0]
} }
output "default_security_group_id" { output "default_security_group_id" {
description = "The ID of the security group created by default on VPC creation" description = "The ID of the security group created by default on VPC creation"
value = "${element(concat(aws_vpc.this.*.default_security_group_id, list("")), 0)}" value = concat(aws_vpc.this.*.default_security_group_id, [""])[0]
} }
output "default_network_acl_id" { output "default_network_acl_id" {
description = "The ID of the default network ACL" description = "The ID of the default network ACL"
value = "${element(concat(aws_vpc.this.*.default_network_acl_id, list("")), 0)}" value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0]
} }
output "default_route_table_id" { output "default_route_table_id" {
description = "The ID of the default route table" description = "The ID of the default route table"
value = "${element(concat(aws_vpc.this.*.default_route_table_id, list("")), 0)}" value = concat(aws_vpc.this.*.default_route_table_id, [""])[0]
} }
output "vpc_instance_tenancy" { output "vpc_instance_tenancy" {
description = "Tenancy of instances spin up within VPC" description = "Tenancy of instances spin up within VPC"
value = "${element(concat(aws_vpc.this.*.instance_tenancy, list("")), 0)}" value = concat(aws_vpc.this.*.instance_tenancy, [""])[0]
} }
output "vpc_enable_dns_support" { output "vpc_enable_dns_support" {
description = "Whether or not the VPC has DNS support" description = "Whether or not the VPC has DNS support"
value = "${element(concat(aws_vpc.this.*.enable_dns_support, list("")), 0)}" value = concat(aws_vpc.this.*.enable_dns_support, [""])[0]
} }
output "vpc_enable_dns_hostnames" { output "vpc_enable_dns_hostnames" {
description = "Whether or not the VPC has DNS hostname support" description = "Whether or not the VPC has DNS hostname support"
value = "${element(concat(aws_vpc.this.*.enable_dns_hostnames, list("")), 0)}" value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0]
} }
//output "vpc_enable_classiclink" { //output "vpc_enable_classiclink" {
...@@ -50,7 +50,7 @@ output "vpc_enable_dns_hostnames" { ...@@ -50,7 +50,7 @@ output "vpc_enable_dns_hostnames" {
output "vpc_main_route_table_id" { output "vpc_main_route_table_id" {
description = "The ID of the main route table associated with this VPC" description = "The ID of the main route table associated with this VPC"
value = "${element(concat(aws_vpc.this.*.main_route_table_id, list("")), 0)}" value = concat(aws_vpc.this.*.main_route_table_id, [""])[0]
} }
//output "vpc_ipv6_association_id" { //output "vpc_ipv6_association_id" {
...@@ -65,212 +65,216 @@ output "vpc_main_route_table_id" { ...@@ -65,212 +65,216 @@ output "vpc_main_route_table_id" {
output "vpc_secondary_cidr_blocks" { output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC" description = "List of secondary CIDR blocks of the VPC"
value = ["${aws_vpc_ipv4_cidr_block_association.this.*.cidr_block}"] value = aws_vpc_ipv4_cidr_block_association.this.*.cidr_block
} }
output "private_subnets" { output "private_subnets" {
description = "List of IDs of private subnets" description = "List of IDs of private subnets"
value = ["${aws_subnet.private.*.id}"] value = aws_subnet.private.*.id
} }
output "private_subnet_arns" { output "private_subnet_arns" {
description = "List of ARNs of private subnets" description = "List of ARNs of private subnets"
value = ["${aws_subnet.private.*.arn}"] value = aws_subnet.private.*.arn
} }
output "private_subnets_cidr_blocks" { output "private_subnets_cidr_blocks" {
description = "List of cidr_blocks of private subnets" description = "List of cidr_blocks of private subnets"
value = ["${aws_subnet.private.*.cidr_block}"] value = aws_subnet.private.*.cidr_block
} }
output "public_subnets" { output "public_subnets" {
description = "List of IDs of public subnets" description = "List of IDs of public subnets"
value = ["${aws_subnet.public.*.id}"] value = aws_subnet.public.*.id
} }
output "public_subnet_arns" { output "public_subnet_arns" {
description = "List of ARNs of public subnets" description = "List of ARNs of public subnets"
value = ["${aws_subnet.public.*.arn}"] value = aws_subnet.public.*.arn
} }
output "public_subnets_cidr_blocks" { output "public_subnets_cidr_blocks" {
description = "List of cidr_blocks of public subnets" description = "List of cidr_blocks of public subnets"
value = ["${aws_subnet.public.*.cidr_block}"] value = aws_subnet.public.*.cidr_block
} }
output "database_subnets" { output "database_subnets" {
description = "List of IDs of database subnets" description = "List of IDs of database subnets"
value = ["${aws_subnet.database.*.id}"] value = aws_subnet.database.*.id
} }
output "database_subnet_arns" { output "database_subnet_arns" {
description = "List of ARNs of database subnets" description = "List of ARNs of database subnets"
value = ["${aws_subnet.database.*.arn}"] value = aws_subnet.database.*.arn
} }
output "database_subnets_cidr_blocks" { output "database_subnets_cidr_blocks" {
description = "List of cidr_blocks of database subnets" description = "List of cidr_blocks of database subnets"
value = ["${aws_subnet.database.*.cidr_block}"] value = aws_subnet.database.*.cidr_block
} }
output "database_subnet_group" { output "database_subnet_group" {
description = "ID of database subnet group" description = "ID of database subnet group"
value = "${element(concat(aws_db_subnet_group.database.*.id, list("")), 0)}" value = concat(aws_db_subnet_group.database.*.id, [""])[0]
} }
output "redshift_subnets" { output "redshift_subnets" {
description = "List of IDs of redshift subnets" description = "List of IDs of redshift subnets"
value = ["${aws_subnet.redshift.*.id}"] value = aws_subnet.redshift.*.id
} }
output "redshift_subnet_arns" { output "redshift_subnet_arns" {
description = "List of ARNs of redshift subnets" description = "List of ARNs of redshift subnets"
value = ["${aws_subnet.redshift.*.arn}"] value = aws_subnet.redshift.*.arn
} }
output "redshift_subnets_cidr_blocks" { output "redshift_subnets_cidr_blocks" {
description = "List of cidr_blocks of redshift subnets" description = "List of cidr_blocks of redshift subnets"
value = ["${aws_subnet.redshift.*.cidr_block}"] value = aws_subnet.redshift.*.cidr_block
} }
output "redshift_subnet_group" { output "redshift_subnet_group" {
description = "ID of redshift subnet group" description = "ID of redshift subnet group"
value = "${element(concat(aws_redshift_subnet_group.redshift.*.id, list("")), 0)}" value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0]
} }
output "elasticache_subnets" { output "elasticache_subnets" {
description = "List of IDs of elasticache subnets" description = "List of IDs of elasticache subnets"
value = ["${aws_subnet.elasticache.*.id}"] value = aws_subnet.elasticache.*.id
} }
output "elasticache_subnet_arns" { output "elasticache_subnet_arns" {
description = "List of ARNs of elasticache subnets" description = "List of ARNs of elasticache subnets"
