feat: Added tflint as pre-commit hook (#507)

.kitchen.yml

----
-driver:
-  name: "terraform"
-  root_module_directory: "examples/test_fixture"
-
-provisioner:
-  name: "terraform"
-
-platforms:
-  - name: "aws"
-
-verifier:
-  name: "awspec"
-
-suites:
-  - name: "default"
-    verifier:
-      name: "awspec"
-      patterns:
-      - "test/integration/default/test_vpc.rb"

.pre-commit-config.yaml

 repos:
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.31.0
+  rev: v1.40.0
   hooks:
     - id: terraform_fmt
     - id: terraform_docs
+    - id: terraform_tflint
+      args:
+        - '--args=--config=__GIT_WORKING_DIR__/.tflint.hcl'
 - repo: git://github.com/pre-commit/pre-commit-hooks
-  rev: v3.1.0
+  rev: v3.2.0
   hooks:
     - id: check-merge-conflict

.ruby-version

-2.4.2

.tflint.hcl

+config {
+  deep_check = false
+  ignore_module = {}
+  varfile = []
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}

Gemfile

-# frozen_string_literal: true
-
-ruby '2.4.2'
-
-source 'https://rubygems.org/' do
-  gem 'aws-sdk', '~> 3.0.1'
-  gem 'awspec', '~> 1.4.0'
-  gem 'kitchen-terraform', '~> 3.1'
-  gem 'kitchen-verifier-awspec', '~> 0.1.1'
-  gem 'rhcl', '~> 0.1.0'
-end

