feat: Add IPAM IPv4 support (#716)

6eddcad7 · drewmullen · GitHub · a06dd176 · 6eddcad7 · 6eddcad7
Commit 6eddcad7 authored Sep 25, 2022 by drewmullen Committed by GitHub Sep 25, 2022
47 changed files
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.72.1
+    rev: v1.75.0
    hooks:
      - id: terraform_fmt
      - id: terraform_validate

--- a/README.md
+++ b/README.md
@@ -181,6 +181,54 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
 It is possible to integrate this VPC module with [terraform-aws-transit-gateway module](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway) which handles the creation of TGW resources and VPC attachments. See [complete example there](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete).
+## VPC CIDR from AWS IP Address Manager (IPAM)
+It is possible to have your VPC CIDR assigned from an [AWS IPAM Pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool). However, In order to build subnets within this module Terraform must know subnet CIDRs to properly plan the amount of resources to build. Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. You can get around this by "previewing" the CIDR and then using that as the subnet values.
+_Note: Due to race conditions with `terraform plan`, it is not possible to use `ipv4_netmask_length` or a pools `allocation_default_netmask_length` within this module. You must explicitly set the CIDRs for a pool to use._
+```hcl
+# Find the pool RAM shared to your account
+# Info on RAM sharing pools: https://docs.aws.amazon.com/vpc/latest/ipam/share-pool-ipam.html
+data "aws_vpc_ipam_pool" "ipv4_example" {
+  filter {
+    name   = "description"
+    values = ["*mypool*"]
+  }
+  filter {
+    name   = "address-family"
+    values = ["ipv4"]
+  }
+}
+# Preview next CIDR from pool
+data "aws_vpc_ipam_preview_next_cidr" "previewed_cidr" {
+  ipam_pool_id   = data.aws_vpc_ipam_pool.ipv4_example.id
+  netmask_length = 24
+}
+data "aws_region" "current" {}
+# Calculate subnet cidrs from previewed IPAM CIDR
+locals {
+  partition       = cidrsubnets(data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr, 2, 2)
+  private_subnets = cidrsubnets(local.partition[0], 2, 2)
+  public_subnets  = cidrsubnets(local.partition[1], 2, 2)
+  azs             = formatlist("${data.aws_region.current.name}%s", ["a", "b"])
+}
+module "vpc_cidr_from_ipam" {
+  source            = "terraform-aws-modules/vpc/aws"
+  name              = "vpc-cidr-from-ipam"
+  ipv4_ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id
+  azs               = local.azs
+  cidr              = data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr
+  private_subnets   = local.private_subnets
+  public_subnets    = local.public_subnets
+}
+```
 ## Examples
 - [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple-vpc)
@@ -190,6 +238,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 - [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls)
 - [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs)
 - [VPC with Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost)
+- [VPC CIDR from IPAM](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipam-vpc)
 - [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc)
 - [Few tests and edge case examples](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issues)
@@ -205,13 +254,13 @@ Full contributing [guidelines are covered here](.github/contributing.md).
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.63 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.73 |
 ## Modules
@@ -306,7 +355,7 @@ No modules.
 | <a name="input_amazon_side_asn"></a> [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no |
 | <a name="input_assign_ipv6_address_on_creation"></a> [assign\_ipv6\_address\_on\_creation](#input\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no |
 | <a name="input_azs"></a> [azs](#input\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no |
-| <a name="input_cidr"></a> [cidr](#input\_cidr) | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no |
+| <a name="input_cidr"></a> [cidr](#input\_cidr) | (Optional) The IPv4 CIDR block for the VPC. | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_create_database_internet_gateway_route"></a> [create\_database\_internet\_gateway\_route](#input\_create\_database\_internet\_gateway\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no |
 | <a name="input_create_database_nat_gateway_route"></a> [create\_database\_nat\_gateway\_route](#input\_create\_database\_nat\_gateway\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no |
 | <a name="input_create_database_subnet_group"></a> [create\_database\_subnet\_group](#input\_create\_database\_subnet\_group) | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no |
@@ -405,6 +454,7 @@ No modules.
 | <a name="input_intra_subnet_suffix"></a> [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no |
 | <a name="input_intra_subnet_tags"></a> [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no |
 | <a name="input_intra_subnets"></a> [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no |
+| <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. | `string` | `null` | no |
 | <a name="input_manage_default_network_acl"></a> [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
 | <a name="input_manage_default_route_table"></a> [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no |
 | <a name="input_manage_default_security_group"></a> [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |
@@ -560,7 +610,7 @@ No modules.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/complete-vpc/README.md
+++ b/examples/complete-vpc/README.md
@@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.63 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.73 |
 ## Modules
@@ -136,7 +136,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
 locals {
-  name   = "complete-example"
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
  tags = {
-    Owner       = "user"
+    Example    = local.name
-    Environment = "staging"
+    GithubRepo = "terraform-aws-vpc"
-    Name        = "complete"
+    GithubOrg  = "terraform-aws-modules"
  }
 }