value = ["${aws_subnet.elasticache.*.arn}"] value = aws_subnet.elasticache.*.arn
} }
output "elasticache_subnets_cidr_blocks" { output "elasticache_subnets_cidr_blocks" {
description = "List of cidr_blocks of elasticache subnets" description = "List of cidr_blocks of elasticache subnets"
value = ["${aws_subnet.elasticache.*.cidr_block}"] value = aws_subnet.elasticache.*.cidr_block
} }
output "intra_subnets" { output "intra_subnets" {
description = "List of IDs of intra subnets" description = "List of IDs of intra subnets"
value = ["${aws_subnet.intra.*.id}"] value = aws_subnet.intra.*.id
} }
output "intra_subnet_arns" { output "intra_subnet_arns" {
description = "List of ARNs of intra subnets" description = "List of ARNs of intra subnets"
value = ["${aws_subnet.intra.*.arn}"] value = aws_subnet.intra.*.arn
} }
output "intra_subnets_cidr_blocks" { output "intra_subnets_cidr_blocks" {
description = "List of cidr_blocks of intra subnets" description = "List of cidr_blocks of intra subnets"
value = ["${aws_subnet.intra.*.cidr_block}"] value = aws_subnet.intra.*.cidr_block
} }
output "elasticache_subnet_group" { output "elasticache_subnet_group" {
description = "ID of elasticache subnet group" description = "ID of elasticache subnet group"
value = "${element(concat(aws_elasticache_subnet_group.elasticache.*.id, list("")), 0)}" value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0]
} }
output "elasticache_subnet_group_name" { output "elasticache_subnet_group_name" {
description = "Name of elasticache subnet group" description = "Name of elasticache subnet group"
value = "${element(concat(aws_elasticache_subnet_group.elasticache.*.name, list("")), 0)}" value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0]
} }
output "public_route_table_ids" { output "public_route_table_ids" {
description = "List of IDs of public route tables" description = "List of IDs of public route tables"
value = ["${aws_route_table.public.*.id}"] value = aws_route_table.public.*.id
} }
output "private_route_table_ids" { output "private_route_table_ids" {
description = "List of IDs of private route tables" description = "List of IDs of private route tables"
value = ["${aws_route_table.private.*.id}"] value = aws_route_table.private.*.id
} }
output "database_route_table_ids" { output "database_route_table_ids" {
description = "List of IDs of database route tables" description = "List of IDs of database route tables"
value = ["${coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id)}"] value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id
} }
output "redshift_route_table_ids" { output "redshift_route_table_ids" {
description = "List of IDs of redshift route tables" description = "List of IDs of redshift route tables"
value = ["${coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id)}"] value = length(aws_route_table.redshift.*.id) > 0 ? aws_route_table.redshift.*.id : aws_route_table.private.*.id
} }
output "elasticache_route_table_ids" { output "elasticache_route_table_ids" {
description = "List of IDs of elasticache route tables" description = "List of IDs of elasticache route tables"
value = ["${coalescelist(aws_route_table.elasticache.*.id, aws_route_table.private.*.id)}"] value = length(aws_route_table.elasticache.*.id) > 0 ? aws_route_table.elasticache.*.id : aws_route_table.private.*.id
} }
output "intra_route_table_ids" { output "intra_route_table_ids" {
description = "List of IDs of intra route tables" description = "List of IDs of intra route tables"
value = ["${aws_route_table.intra.*.id}"] value = aws_route_table.intra.*.id
} }
output "nat_ids" { output "nat_ids" {
description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
value = ["${aws_eip.nat.*.id}"] value = aws_eip.nat.*.id
} }
output "nat_public_ips" { output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway" description = "List of public Elastic IPs created for AWS NAT Gateway"
value = ["${aws_eip.nat.*.public_ip}"] value = aws_eip.nat.*.public_ip
} }
output "natgw_ids" { output "natgw_ids" {
description = "List of NAT Gateway IDs" description = "List of NAT Gateway IDs"
value = ["${aws_nat_gateway.this.*.id}"] value = aws_nat_gateway.this.*.id
} }
output "igw_id" { output "igw_id" {
description = "The ID of the Internet Gateway" description = "The ID of the Internet Gateway"
value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}" value = concat(aws_internet_gateway.this.*.id, [""])[0]
} }
output "vgw_id" { output "vgw_id" {
description = "The ID of the VPN Gateway" description = "The ID of the VPN Gateway"
value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}" value = concat(
aws_vpn_gateway.this.*.id,
aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
[""],
)[0]
} }
output "default_vpc_id" { output "default_vpc_id" {
description = "The ID of the VPC" description = "The ID of the VPC"
value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}" value = concat(aws_default_vpc.this.*.id, [""])[0]
} }
output "default_vpc_cidr_block" { output "default_vpc_cidr_block" {
description = "The CIDR block of the VPC" description = "The CIDR block of the VPC"
value = "${element(concat(aws_default_vpc.this.*.cidr_block, list("")), 0)}" value = concat(aws_default_vpc.this.*.cidr_block, [""])[0]
} }
output "default_vpc_default_security_group_id" { output "default_vpc_default_security_group_id" {
description = "The ID of the security group created by default on VPC creation" description = "The ID of the security group created by default on VPC creation"
value = "${element(concat(aws_default_vpc.this.*.default_security_group_id, list("")), 0)}" value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0]
} }
output "default_vpc_default_network_acl_id" { output "default_vpc_default_network_acl_id" {
description = "The ID of the default network ACL" description = "The ID of the default network ACL"
value = "${element(concat(aws_default_vpc.this.*.default_network_acl_id, list("")), 0)}" value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0]
} }
output "default_vpc_default_route_table_id" { output "default_vpc_default_route_table_id" {
description = "The ID of the default route table" description = "The ID of the default route table"
value = "${element(concat(aws_default_vpc.this.*.default_route_table_id, list("")), 0)}" value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0]
} }
output "default_vpc_instance_tenancy" { output "default_vpc_instance_tenancy" {
description = "Tenancy of instances spin up within VPC" description = "Tenancy of instances spin up within VPC"
value = "${element(concat(aws_default_vpc.this.*.instance_tenancy, list("")), 0)}" value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0]
} }
output "default_vpc_enable_dns_support" { output "default_vpc_enable_dns_support" {
description = "Whether or not the VPC has DNS support" description = "Whether or not the VPC has DNS support"
value = "${element(concat(aws_default_vpc.this.*.enable_dns_support, list("")), 0)}" value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0]
} }