README.md

@@ -241,8 +241,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | access\_analyzer\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint | `list(string)` | `[]` | no |
 | access\_analyzer\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used. | `list(string)` | `[]` | no |
 | acm\_pca\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint | `bool` | `false` | no |
-| acm\_pca\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ACM PCA endpoint | `list` | `[]` | no |
-| acm\_pca\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| acm\_pca\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ACM PCA endpoint | `list(string)` | `[]` | no |
+| acm\_pca\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no |
 | apigw\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint | `bool` | `false` | no |
 | apigw\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for API GW  endpoint | `list(string)` | `[]` | no |
@@ -272,11 +272,11 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | cloudtrail\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudTrail endpoint | `list(string)` | `[]` | no |
 | cloudtrail\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | codebuild\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint | `bool` | `false` | no |
-| codebuild\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codebuild endpoint | `list` | `[]` | no |
-| codebuild\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| codebuild\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codebuild endpoint | `list(string)` | `[]` | no |
+| codebuild\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint | `bool` | `false` | no |
-| codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codecommit endpoint | `list` | `[]` | no |
-| codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Codecommit endpoint | `list(string)` | `[]` | no |
+| codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | codedeploy\_commands\_secure\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy Commands Secure endpoint | `bool` | `false` | no |
 | codedeploy\_commands\_secure\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodeDeploy Commands Secure endpoint | `list(string)` | `[]` | no |
 | codedeploy\_commands\_secure\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodeDeploy Commands Secure endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -287,8 +287,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | codepipeline\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CodePipeline endpoint | `list(string)` | `[]` | no |
 | codepipeline\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | config\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for config endpoint | `bool` | `false` | no |
-| config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for config endpoint | `list` | `[]` | no |
-| config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| config\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for config endpoint | `list(string)` | `[]` | no |
+| config\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no |
 | create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no |
 | create\_database\_subnet\_group | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no |
@@ -311,7 +311,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | database\_route\_table\_tags | Additional tags for the database route tables | `map(string)` | `{}` | no |
 | database\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | database\_subnet\_group\_tags | Additional tags for the database subnet group | `map(string)` | `{}` | no |
-| database\_subnet\_ipv6\_prefixes | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| database\_subnet\_ipv6\_prefixes | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | database\_subnet\_suffix | Suffix to append to database subnets name | `string` | `"db"` | no |
 | database\_subnet\_tags | Additional tags for the database subnets | `map(string)` | `{}` | no |
 | database\_subnets | A list of database subnets | `list(string)` | `[]` | no |
@@ -376,7 +376,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | elasticache\_outbound\_acl\_rules | Elasticache subnets outbound network ACL rules | `list(map(string))` | <pre>[<br>  {<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_action": "allow",<br>    "rule_number": 100,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | `map(string)` | `{}` | no |
 | elasticache\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
-| elasticache\_subnet\_ipv6\_prefixes | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| elasticache\_subnet\_ipv6\_prefixes | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no |
 | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | `map(string)` | `{}` | no |
 | elasticache\_subnets | A list of elasticache subnets | `list(string)` | `[]` | no |
@@ -480,8 +480,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no |
 | flow\_log\_traffic\_type | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no |
 | git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | `bool` | `false` | no |
-| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | `list` | `[]` | no |
-| git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | `list(string)` | `[]` | no |
+| git\_codecommit\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | glue\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint | `bool` | `false` | no |
 | glue\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Glue endpoint | `list(string)` | `[]` | no |
 | glue\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -493,7 +493,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | intra\_outbound\_acl\_rules | Intra subnets outbound network ACLs | `list(map(string))` | <pre>[<br>  {<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_action": "allow",<br>    "rule_number": 100,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | intra\_route\_table\_tags | Additional tags for the intra route tables | `map(string)` | `{}` | no |
 | intra\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
-| intra\_subnet\_ipv6\_prefixes | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| intra\_subnet\_ipv6\_prefixes | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | intra\_subnet\_suffix | Suffix to append to intra subnets name | `string` | `"intra"` | no |
 | intra\_subnet\_tags | Additional tags for the intra subnets | `map(string)` | `{}` | no |
 | intra\_subnets | A list of intra subnets | `list(string)` | `[]` | no |
@@ -526,7 +526,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | private\_outbound\_acl\_rules | Private subnets outbound network ACLs | `list(map(string))` | <pre>[<br>  {<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_action": "allow",<br>    "rule_number": 100,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | private\_route\_table\_tags | Additional tags for the private route tables | `map(string)` | `{}` | no |
 | private\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
-| private\_subnet\_ipv6\_prefixes | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| private\_subnet\_ipv6\_prefixes | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | private\_subnet\_suffix | Suffix to append to private subnets name | `string` | `"private"` | no |
 | private\_subnet\_tags | Additional tags for the private subnets | `map(string)` | `{}` | no |
 | private\_subnets | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
@@ -539,7 +539,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | public\_outbound\_acl\_rules | Public subnets outbound network ACLs | `list(map(string))` | <pre>[<br>  {<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_action": "allow",<br>    "rule_number": 100,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | public\_route\_table\_tags | Additional tags for the public route tables | `map(string)` | `{}` | no |
 | public\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
-| public\_subnet\_ipv6\_prefixes | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| public\_subnet\_ipv6\_prefixes | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | public\_subnet\_suffix | Suffix to append to public subnets name | `string` | `"public"` | no |
 | public\_subnet\_tags | Additional tags for the public subnets | `map(string)` | `{}` | no |
 | public\_subnets | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
@@ -556,7 +556,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | redshift\_route\_table\_tags | Additional tags for the redshift route tables | `map(string)` | `{}` | no |
 | redshift\_subnet\_assign\_ipv6\_address\_on\_creation | Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | `map(string)` | `{}` | no |
-| redshift\_subnet\_ipv6\_prefixes | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list` | `[]` | no |
+| redshift\_subnet\_ipv6\_prefixes | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
 | redshift\_subnet\_suffix | Suffix to append to redshift subnets name | `string` | `"redshift"` | no |
 | redshift\_subnet\_tags | Additional tags for the redshift subnets | `map(string)` | `{}` | no |
 | redshift\_subnets | A list of redshift subnets | `list(string)` | `[]` | no |
@@ -592,8 +592,8 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | sns\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SNS endpoint | `list(string)` | `[]` | no |
 | sns\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | sqs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint | `bool` | `false` | no |
-| sqs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SQS endpoint | `list` | `[]` | no |
-| sqs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list` | `[]` | no |
+| sqs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SQS endpoint | `list(string)` | `[]` | no |
+| sqs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | `bool` | `false` | no |
 | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | `list(string)` | `[]` | no |
 | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
@@ -906,18 +906,6 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
-## Tests
-
-This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through test kitchen. To run them:
-
-1. Install [rvm](https://rvm.io/rvm/install) and the ruby version specified in the [Gemfile](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/Gemfile).
-2. Install bundler and the gems from our Gemfile:
-```
-gem install bundler; bundle install
-```
-3. Test using `bundle exec kitchen test` from the root of the repo.
-
-
 ## Authors
 
 Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-vpc/graphs/contributors).

examples/complete-vpc/README.md

@@ -19,13 +19,16 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 2.68, < 4.0 |
 
 ## Inputs
 

examples/complete-vpc/outputs.tf

@@ -67,20 +67,3 @@ output "this_customer_gateway" {
   description = "Map of Customer Gateway attributes"
   value       = module.vpc.this_customer_gateway
 }
-
-//
-//# VPC endpoints
-//output "vpc_endpoint_ec2_id" {
-//  description = "The ID of VPC endpoint for EC2"
-//  value       = "${module.vpc.vpc_endpoint_ec2_id}"
-//}
-//
-//output "vpc_endpoint_ec2_network_interface_ids" {
-//  description = "One or more network interfaces for the VPC Endpoint for EC2."
-//  value = ["${module.vpc.vpc_endpoint_ec2_network_interface_ids}"]
-//}
-//
-//output "vpc_endpoint_ec2_dns_entry" {
-//  description = "The DNS entries for the VPC Endpoint for EC2."
-//  value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"]
-//}

examples/complete-vpc/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/ipv6/README.md

@@ -17,13 +17,16 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
+| aws | >= 2.68, < 4.0 |
 
 ## Inputs
 

examples/ipv6/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/issue-108-route-already-exists/README.md

@@ -21,7 +21,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/issue-108-route-already-exists/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/issue-224-vpcendpoint-apigw/main.tf

-provider "aws" {
-  region = "us-east-1"
-}
-
-#################
-# Security group
-#################
-module "http_sg" {
-  source  = "terraform-aws-modules/security-group/aws//modules/http-80"
-  version = "~> 3.0"
-
-  name        = "http-sg"
-  description = "Security group with HTTP ports open for everybody (IPv4 CIDR), egress ports are all world open"
-  vpc_id      = module.vpc.vpc_id
-
-  ingress_cidr_blocks = ["0.0.0.0/0"]
-}
-
-######
-# VPC
-######
-module "vpc" {
-  source = "../../"
-
-  name = "vpcendpoint-example"
-
-  cidr = "10.15.0.0/16"
-
-  azs             = ["us-east-1a"]
-  private_subnets = ["10.15.1.0/24"]
-
-  enable_dns_hostnames = true
-  enable_dns_support   = true
-
-  # VPC endpoint for API gateway
-  enable_apigw_endpoint              = true
-  apigw_endpoint_security_group_ids  = [module.http_sg.this_security_group_id]
-  apigw_endpoint_private_dns_enabled = true
-
-  tags = {
-    Owner       = "user"
-    Environment = "test"
-    Name        = "test-224"
-  }
-}
-

examples/issue-44-asymmetric-private-subnets/README.md

@@ -19,7 +19,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/issue-44-asymmetric-private-subnets/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/issue-46-no-private-subnets/README.md

@@ -19,7 +19,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/issue-46-no-private-subnets/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/manage-default-vpc/README.md

@@ -19,7 +19,10 @@ Run `terraform destroy` when you don't need these resources.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/manage-default-vpc/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/network-acls/README.md

@@ -21,7 +21,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/network-acls/outputs.tf

@@ -10,11 +10,6 @@ output "vpc_cidr_block" {
   value       = module.vpc.vpc_cidr_block
 }
 
-//output "vpc_ipv6_cidr_block" {
-//  description = "The IPv6 CIDR block"
-//  value       = ["${module.vpc.vpc_ipv6_cidr_block}"]
-//}
-
 # Subnets
 output "private_subnets" {
   description = "List of IDs of private subnets"

examples/network-acls/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/secondary-cidr-blocks/README.md

@@ -19,7 +19,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/secondary-cidr-blocks/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/simple-vpc/README.md

@@ -23,13 +23,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 
-| Name | Version |
-|------|---------|
-| aws | n/a |
+No provider.
 
