diff --git a/az/main.tf b/az/main.tf index 93a1ed3..1e35c59 100644 --- a/az/main.tf +++ b/az/main.tf @@ -2,7 +2,7 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Variables @@ -12,40 +12,54 @@ data "aws_availability_zones" "available" {} locals { # Calculates the number of AZs to be provisioned based on various possible inputs - azs_provisioned_count = "${local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned}" + azs_provisioned_count = local.azs_provisioned_override_enabled ? length(var.azs_provisioned_override) : var.azs_provisioned # Check to see if availability zones are being overridden. Some AWS regions do not support VPC in all AZs and it can vary by account. - azs_provisioned_override_enabled = "${length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false"}" + azs_provisioned_override_enabled = length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? true : false # Check to see if DMZ CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - dmz_cidrs_override_enabled = "${length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + dmz_cidrs_override_enabled = length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? true : false # Check to see if elastic IPs are to be provisioned. NAT gateways require EIPs. - eips_enabled_check = "${var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0}" + eips_enabled_check = var.nat_eips_enabled || var.nat_gateways_enabled ? 1 : 0 # Check to see if private LAN subnets are to be provisioned. - lans_enabled_check = "${local.lans_per_az_checked > 0 ? 1 : 0}" + lans_enabled_check = local.lans_per_az_checked > 0 ? 1 : 0 # Check to see if LAN CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + lan_cidrs_override_enabled = length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? true : false # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ. - lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}" + lans_multiplier = local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1 # Handles scenario where an emptry string is passed in for lans_per_az - lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}" + lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : 1 + + # Check to see if private static subnets are to be provisioned. + statics_enabled_check = local.statics_per_az_checked > 0 ? 1 : 0 + + # Check to see if static CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. + static_cidrs_override_enabled = length(var.static_cidrs_override) > 0 && var.static_cidrs_override[0] != "non_empty_list" ? true : false + + # Multiplier to be used in downstream calculation based on the number of static subnets per AZ. + statics_multiplier = local.statics_per_az_checked >= 0 ? local.statics_per_az_checked : 1 + + # Handles scenario where an emptry string is passed in for statics_per_az + statics_per_az_checked = var.statics_per_az != "" ? var.statics_per_az : 0 # Check to see if NAT gateways are to be provisioned - nat_gateways_enabled_check = "${var.nat_gateways_enabled == "true" ? 1 : 0}" + nat_gateways_enabled_check = var.nat_gateways_enabled ? 1 : 0 # Check to see if NAT gateways are NOT to be provisioned - nat_gateways_not_enabled_check = "${var.nat_gateways_enabled != "true" ? 1 : 0}" + nat_gateways_not_enabled_check = var.nat_gateways_enabled != true ? 1 : 0 # default subnet tags default_subnet_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" } + + enable_dmz_public_ips = var.enable_dmz_public_ips } ## Provisions DMZ resources @@ -53,29 +67,38 @@ locals { ### Provisions subnets data "aws_vpc" "base" { - id = "${var.vpc_id}" + id = var.vpc_id } resource "aws_subnet" "dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${var.azs_provisioned_override[count.index]}" : data.aws_availability_zones.available.names[count.index] # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index)}" - map_public_ip_on_launch = "${var.enable_dmz_public_ips}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" + cidr_block = local.dmz_cidrs_override_enabled ? var.dmz_cidrs_override[count.index] : cidrsubnet( + data.aws_vpc.base.cidr_block, + lookup(var.az_cidrsubnet_newbits, + local.azs_provisioned_count),count.index + ) + + map_public_ip_on_launch = var.enable_dmz_public_ips + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_subnet_tags, + map("Name", "${var.stack_item_label}-dmz-${count.index}") + ) } ### Associates subnet with routing table resource "aws_route_table_association" "rta_dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count - route_table_id = "${var.rt_dmz_id}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + route_table_id = var.rt_dmz_id + subnet_id = aws_subnet.dmz.*.id[count.index] } ### Provisions NATs @@ -106,42 +129,42 @@ data "aws_ami" "nat_ami" { } resource "aws_eip" "eip_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check vpc = true } resource "aws_eip_association" "eip_nat_assoc" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - instance_id = "${element(aws_instance.nat.