output "default_vpc_enable_dns_hostnames" { output "default_vpc_enable_dns_hostnames" {
description = "Whether or not the VPC has DNS hostname support" description = "Whether or not the VPC has DNS hostname support"
value = "${element(concat(aws_default_vpc.this.*.enable_dns_hostnames, list("")), 0)}" value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0]
} }
//output "default_vpc_enable_classiclink" { //output "default_vpc_enable_classiclink" {
...@@ -280,7 +284,7 @@ output "default_vpc_enable_dns_hostnames" { ...@@ -280,7 +284,7 @@ output "default_vpc_enable_dns_hostnames" {
output "default_vpc_main_route_table_id" { output "default_vpc_main_route_table_id" {
description = "The ID of the main route table associated with this VPC" description = "The ID of the main route table associated with this VPC"
value = "${element(concat(aws_default_vpc.this.*.main_route_table_id, list("")), 0)}" value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0]
} }
//output "default_vpc_ipv6_association_id" { //output "default_vpc_ipv6_association_id" {
...@@ -295,53 +299,68 @@ output "default_vpc_main_route_table_id" { ...@@ -295,53 +299,68 @@ output "default_vpc_main_route_table_id" {
output "public_network_acl_id" { output "public_network_acl_id" {
description = "ID of the public network ACL" description = "ID of the public network ACL"
value = "${element(concat(aws_network_acl.public.*.id, list("")), 0)}" value = concat(aws_network_acl.public.*.id, [""])[0]
} }
output "private_network_acl_id" { output "private_network_acl_id" {
description = "ID of the private network ACL" description = "ID of the private network ACL"
value = "${element(concat(aws_network_acl.private.*.id, list("")), 0)}" value = concat(aws_network_acl.private.*.id, [""])[0]
} }
output "intra_network_acl_id" { output "intra_network_acl_id" {
description = "ID of the intra network ACL" description = "ID of the intra network ACL"
value = "${element(concat(aws_network_acl.intra.*.id, list("")), 0)}" value = concat(aws_network_acl.intra.*.id, [""])[0]
} }
output "database_network_acl_id" { output "database_network_acl_id" {
description = "ID of the database network ACL" description = "ID of the database network ACL"
value = "${element(concat(aws_network_acl.database.*.id, list("")), 0)}" value = concat(aws_network_acl.database.*.id, [""])[0]
} }
output "redshift_network_acl_id" { output "redshift_network_acl_id" {
description = "ID of the redshift network ACL" description = "ID of the redshift network ACL"
value = "${element(concat(aws_network_acl.redshift.*.id, list("")), 0)}" value = concat(aws_network_acl.redshift.*.id, [""])[0]
} }
output "elasticache_network_acl_id" { output "elasticache_network_acl_id" {
description = "ID of the elasticache network ACL" description = "ID of the elasticache network ACL"
value = "${element(concat(aws_network_acl.elasticache.*.id, list("")), 0)}" value = concat(aws_network_acl.elasticache.*.id, [""])[0]
} }
# VPC Endpoints # VPC Endpoints
output "vpc_endpoint_s3_id" { output "vpc_endpoint_s3_id" {
description = "The ID of VPC endpoint for S3" description = "The ID of VPC endpoint for S3"
value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.s3.*.id, [""])[0]
} }
output "vpc_endpoint_s3_pl_id" { output "vpc_endpoint_s3_pl_id" {
description = "The prefix list for the S3 VPC endpoint." description = "The prefix list for the S3 VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}" value = concat(aws_vpc_endpoint.s3.*.prefix_list_id, [""])[0]
} }
output "vpc_endpoint_dynamodb_id" { output "vpc_endpoint_dynamodb_id" {
description = "The ID of VPC endpoint for DynamoDB" description = "The ID of VPC endpoint for DynamoDB"
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.dynamodb.*.id, [""])[0]
} }
output "vpc_endpoint_dynamodb_pl_id" { output "vpc_endpoint_dynamodb_pl_id" {
description = "The prefix list for the DynamoDB VPC endpoint." description = "The prefix list for the DynamoDB VPC endpoint."
value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}" value = concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, [""])[0]
}
output "vpc_endpoint_sqs_id" {
description = "The ID of VPC endpoint for SQS"
value = concat(aws_vpc_endpoint.sqs.*.id, [""])[0]
}
output "vpc_endpoint_sqs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids)
}
output "vpc_endpoint_sqs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SQS."
value = flatten(aws_vpc_endpoint.sqs.*.dns_entry)
} }
output "vpc_endpoint_sqs_id" { output "vpc_endpoint_sqs_id" {
...@@ -361,122 +380,167 @@ output "vpc_endpoint_sqs_dns_entry" { ...@@ -361,122 +380,167 @@ output "vpc_endpoint_sqs_dns_entry" {
output "vpc_endpoint_ssm_id" { output "vpc_endpoint_ssm_id" {
description = "The ID of VPC endpoint for SSM" description = "The ID of VPC endpoint for SSM"
value = "${element(concat(aws_vpc_endpoint.ssm.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ssm.*.id, [""])[0]
} }
output "vpc_endpoint_ssm_network_interface_ids" { output "vpc_endpoint_ssm_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSM." description = "One or more network interfaces for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)
} }
output "vpc_endpoint_ssm_dns_entry" { output "vpc_endpoint_ssm_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSM." description = "The DNS entries for the VPC Endpoint for SSM."
value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ssm.*.dns_entry)
} }
output "vpc_endpoint_ssmmessages_id" { output "vpc_endpoint_ssmmessages_id" {
description = "The ID of VPC endpoint for SSMMESSAGES" description = "The ID of VPC endpoint for SSMMESSAGES"
value = "${element(concat(aws_vpc_endpoint.ssmmessages.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ssmmessages.*.id, [""])[0]
} }
output "vpc_endpoint_ssmmessages_network_interface_ids" { output "vpc_endpoint_ssmmessages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES." description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES."
value = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)
} }
output "vpc_endpoint_ssmmessages_dns_entry" { output "vpc_endpoint_ssmmessages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for SSMMESSAGES." description = "The DNS entries for the VPC Endpoint for SSMMESSAGES."
value = "${flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)
} }
output "vpc_endpoint_ec2_id" { output "vpc_endpoint_ec2_id" {
description = "The ID of VPC endpoint for EC2" description = "The ID of VPC endpoint for EC2"
value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ec2.*.id, [""])[0]
} }
output "vpc_endpoint_ec2_network_interface_ids" { output "vpc_endpoint_ec2_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2" description = "One or more network interfaces for the VPC Endpoint for EC2"
value = "${flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)
} }
output "vpc_endpoint_ec2_dns_entry" { output "vpc_endpoint_ec2_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2." description = "The DNS entries for the VPC Endpoint for EC2."