 ## Inputs
 

examples/simple-vpc/main.tf

@@ -2,11 +2,6 @@ provider "aws" {
   region = "eu-west-1"
 }
 
-data "aws_security_group" "default" {
-  name   = "default"
-  vpc_id = module.vpc.vpc_id
-}
-
 module "vpc" {
   source = "../../"
 

examples/simple-vpc/outputs.tf

@@ -10,11 +10,6 @@ output "vpc_cidr_block" {
   value       = module.vpc.vpc_cidr_block
 }
 
-//output "vpc_ipv6_cidr_block" {
-//  description = "The IPv6 CIDR block"
-//  value       = ["${module.vpc.vpc_ipv6_cidr_block}"]
-//}
-
 # Subnets
 output "private_subnets" {
   description = "List of IDs of private subnets"

examples/simple-vpc/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

examples/test_fixture/README.md

-# Test fixture of simple VPC
-
-Configuration in this directory creates a set of VPC resources to be tested by test kitchen.
-
-There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between 2 availability zones.
-
-## Usage
-
-To run the tests, from the repo root execute:
-
-```bash
-$ kitchen test
-...
-Finished in 4.25 seconds (files took 2.75 seconds to load)
-20 examples, 0 failures
-
-       Finished verifying <default-aws> (0m9.03s).
------> Kitchen is finished. (0m9.40s)
-```
-
-This will destroy any existing test resources, create the resources afresh, run the tests, report back, and destroy the resources.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| aws | n/a |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| region | n/a | `string` | `"eu-west-1"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| region | Region we created the resources in. |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/test_fixture/main.tf

-provider "aws" {
-  region = var.region
-}
-
-data "aws_availability_zones" "available" {
-}
-
-module "vpc" {
-  source             = "../.."
-  name               = "test-example"
-  cidr               = "10.0.0.0/16"
-  azs                = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]]
-  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24"]
-  public_subnets     = ["10.0.101.0/24", "10.0.102.0/24"]
-  enable_nat_gateway = true
-  single_nat_gateway = true
-
-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-}
-

examples/test_fixture/outputs.tf

-output "region" {
-  description = "Region we created the resources in."
-  value       = var.region
-}
-

examples/test_fixture/variables.tf

-variable "region" {
-  default = "eu-west-1"
-}
-

examples/vpc-flow-logs/README.md

@@ -21,14 +21,18 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
+| random | >= 2 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | n/a |
-| random | n/a |
+| aws | >= 2.68, < 4.0 |
+| random | >= 2 |
 
 ## Inputs
 

examples/vpc-flow-logs/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws    = ">= 2.68, < 4.0"
+    random = ">= 2"
+  }
+}

examples/vpc-separate-private-route-tables/README.md

@@ -19,7 +19,10 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.7, < 0.14 |
+| aws | >= 2.68, < 4.0 |
 
 ## Providers
 

examples/vpc-separate-private-route-tables/versions.tf

+terraform {
+  required_version = ">= 0.12.7, < 0.14"
+
+  required_providers {
+    aws = ">= 2.68, < 4.0"
+  }
+}

outputs.tf

@@ -43,11 +43,6 @@ output "vpc_enable_dns_hostnames" {
   value       = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0]
 }
 
-//output "vpc_enable_classiclink" {
-//  description = "Whether or not the VPC has Classiclink enabled"
-//  value       = concat(aws_vpc.this.*.enable_classiclink, [""])[0]
-//}
-
 output "vpc_main_route_table_id" {
   description = "The ID of the main route table associated with this VPC"
   value       = concat(aws_vpc.this.*.main_route_table_id, [""])[0]
@@ -417,26 +412,11 @@ output "default_vpc_enable_dns_hostnames" {
   value       = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0]
 }
 
-//output "default_vpc_enable_classiclink" {
-//  description = "Whether or not the VPC has Classiclink enabled"
-//  value       = concat(aws_default_vpc.this.*.enable_classiclink, [""])[0]
-//}
-
 output "default_vpc_main_route_table_id" {
   description = "The ID of the main route table associated with this VPC"
   value       = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0]
 }
 
-//output "default_vpc_ipv6_association_id" {
-//  description = "The association ID for the IPv6 CIDR block"
-//  value       = concat(aws_default_vpc.this.*.ipv6_association_id, [""])[0]
-//}
-//
-//output "default_vpc_ipv6_cidr_block" {
-//  description = "The IPv6 CIDR block"
-//  value       = concat(aws_default_vpc.this.*.ipv6_cidr_block, [""])[0]
-//}
-
 output "public_network_acl_id" {
   description = "ID of the public network ACL"
   value       = concat(aws_network_acl.public.*.id, [""])[0]

test/integration/default/test_vpc.rb

-# frozen_string_literal: true
-
-require 'awspec'
-require 'aws-sdk'
-require 'rhcl'
-
-# should strive to randomize the region for more robust testing
-example_main = Rhcl.parse(File.open('examples/test_fixture/main.tf'))
-vpc_name = example_main['module']['vpc']['name']
-user_tag = example_main['module']['vpc']['tags']['Owner']
-environment_tag = example_main['module']['vpc']['tags']['Environment']
-state_file = 'terraform.tfstate.d/kitchen-terraform-default-aws/terraform.tfstate'
-tf_state = JSON.parse(File.open(state_file).read)
-region = tf_state['modules'][0]['outputs']['region']['value']
-ENV['AWS_REGION'] = region
-
-ec2 = Aws::EC2::Client.new(region: region)
-azs = ec2.describe_availability_zones
-zone_names = azs.to_h[:availability_zones].first(2).map { |az| az[:zone_name] }
-
-describe vpc(vpc_name.to_s) do
-  it { should exist }
-  it { should be_available }
-  it { should have_tag('Name').value(vpc_name.to_s) }
-  it { should have_tag('Owner').value(user_tag.to_s) }
-  it { should have_tag('Environment').value(environment_tag.to_s) }
-  it { should have_route_table("#{vpc_name}-public") }
-  zone_names.each do |az|
-    it { should have_route_table("#{vpc_name}-private-#{az}") }
-  end
-end
-
-zone_names.each do |az|
-  describe subnet("#{vpc_name}-public-#{az}") do
-    it { should exist }
-    it { should be_available }
-    it { should belong_to_vpc(vpc_name.to_s) }
-    it { should have_tag('Name').value("#{vpc_name}-public-#{az}") }
-    it { should have_tag('Owner').value(user_tag.to_s) }
-    it { should have_tag('Environment').value(environment_tag.to_s) }
-  end
-end

variables.tf

@@ -24,37 +24,37 @@ variable "enable_ipv6" {
 
 variable "private_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
 variable "public_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
 variable "database_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
 variable "redshift_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
 variable "elasticache_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
 variable "intra_subnet_ipv6_prefixes" {
   description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
-  type        = list
+  type        = list(string)
   default     = []
 }
 
@@ -324,101 +324,121 @@ variable "enable_s3_endpoint" {
 
 variable "enable_codebuild_endpoint" {
   description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
 variable "codebuild_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "codebuild_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "codebuild_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
+  type        = bool
   default     = false
 }
 
 variable "enable_codecommit_endpoint" {
   description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
 variable "codecommit_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "codecommit_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "codecommit_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
+  type        = bool
   default     = false
 }
 
 variable "enable_git_codecommit_endpoint" {
   description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
 variable "git_codecommit_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "git_codecommit_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "git_codecommit_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
+  type        = bool
   default     = false
 }
 
 variable "enable_config_endpoint" {
   description = "Should be true if you want to provision an config endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
 variable "config_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for config endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "config_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "config_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
+  type        = bool
   default     = false
 }
 
 variable "enable_sqs_endpoint" {
   description = "Should be true if you want to provision an SQS endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
 variable "sqs_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "sqs_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "sqs_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
+  type        = bool
   default     = false
 }
 
@@ -1649,6 +1669,7 @@ variable "states_endpoint_private_dns_enabled" {
 
 variable "enable_acm_pca_endpoint" {
   description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
+  type        = bool
   default     = false
 }
 
@@ -1726,16 +1747,19 @@ variable "codedeploy_commands_secure_endpoint_private_dns_enabled" {
 
 variable "acm_pca_endpoint_security_group_ids" {
   description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
+  type        = list(string)
   default     = []
 }
 
 variable "acm_pca_endpoint_subnet_ids" {
   description = "The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  type        = list(string)
   default     = []
 }
 
 variable "acm_pca_endpoint_private_dns_enabled" {
   description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
+  type        = bool
   default     = false
 }
 
@@ -1759,11 +1783,13 @@ variable "enable_vpn_gateway" {
 
 variable "vpn_gateway_id" {
   description = "ID of VPN Gateway to attach to the VPC"
+  type        = string
   default     = ""
 }
 
 variable "amazon_side_asn" {
   description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
+  type        = string
   default     = "64512"
 }