*.id,count.index)}" + allocation_id = aws_eip.eip_nat.*.id[count.index] + instance_id = aws_instance.nat.*.id[count.index] } resource "aws_instance" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check - ami = "${coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id)}" + ami = coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id) associate_public_ip_address = true - instance_type = "${var.nat_instance_type}" - key_name = "${var.nat_key_name}" + instance_type = var.nat_instance_type + key_name = var.nat_key_name source_dest_check = false - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" - vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] + subnet_id = aws_subnet.dmz.*.id[count.index] + vpc_security_group_ids = [aws_security_group.sg_nat.*.id[count.index]] - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_security_group" "sg_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check description = "${var.stack_item_fullname} NAT security group" name_prefix = "${var.stack_item_label}-nat-" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id egress { cidr_blocks = ["0.0.0.0/0"] @@ -152,25 +175,25 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"] + cidr_blocks = local.lan_cidrs_override_enabled ? [var.lan_cidrs_override[count.index]] : [cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))] description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" to_port = 0 } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_nat_gateway" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + allocation_id = aws_eip.eip_nat.*.id[count.index] + subnet_id = aws_subnet.dmz.*.id[count.index] } ### @@ -179,27 +202,27 @@ resource "aws_nat_gateway" "nat" { ### Provisions subnet resource "aws_subnet" "lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${var.azs_provisioned_override[count.index]}" : data.aws_availability_zones.available.names[count.index] # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" - vpc_id = "${var.vpc_id}" + cidr_block = local.lan_cidrs_override_enabled ? var.lan_cidrs_override[count.index] : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) + vpc_id = var.vpc_id - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" + tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}")) } ### Provisions routing table resource "aws_route_table" "rt_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${var.vpc_id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-lan-${count.index}" } @@ -207,8 +230,57 @@ resource "aws_route_table" "rt_lan" { ### Associates subnet with routing table resource "aws_route_table_association" "rta_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier + + route_table_id = aws_route_table.rt_lan.*.id[count.index] + subnet_id = aws_subnet.lan.*.id[count.index] +} + +## Provisions static resources + +### Provisions subnet +resource "aws_subnet" "static" { + count = local.azs_provisioned_count * local.statics_multiplier + + # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : data.aws_availability_zones.available.names[count.index] + + # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of static subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. + cidr_block = local.static_cidrs_override_enabled ? var.static_cidrs_override[count.index] : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.statics_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + ) + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-static-${count.index}" + }, + ) +} + +### Provisions routing table +resource "aws_route_table" "rt_static" { + count = local.azs_provisioned_count * local.statics_multiplier + + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id + + tags = { + application = var.stack_item_fullname + managed_by = "terraform" + Name = "${var.stack_item_label}-static-${count.index}" + } +} - route_table_id = "${element(aws_route_table.rt_lan.*.id,count.index)}" - subnet_id = "${element(aws_subnet.lan.*.id,count.index)}" +### Associates subnet with routing table +resource "aws_route_table_association" "rta_static" { + count = local.azs_provisioned_count * local.statics_multiplier + + route_table_id = aws_route_table.rt_static.*.id[count.index] + subnet_id = aws_subnet.static.*.id[count.index] } + diff --git a/az/outputs.tf b/az/outputs.tf index ad000ce..17fcd8c 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -2,36 +2,36 @@ ## Returns Subnet IDs output "dmz_ids" { - value = ["${aws_subnet.dmz.*.id}"] + value = aws_subnet.dmz.*.id } output "lan_ids" { - value = ["${aws_subnet.lan.*.id}"] + value = aws_subnet.lan.*.id } ## Returns Subnet CIDR blocks output "dmz_cidrs" { - value = ["${aws_subnet.dmz.*.cidr_block}"] + value = aws_subnet.dmz.*.cidr_block } output "lan_cidrs" { - value = ["${aws_subnet.lan.*.cidr_block}"] + value = aws_subnet.lan.*.cidr_block } ## Returns information about the NATs output "eip_nat_ids" { - value = ["${aws_eip.eip_nat.