value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ec2.*.dns_entry)
} }
output "vpc_endpoint_ec2messages_id" { output "vpc_endpoint_ec2messages_id" {
description = "The ID of VPC endpoint for EC2MESSAGES" description = "The ID of VPC endpoint for EC2MESSAGES"
value = "${element(concat(aws_vpc_endpoint.ec2messages.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ec2messages.*.id, [""])[0]
} }
output "vpc_endpoint_ec2messages_network_interface_ids" { output "vpc_endpoint_ec2messages_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES" description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES"
value = "${flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)
} }
output "vpc_endpoint_ec2messages_dns_entry" { output "vpc_endpoint_ec2messages_dns_entry" {
description = "The DNS entries for the VPC Endpoint for EC2MESSAGES." description = "The DNS entries for the VPC Endpoint for EC2MESSAGES."
value = "${flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)
} }
output "vpc_endpoint_kms_id" { output "vpc_endpoint_kms_id" {
description = "The ID of VPC endpoint for KMS" description = "The ID of VPC endpoint for KMS"
value = "${element(concat(aws_vpc_endpoint.kms.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.kms.*.id, [""])[0]
} }
output "vpc_endpoint_kms_network_interface_ids" { output "vpc_endpoint_kms_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for KMS." description = "One or more network interfaces for the VPC Endpoint for KMS."
value = "${flatten(aws_vpc_endpoint.kms.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.kms.*.network_interface_ids)
} }
output "vpc_endpoint_kms_dns_entry" { output "vpc_endpoint_kms_dns_entry" {
description = "The DNS entries for the VPC Endpoint for KMS." description = "The DNS entries for the VPC Endpoint for KMS."
value = "${flatten(aws_vpc_endpoint.kms.*.dns_entry)}" value = flatten(aws_vpc_endpoint.kms.*.dns_entry)
} }
output "vpc_endpoint_ecr_api_id" { output "vpc_endpoint_ecr_api_id" {
description = "The ID of VPC endpoint for ECR API" description = "The ID of VPC endpoint for ECR API"
value = "${element(concat(aws_vpc_endpoint.ecr_api.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ecr_api.*.id, [""])[0]
} }
output "vpc_endpoint_ecr_api_network_interface_ids" { output "vpc_endpoint_ecr_api_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR API." description = "One or more network interfaces for the VPC Endpoint for ECR API."
value = "${flatten(aws_vpc_endpoint.ecr_api.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ecr_api.*.network_interface_ids)
} }
output "vpc_endpoint_ecr_api_dns_entry" { output "vpc_endpoint_ecr_api_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR API." description = "The DNS entries for the VPC Endpoint for ECR API."
value = "${flatten(aws_vpc_endpoint.ecr_api.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ecr_api.*.dns_entry)
} }
output "vpc_endpoint_ecr_dkr_id" { output "vpc_endpoint_ecr_dkr_id" {
description = "The ID of VPC endpoint for ECR DKR" description = "The ID of VPC endpoint for ECR DKR"
value = "${element(concat(aws_vpc_endpoint.ecr_dkr.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.ecr_dkr.*.id, [""])[0]
} }
output "vpc_endpoint_ecr_dkr_network_interface_ids" { output "vpc_endpoint_ecr_dkr_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECR DKR." description = "One or more network interfaces for the VPC Endpoint for ECR DKR."
value = "${flatten(aws_vpc_endpoint.ecr_dkr.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.ecr_dkr.*.network_interface_ids)
} }
output "vpc_endpoint_ecr_dkr_dns_entry" { output "vpc_endpoint_ecr_dkr_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECR DKR." description = "The DNS entries for the VPC Endpoint for ECR DKR."
value = "${flatten(aws_vpc_endpoint.ecr_dkr.*.dns_entry)}" value = flatten(aws_vpc_endpoint.ecr_dkr.*.dns_entry)
} }
output "vpc_endpoint_apigw_id" { output "vpc_endpoint_apigw_id" {
description = "The ID of VPC endpoint for APIGW" description = "The ID of VPC endpoint for APIGW"
value = "${element(concat(aws_vpc_endpoint.apigw.*.id, list("")), 0)}" value = concat(aws_vpc_endpoint.apigw.*.id, [""])[0]
} }
output "vpc_endpoint_apigw_network_interface_ids" { output "vpc_endpoint_apigw_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for APIGW." description = "One or more network interfaces for the VPC Endpoint for APIGW."
value = "${flatten(aws_vpc_endpoint.apigw.*.network_interface_ids)}" value = flatten(aws_vpc_endpoint.apigw.*.network_interface_ids)
} }
output "vpc_endpoint_apigw_dns_entry" { output "vpc_endpoint_apigw_dns_entry" {
description = "The DNS entries for the VPC Endpoint for APIGW." description = "The DNS entries for the VPC Endpoint for APIGW."
value = "${flatten(aws_vpc_endpoint.apigw.*.dns_entry)}" value = flatten(aws_vpc_endpoint.apigw.*.dns_entry)
}
output "vpc_endpoint_ecs_id" {
description = "The ID of VPC endpoint for ECS"
value = concat(aws_vpc_endpoint.ecs.*.id, [""])[0]
}
output "vpc_endpoint_ecs_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.network_interface_ids)
}
output "vpc_endpoint_ecs_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS."
value = flatten(aws_vpc_endpoint.ecs.*.dns_entry)
}
output "vpc_endpoint_ecs_agent_id" {
description = "The ID of VPC endpoint for ECS Agent"
value = concat(aws_vpc_endpoint.ecs_agent.*.id, [""])[0]
}
output "vpc_endpoint_ecs_agent_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids)
}
output "vpc_endpoint_ecs_agent_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Agent."
value = flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry)
}
output "vpc_endpoint_ecs_telemetry_id" {
description = "The ID of VPC endpoint for ECS Telemetry"
value = concat(aws_vpc_endpoint.ecs_telemetry.*.id, [""])[0]
}
output "vpc_endpoint_ecs_telemetry_network_interface_ids" {
description = "One or more network interfaces for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids)
}
output "vpc_endpoint_ecs_telemetry_dns_entry" {
description = "The DNS entries for the VPC Endpoint for ECS Telemetry."
value = flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry)
} }
output "vpc_endpoint_ecs_id" { output "vpc_endpoint_ecs_id" {
...@@ -527,5 +591,6 @@ output "vpc_endpoint_ecs_telemetry_dns_entry" { ...@@ -527,5 +591,6 @@ output "vpc_endpoint_ecs_telemetry_dns_entry" {
# Static values (arguments) # Static values (arguments)
output "azs" { output "azs" {
description = "A list of availability zones specified as argument to this module" description = "A list of availability zones specified as argument to this module"
value = "${var.azs}" value = var.azs
} }
variables.tf
View file @ 4ae98060
variable "create_vpc" { variable "create_vpc" {
description = "Controls if VPC should be created (it affects almost all resources)" description = "Controls if VPC should be created (it affects almost all resources)"
type = bool
default = true default = true
} }
...@@ -15,172 +16,225 @@ variable "cidr" { ...@@ -15,172 +16,225 @@ variable "cidr" {
variable "assign_generated_ipv6_cidr_block" { variable "assign_generated_ipv6_cidr_block" {
description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block" description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block"
type = bool
default = false default = false
} }
variable "secondary_cidr_blocks" { variable "secondary_cidr_blocks" {
description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool" description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
type = list(string)
default = [] default = []
} }
variable "instance_tenancy" { variable "instance_tenancy" {
description = "A tenancy option for instances launched into the VPC" description = "A tenancy option for instances launched into the VPC"
type = string
default = "default" default = "default"
} }
variable "public_subnet_suffix" { variable "public_subnet_suffix" {
description = "Suffix to append to public subnets name" description = "Suffix to append to public subnets name"
type = string
default = "public" default = "public"
} }
variable "private_subnet_suffix" { variable "private_subnet_suffix" {
description = "Suffix to append to private subnets name" description = "Suffix to append to private subnets name"
type = string
default = "private" default = "private"
} }
variable "intra_subnet_suffix" { variable "intra_subnet_suffix" {
description = "Suffix to append to intra subnets name" description = "Suffix to append to intra subnets name"
type = string
default = "intra" default = "intra"
} }
variable "database_subnet_suffix" { variable "database_subnet_suffix" {
description = "Suffix to append to database subnets name" description = "Suffix to append to database subnets name"
type = string
default = "db" default = "db"
} }
variable "redshift_subnet_suffix" { variable "redshift_subnet_suffix" {
description = "Suffix to append to redshift subnets name" description = "Suffix to append to redshift subnets name"
type = string
default = "redshift" default = "redshift"
} }
variable "elasticache_subnet_suffix" { variable "elasticache_subnet_suffix" {
description = "Suffix to append to elasticache subnets name" description = "Suffix to append to elasticache subnets name"
type = string
default = "elasticache" default = "elasticache"
} }
variable "public_subnets" { variable "public_subnets" {
description = "A list of public subnets inside the VPC" description = "A list of public subnets inside the VPC"
type = list(string)
default = [] default = []
} }
variable "private_subnets" { variable "private_subnets" {
description = "A list of private subnets inside the VPC" description = "A list of private subnets inside the VPC"
type = list(string)
default = [] default = []
} }
variable "database_subnets" { variable "database_subnets" {
description = "A list of database subnets" description = "A list of database subnets"
type = list(string)
default = [] default = []
} }
variable "redshift_subnets" { variable "redshift_subnets" {
description = "A list of redshift subnets" description = "A list of redshift subnets"
type = list(string)
default = [] default = []
} }
variable "elasticache_subnets" { variable "elasticache_subnets" {
description = "A list of elasticache subnets" description = "A list of elasticache subnets"
type = list(string)
default = [] default = []
} }
variable "intra_subnets" { variable "intra_subnets" {
description = "A list of intra subnets" description = "A list of intra subnets"
type = list(string)
default = [] default = []
} }
variable "create_database_subnet_route_table" { variable "create_database_subnet_route_table" {
description = "Controls if separate route table for database should be created" description = "Controls if separate route table for database should be created"
type = bool
default = false default = false
} }
variable "create_redshift_subnet_route_table" { variable "create_redshift_subnet_route_table" {
description = "Controls if separate route table for redshift should be created" description = "Controls if separate route table for redshift should be created"
type = bool
default = false default = false
} }
variable "enable_public_redshift" { variable "enable_public_redshift" {
description = "Controls if redshift should have public routing table" description = "Controls if redshift should have public routing table"
type = bool
default = false default = false
} }
variable "create_elasticache_subnet_route_table" { variable "create_elasticache_subnet_route_table" {
description = "Controls if separate route table for elasticache should be created" description = "Controls if separate route table for elasticache should be created"
type = bool
default = false default = false
} }
variable "create_database_subnet_group" { variable "create_database_subnet_group" {
description = "Controls if database subnet group should be created" description = "Controls if database subnet group should be created"
type = bool
default = true default = true
} }
variable "create_elasticache_subnet_group" { variable "create_elasticache_subnet_group" {
description = "Controls if elasticache subnet group should be created" description = "Controls if elasticache subnet group should be created"
type = bool
default = true default = true
} }
variable "create_redshift_subnet_group" { variable "create_redshift_subnet_group" {
description = "Controls if redshift subnet group should be created" description = "Controls if redshift subnet group should be created"
type = bool
default = true default = true
} }
variable "create_database_internet_gateway_route" { variable "create_database_internet_gateway_route" {
description = "Controls if an internet gateway route for public database access should be created" description = "Controls if an internet gateway route for public database access should be created"
type = bool
default = false default = false
} }
variable "create_database_nat_gateway_route" { variable "create_database_nat_gateway_route" {
description = "Controls if a nat gateway route should be created to give internet access to the database subnets" description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
type = bool
default = false default = false
} }
variable "azs" { variable "azs" {
description = "A list of availability zones in the region" description = "A list of availability zones in the region"
type = list(string)
default = [] default = []
} }
variable "enable_dns_hostnames" { variable "enable_dns_hostnames" {
description = "Should be true to enable DNS hostnames in the VPC" description = "Should be true to enable DNS hostnames in the VPC"
type = bool
default = false default = false
} }
variable "enable_dns_support" { variable "enable_dns_support" {
description = "Should be true to enable DNS support in the VPC" description = "Should be true to enable DNS support in the VPC"
type = bool
default = true default = true
} }
variable "enable_nat_gateway" { variable "enable_nat_gateway" {
description = "Should be true if you want to provision NAT Gateways for each of your private networks" description = "Should be true if you want to provision NAT Gateways for each of your private networks"
type = bool
default = false default = false
} }
variable "single_nat_gateway" { variable "single_nat_gateway" {
description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks" description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
type = bool
default = false default = false
} }
variable "one_nat_gateway_per_az" { variable "one_nat_gateway_per_az" {
description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`." description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
type = bool
default = false default = false
} }
variable "reuse_nat_ips" { variable "reuse_nat_ips" {
description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable" description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
type = bool
default = false default = false
} }
variable "external_nat_ip_ids" { variable "external_nat_ip_ids" {
description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)" description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