--- a/examples/complete-vpc/outputs.tf
+++ b/examples/complete-vpc/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/complete-vpc/versions.tf
+++ b/examples/complete-vpc/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/ipam-vpc/README.md
+++ b/examples/ipam-vpc/README.md
--- a/examples/ipam-vpc/main.tf
+++ b/examples/ipam-vpc/main.tf
+provider "aws" {
+  region = local.region
+}
+locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
+  region = "eu-west-1"
+  partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2)
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}
+################################################################################
+# VPC Module
+################################################################################
+module "vpc" {
+  source = "../.."
+  name = local.name
+  private_subnets = cidrsubnets(local.partition[0], 2, 2)
+  public_subnets  = cidrsubnets(local.partition[1], 2, 2)
+  ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id
+  azs               = ["${local.region}a", "${local.region}b"]
+  cidr              = aws_vpc_ipam_preview_next_cidr.this.cidr
+  tags = local.tags
+}
+################################################################################
+# Supporting Resources
+################################################################################
+/*
+NOTES ON IPAM USAGE:
+In order to build subnets with your VPC Terraform must know subnet CIDRs to properly plan # of resources to build.
+Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time.
+We can get around this by "previewing" the CIDR and then using that as the subnet values.
+In the example above we use `cidrsubnets()` to calculate a public and private "partitions" (group of cidrs) then calculate the specific
+CIDRs for each subnet type.
+For an explanation on prolonged delete times on IPAM pools see 2nd
+*note* in terraform docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr
+*/
+resource "aws_vpc_ipam" "this" {
+  operating_regions {
+    region_name = local.region
+  }
+}
+resource "aws_vpc_ipam_pool" "this" {
+  address_family                    = "ipv4"
+  ipam_scope_id                     = aws_vpc_ipam.this.private_default_scope_id
+  locale                            = local.region
+  allocation_default_netmask_length = 24
+}
+resource "aws_vpc_ipam_pool_cidr" "this" {
+  ipam_pool_id = aws_vpc_ipam_pool.this.id
+  cidr         = "10.0.0.0/16"
+}
+resource "aws_vpc_ipam_preview_next_cidr" "this" {
+  ipam_pool_id   = aws_vpc_ipam_pool.this.id
+  netmask_length = 20
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.this
+  ]
+}
--- a/examples/ipam-vpc/outputs.tf
+++ b/examples/ipam-vpc/outputs.tf
--- a/examples/ipam-vpc/variables.tf
+++ b/examples/ipam-vpc/variables.tf
--- a/examples/ipam-vpc/versions.tf
+++ b/examples/ipam-vpc/versions.tf
+terraform {
+  required_version = ">= 0.13.1"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.73"
+    }
+  }
+}
--- a/examples/ipv6/README.md
+++ b/examples/ipv6/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -125,7 +125,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/ipv6/main.tf
+++ b/examples/ipv6/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -35,8 +42,5 @@ module "vpc" {
  private_subnet_ipv6_prefixes  = [2, 3]
  database_subnet_ipv6_prefixes = [4, 5]
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
 }
--- a/examples/ipv6/outputs.tf
+++ b/examples/ipv6/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/ipv6/versions.tf
+++ b/examples/ipv6/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/issues/README.md
+++ b/examples/issues/README.md
@@ -25,7 +25,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers

--- a/examples/issues/main.tf
+++ b/examples/issues/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -24,10 +31,10 @@ module "vpc_issue_44" {
  create_database_subnet_group = true
  enable_nat_gateway           = true
-  tags = {
+  tags = merge({
    Issue = "44"
    Name  = "asymmetrical"
-  }
+  }, local.tags)
 }
 ################################################################################
@@ -50,10 +57,10 @@ module "vpc_issue_46" {
  enable_dns_hostnames = true
  enable_nat_gateway   = false
-  tags = {
+  tags = merge({
    Issue = "46"
    Name  = "no-private-subnets"
-  }
+  }, local.tags)
 }
 ################################################################################
@@ -73,8 +80,8 @@ module "vpc_issue_108" {
  single_nat_gateway = true
  enable_nat_gateway = true
-  tags = {
+  tags = merge({
    Issue = "108"
    Name  = "route-already-exists"
-  }
+  }, local.tags)
 }
--- a/examples/issues/versions.tf
+++ b/examples/issues/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/manage-default-vpc/README.md
+++ b/examples/manage-default-vpc/README.md
@@ -22,7 +22,7 @@ Run `terraform destroy` when you don't need these resources.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -127,7 +127,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/manage-default-vpc/main.tf
+++ b/examples/manage-default-vpc/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -18,4 +25,6 @@ module "vpc" {
  manage_default_vpc               = true
  default_vpc_name                 = "default"
  default_vpc_enable_dns_hostnames = true
+  tags = local.tags
 }
--- a/examples/manage-default-vpc/outputs.tf
+++ b/examples/manage-default-vpc/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/manage-default-vpc/versions.tf
+++ b/examples/manage-default-vpc/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/network-acls/README.md
+++ b/examples/network-acls/README.md
@@ -24,7 +24,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -129,7 +129,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/network-acls/main.tf
+++ b/examples/network-acls/main.tf
@@ -3,8 +3,15 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
  network_acls = {
    default_inbound = [
      {
@@ -162,7 +169,7 @@ locals {
 module "vpc" {
  source = "../../"
-  name = "network-acls-example"
+  name = local.name
  cidr = "10.0.0.0/16"
  azs                 = ["${local.region}a", "${local.region}b", "${local.region}c"]
@@ -189,10 +196,7 @@ module "vpc" {
    Name = "overridden-name-public"
  }
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
  vpc_tags = {
    Name = "vpc-name"

--- a/examples/network-acls/outputs.tf
+++ b/examples/network-acls/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/network-acls/versions.tf
+++ b/examples/network-acls/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/outpost/README.md
+++ b/examples/outpost/README.md
@@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.63 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.73 |
 ## Modules
@@ -134,7 +134,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/outpost/main.tf
+++ b/examples/outpost/main.tf
@@ -7,8 +7,15 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
  network_acls = {
    outpost_inbound = [
      {
@@ -122,7 +129,7 @@ data "aws_availability_zones" "available" {}
 module "vpc" {
  source = "../../"
-  name = "outpost-example"
+  name = local.name
  cidr = "10.0.0.0/16"
  azs = [
@@ -152,8 +159,5 @@ module "vpc" {
  outpost_inbound_acl_rules     = local.network_acls["outpost_inbound"]
  outpost_outbound_acl_rules    = local.network_acls["outpost_outbound"]
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
 }
--- a/examples/outpost/outputs.tf
+++ b/examples/outpost/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/outpost/versions.tf
+++ b/examples/outpost/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/secondary-cidr-blocks/README.md
+++ b/examples/secondary-cidr-blocks/README.md
@@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -127,7 +127,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/secondary-cidr-blocks/main.tf
+++ b/examples/secondary-cidr-blocks/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -13,7 +20,7 @@ locals {
 module "vpc" {
  source = "../../"
-  name = "secondary-cidr-blocks-example"
+  name = local.name
  cidr                  = "10.0.0.0/16"
  secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"]
@@ -31,10 +38,7 @@ module "vpc" {
    Name = "overridden-name-public"
  }
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
  vpc_tags = {
    Name = "vpc-name"

--- a/examples/secondary-cidr-blocks/outputs.tf
+++ b/examples/secondary-cidr-blocks/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/secondary-cidr-blocks/versions.tf
+++ b/examples/secondary-cidr-blocks/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/simple-vpc/README.md
+++ b/examples/simple-vpc/README.md
@@ -26,7 +26,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -131,7 +131,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/simple-vpc/main.tf
+++ b/examples/simple-vpc/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -13,7 +20,7 @@ locals {
 module "vpc" {
  source = "../../"
-  name = "simple-example"
+  name = local.name
  cidr = "10.0.0.0/16"
  azs             = ["${local.region}a", "${local.region}b", "${local.region}c"]
@@ -29,10 +36,7 @@ module "vpc" {
    Name = "overridden-name-public"
  }
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
  vpc_tags = {
    Name = "vpc-name"

--- a/examples/simple-vpc/outputs.tf
+++ b/examples/simple-vpc/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/simple-vpc/versions.tf
+++ b/examples/simple-vpc/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/examples/vpc-flow-logs/main.tf
+++ b/examples/vpc-flow-logs/main.tf
@@ -3,8 +3,15 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
  s3_bucket_name            = "vpc-flow-logs-to-s3-${random_pet.this.id}"
  cloudwatch_log_group_name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}"
 }
@@ -16,7 +23,7 @@ locals {
 module "vpc_with_flow_logs_s3_bucket" {
  source = "../../"
-  name = "vpc-flow-logs-s3-bucket"
+  name = local.name
  cidr = "10.30.0.0/16"
  azs            = ["${local.region}a"]
@@ -26,15 +33,13 @@ module "vpc_with_flow_logs_s3_bucket" {
  flow_log_destination_type = "s3"
  flow_log_destination_arn  = module.s3_bucket.s3_bucket_arn
-  vpc_flow_log_tags = {
+  vpc_flow_log_tags = local.tags
-    Name = "vpc-flow-logs-s3-bucket"
-  }
 }
 module "vpc_with_flow_logs_s3_bucket_parquet" {
  source = "../../"
-  name = "vpc-flow-logs-s3-bucket"
+  name = "${local.name}-parquet"
  cidr = "10.30.0.0/16"
  azs            = ["${local.region}a"]
@@ -45,16 +50,14 @@ module "vpc_with_flow_logs_s3_bucket_parquet" {
  flow_log_destination_arn  = module.s3_bucket.s3_bucket_arn
  flow_log_file_format      = "parquet"
-  vpc_flow_log_tags = {
+  vpc_flow_log_tags = local.tags
-    Name = "vpc-flow-logs-s3-bucket"
-  }
 }
 # CloudWatch Log Group and IAM role created automatically
 module "vpc_with_flow_logs_cloudwatch_logs_default" {
  source = "../../"
-  name = "vpc-flow-logs-cloudwatch-logs-default"
+  name = "${local.name}-cloudwatch-logs-default"
  cidr = "10.10.0.0/16"
  azs            = ["${local.region}a"]
@@ -66,16 +69,14 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" {
  create_flow_log_cloudwatch_iam_role  = true
  flow_log_max_aggregation_interval    = 60
-  vpc_flow_log_tags = {
+  vpc_flow_log_tags = local.tags
-    Name = "vpc-flow-logs-cloudwatch-logs-default"
-  }
 }
 # CloudWatch Log Group and IAM role created separately
 module "vpc_with_flow_logs_cloudwatch_logs" {
  source = "../../"
-  name = "vpc-flow-logs-cloudwatch-logs"
+  name = "${local.name}-cloudwatch-logs"
  cidr = "10.20.0.0/16"
  azs            = ["${local.region}a"]
@@ -86,9 +87,7 @@ module "vpc_with_flow_logs_cloudwatch_logs" {
  flow_log_destination_arn         = aws_cloudwatch_log_group.flow_log.arn
  flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn
-  vpc_flow_log_tags = {
+  vpc_flow_log_tags = local.tags
-    Name = "vpc-flow-logs-cloudwatch-logs"
-  }
 }
 ################################################################################
@@ -108,9 +107,7 @@ module "s3_bucket" {
  policy        = data.aws_iam_policy_document.flow_log_s3.json
  force_destroy = true
-  tags = {
+  tags = local.tags
-    Name = "vpc-flow-logs-s3-bucket"
-  }
 }
 data "aws_iam_policy_document" "flow_log_s3" {