*.id}"] + value = aws_eip.eip_nat.*.id } output "eip_nat_ips" { - value = ["${aws_eip.eip_nat.*.public_ip}"] + value = aws_eip.eip_nat.*.public_ip } output "nat_ids" { - value = ["${compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id))}"] + value = compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id)) } ## Returns the routing table ID output "rt_lan_ids" { - value = ["${aws_route_table.rt_lan.*.id}"] + value = aws_route_table.rt_lan.*.id } diff --git a/az/variables.tf b/az/variables.tf index 967a4ad..7d8c126 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -2,26 +2,26 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_subnet_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the subnet level, if any" default = {} } ## VPC parameters variable "az_cidrsubnet_newbits" { - type = "map" + type = map(string) description = "The number of bits by which to extend the CIDR range for the given number of AZs." default = { @@ -35,7 +35,7 @@ variable "az_cidrsubnet_newbits" { } variable "az_cidrsubnet_offset" { - type = "map" + type = map(string) description = "The number of AZs to provision for." default = { @@ -47,83 +47,94 @@ variable "az_cidrsubnet_offset" { } variable "azs_provisioned" { - type = "string" + type = number description = "The number of availability zones to be provisioned." - default = "2" + default = 2 } variable "azs_provisioned_override" { - type = "list" + type = list(string) description = "List of availability zones to be provisioned." default = ["non_empty_list"] } variable "dmz_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the DMZ subnet(s) to cover." default = ["non_empty_list"] } variable "enable_dmz_public_ips" { - type = "string" + type = bool description = "Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address. Default is false." - default = "" + default = false } variable "lan_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the LAN subnet(s) to cover." default = ["non_empty_list"] } variable "lans_per_az" { - type = "string" + type = number description = "The number of private LAN subnets to be provisioned per AZ" - default = "1" + default = 1 } +variable "static_cidrs_override" { + type = list(string) + description = "The CIDR block(s) you want the static subnet(s) to cover." + default = ["non_empty_list"] +} + +variable "statics_per_az" { + type = number + description = "The number of private static subnets to be provisioned per AZ" + default = 0 + variable "nat_ami_override" { - type = "string" + type = string description = "Custom NAT Amazon machine image" default = "" } variable "nat_eips_enabled" { - type = "string" + type = bool description = "Flag for specifying allocation of Elastic IPs to NATs for the purposes of whitelisting. This value is overriden to 'true' when utilizing NAT gateways." - default = "false" + default = false } variable "nat_gateways_enabled" { - type = "string" + type = bool description = "Flag for specifying utilization of managed NAT gateways over EC2 based NAT instances." - default = "false" + default = false } variable "nat_instance_type" { - type = "string" + type = string description = "NAT EC2 instance type" default = "t2.nano" } variable "nat_key_name" { - type = "string" + type = string description = "NAT EC2 key pair name" default = "" } variable "rt_dmz_id" { - type = "string" + type = string description = "The ID of the DMZ routing table" } variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways to associate with the routing tables for route propagation." default = [] } variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } diff --git a/base/main.tf b/base/main.tf index f8f3b9c..78e4f62 100644 --- a/base/main.tf +++ b/base/main.tf @@ -2,15 +2,19 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Set default instance tennancy if not provided locals { - default_instance_tenancy = "${length(var.instance_tenancy) >= 1 ? "${var.instance_tenancy}" : "default"}" + default_instance_tenancy = length(var.instance_tenancy) >= 1 ? var.instance_tenancy : "default" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + enable_classiclink = var.enable_classiclink + enable_classiclink_dns_support = var.enable_classiclink_dns_support default_vpc_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpc" } @@ -18,23 +22,23 @@ locals { ## Provisions Virtual Private Cloud (VPC) resource "aws_vpc" "vpc" { - cidr_block = "${var.vpc_cidr}" - instance_tenancy = "${local.default_instance_tenancy}" - enable_dns_support = "${var.enable_dns}" - enable_dns_hostnames = "${var.enable_hostnames}" - enable_classiclink = "${var.enable_classiclink}" - enable_classiclink_dns_support = "${var.enable_classiclink_dns_support}" - assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" - - tags = "${merge(local.default_vpc_tags, var.additional_vpc_tags)}" + cidr_block = var.vpc_cidr + instance_tenancy = local.default_instance_tenancy + enable_dns_support = var.enable_dns + enable_dns_hostnames = var.enable_hostnames + enable_classiclink = var.enable_classiclink + enable_classiclink_dns_support = var.enable_classiclink_dns_support + assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block + + tags = merge(local.default_vpc_tags, var.additional_vpc_tags) } ## Provisions Internet gateways resource "aws_internet_gateway" "igw" { - vpc_id = "${aws_vpc.vpc.id}" + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-igw" } @@ -42,11 +46,11 @@ resource "aws_internet_gateway" "igw" { ## Provisions DMZ routing table resource "aws_route_table" "rt_dmz" { - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${aws_vpc.vpc.id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dmz" } @@ -69,7 +73,7 @@ data "aws_iam_policy_document" "flow_log_role" { } resource "aws_iam_role" "flow_log_role" { - assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}" + assume_role_policy = data.aws_iam_policy_document.flow_log_role.json name_prefix = "${var.stack_item_label}-vpc-logs-" } @@ -83,19 +87,19 @@ data "aws_iam_policy_document" "flow_log_policy" { "logs:DescribeLogStreams", ] - resources = ["${aws_cloudwatch_log_group.flow_log_group.arn}"] + resources = [aws_cloudwatch_log_group.flow_log_group.arn] } } resource "aws_iam_role_policy" "flow_log_role_policies" { name = "logs" - policy = "${data.aws_iam_policy_document.flow_log_policy.json}" - role = "${aws_iam_role.flow_log_role.id}" + policy = data.aws_iam_policy_document.flow_log_policy.json + role = aws_iam_role.flow_log_role.id } resource "aws_flow_log" "flow_log" { - log_destination = "${aws_cloudwatch_log_group.flow_log_group.arn}" - iam_role_arn = "${aws_iam_role.flow_log_role.arn}" - vpc_id = "${aws_vpc.vpc.id}" - traffic_type = "${var.flow_log_traffic_type}" + log_destination = aws_cloudwatch_log_group.flow_log_group.arn + iam_role_arn = aws_iam_role.flow_log_role.arn + vpc_id = aws_vpc.vpc.id + traffic_type = var.flow_log_traffic_type } diff --git a/base/outputs.tf b/base/outputs.tf index eeb5798..6b13d37 100644 --- a/base/outputs.tf +++ b/base/outputs.tf @@ -1,21 +1,21 @@ # Output Variables output "flow_log_id" { - value = "${aws_flow_log.flow_log.id}" + value = aws_flow_log.flow_log.id } output "igw_id" { - value = "${aws_internet_gateway.igw.id}" + value = aws_internet_gateway.igw.id } output "rt_dmz_id" { - value = "${aws_route_table.rt_dmz.id}" + value = aws_route_table.rt_dmz.id } output "vpc_id" { - value = "${aws_vpc.vpc.id}" + value = aws_vpc.vpc.id } output "vpc_default_security_group_id" { - value = "${aws_vpc.vpc.default_security_group_id}" + value = aws_vpc.vpc.default_security_group_id } diff --git a/base/variables.tf b/base/variables.tf index 0301dc7..33bb119 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -2,76 +2,76 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_vpc_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the VPC level, if any" default = {} } ## VPC parameters variable "assign_generated_ipv6_cidr_block" { - type = "string" + type = bool description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." - default = "false" + default = false } variable "enable_classiclink" { - type = "string" + type = bool description = "A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. Defaults false." - default = "" + default = false } variable "enable_classiclink_dns_support" { - type = "string" + type = bool description = "A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - default = "false" + default = false } variable "enable_dns" { - type = "string" + type = bool description = "A boolean flag to enable/disable DNS support in the VPC. Defaults true." - default = "" + default = true } variable "enable_hostnames" { - type = "string" + type = bool description = "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false." - default = "" + default = false } variable "instance_tenancy" { - type = "string" + type = string description = "A tenancy option for instances launched into the VPC." default = "" } variable "vpc_cidr" { - type = "string" + type = string description = "The CIDR block for the VPC." default = "172.16.0.0/21" } ## Flow log parameters variable "flow_log_traffic_type" { - type = "string" + type = string description = "The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL" default = "ALL" } ## Routing parameters variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways for propagation." default = [] } diff --git a/dhcp/main.tf b/dhcp/main.tf index 384ea94..c57732e 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -2,29 +2,29 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Provisions DHCP options resource "aws_vpc_dhcp_options" "dhcp" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable ? 1 : 0 - domain_name = "${var.domain_name}" - domain_name_servers = ["${compact(var.name_servers)}"] - netbios_name_servers = ["${compact(var.netbios_name_servers)}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${compact(var.ntp_servers)}"] + domain_name = var.domain_name + domain_name_servers = compact(var.name_servers) + netbios_name_servers = compact(var.netbios_name_servers) + netbios_node_type = var.netbios_node_type + ntp_servers = compact(var.ntp_servers) - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dhcp" } } resource "aws_vpc_dhcp_options_association" "dns_resolver" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable ? 1 : 0 - dhcp_options_id = "${aws_vpc_dhcp_options.dhcp.id}" - vpc_id = "${var.vpc_id}" + dhcp_options_id = aws_vpc_dhcp_options.dhcp[count.index].id + vpc_id = var.vpc_id } diff --git a/dhcp/outputs.tf b/dhcp/outputs.tf index 76da62d..fec8170 100644 --- a/dhcp/outputs.tf +++ b/dhcp/outputs.tf @@ -1,5 +1,5 @@ # Output variables output "dhcp_id" { - value = "${join(",",compact(aws_vpc_dhcp_options.dhcp.*.id))}" + value = join(",",compact(aws_vpc_dhcp_options.dhcp.*.id)) } diff --git a/dhcp/variables.tf b/dhcp/variables.tf index e0e4d65..7fff44e 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -2,54 +2,54 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } ## DHCP parameters variable "domain_name" { - type = "string" + type = string description = "The suffix domain name to use by default when resolving non Fully Qualified Domain Names" default = "" } variable "enable" { - type = "string" + type = bool description = "Determine if resources should be added. Used if you want to include conditionally in a module." - default = "true" + default = true } variable "name_servers" { - type = "list" + type = list(string) description = "List of name servers to configure in '/etc/resolv.conf'" default = ["AmazonProvidedDNS"] } variable "netbios_name_servers" { - type = "list" + type = list(string) description = "List of NETBIOS name servers" default = [] } variable "netbios_node_type" { - type = "string" + type = number description = "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network." - default = "" + default = 2 } variable "ntp_servers" { - type = "list" + type = list(string) description = "List of NTP servers to configure" default = [] } diff --git a/examples/basic/main.tf b/examples/basic/main.tf index b5f0368..8e3502f 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,11 +11,11 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_dns = "${var.enable_dns}" - enable_hostnames = "${var.enable_hostnames}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -24,10 +24,10 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures VPC Availabilty Zones @@ -36,14 +36,14 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned = "${var.azs_provisioned}" - enable_dmz_public_ips = "${var.enable_dmz_public_ips}" - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "${var.nat_eips_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + azs_provisioned = var.azs_provisioned + enable_dmz_public_ips = var.enable_dmz_public_ips + lans_per_az = var.lans_per_az + nat_eips_enabled = var.nat_eips_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures Virtual Private Gateway @@ -52,23 +52,23 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_attach = "${var.vpc_attach}" - vpc_id = "${module.vpc_base.vpc_id}" + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_attach = var.vpc_attach + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat" { - count = "${var.azs_provisioned * var.lans_per_az}" + count = var.azs_provisioned * var.lans_per_az destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 9aa7cbb..5ec01d5 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -2,61 +2,63 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC base parameters variable "enable_dns" { - type = "string" - default = "" + type = bool + default = null } variable "enable_hostnames" { - type = "string" - default = "" + type = bool + default = null } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string + //set for test + //default = "172.16.0.0/21" } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } ## AZ parameters variable "azs_provisioned" { - type = "string" - default = "" + type = number + default = 2 } variable "enable_dmz_public_ips" { - type = "string" - default = "" + type = bool + default = null } variable "lans_per_az" { - type = "string" - default = "1" + type = number + default = 1 } variable "nat_eips_enabled" { - type = "string" - default = "" + type = bool + default = null } ## VPG parameters variable "vpc_attach" { - type = "string" - default = "" + type = bool + default = null } diff --git a/examples/complete/.DS_Store b/examples/complete/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/examples/complete/.DS_Store differ diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b710805..1044724 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,12 +11,12 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_classiclink = "${var.enable_classiclink}" - enable_hostnames = "${var.enable_hostnames}" - instance_tenancy = "${var.instance_tenancy}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_classiclink = var.enable_classiclink + enable_hostnames = var.enable_hostnames + instance_tenancy = var.instance_tenancy + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -25,23 +25,23 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - name_servers = ["${var.name_servers}"] - netbios_name_servers = ["${var.netbios_name_servers}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${var.ntp_servers}"] - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + name_servers = var.name_servers + netbios_name_servers = var.netbios_name_servers + netbios_node_type = var.netbios_node_type + ntp_servers = var.ntp_servers + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures ACLs resource "aws_network_acl" "acl" { - vpc_id = "${module.vpc_base.vpc_id}" - subnet_ids = ["${concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids)}"] + vpc_id = module.vpc_base.vpc_id + subnet_ids = concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids) - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-acl" } @@ -53,10 +53,10 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - vpc_attach = "true" - vpc_id = "${module.vpc_base.vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + vpc_attach = true + vpc_id = module.vpc_base.vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } module "vpc_az" { @@ -64,59 +64,61 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned_override = "${var.azs_provisioned_override}" + azs_provisioned_override = var.azs_provisioned_override - dmz_cidrs_override = ["${cidrsubnet(var.vpc_cidr,3,0)}", - "${cidrsubnet(var.vpc_cidr,3,1)}", - "${cidrsubnet(var.vpc_cidr,3,2)}", - "${cidrsubnet(var.vpc_cidr,3,3)}", + dmz_cidrs_override = [ + cidrsubnet(var.vpc_cidr,3,0), + cidrsubnet(var.vpc_cidr,3,1), + cidrsubnet(var.vpc_cidr,3,2), + cidrsubnet(var.vpc_cidr,3,3), ] - lan_cidrs_override = ["${cidrsubnet(var.vpc_cidr,4,8)}", - "${cidrsubnet(var.vpc_cidr,4,9)}", - "${cidrsubnet(var.vpc_cidr,4,10)}", - "${cidrsubnet(var.vpc_cidr,4,11)}", - "${cidrsubnet(var.vpc_cidr,4,12)}", - "${cidrsubnet(var.vpc_cidr,4,13)}", - "${cidrsubnet(var.vpc_cidr,4,14)}", - "${cidrsubnet(var.vpc_cidr,4,15)}", + lan_cidrs_override = [ + cidrsubnet(var.vpc_cidr,4,8), + cidrsubnet(var.vpc_cidr,4,9), + cidrsubnet(var.vpc_cidr,4,10), + cidrsubnet(var.vpc_cidr,4,11), + cidrsubnet(var.vpc_cidr,4,12), + cidrsubnet(var.vpc_cidr,4,13), + cidrsubnet(var.vpc_cidr,4,14), + cidrsubnet(var.vpc_cidr,4,15), ] - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "false" - nat_gateways_enabled = "${var.nat_gateways_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_label = "${var.stack_item_label}" - stack_item_fullname = "${var.stack_item_fullname}" - vgw_ids = ["${module.vpc_vpg.vpg_id}"] - vpc_id = "${module.vpc_base.vpc_id}" + lans_per_az = var.lans_per_az + nat_eips_enabled = false + nat_gateways_enabled = var.nat_gateways_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_label = var.stack_item_label + stack_item_fullname = var.stack_item_fullname + vgw_ids = [module.vpc_vpg.vpg_id] + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat-gw" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "1" : "0")}" + count = length(var.azs_provisioned_override) * (var.lans_per_az > 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 1 : 0) destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + nat_gateway_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } resource "aws_route" "lan-to-nat" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "0" : "1")}" + count = length(var.azs_provisioned_override) * (var.lans_per_az > 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 0 : 1) destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } resource "aws_vpc_endpoint" "s3-ep" { - route_table_ids = ["${module.vpc_az.rt_lan_ids}"] + route_table_ids = module.vpc_az.rt_lan_ids service_name = "com.amazonaws.${var.region}.s3" - vpc_id = "${module.vpc_base.vpc_id}" + vpc_id = module.vpc_base.vpc_id } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 802e775..0e32797 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,17 +1,17 @@ # Output variables output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index ce245c6..d7194bf 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -2,74 +2,80 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC Parameters variable "azs_provisioned_override" { - type = "list" + type = list(string) default = ["a", "c", "d", "e"] } variable "enable_classiclink" { - type = "string" - default = "" + type = bool + default = null } variable "enable_hostnames" { - type = "string" - default = "" + type = bool + default = null } variable "instance_tenancy" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" - default = "" + type = number + default = 1 } variable "nat_gateways_enabled" { - type = "string" - default = "" + type = bool + default = null } variable "region" { - type = "string" + type = string + //set for test + //default = us-east-1 } variable "vpc_cidr" { - type = "string" + type = string + //set for test + //default = "172.16.0.0/21" } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } variable "name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_node_type" { - type = "string" - default = "" + type = number + default = null + //set to 2 for test + //default = 2 } variable "ntp_servers" { - type = "list" + type = list(string) default = [] } diff --git a/examples/peering/main.tf b/examples/peering/main.tf index 33feeb1..926eaed 100644 --- a/examples/peering/main.tf +++ b/examples/peering/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures VPC peering connection @@ -11,30 +11,30 @@ module "vpc_peer" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//peer" source = "../../peer" - accepter_allow_classic_link_to_remote = "false" - accepter_allow_remote_dns = "true" - accepter_allow_to_remote_classic_link = "true" - accepter_vpc_id = "${var.accepter_vpc_id}" - requester_allow_classic_link_to_remote = "true" - requester_allow_remote_dns = "false" - requester_allow_to_remote_classic_link = "false" - requester_vpc_id = "${var.requester_vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + accepter_allow_classic_link_to_remote = false + accepter_allow_remote_dns = true + accepter_allow_to_remote_classic_link = true + accepter_vpc_id = var.accepter_vpc_id + requester_allow_classic_link_to_remote = true + requester_allow_remote_dns = false + requester_allow_to_remote_classic_link = false + requester_vpc_id = var.requester_vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } resource "aws_route" "requester-to-accepter" { - count = "${length(var.requester_rt_lan_ids)}" + count = length(var.requester_rt_lan_ids) - destination_cidr_block = "${var.accepter_vpc_cidr}" - route_table_id = "${element(var.requester_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.accepter_vpc_cidr + route_table_id = var.requester_rt_lan_ids[count.index] + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } resource "aws_route" "accepter-to-requester" { - count = "${length(var.accepter_rt_lan_ids)}" + count = length(var.accepter_rt_lan_ids) - destination_cidr_block = "${var.requester_vpc_cidr}" - route_table_id = "${element(var.accepter_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.requester_vpc_cidr + route_table_id = var.accepter_rt_lan_ids[count.index] + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 226ae86..c390da3 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -2,46 +2,52 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering Parameters variable "accepter_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the peer VPC routing tables." + } variable "accepter_vpc_cidr" { - type = "string" + type = string description = "The ID of the peer VPC." + } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." + } variable "region" { - type = "string" + type = string } variable "requester_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the requesting VPC routing tables." + } variable "requester_vpc_cidr" { - type = "string" + type = string description = "The ID of the requester VPC." + } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." + } diff --git a/peer/main.tf b/peer/main.tf index 82a978c..bbdfde9 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -2,58 +2,69 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" +} + +locals { + accepter_allow_classic_link_to_remote = var.accepter_allow_classic_link_to_remote + accepter_allow_remote_dns = var.accepter_allow_remote_dns + accepter_allow_to_remote_classic_link = var.accepter_allow_to_remote_classic_link + accepter_auto_accept = var.accepter_auto_accept + auto_accept = var.auto_accept + requester_allow_classic_link_to_remote = var.requester_allow_classic_link_to_remote + requester_allow_remote_dns = var.requester_allow_remote_dns + requester_allow_to_remote_classic_link = var.requester_allow_to_remote_classic_link } ## Provisions VPC peering resource "aws_vpc_peering_connection" "peer" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "0" : "1"}" + count = length(var.vpc_peering_connection_id) > 0 ? 0 : 1 - auto_accept = "${var.accepter_region != "" ? "false" : var.auto_accept}" - peer_owner_id = "${var.accepter_owner_id}" - peer_region = "${var.accepter_region}" - peer_vpc_id = "${var.accepter_vpc_id}" - vpc_id = "${var.requester_vpc_id}" + auto_accept = var.accepter_region != "" ? false : var.auto_accept + peer_owner_id = var.accepter_owner_id + peer_region = var.accepter_region + peer_vpc_id = var.accepter_vpc_id + vpc_id = var.requester_vpc_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = local.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.accepter_allow_remote_dns + allow_vpc_to_remote_classic_link = var.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = local.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = local.requester_allow_to_remote_classic_link } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } resource "aws_vpc_peering_connection_accepter" "peer_accept" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "1" : "0"}" + count = length(var.vpc_peering_connection_id) > 0 ? 1 : 0 - auto_accept = "${var.accepter_auto_accept}" - vpc_peering_connection_id = "${var.vpc_peering_connection_id}" + auto_accept = local.accepter_auto_accept + vpc_peering_connection_id = var.vpc_peering_connection_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = local.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.accepter_allow_remote_dns + allow_vpc_to_remote_classic_link = local.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = local.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = local.requester_allow_to_remote_classic_link } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } diff --git a/peer/outputs.tf b/peer/outputs.tf index 73063fd..a0a58b8 100644 --- a/peer/outputs.tf +++ b/peer/outputs.tf @@ -1,5 +1,5 @@ # Outputs output "peer_connection_id" { - value = "${join(",",aws_vpc_peering_connection.peer.*.id)}" + value = join(",",aws_vpc_peering_connection.peer.*.id) } diff --git a/peer/variables.tf b/peer/variables.tf index 8c4cd40..74835e1 100644 --- a/peer/variables.tf +++ b/peer/variables.tf @@ -2,90 +2,90 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering parameters variable "accepter_allow_classic_link_to_remote" { - type = "string" + type = bool description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." - default = "" + default = false } variable "accepter_allow_remote_dns" { - type = "string" + type = bool description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC." - default = "false" + default = false } variable "accepter_allow_to_remote_classic_link" { - type = "string" + type = bool description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." - default = "" + default = false } variable "accepter_auto_accept" { - type = "string" + type = bool description = "Accept the peering (both VPCs need to be in the same AWS account)." - default = "" + default = false } variable "accepter_owner_id" { - type = "string" + type = string description = "The AWS account ID of the owner of the peer VPC." default = "" } variable "accepter_region" { - type = "string" + type = string description = "The region of the accepter VPC of the VPC Peering Connection." default = "" } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." default = "" } variable "auto_accept" { - type = "string" + type = bool description = "Accept the peering (both VPCs need to be in the same AWS account and region)." - default = "true" + default = true } variable "requester_allow_classic_link_to_remote" { - type = "string" + type = bool description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." - default = "" + default = false } variable "requester_allow_remote_dns" { - type = "string" + type = bool description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC." - default = "false" + default = false } variable "requester_allow_to_remote_classic_link" { - type = "string" + type = bool description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." - default = "" + default = false } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." default = "" } variable "vpc_peering_connection_id" { - type = "string" + type = string description = "The VPC Peering Connection ID to manage." default = "" } diff --git a/vpg/main.tf b/vpg/main.tf index ce65823..9bcc8dc 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -2,23 +2,23 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Gateway configuration resource "aws_vpn_gateway" "vpg" { - availability_zone = "${var.availability_zone}" + availability_zone = var.availability_zone - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpg" } } resource "aws_vpn_gateway_attachment" "attach" { - count = "${length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0}" + count = var.vpc_attach ? 1 : 0 - vpc_id = "${var.vpc_id}" - vpn_gateway_id = "${aws_vpn_gateway.vpg.id}" + vpc_id = var.vpc_id + vpn_gateway_id = aws_vpn_gateway.vpg.id } diff --git a/vpg/outputs.tf b/vpg/outputs.tf index 08d18d3..575a238 100644 --- a/vpg/outputs.tf +++ b/vpg/outputs.tf @@ -2,5 +2,5 @@ ## Returns ID of the VPG output "vpg_id" { - value = "${aws_vpn_gateway.vpg.id}" + value = aws_vpn_gateway.vpg.id } diff --git a/vpg/variables.tf b/vpg/variables.tf index ded9b15..719d464 100644 --- a/vpg/variables.tf +++ b/vpg/variables.tf @@ -2,30 +2,30 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "availability_zone" { - type = "string" + type = string description = "The Availability Zone for the virtual private gateway." default = "" } variable "vpc_attach" { - type = "string" + type = bool description = "Specifies whether the VPG should be associated with a VPC." - default = "" + default = true } variable "vpc_id" { - type = "string" + type = string description = "The VPC ID to create in." default = "" }