type = list(string)
default = [] default = []
} }
variable "enable_dynamodb_endpoint" { variable "enable_dynamodb_endpoint" {
description = "Should be true if you want to provision a DynamoDB endpoint to the VPC" description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
type = bool
default = false default = false
} }
variable "enable_s3_endpoint" { variable "enable_s3_endpoint" {
description = "Should be true if you want to provision an S3 endpoint to the VPC" description = "Should be true if you want to provision an S3 endpoint to the VPC"
type = bool
default = false
}
variable "enable_sqs_endpoint" {
description = "Should be true if you want to provision an SQS endpoint to the VPC"
default = false
}
variable "sqs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
default = []
}
variable "sqs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
default = []
}
variable "sqs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
default = false default = false
} }
...@@ -206,161 +260,265 @@ variable "sqs_endpoint_private_dns_enabled" { ...@@ -206,161 +260,265 @@ variable "sqs_endpoint_private_dns_enabled" {
variable "enable_ssm_endpoint" { variable "enable_ssm_endpoint" {
description = "Should be true if you want to provision an SSM endpoint to the VPC" description = "Should be true if you want to provision an SSM endpoint to the VPC"
type = bool
default = false default = false
} }
variable "ssm_endpoint_security_group_ids" { variable "ssm_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSM endpoint" description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
type = list(string)
default = [] default = []
} }
variable "ssm_endpoint_subnet_ids" { variable "ssm_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "ssm_endpoint_private_dns_enabled" { variable "ssm_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
type = bool
default = false default = false
} }
variable "enable_ssmmessages_endpoint" { variable "enable_ssmmessages_endpoint" {
description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC" description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
type = bool
default = false default = false
} }
variable "enable_apigw_endpoint" { variable "enable_apigw_endpoint" {
description = "Should be true if you want to provision an api gateway endpoint to the VPC" description = "Should be true if you want to provision an api gateway endpoint to the VPC"
type = bool
default = false default = false
} }
variable "apigw_endpoint_security_group_ids" { variable "apigw_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for API GW endpoint" description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
type = list(string)
default = [] default = []
} }
variable "apigw_endpoint_private_dns_enabled" { variable "apigw_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
type = bool
default = false default = false
} }
variable "apigw_endpoint_subnet_ids" { variable "apigw_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "ssmmessages_endpoint_security_group_ids" { variable "ssmmessages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint" description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
type = list(string)
default = [] default = []
} }
variable "ssmmessages_endpoint_subnet_ids" { variable "ssmmessages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "ssmmessages_endpoint_private_dns_enabled" { variable "ssmmessages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
type = bool
default = false default = false
} }
variable "enable_ec2_endpoint" { variable "enable_ec2_endpoint" {
description = "Should be true if you want to provision an EC2 endpoint to the VPC" description = "Should be true if you want to provision an EC2 endpoint to the VPC"
type = bool
default = false default = false
} }
variable "ec2_endpoint_security_group_ids" { variable "ec2_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint" description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
type = list(string)
default = [] default = []
} }
variable "ec2_endpoint_private_dns_enabled" { variable "ec2_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
type = bool
default = false default = false
} }
variable "ec2_endpoint_subnet_ids" { variable "ec2_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "enable_ec2messages_endpoint" { variable "enable_ec2messages_endpoint" {
description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC" description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
type = bool
default = false default = false
} }
variable "ec2messages_endpoint_security_group_ids" { variable "ec2messages_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint" description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
type = list(string)
default = [] default = []
} }
variable "ec2messages_endpoint_private_dns_enabled" { variable "ec2messages_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
type = bool
default = false default = false
} }
variable "ec2messages_endpoint_subnet_ids" { variable "ec2messages_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "enable_ecr_api_endpoint" { variable "enable_ecr_api_endpoint" {
description = "Should be true if you want to provision an ecr api endpoint to the VPC" description = "Should be true if you want to provision an ecr api endpoint to the VPC"
type = bool
default = false default = false
} }
variable "ecr_api_endpoint_subnet_ids" { variable "ecr_api_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "ecr_api_endpoint_private_dns_enabled" { variable "ecr_api_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
type = bool
default = false default = false
} }
variable "ecr_api_endpoint_security_group_ids" { variable "ecr_api_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint" description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
type = list(string)
default = [] default = []
} }
variable "enable_ecr_dkr_endpoint" { variable "enable_ecr_dkr_endpoint" {
description = "Should be true if you want to provision an ecr dkr endpoint to the VPC" description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
type = bool
default = false default = false
} }
variable "ecr_dkr_endpoint_subnet_ids" { variable "ecr_dkr_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "ecr_dkr_endpoint_private_dns_enabled" { variable "ecr_dkr_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
type = bool
default = false default = false
} }
variable "ecr_dkr_endpoint_security_group_ids" { variable "ecr_dkr_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint" description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
type = list(string)
default = [] default = []
} }
variable "enable_kms_endpoint" { variable "enable_kms_endpoint" {
description = "Should be true if you want to provision a KMS endpoint to the VPC" description = "Should be true if you want to provision a KMS endpoint to the VPC"
type = bool
default = false default = false
} }
variable "kms_endpoint_security_group_ids" { variable "kms_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for KMS endpoint" description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
type = list(string)
default = [] default = []
} }
variable "kms_endpoint_subnet_ids" { variable "kms_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = [] default = []
} }
variable "kms_endpoint_private_dns_enabled" { variable "kms_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint" description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
type = bool
default = false
}
variable "enable_ecs_endpoint" {
description = "Should be true if you want to provision a ECS endpoint to the VPC"
type = bool
default = false
}
variable "ecs_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
type = list(string)
default = []
}
variable "ecs_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
type = bool
default = false
}
variable "enable_ecs_agent_endpoint" {
description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
type = bool
default = false
}
variable "ecs_agent_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
type = list(string)
default = []
}
variable "ecs_agent_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_agent_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
type = bool
default = false
}
variable "enable_ecs_telemetry_endpoint" {
description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
type = bool
default = false
}
variable "ecs_telemetry_endpoint_security_group_ids" {
description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_subnet_ids" {
description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
type = list(string)
default = []
}
variable "ecs_telemetry_endpoint_private_dns_enabled" {
description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
type = bool
default = false default = false
} }
...@@ -426,11 +584,13 @@ variable "ecs_telemetry_endpoint_private_dns_enabled" { ...@@ -426,11 +584,13 @@ variable "ecs_telemetry_endpoint_private_dns_enabled" {