--- a/examples/vpc-separate-private-route-tables/README.md
+++ b/examples/vpc-separate-private-route-tables/README.md
@@ -22,7 +22,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.73 |
 ## Providers
@@ -127,7 +127,7 @@ No inputs.
 | <a name="output_public_subnets_ipv6_cidr_blocks"></a> [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
 | <a name="output_redshift_network_acl_arn"></a> [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
 | <a name="output_redshift_network_acl_id"></a> [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| <a name="output_redshift_public_route_table_association_ids"></a> [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
 | <a name="output_redshift_route_table_association_ids"></a> [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
 | <a name="output_redshift_route_table_ids"></a> [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
 | <a name="output_redshift_subnet_arns"></a> [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |

--- a/examples/vpc-separate-private-route-tables/main.tf
+++ b/examples/vpc-separate-private-route-tables/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
 }
 locals {
+  name   = "ex-${replace(basename(path.cwd), "_", "-")}"
  region = "eu-west-1"
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-vpc"
+    GithubOrg  = "terraform-aws-modules"
+  }
 }
 ################################################################################
@@ -13,7 +20,7 @@ locals {
 module "vpc" {
  source = "../../"
-  name = "vpc-separate-private-route-tables"
+  name = local.name
  cidr = "10.10.0.0/16"
@@ -31,9 +38,5 @@ module "vpc" {
  single_nat_gateway = true
  enable_nat_gateway = true
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "staging"
-    Name        = "separate-private-route-tables"
-  }
 }
--- a/examples/vpc-separate-private-route-tables/outputs.tf
+++ b/examples/vpc-separate-private-route-tables/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = module.vpc.redshift_public_route_table_association_ids
 }

--- a/examples/vpc-separate-private-route-tables/versions.tf
+++ b/examples/vpc-separate-private-route-tables/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }
--- a/main.tf
+++ b/main.tf
@@ -20,7 +20,9 @@ locals {
 resource "aws_vpc" "this" {
  count = local.create_vpc ? 1 : 0
-  cidr_block                       = var.cidr
+  cidr_block        = var.cidr
+  ipv4_ipam_pool_id = var.ipv4_ipam_pool_id
  instance_tenancy                 = var.instance_tenancy
  enable_dns_hostnames             = var.enable_dns_hostnames
  enable_dns_support               = var.enable_dns_support

--- a/outputs.tf
+++ b/outputs.tf
@@ -314,7 +314,7 @@ output "redshift_route_table_association_ids" {
 }
 output "redshift_public_route_table_association_ids" {
-  description = "List of IDs of the public redshidt route table association"
+  description = "List of IDs of the public redshift route table association"
  value       = aws_route_table_association.redshift_public[*].id
 }

--- a/variables.tf
+++ b/variables.tf
@@ -11,7 +11,7 @@ variable "name" {
 }
 variable "cidr" {
-  description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
+  description = "(Optional) The IPv4 CIDR block for the VPC."
  type        = string
  default     = "0.0.0.0/0"
 }
@@ -1190,6 +1190,12 @@ variable "flow_log_per_hour_partition" {
  default     = false
 }
+variable "ipv4_ipam_pool_id" {
+  description = "(Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR."
+  type        = string
+  default     = null
+}
 variable "putin_khuylo" {
  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
  type        = bool

--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 3.63"
+      version = ">= 3.73"
    }
  }
 }