variable "map_public_ip_on_launch" { variable "map_public_ip_on_launch" {
description = "Should be false if you do not want to auto-assign public IP on launch" description = "Should be false if you do not want to auto-assign public IP on launch"
type = bool
default = true default = true
} }
variable "enable_vpn_gateway" { variable "enable_vpn_gateway" {
description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC" description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
type = bool
default = false default = false
} }
...@@ -446,267 +606,316 @@ variable "amazon_side_asn" { ...@@ -446,267 +606,316 @@ variable "amazon_side_asn" {
variable "propagate_private_route_tables_vgw" { variable "propagate_private_route_tables_vgw" {
description = "Should be true if you want route table propagation" description = "Should be true if you want route table propagation"
type = bool
default = false default = false
} }
variable "propagate_public_route_tables_vgw" { variable "propagate_public_route_tables_vgw" {
description = "Should be true if you want route table propagation" description = "Should be true if you want route table propagation"
type = bool
default = false default = false
} }
variable "tags" { variable "tags" {
description = "A map of tags to add to all resources" description = "A map of tags to add to all resources"
type = map(string)
default = {} default = {}
} }
variable "vpc_tags" { variable "vpc_tags" {
description = "Additional tags for the VPC" description = "Additional tags for the VPC"
type = map(string)
default = {} default = {}
} }
variable "igw_tags" { variable "igw_tags" {
description = "Additional tags for the internet gateway" description = "Additional tags for the internet gateway"
type = map(string)
default = {} default = {}
} }
variable "public_subnet_tags" { variable "public_subnet_tags" {
description = "Additional tags for the public subnets" description = "Additional tags for the public subnets"
type = map(string)
default = {} default = {}
} }
variable "private_subnet_tags" { variable "private_subnet_tags" {
description = "Additional tags for the private subnets" description = "Additional tags for the private subnets"
type = map(string)
default = {} default = {}
} }
variable "public_route_table_tags" { variable "public_route_table_tags" {
description = "Additional tags for the public route tables" description = "Additional tags for the public route tables"
type = map(string)
default = {} default = {}
} }
variable "private_route_table_tags" { variable "private_route_table_tags" {
description = "Additional tags for the private route tables" description = "Additional tags for the private route tables"
type = map(string)
default = {} default = {}
} }
variable "database_route_table_tags" { variable "database_route_table_tags" {
description = "Additional tags for the database route tables" description = "Additional tags for the database route tables"
type = map(string)
default = {} default = {}
} }
variable "redshift_route_table_tags" { variable "redshift_route_table_tags" {
description = "Additional tags for the redshift route tables" description = "Additional tags for the redshift route tables"
type = map(string)
default = {} default = {}
} }
variable "elasticache_route_table_tags" { variable "elasticache_route_table_tags" {
description = "Additional tags for the elasticache route tables" description = "Additional tags for the elasticache route tables"
type = map(string)
default = {} default = {}
} }
variable "intra_route_table_tags" { variable "intra_route_table_tags" {
description = "Additional tags for the intra route tables" description = "Additional tags for the intra route tables"
type = map(string)
default = {} default = {}
} }
variable "database_subnet_tags" { variable "database_subnet_tags" {
description = "Additional tags for the database subnets" description = "Additional tags for the database subnets"
type = map(string)
default = {} default = {}
} }
variable "database_subnet_group_tags" { variable "database_subnet_group_tags" {
description = "Additional tags for the database subnet group" description = "Additional tags for the database subnet group"
type = map(string)
default = {} default = {}
} }
variable "redshift_subnet_tags" { variable "redshift_subnet_tags" {
description = "Additional tags for the redshift subnets" description = "Additional tags for the redshift subnets"
type = map(string)
default = {} default = {}
} }
variable "redshift_subnet_group_tags" { variable "redshift_subnet_group_tags" {
description = "Additional tags for the redshift subnet group" description = "Additional tags for the redshift subnet group"
type = map(string)
default = {} default = {}
} }
variable "elasticache_subnet_tags" { variable "elasticache_subnet_tags" {
description = "Additional tags for the elasticache subnets" description = "Additional tags for the elasticache subnets"
type = map(string)
default = {} default = {}
} }
variable "intra_subnet_tags" { variable "intra_subnet_tags" {
description = "Additional tags for the intra subnets" description = "Additional tags for the intra subnets"
type = map(string)
default = {} default = {}
} }
variable "public_acl_tags" { variable "public_acl_tags" {
description = "Additional tags for the public subnets network ACL" description = "Additional tags for the public subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "private_acl_tags" { variable "private_acl_tags" {
description = "Additional tags for the private subnets network ACL" description = "Additional tags for the private subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "intra_acl_tags" { variable "intra_acl_tags" {
description = "Additional tags for the intra subnets network ACL" description = "Additional tags for the intra subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "database_acl_tags" { variable "database_acl_tags" {
description = "Additional tags for the database subnets network ACL" description = "Additional tags for the database subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "redshift_acl_tags" { variable "redshift_acl_tags" {
description = "Additional tags for the redshift subnets network ACL" description = "Additional tags for the redshift subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "elasticache_acl_tags" { variable "elasticache_acl_tags" {
description = "Additional tags for the elasticache subnets network ACL" description = "Additional tags for the elasticache subnets network ACL"
type = map(string)
default = {} default = {}
} }
variable "dhcp_options_tags" { variable "dhcp_options_tags" {
description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)" description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
type = map(string)
default = {} default = {}
} }
variable "nat_gateway_tags" { variable "nat_gateway_tags" {
description = "Additional tags for the NAT gateways" description = "Additional tags for the NAT gateways"
type = map(string)
default = {} default = {}
} }
variable "nat_eip_tags" { variable "nat_eip_tags" {
description = "Additional tags for the NAT EIP" description = "Additional tags for the NAT EIP"
type = map(string)
default = {} default = {}
} }
variable "vpn_gateway_tags" { variable "vpn_gateway_tags" {
description = "Additional tags for the VPN gateway" description = "Additional tags for the VPN gateway"
type = map(string)
default = {} default = {}
} }
variable "enable_dhcp_options" { variable "enable_dhcp_options" {
description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type" description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
type = bool
default = false default = false
} }
variable "dhcp_options_domain_name" { variable "dhcp_options_domain_name" {
description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)" description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
type = string
default = "" default = ""
} }
variable "dhcp_options_domain_name_servers" { variable "dhcp_options_domain_name_servers" {
description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)" description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
type = list(string)
default = ["AmazonProvidedDNS"] default = ["AmazonProvidedDNS"]
} }
variable "dhcp_options_ntp_servers" { variable "dhcp_options_ntp_servers" {
description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)" description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = [] default = []
} }
variable "dhcp_options_netbios_name_servers" { variable "dhcp_options_netbios_name_servers" {
description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)" description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = [] default = []
} }
variable "dhcp_options_netbios_node_type" { variable "dhcp_options_netbios_node_type" {
description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)" description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
type = string
default = "" default = ""
} }
variable "manage_default_vpc" { variable "manage_default_vpc" {
description = "Should be true to adopt and manage Default VPC" description = "Should be true to adopt and manage Default VPC"
type = bool
default = false default = false
} }
variable "default_vpc_name" { variable "default_vpc_name" {
description = "Name to be used on the Default VPC" description = "Name to be used on the Default VPC"
type = string
default = "" default = ""
} }
variable "default_vpc_enable_dns_support" { variable "default_vpc_enable_dns_support" {
description = "Should be true to enable DNS support in the Default VPC" description = "Should be true to enable DNS support in the Default VPC"
type = bool
default = true default = true
} }
variable "default_vpc_enable_dns_hostnames" { variable "default_vpc_enable_dns_hostnames" {
description = "Should be true to enable DNS hostnames in the Default VPC" description = "Should be true to enable DNS hostnames in the Default VPC"
type = bool
default = false default = false
} }
variable "default_vpc_enable_classiclink" { variable "default_vpc_enable_classiclink" {
description = "Should be true to enable ClassicLink in the Default VPC" description = "Should be true to enable ClassicLink in the Default VPC"
type = bool
default = false default = false
} }
variable "default_vpc_tags" { variable "default_vpc_tags" {
description = "Additional tags for the Default VPC" description = "Additional tags for the Default VPC"
type = map(string)
default = {} default = {}
} }
variable "manage_default_network_acl" { variable "manage_default_network_acl" {
description = "Should be true to adopt and manage Default Network ACL" description = "Should be true to adopt and manage Default Network ACL"
type = bool
default = false default = false
} }
variable "default_network_acl_name" { variable "default_network_acl_name" {
description = "Name to be used on the Default Network ACL" description = "Name to be used on the Default Network ACL"
type = string
default = "" default = ""
} }
variable "default_network_acl_tags" { variable "default_network_acl_tags" {
description = "Additional tags for the Default Network ACL" description = "Additional tags for the Default Network ACL"
type = map(string)
default = {} default = {}
} }
variable "public_dedicated_network_acl" { variable "public_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
type = bool
default = false default = false
} }
variable "private_dedicated_network_acl" { variable "private_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
type = bool
default = false default = false
} }
variable "intra_dedicated_network_acl" { variable "intra_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
type = bool
default = false default = false
} }
variable "database_dedicated_network_acl" { variable "database_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
type = bool
default = false default = false
} }
variable "redshift_dedicated_network_acl" { variable "redshift_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
type = bool
default = false default = false
} }
variable "elasticache_dedicated_network_acl" { variable "elasticache_dedicated_network_acl" {
description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets" description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
type = bool
default = false default = false
} }
variable "default_network_acl_ingress" { variable "default_network_acl_ingress" {
description = "List of maps of ingress rules to set on the Default Network ACL" description = "List of maps of ingress rules to set on the Default Network ACL"
type = list(map(string))
default = [{ default = [
rule_no = 100 {
action = "allow" rule_no = 100
from_port = 0 action = "allow"
to_port = 0 from_port = 0
protocol = "-1" to_port = 0
cidr_block = "0.0.0.0/0" protocol = "-1"
cidr_block = "0.0.0.0/0"
}, },
{ {
rule_no = 101 rule_no = 101
...@@ -721,14 +930,16 @@ variable "default_network_acl_ingress" { ...@@ -721,14 +930,16 @@ variable "default_network_acl_ingress" {
variable "default_network_acl_egress" { variable "default_network_acl_egress" {
description = "List of maps of egress rules to set on the Default Network ACL" description = "List of maps of egress rules to set on the Default Network ACL"
type = list(map(string))
default = [{ default = [
rule_no = 100 {
action = "allow" rule_no = 100
from_port = 0 action = "allow"
to_port = 0 from_port = 0
protocol = "-1" to_port = 0
cidr_block = "0.0.0.0/0" protocol = "-1"
cidr_block = "0.0.0.0/0"
}, },
{ {
rule_no = 101 rule_no = 101
...@@ -743,6 +954,7 @@ variable "default_network_acl_egress" { ...@@ -743,6 +954,7 @@ variable "default_network_acl_egress" {
variable "public_inbound_acl_rules" { variable "public_inbound_acl_rules" {
description = "Public subnets inbound network ACLs" description = "Public subnets inbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -758,6 +970,7 @@ variable "public_inbound_acl_rules" { ...@@ -758,6 +970,7 @@ variable "public_inbound_acl_rules" {
variable "public_outbound_acl_rules" { variable "public_outbound_acl_rules" {
description = "Public subnets outbound network ACLs" description = "Public subnets outbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -773,6 +986,7 @@ variable "public_outbound_acl_rules" { ...@@ -773,6 +986,7 @@ variable "public_outbound_acl_rules" {
variable "private_inbound_acl_rules" { variable "private_inbound_acl_rules" {
description = "Private subnets inbound network ACLs" description = "Private subnets inbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -788,6 +1002,7 @@ variable "private_inbound_acl_rules" { ...@@ -788,6 +1002,7 @@ variable "private_inbound_acl_rules" {
variable "private_outbound_acl_rules" { variable "private_outbound_acl_rules" {
description = "Private subnets outbound network ACLs" description = "Private subnets outbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -803,6 +1018,7 @@ variable "private_outbound_acl_rules" { ...@@ -803,6 +1018,7 @@ variable "private_outbound_acl_rules" {
variable "intra_inbound_acl_rules" { variable "intra_inbound_acl_rules" {
description = "Intra subnets inbound network ACLs" description = "Intra subnets inbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -818,6 +1034,7 @@ variable "intra_inbound_acl_rules" { ...@@ -818,6 +1034,7 @@ variable "intra_inbound_acl_rules" {
variable "intra_outbound_acl_rules" { variable "intra_outbound_acl_rules" {
description = "Intra subnets outbound network ACLs" description = "Intra subnets outbound network ACLs"
type = list(map(string))
default = [ default = [
{ {
...@@ -833,6 +1050,7 @@ variable "intra_outbound_acl_rules" { ...@@ -833,6 +1050,7 @@ variable "intra_outbound_acl_rules" {
variable "database_inbound_acl_rules" { variable "database_inbound_acl_rules" {
description = "Database subnets inbound network ACL rules" description = "Database subnets inbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -848,6 +1066,7 @@ variable "database_inbound_acl_rules" { ...@@ -848,6 +1066,7 @@ variable "database_inbound_acl_rules" {
variable "database_outbound_acl_rules" { variable "database_outbound_acl_rules" {
description = "Database subnets outbound network ACL rules" description = "Database subnets outbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -863,6 +1082,7 @@ variable "database_outbound_acl_rules" { ...@@ -863,6 +1082,7 @@ variable "database_outbound_acl_rules" {
variable "redshift_inbound_acl_rules" { variable "redshift_inbound_acl_rules" {
description = "Redshift subnets inbound network ACL rules" description = "Redshift subnets inbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -878,6 +1098,7 @@ variable "redshift_inbound_acl_rules" { ...@@ -878,6 +1098,7 @@ variable "redshift_inbound_acl_rules" {
variable "redshift_outbound_acl_rules" { variable "redshift_outbound_acl_rules" {
description = "Redshift subnets outbound network ACL rules" description = "Redshift subnets outbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -893,6 +1114,7 @@ variable "redshift_outbound_acl_rules" { ...@@ -893,6 +1114,7 @@ variable "redshift_outbound_acl_rules" {
variable "elasticache_inbound_acl_rules" { variable "elasticache_inbound_acl_rules" {
description = "Elasticache subnets inbound network ACL rules" description = "Elasticache subnets inbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -908,6 +1130,7 @@ variable "elasticache_inbound_acl_rules" { ...@@ -908,6 +1130,7 @@ variable "elasticache_inbound_acl_rules" {
variable "elasticache_outbound_acl_rules" { variable "elasticache_outbound_acl_rules" {
description = "Elasticache subnets outbound network ACL rules" description = "Elasticache subnets outbound network ACL rules"
type = list(map(string))
default = [ default = [
{ {
...@@ -920,3 +1143,4 @@ variable "elasticache_outbound_acl_rules" { ...@@ -920,3 +1143,4 @@ variable "elasticache_outbound_acl_rules" {
}, },
] ]
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment