From cc854ce158488f51516f6dd4b5028b753a4e5deb Mon Sep 17 00:00:00 2001 From: Dominick Giordano Date: Mon, 17 Aug 2020 16:39:32 -0400 Subject: [PATCH 01/12] updated tag blocks for dynamic tags --- az/main.tf | 6 +++--- base/main.tf | 4 ++-- dhcp/main.tf | 2 +- peer/main.tf | 4 ++-- vpg/main.tf | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/az/main.tf b/az/main.tf index 93a1ed3..c0ec05c 100644 --- a/az/main.tf +++ b/az/main.tf @@ -129,7 +129,7 @@ resource "aws_instance" "nat" { subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" @@ -159,7 +159,7 @@ resource "aws_security_group" "sg_nat" { to_port = 0 } - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" @@ -198,7 +198,7 @@ resource "aws_route_table" "rt_lan" { propagating_vgws = ["${compact(var.vgw_ids)}"] vpc_id = "${var.vpc_id}" - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-lan-${count.index}" diff --git a/base/main.tf b/base/main.tf index f8f3b9c..e5eff5e 100644 --- a/base/main.tf +++ b/base/main.tf @@ -33,7 +33,7 @@ resource "aws_vpc" "vpc" { resource "aws_internet_gateway" "igw" { vpc_id = "${aws_vpc.vpc.id}" - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-igw" @@ -45,7 +45,7 @@ resource "aws_route_table" "rt_dmz" { propagating_vgws = ["${compact(var.vgw_ids)}"] vpc_id = "${aws_vpc.vpc.id}" - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-dmz" diff --git a/dhcp/main.tf b/dhcp/main.tf index 384ea94..4565be8 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -15,7 +15,7 @@ resource "aws_vpc_dhcp_options" "dhcp" { netbios_node_type = "${var.netbios_node_type}" ntp_servers = ["${compact(var.ntp_servers)}"] - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-dhcp" diff --git a/peer/main.tf b/peer/main.tf index 82a978c..5477d9a 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -27,7 +27,7 @@ resource "aws_vpc_peering_connection" "peer" { allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" } - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-peer" @@ -52,7 +52,7 @@ resource "aws_vpc_peering_connection_accepter" "peer_accept" { allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" } - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-peer" diff --git a/vpg/main.tf b/vpg/main.tf index ce65823..da6d0dc 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -9,7 +9,7 @@ terraform { resource "aws_vpn_gateway" "vpg" { availability_zone = "${var.availability_zone}" - tags { + tags = { application = "${var.stack_item_fullname}" managed_by = "terraform" Name = "${var.stack_item_label}-vpg" From 402524e63a9f15486e79aba22d1203d664b259b8 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Mon, 17 Aug 2020 17:08:39 -0400 Subject: [PATCH 02/12] remove redundant list brackets (no longer needed past v0.12 so values are not treated as lists of lists --- az/main.tf | 4 ++-- base/main.tf | 4 ++-- dhcp/main.tf | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/az/main.tf b/az/main.tf index c0ec05c..9f26780 100644 --- a/az/main.tf +++ b/az/main.tf @@ -152,7 +152,7 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"] + cidr_blocks = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" @@ -195,7 +195,7 @@ resource "aws_subnet" "lan" { resource "aws_route_table" "rt_lan" { count = "${local.azs_provisioned_count * local.lans_multiplier}" - propagating_vgws = ["${compact(var.vgw_ids)}"] + propagating_vgws = "${compact(var.vgw_ids)}" vpc_id = "${var.vpc_id}" tags = { diff --git a/base/main.tf b/base/main.tf index e5eff5e..babbf69 100644 --- a/base/main.tf +++ b/base/main.tf @@ -42,7 +42,7 @@ resource "aws_internet_gateway" "igw" { ## Provisions DMZ routing table resource "aws_route_table" "rt_dmz" { - propagating_vgws = ["${compact(var.vgw_ids)}"] + propagating_vgws = "${compact(var.vgw_ids)}" vpc_id = "${aws_vpc.vpc.id}" tags = { @@ -83,7 +83,7 @@ data "aws_iam_policy_document" "flow_log_policy" { "logs:DescribeLogStreams", ] - resources = ["${aws_cloudwatch_log_group.flow_log_group.arn}"] + resources = "${aws_cloudwatch_log_group.flow_log_group.arn}" } } diff --git a/dhcp/main.tf b/dhcp/main.tf index 4565be8..f232d63 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -10,10 +10,10 @@ resource "aws_vpc_dhcp_options" "dhcp" { count = "${var.enable == "true" ? "1" : "0"}" domain_name = "${var.domain_name}" - domain_name_servers = ["${compact(var.name_servers)}"] - netbios_name_servers = ["${compact(var.netbios_name_servers)}"] + domain_name_servers = "${compact(var.name_servers)}" + netbios_name_servers = "${compact(var.netbios_name_servers)}" netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${compact(var.ntp_servers)}"] + ntp_servers = "${compact(var.ntp_servers)}" tags = { application = "${var.stack_item_fullname}" From 9db944abddd019c538a382cecbb398490825e6f0 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Tue, 18 Aug 2020 12:17:07 -0400 Subject: [PATCH 03/12] updated variable types in all variable files --- az/variables.tf | 44 +++++++++++++++++----------------- base/variables.tf | 34 +++++++++++++------------- dhcp/variables.tf | 20 ++++++++-------- examples/basic/variables.tf | 39 +++++++++++++++++------------- examples/complete/variables.tf | 30 +++++++++++------------ examples/peering/variables.tf | 18 +++++++------- peer/variables.tf | 36 ++++++++++++++-------------- vpg/variables.tf | 10 ++++---- 8 files changed, 119 insertions(+), 112 deletions(-) diff --git a/az/variables.tf b/az/variables.tf index 967a4ad..f760f68 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -2,26 +2,26 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_subnet_tags" { - type = "map" + type = map description = "Additional tags to apply at the subnet level, if any" default = {} } ## VPC parameters variable "az_cidrsubnet_newbits" { - type = "map" + type = map description = "The number of bits by which to extend the CIDR range for the given number of AZs." default = { @@ -35,7 +35,7 @@ variable "az_cidrsubnet_newbits" { } variable "az_cidrsubnet_offset" { - type = "map" + type = map description = "The number of AZs to provision for." default = { @@ -47,83 +47,83 @@ variable "az_cidrsubnet_offset" { } variable "azs_provisioned" { - type = "string" + type = string description = "The number of availability zones to be provisioned." default = "2" } variable "azs_provisioned_override" { - type = "list" + type = list description = "List of availability zones to be provisioned." default = ["non_empty_list"] } variable "dmz_cidrs_override" { - type = "list" + type = list description = "The CIDR block(s) you want the DMZ subnet(s) to cover." default = ["non_empty_list"] } variable "enable_dmz_public_ips" { - type = "string" + type = bool description = "Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address. Default is false." - default = "" + default = false } variable "lan_cidrs_override" { - type = "list" + type = list description = "The CIDR block(s) you want the LAN subnet(s) to cover." default = ["non_empty_list"] } variable "lans_per_az" { - type = "string" + type = string description = "The number of private LAN subnets to be provisioned per AZ" default = "1" } variable "nat_ami_override" { - type = "string" + type = string description = "Custom NAT Amazon machine image" default = "" } variable "nat_eips_enabled" { - type = "string" + type = bool description = "Flag for specifying allocation of Elastic IPs to NATs for the purposes of whitelisting. This value is overriden to 'true' when utilizing NAT gateways." - default = "false" + default = false } variable "nat_gateways_enabled" { - type = "string" + type = bool description = "Flag for specifying utilization of managed NAT gateways over EC2 based NAT instances." - default = "false" + default = false } variable "nat_instance_type" { - type = "string" + type = string description = "NAT EC2 instance type" default = "t2.nano" } variable "nat_key_name" { - type = "string" + type = string description = "NAT EC2 key pair name" default = "" } variable "rt_dmz_id" { - type = "string" + type = string description = "The ID of the DMZ routing table" } variable "vgw_ids" { - type = "list" + type = list description = "A list of virtual gateways to associate with the routing tables for route propagation." default = [] } variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } diff --git a/base/variables.tf b/base/variables.tf index 0301dc7..9f87836 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -2,76 +2,76 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_vpc_tags" { - type = "map" + type = map description = "Additional tags to apply at the VPC level, if any" default = {} } ## VPC parameters variable "assign_generated_ipv6_cidr_block" { - type = "string" + type = bool description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." - default = "false" + default = false } variable "enable_classiclink" { - type = "string" + type = bool description = "A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. Defaults false." - default = "" + default = false } variable "enable_classiclink_dns_support" { - type = "string" + type = bool description = "A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - default = "false" + default = false } variable "enable_dns" { - type = "string" + type = bool description = "A boolean flag to enable/disable DNS support in the VPC. Defaults true." - default = "" + default = true } variable "enable_hostnames" { - type = "string" + type = bool description = "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false." - default = "" + default = false } variable "instance_tenancy" { - type = "string" + type = string description = "A tenancy option for instances launched into the VPC." default = "" } variable "vpc_cidr" { - type = "string" + type = string description = "The CIDR block for the VPC." default = "172.16.0.0/21" } ## Flow log parameters variable "flow_log_traffic_type" { - type = "string" + type = string description = "The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL" default = "ALL" } ## Routing parameters variable "vgw_ids" { - type = "list" + type = list description = "A list of virtual gateways for propagation." default = [] } diff --git a/dhcp/variables.tf b/dhcp/variables.tf index e0e4d65..92dd260 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -2,54 +2,54 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } ## DHCP parameters variable "domain_name" { - type = "string" + type = string description = "The suffix domain name to use by default when resolving non Fully Qualified Domain Names" default = "" } variable "enable" { - type = "string" + type = bool description = "Determine if resources should be added. Used if you want to include conditionally in a module." - default = "true" + default = true } variable "name_servers" { - type = "list" + type = list description = "List of name servers to configure in '/etc/resolv.conf'" default = ["AmazonProvidedDNS"] } variable "netbios_name_servers" { - type = "list" + type = list description = "List of NETBIOS name servers" default = [] } variable "netbios_node_type" { - type = "string" + type = string description = "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network." default = "" } variable "ntp_servers" { - type = "list" + type = list description = "List of NTP servers to configure" default = [] } diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 9aa7cbb..87bb935 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -2,61 +2,68 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC base parameters variable "enable_dns" { - type = "string" - default = "" + type = bool + + //set false for test + default = false } variable "enable_hostnames" { - type = "string" - default = "" + type = bool + //set true for test + default = true } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string + //set for test + default = "172.16.0.0/21" } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } ## AZ parameters variable "azs_provisioned" { - type = "string" + type = string default = "" } variable "enable_dmz_public_ips" { - type = "string" - default = "" + type = bool + //set false for testing + default = false } variable "lans_per_az" { - type = "string" + type = string default = "1" } variable "nat_eips_enabled" { - type = "string" - default = "" + type = bool + //set false for test + default = false } ## VPG parameters variable "vpc_attach" { - type = "string" + type = string default = "" } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index ce245c6..32bbfb0 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -2,74 +2,74 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC Parameters variable "azs_provisioned_override" { - type = "list" + type = list default = ["a", "c", "d", "e"] } variable "enable_classiclink" { - type = "string" + type = string default = "" } variable "enable_hostnames" { - type = "string" + type = string default = "" } variable "instance_tenancy" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" + type = string default = "" } variable "nat_gateways_enabled" { - type = "string" + type = string default = "" } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } variable "name_servers" { - type = "list" + type = list default = [] } variable "netbios_name_servers" { - type = "list" + type = list default = [] } variable "netbios_node_type" { - type = "string" + type = string default = "" } variable "ntp_servers" { - type = "list" + type = list default = [] } diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 226ae86..0699256 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -2,46 +2,46 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering Parameters variable "accepter_rt_lan_ids" { - type = "list" + type = list description = "The IDs of the peer VPC routing tables." } variable "accepter_vpc_cidr" { - type = "string" + type = string description = "The ID of the peer VPC." } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." } variable "region" { - type = "string" + type = string } variable "requester_rt_lan_ids" { - type = "list" + type = list description = "The IDs of the requesting VPC routing tables." } variable "requester_vpc_cidr" { - type = "string" + type = string description = "The ID of the requester VPC." } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." } diff --git a/peer/variables.tf b/peer/variables.tf index 8c4cd40..dc4ad80 100644 --- a/peer/variables.tf +++ b/peer/variables.tf @@ -2,90 +2,90 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering parameters variable "accepter_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "accepter_allow_remote_dns" { - type = "string" + type = bool description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC." - default = "false" + default = false } variable "accepter_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "accepter_auto_accept" { - type = "string" + type = string description = "Accept the peering (both VPCs need to be in the same AWS account)." default = "" } variable "accepter_owner_id" { - type = "string" + type = string description = "The AWS account ID of the owner of the peer VPC." default = "" } variable "accepter_region" { - type = "string" + type = string description = "The region of the accepter VPC of the VPC Peering Connection." default = "" } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." default = "" } variable "auto_accept" { - type = "string" + type = bool description = "Accept the peering (both VPCs need to be in the same AWS account and region)." - default = "true" + default = true } variable "requester_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "requester_allow_remote_dns" { - type = "string" + type = bool description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC." - default = "false" + default = false } variable "requester_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." default = "" } variable "vpc_peering_connection_id" { - type = "string" + type = string description = "The VPC Peering Connection ID to manage." default = "" } diff --git a/vpg/variables.tf b/vpg/variables.tf index ded9b15..af5ff39 100644 --- a/vpg/variables.tf +++ b/vpg/variables.tf @@ -2,30 +2,30 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "availability_zone" { - type = "string" + type = string description = "The Availability Zone for the virtual private gateway." default = "" } variable "vpc_attach" { - type = "string" + type = string description = "Specifies whether the VPG should be associated with a VPC." default = "" } variable "vpc_id" { - type = "string" + type = string description = "The VPC ID to create in." default = "" } From 60f74bc764c7dd7fae7c3a5e4d1586706b1a814a Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Tue, 18 Aug 2020 16:59:07 -0400 Subject: [PATCH 04/12] updated var files to have correct bool and number types. removed string interpolations that were no longer needed in all base, az, dhcp, vpg, basic example files. updated base, az, dhcp, vpc files with corresponding values for bool and number variable updates. various minor syntax changes to files to allow basic example to function properly. --- az/main.tf | 100 ++++++++++++++++++------------------ az/outputs.tf | 4 +- az/variables.tf | 8 +-- base/main.tf | 48 ++++++++--------- base/outputs.tf | 10 ++-- dhcp/main.tf | 20 ++++---- dhcp/outputs.tf | 2 +- examples/basic/main.tf | 54 +++++++++---------- examples/basic/variables.tf | 16 +++--- 9 files changed, 131 insertions(+), 131 deletions(-) diff --git a/az/main.tf b/az/main.tf index 9f26780..94c8c0e 100644 --- a/az/main.tf +++ b/az/main.tf @@ -12,38 +12,38 @@ data "aws_availability_zones" "available" {} locals { # Calculates the number of AZs to be provisioned based on various possible inputs - azs_provisioned_count = "${local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned}" + azs_provisioned_count = local.azs_provisioned_override_enabled ? length(var.azs_provisioned_override) : var.azs_provisioned # Check to see if availability zones are being overridden. Some AWS regions do not support VPC in all AZs and it can vary by account. - azs_provisioned_override_enabled = "${length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false"}" + azs_provisioned_override_enabled = length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? true : false # Check to see if DMZ CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - dmz_cidrs_override_enabled = "${length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + dmz_cidrs_override_enabled = length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? true : false # Check to see if elastic IPs are to be provisioned. NAT gateways require EIPs. - eips_enabled_check = "${var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0}" + eips_enabled_check = var.nat_eips_enabled == true || var.nat_gateways_enabled == true ? 1 : 0 # Check to see if private LAN subnets are to be provisioned. - lans_enabled_check = "${local.lans_per_az_checked > 0 ? 1 : 0}" + lans_enabled_check = local.lans_per_az_checked > 0 ? 1 : 0 # Check to see if LAN CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + lan_cidrs_override_enabled = length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? true : false # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ. - lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}" + lans_multiplier = local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1 # Handles scenario where an emptry string is passed in for lans_per_az - lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}" + lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : "1" # Check to see if NAT gateways are to be provisioned - nat_gateways_enabled_check = "${var.nat_gateways_enabled == "true" ? 1 : 0}" + nat_gateways_enabled_check = var.nat_gateways_enabled == true ? 1 : 0 # Check to see if NAT gateways are NOT to be provisioned - nat_gateways_not_enabled_check = "${var.nat_gateways_enabled != "true" ? 1 : 0}" + nat_gateways_not_enabled_check = var.nat_gateways_enabled != true ? 1 : 0 # default subnet tags default_subnet_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" } } @@ -53,29 +53,29 @@ locals { ### Provisions subnets data "aws_vpc" "base" { - id = "${var.vpc_id}" + id = var.vpc_id } resource "aws_subnet" "dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = "${local.azs_provisioned_override_enabled == true ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index)}" - map_public_ip_on_launch = "${var.enable_dmz_public_ips}" - vpc_id = "${var.vpc_id}" + cidr_block = local.dmz_cidrs_override_enabled == true ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) + map_public_ip_on_launch = var.enable_dmz_public_ips + vpc_id = var.vpc_id - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" + tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}")) } ### Associates subnet with routing table resource "aws_route_table_association" "rta_dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count - route_table_id = "${var.rt_dmz_id}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + route_table_id = var.rt_dmz_id + subnet_id = element(aws_subnet.dmz.*.id,count.index) } ### Provisions NATs @@ -106,42 +106,42 @@ data "aws_ami" "nat_ami" { } resource "aws_eip" "eip_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check vpc = true } resource "aws_eip_association" "eip_nat_assoc" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - instance_id = "${element(aws_instance.nat.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id,count.index) + instance_id = element(aws_instance.nat.*.id,count.index) } resource "aws_instance" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check - ami = "${coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id)}" + ami = coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id) associate_public_ip_address = true - instance_type = "${var.nat_instance_type}" - key_name = "${var.nat_key_name}" + instance_type = var.nat_instance_type + key_name = var.nat_key_name source_dest_check = false - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + subnet_id = element(aws_subnet.dmz.*.id,count.index) vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_security_group" "sg_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check description = "${var.stack_item_fullname} NAT security group" name_prefix = "${var.stack_item_label}-nat-" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id egress { cidr_blocks = ["0.0.0.0/0"] @@ -152,7 +152,7 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" + cidr_blocks = local.lan_cidrs_override_enabled == true ? [element(var.lan_cidrs_override,count.index)] : [cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))] description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" @@ -160,17 +160,17 @@ resource "aws_security_group" "sg_nat" { } tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_nat_gateway" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id,count.index) + subnet_id = element(aws_subnet.dmz.*.id,count.index) } ### @@ -179,27 +179,27 @@ resource "aws_nat_gateway" "nat" { ### Provisions subnet resource "aws_subnet" "lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = "${local.azs_provisioned_override_enabled == true ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" - vpc_id = "${var.vpc_id}" + cidr_block = local.lan_cidrs_override_enabled == true ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) + vpc_id = var.vpc_id - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" + tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}")) } ### Provisions routing table resource "aws_route_table" "rt_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - propagating_vgws = "${compact(var.vgw_ids)}" - vpc_id = "${var.vpc_id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-lan-${count.index}" } @@ -207,8 +207,8 @@ resource "aws_route_table" "rt_lan" { ### Associates subnet with routing table resource "aws_route_table_association" "rta_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - route_table_id = "${element(aws_route_table.rt_lan.*.id,count.index)}" - subnet_id = "${element(aws_subnet.lan.*.id,count.index)}" + route_table_id = element(aws_route_table.rt_lan.*.id,count.index) + subnet_id = element(aws_subnet.lan.*.id,count.index) } diff --git a/az/outputs.tf b/az/outputs.tf index ad000ce..a2e7428 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -28,10 +28,10 @@ output "eip_nat_ips" { } output "nat_ids" { - value = ["${compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id))}"] + value = compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id)) } ## Returns the routing table ID output "rt_lan_ids" { - value = ["${aws_route_table.rt_lan.*.id}"] + value = (aws_route_table.rt_lan.*.id) } diff --git a/az/variables.tf b/az/variables.tf index f760f68..a5636b4 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -47,9 +47,9 @@ variable "az_cidrsubnet_offset" { } variable "azs_provisioned" { - type = string + type = number description = "The number of availability zones to be provisioned." - default = "2" + default = 2 } variable "azs_provisioned_override" { @@ -77,9 +77,9 @@ variable "lan_cidrs_override" { } variable "lans_per_az" { - type = string + type = number description = "The number of private LAN subnets to be provisioned per AZ" - default = "1" + default = 1 } variable "nat_ami_override" { diff --git a/base/main.tf b/base/main.tf index babbf69..7c37c40 100644 --- a/base/main.tf +++ b/base/main.tf @@ -7,10 +7,10 @@ terraform { ## Set default instance tennancy if not provided locals { - default_instance_tenancy = "${length(var.instance_tenancy) >= 1 ? "${var.instance_tenancy}" : "default"}" + default_instance_tenancy = length(var.instance_tenancy) >= 1 ? var.instance_tenancy : "default" default_vpc_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpc" } @@ -18,23 +18,23 @@ locals { ## Provisions Virtual Private Cloud (VPC) resource "aws_vpc" "vpc" { - cidr_block = "${var.vpc_cidr}" - instance_tenancy = "${local.default_instance_tenancy}" - enable_dns_support = "${var.enable_dns}" - enable_dns_hostnames = "${var.enable_hostnames}" - enable_classiclink = "${var.enable_classiclink}" - enable_classiclink_dns_support = "${var.enable_classiclink_dns_support}" - assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" - - tags = "${merge(local.default_vpc_tags, var.additional_vpc_tags)}" + cidr_block = var.vpc_cidr + instance_tenancy = local.default_instance_tenancy + enable_dns_support = var.enable_dns + enable_dns_hostnames = var.enable_hostnames + enable_classiclink = var.enable_classiclink + enable_classiclink_dns_support = var.enable_classiclink_dns_support + assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block + + tags = merge(local.default_vpc_tags, var.additional_vpc_tags) } ## Provisions Internet gateways resource "aws_internet_gateway" "igw" { - vpc_id = "${aws_vpc.vpc.id}" + vpc_id = aws_vpc.vpc.id tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-igw" } @@ -42,11 +42,11 @@ resource "aws_internet_gateway" "igw" { ## Provisions DMZ routing table resource "aws_route_table" "rt_dmz" { - propagating_vgws = "${compact(var.vgw_ids)}" - vpc_id = "${aws_vpc.vpc.id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = aws_vpc.vpc.id tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dmz" } @@ -69,7 +69,7 @@ data "aws_iam_policy_document" "flow_log_role" { } resource "aws_iam_role" "flow_log_role" { - assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}" + assume_role_policy = data.aws_iam_policy_document.flow_log_role.json name_prefix = "${var.stack_item_label}-vpc-logs-" } @@ -83,19 +83,19 @@ data "aws_iam_policy_document" "flow_log_policy" { "logs:DescribeLogStreams", ] - resources = "${aws_cloudwatch_log_group.flow_log_group.arn}" + resources = [aws_cloudwatch_log_group.flow_log_group.arn] } } resource "aws_iam_role_policy" "flow_log_role_policies" { name = "logs" - policy = "${data.aws_iam_policy_document.flow_log_policy.json}" - role = "${aws_iam_role.flow_log_role.id}" + policy = data.aws_iam_policy_document.flow_log_policy.json + role = aws_iam_role.flow_log_role.id } resource "aws_flow_log" "flow_log" { - log_destination = "${aws_cloudwatch_log_group.flow_log_group.arn}" - iam_role_arn = "${aws_iam_role.flow_log_role.arn}" - vpc_id = "${aws_vpc.vpc.id}" - traffic_type = "${var.flow_log_traffic_type}" + log_destination = aws_cloudwatch_log_group.flow_log_group.arn + iam_role_arn = aws_iam_role.flow_log_role.arn + vpc_id = aws_vpc.vpc.id + traffic_type = var.flow_log_traffic_type } diff --git a/base/outputs.tf b/base/outputs.tf index eeb5798..6b13d37 100644 --- a/base/outputs.tf +++ b/base/outputs.tf @@ -1,21 +1,21 @@ # Output Variables output "flow_log_id" { - value = "${aws_flow_log.flow_log.id}" + value = aws_flow_log.flow_log.id } output "igw_id" { - value = "${aws_internet_gateway.igw.id}" + value = aws_internet_gateway.igw.id } output "rt_dmz_id" { - value = "${aws_route_table.rt_dmz.id}" + value = aws_route_table.rt_dmz.id } output "vpc_id" { - value = "${aws_vpc.vpc.id}" + value = aws_vpc.vpc.id } output "vpc_default_security_group_id" { - value = "${aws_vpc.vpc.default_security_group_id}" + value = aws_vpc.vpc.default_security_group_id } diff --git a/dhcp/main.tf b/dhcp/main.tf index f232d63..9bb296e 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -7,24 +7,24 @@ terraform { ## Provisions DHCP options resource "aws_vpc_dhcp_options" "dhcp" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == true ? "1" : "0" - domain_name = "${var.domain_name}" - domain_name_servers = "${compact(var.name_servers)}" - netbios_name_servers = "${compact(var.netbios_name_servers)}" - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = "${compact(var.ntp_servers)}" + domain_name = var.domain_name + domain_name_servers = compact(var.name_servers) + netbios_name_servers = compact(var.netbios_name_servers) + netbios_node_type = var.netbios_node_type + ntp_servers = compact(var.ntp_servers) tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dhcp" } } resource "aws_vpc_dhcp_options_association" "dns_resolver" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == true ? "1" : "0" - dhcp_options_id = "${aws_vpc_dhcp_options.dhcp.id}" - vpc_id = "${var.vpc_id}" + dhcp_options_id = aws_vpc_dhcp_options.dhcp[count.index].id + vpc_id = var.vpc_id } diff --git a/dhcp/outputs.tf b/dhcp/outputs.tf index 76da62d..fec8170 100644 --- a/dhcp/outputs.tf +++ b/dhcp/outputs.tf @@ -1,5 +1,5 @@ # Output variables output "dhcp_id" { - value = "${join(",",compact(aws_vpc_dhcp_options.dhcp.*.id))}" + value = join(",",compact(aws_vpc_dhcp_options.dhcp.*.id)) } diff --git a/examples/basic/main.tf b/examples/basic/main.tf index b5f0368..fc4a1cd 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,11 +11,11 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_dns = "${var.enable_dns}" - enable_hostnames = "${var.enable_hostnames}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -24,10 +24,10 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures VPC Availabilty Zones @@ -36,14 +36,14 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned = "${var.azs_provisioned}" - enable_dmz_public_ips = "${var.enable_dmz_public_ips}" - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "${var.nat_eips_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + azs_provisioned = var.azs_provisioned + enable_dmz_public_ips = var.enable_dmz_public_ips + lans_per_az = var.lans_per_az + nat_eips_enabled = var.nat_eips_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures Virtual Private Gateway @@ -52,23 +52,23 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_attach = "${var.vpc_attach}" - vpc_id = "${module.vpc_base.vpc_id}" + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_attach = var.vpc_attach + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat" { - count = "${var.azs_provisioned * var.lans_per_az}" + count = var.azs_provisioned * var.lans_per_az destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids,count.index) + route_table_id = element(module.vpc_az.rt_lan_ids,count.index) } diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 87bb935..b831b9c 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -13,14 +13,14 @@ variable "stack_item_label" { variable "enable_dns" { type = bool - //set false for test - default = false + //set true for test + default = true } variable "enable_hostnames" { type = bool - //set true for test - default = true + //set false for test + default = false } variable "region" { @@ -41,8 +41,8 @@ variable "domain_name" { ## AZ parameters variable "azs_provisioned" { - type = string - default = "" + type = number + default = 2 } variable "enable_dmz_public_ips" { @@ -52,8 +52,8 @@ variable "enable_dmz_public_ips" { } variable "lans_per_az" { - type = string - default = "1" + type = number + default = 1 } variable "nat_eips_enabled" { From 2cba3a27636de1cd60a504415729f16c5a4f993a Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Wed, 19 Aug 2020 10:24:49 -0400 Subject: [PATCH 05/12] Fixed syntax errors for complete example. --- az/outputs.tf | 12 ++-- examples/complete/main.tf | 108 ++++++++++++++++----------------- examples/complete/outputs.tf | 8 +-- examples/complete/variables.tf | 18 +++--- vpg/main.tf | 10 +-- vpg/outputs.tf | 2 +- vpg/variables.tf | 4 +- 7 files changed, 82 insertions(+), 80 deletions(-) diff --git a/az/outputs.tf b/az/outputs.tf index a2e7428..79253a6 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -2,29 +2,29 @@ ## Returns Subnet IDs output "dmz_ids" { - value = ["${aws_subnet.dmz.*.id}"] + value = aws_subnet.dmz.*.id // [] removed } output "lan_ids" { - value = ["${aws_subnet.lan.*.id}"] + value = aws_subnet.lan.*.id // [] removed } ## Returns Subnet CIDR blocks output "dmz_cidrs" { - value = ["${aws_subnet.dmz.*.cidr_block}"] + value = aws_subnet.dmz.*.cidr_block // [] removed } output "lan_cidrs" { - value = ["${aws_subnet.lan.*.cidr_block}"] + value = aws_subnet.lan.*.cidr_block // [] removed } ## Returns information about the NATs output "eip_nat_ids" { - value = ["${aws_eip.eip_nat.*.id}"] + value = aws_eip.eip_nat.*.id // [] removed } output "eip_nat_ips" { - value = ["${aws_eip.eip_nat.*.public_ip}"] + value = aws_eip.eip_nat.*.public_ip // [] removed } output "nat_ids" { diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b710805..a5bdb66 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,12 +11,12 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_classiclink = "${var.enable_classiclink}" - enable_hostnames = "${var.enable_hostnames}" - instance_tenancy = "${var.instance_tenancy}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_classiclink = var.enable_classiclink + enable_hostnames = var.enable_hostnames + instance_tenancy = var.instance_tenancy + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -25,23 +25,23 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - name_servers = ["${var.name_servers}"] - netbios_name_servers = ["${var.netbios_name_servers}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${var.ntp_servers}"] - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + name_servers = var.name_servers //[] removed + netbios_name_servers = var.netbios_name_servers //[]removed + netbios_node_type = var.netbios_node_type + ntp_servers = var.ntp_servers //[] removed + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures ACLs resource "aws_network_acl" "acl" { - vpc_id = "${module.vpc_base.vpc_id}" - subnet_ids = ["${concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids)}"] + vpc_id = module.vpc_base.vpc_id + subnet_ids = concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids) //[] removed - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-acl" } @@ -53,10 +53,10 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - vpc_attach = "true" - vpc_id = "${module.vpc_base.vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + vpc_attach = true + vpc_id = module.vpc_base.vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } module "vpc_az" { @@ -64,59 +64,59 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned_override = "${var.azs_provisioned_override}" + azs_provisioned_override = var.azs_provisioned_override - dmz_cidrs_override = ["${cidrsubnet(var.vpc_cidr,3,0)}", - "${cidrsubnet(var.vpc_cidr,3,1)}", - "${cidrsubnet(var.vpc_cidr,3,2)}", - "${cidrsubnet(var.vpc_cidr,3,3)}", + dmz_cidrs_override = [cidrsubnet(var.vpc_cidr,3,0), + cidrsubnet(var.vpc_cidr,3,1), + cidrsubnet(var.vpc_cidr,3,2), + cidrsubnet(var.vpc_cidr,3,3), ] - lan_cidrs_override = ["${cidrsubnet(var.vpc_cidr,4,8)}", - "${cidrsubnet(var.vpc_cidr,4,9)}", - "${cidrsubnet(var.vpc_cidr,4,10)}", - "${cidrsubnet(var.vpc_cidr,4,11)}", - "${cidrsubnet(var.vpc_cidr,4,12)}", - "${cidrsubnet(var.vpc_cidr,4,13)}", - "${cidrsubnet(var.vpc_cidr,4,14)}", - "${cidrsubnet(var.vpc_cidr,4,15)}", + lan_cidrs_override = [cidrsubnet(var.vpc_cidr,4,8), + cidrsubnet(var.vpc_cidr,4,9), + cidrsubnet(var.vpc_cidr,4,10), + cidrsubnet(var.vpc_cidr,4,11), + cidrsubnet(var.vpc_cidr,4,12), + cidrsubnet(var.vpc_cidr,4,13), + cidrsubnet(var.vpc_cidr,4,14), + cidrsubnet(var.vpc_cidr,4,15), ] - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "false" - nat_gateways_enabled = "${var.nat_gateways_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_label = "${var.stack_item_label}" - stack_item_fullname = "${var.stack_item_fullname}" - vgw_ids = ["${module.vpc_vpg.vpg_id}"] - vpc_id = "${module.vpc_base.vpc_id}" + lans_per_az = var.lans_per_az + nat_eips_enabled = false + nat_gateways_enabled = var.nat_gateways_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_label = var.stack_item_label + stack_item_fullname = var.stack_item_fullname + vgw_ids = module.vpc_vpg.vpg_id + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat-gw" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "1" : "0")}" + count = length(var.azs_provisioned_override) * (var.lans_per_az > 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 1 : 0) destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + nat_gateway_id = element(module.vpc_az.nat_ids,count.index) + route_table_id = element(module.vpc_az.rt_lan_ids,count.index) } resource "aws_route" "lan-to-nat" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "0" : "1")}" + count = length(var.azs_provisioned_override) * (var.lans_per_az > 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 0 : 1) destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids,count.index) + route_table_id = element(module.vpc_az.rt_lan_ids,count.index) } resource "aws_vpc_endpoint" "s3-ep" { - route_table_ids = ["${module.vpc_az.rt_lan_ids}"] + route_table_ids = module.vpc_az.rt_lan_ids service_name = "com.amazonaws.${var.region}.s3" - vpc_id = "${module.vpc_base.vpc_id}" + vpc_id = module.vpc_base.vpc_id } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 802e775..0e32797 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,17 +1,17 @@ # Output variables output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 32bbfb0..947389a 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -16,13 +16,13 @@ variable "azs_provisioned_override" { } variable "enable_classiclink" { - type = string - default = "" + type = bool + default = false } variable "enable_hostnames" { - type = string - default = "" + type = bool + default = false } variable "instance_tenancy" { @@ -31,21 +31,23 @@ variable "instance_tenancy" { } variable "lans_per_az" { - type = string - default = "" + type = number + default = 1 } variable "nat_gateways_enabled" { - type = string - default = "" + type = bool + default = true } variable "region" { type = string + default = "us-east-1" } variable "vpc_cidr" { type = string + default = "172.16.0.0/21" } ## DHCP diff --git a/vpg/main.tf b/vpg/main.tf index da6d0dc..a83ca99 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -7,18 +7,18 @@ terraform { ## Gateway configuration resource "aws_vpn_gateway" "vpg" { - availability_zone = "${var.availability_zone}" + availability_zone = var.availability_zone tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpg" } } resource "aws_vpn_gateway_attachment" "attach" { - count = "${length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0}" + count = var.vpc_attach ? 1 : 0 - vpc_id = "${var.vpc_id}" - vpn_gateway_id = "${aws_vpn_gateway.vpg.id}" + vpc_id = var.vpc_id + vpn_gateway_id = aws_vpn_gateway.vpg.id } diff --git a/vpg/outputs.tf b/vpg/outputs.tf index 08d18d3..575a238 100644 --- a/vpg/outputs.tf +++ b/vpg/outputs.tf @@ -2,5 +2,5 @@ ## Returns ID of the VPG output "vpg_id" { - value = "${aws_vpn_gateway.vpg.id}" + value = aws_vpn_gateway.vpg.id } diff --git a/vpg/variables.tf b/vpg/variables.tf index af5ff39..719d464 100644 --- a/vpg/variables.tf +++ b/vpg/variables.tf @@ -19,9 +19,9 @@ variable "availability_zone" { } variable "vpc_attach" { - type = string + type = bool description = "Specifies whether the VPG should be associated with a VPC." - default = "" + default = true } variable "vpc_id" { From 7935f2dcab47d30041fa6c90ec33dd9f752bb5e3 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Wed, 19 Aug 2020 11:44:32 -0400 Subject: [PATCH 06/12] minor fixes to conditional statements for simplicity. --- az/main.tf | 14 +++++++------- dhcp/main.tf | 4 ++-- examples/basic/variables.tf | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/az/main.tf b/az/main.tf index 94c8c0e..1604d1b 100644 --- a/az/main.tf +++ b/az/main.tf @@ -21,7 +21,7 @@ locals { dmz_cidrs_override_enabled = length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? true : false # Check to see if elastic IPs are to be provisioned. NAT gateways require EIPs. - eips_enabled_check = var.nat_eips_enabled == true || var.nat_gateways_enabled == true ? 1 : 0 + eips_enabled_check = var.nat_eips_enabled || var.nat_gateways_enabled ? 1 : 0 # Check to see if private LAN subnets are to be provisioned. lans_enabled_check = local.lans_per_az_checked > 0 ? 1 : 0 @@ -36,7 +36,7 @@ locals { lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : "1" # Check to see if NAT gateways are to be provisioned - nat_gateways_enabled_check = var.nat_gateways_enabled == true ? 1 : 0 + nat_gateways_enabled_check = var.nat_gateways_enabled ? 1 : 0 # Check to see if NAT gateways are NOT to be provisioned nat_gateways_not_enabled_check = var.nat_gateways_enabled != true ? 1 : 0 @@ -60,10 +60,10 @@ resource "aws_subnet" "dmz" { count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == true ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = "${local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = local.dmz_cidrs_override_enabled == true ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) + cidr_block = local.dmz_cidrs_override_enabled ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) map_public_ip_on_launch = var.enable_dmz_public_ips vpc_id = var.vpc_id @@ -127,7 +127,7 @@ resource "aws_instance" "nat" { key_name = var.nat_key_name source_dest_check = false subnet_id = element(aws_subnet.dmz.*.id,count.index) - vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] + vpc_security_group_ids = [element(aws_security_group.sg_nat.*.id,count.index)] tags = { application = var.stack_item_fullname @@ -182,10 +182,10 @@ resource "aws_subnet" "lan" { count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == true ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = "${local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = local.lan_cidrs_override_enabled == true ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) + cidr_block = local.lan_cidrs_override_enabled ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) vpc_id = var.vpc_id tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}")) diff --git a/dhcp/main.tf b/dhcp/main.tf index 9bb296e..83a997e 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -7,7 +7,7 @@ terraform { ## Provisions DHCP options resource "aws_vpc_dhcp_options" "dhcp" { - count = var.enable == true ? "1" : "0" + count = var.enable ? 1 : 0 domain_name = var.domain_name domain_name_servers = compact(var.name_servers) @@ -23,7 +23,7 @@ resource "aws_vpc_dhcp_options" "dhcp" { } resource "aws_vpc_dhcp_options_association" "dns_resolver" { - count = var.enable == true ? "1" : "0" + count = var.enable ? 1 : 0 dhcp_options_id = aws_vpc_dhcp_options.dhcp[count.index].id vpc_id = var.vpc_id diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index b831b9c..81d2537 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -64,6 +64,6 @@ variable "nat_eips_enabled" { ## VPG parameters variable "vpc_attach" { - type = string - default = "" + type = bool + default = true } From 2644c48bdd1280a80b17201c93d726cf77f7c265 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Wed, 19 Aug 2020 12:47:01 -0400 Subject: [PATCH 07/12] updated peer module and peer example. --- examples/peering/main.tf | 38 ++++++++++++++--------------- examples/peering/variables.tf | 7 ++++++ peer/main.tf | 46 +++++++++++++++++------------------ peer/outputs.tf | 2 +- peer/variables.tf | 20 +++++++-------- 5 files changed, 60 insertions(+), 53 deletions(-) diff --git a/examples/peering/main.tf b/examples/peering/main.tf index 33feeb1..50985bb 100644 --- a/examples/peering/main.tf +++ b/examples/peering/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures VPC peering connection @@ -11,30 +11,30 @@ module "vpc_peer" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//peer" source = "../../peer" - accepter_allow_classic_link_to_remote = "false" - accepter_allow_remote_dns = "true" - accepter_allow_to_remote_classic_link = "true" - accepter_vpc_id = "${var.accepter_vpc_id}" - requester_allow_classic_link_to_remote = "true" - requester_allow_remote_dns = "false" - requester_allow_to_remote_classic_link = "false" - requester_vpc_id = "${var.requester_vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + accepter_allow_classic_link_to_remote = false + accepter_allow_remote_dns = true + accepter_allow_to_remote_classic_link = true + accepter_vpc_id = var.accepter_vpc_id + requester_allow_classic_link_to_remote = true + requester_allow_remote_dns = false + requester_allow_to_remote_classic_link = false + requester_vpc_id = var.requester_vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } resource "aws_route" "requester-to-accepter" { - count = "${length(var.requester_rt_lan_ids)}" + count = length(var.requester_rt_lan_ids) - destination_cidr_block = "${var.accepter_vpc_cidr}" - route_table_id = "${element(var.requester_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.accepter_vpc_cidr + route_table_id = element(var.requester_rt_lan_ids,count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } resource "aws_route" "accepter-to-requester" { - count = "${length(var.accepter_rt_lan_ids)}" + count = length(var.accepter_rt_lan_ids) - destination_cidr_block = "${var.requester_vpc_cidr}" - route_table_id = "${element(var.accepter_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.requester_vpc_cidr + route_table_id = element(var.accepter_rt_lan_ids,count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 0699256..007ba1c 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -15,33 +15,40 @@ variable "stack_item_label" { variable "accepter_rt_lan_ids" { type = list description = "The IDs of the peer VPC routing tables." + } variable "accepter_vpc_cidr" { type = string description = "The ID of the peer VPC." + } variable "accepter_vpc_id" { type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." + } variable "region" { type = string + default = "us-east-1" } variable "requester_rt_lan_ids" { type = list description = "The IDs of the requesting VPC routing tables." + } variable "requester_vpc_cidr" { type = string description = "The ID of the requester VPC." + } variable "requester_vpc_id" { type = string description = "The ID of the requester VPC." + } diff --git a/peer/main.tf b/peer/main.tf index 5477d9a..fbc718d 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -7,53 +7,53 @@ terraform { ## Provisions VPC peering resource "aws_vpc_peering_connection" "peer" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "0" : "1"}" + count = length(var.vpc_peering_connection_id) > 0 ? 0 : 1 - auto_accept = "${var.accepter_region != "" ? "false" : var.auto_accept}" - peer_owner_id = "${var.accepter_owner_id}" - peer_region = "${var.accepter_region}" - peer_vpc_id = "${var.accepter_vpc_id}" - vpc_id = "${var.requester_vpc_id}" + auto_accept = var.accepter_region != "" ? false : var.auto_accept + peer_owner_id = var.accepter_owner_id + peer_region = var.accepter_region + peer_vpc_id = var.accepter_vpc_id + vpc_id = var.requester_vpc_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = var.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns + allow_vpc_to_remote_classic_link = var.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = var.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = var.requester_allow_to_remote_classic_link } tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } resource "aws_vpc_peering_connection_accepter" "peer_accept" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "1" : "0"}" + count = length(var.vpc_peering_connection_id) > 0 ? 1 : 0 - auto_accept = "${var.accepter_auto_accept}" - vpc_peering_connection_id = "${var.vpc_peering_connection_id}" + auto_accept = var.accepter_auto_accept + vpc_peering_connection_id = var.vpc_peering_connection_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = var.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns + allow_vpc_to_remote_classic_link = var.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_classic_link_to_remote_vpc = var.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = var.requester_allow_to_remote_classic_link } tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } diff --git a/peer/outputs.tf b/peer/outputs.tf index 73063fd..a0a58b8 100644 --- a/peer/outputs.tf +++ b/peer/outputs.tf @@ -1,5 +1,5 @@ # Outputs output "peer_connection_id" { - value = "${join(",",aws_vpc_peering_connection.peer.*.id)}" + value = join(",",aws_vpc_peering_connection.peer.*.id) } diff --git a/peer/variables.tf b/peer/variables.tf index dc4ad80..74835e1 100644 --- a/peer/variables.tf +++ b/peer/variables.tf @@ -13,9 +13,9 @@ variable "stack_item_label" { ## Peering parameters variable "accepter_allow_classic_link_to_remote" { - type = string + type = bool description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." - default = "" + default = false } variable "accepter_allow_remote_dns" { @@ -25,15 +25,15 @@ variable "accepter_allow_remote_dns" { } variable "accepter_allow_to_remote_classic_link" { - type = string + type = bool description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." - default = "" + default = false } variable "accepter_auto_accept" { - type = string + type = bool description = "Accept the peering (both VPCs need to be in the same AWS account)." - default = "" + default = false } variable "accepter_owner_id" { @@ -61,9 +61,9 @@ variable "auto_accept" { } variable "requester_allow_classic_link_to_remote" { - type = string + type = bool description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." - default = "" + default = false } variable "requester_allow_remote_dns" { @@ -73,9 +73,9 @@ variable "requester_allow_remote_dns" { } variable "requester_allow_to_remote_classic_link" { - type = string + type = bool description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." - default = "" + default = false } variable "requester_vpc_id" { From 28e0b395ab0ca7c1cef61cc273c04098e526d513 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Wed, 19 Aug 2020 16:35:17 -0400 Subject: [PATCH 08/12] syntax updates in az/main file for accessing list values. --- az/main.tf | 16 ++++++++-------- az/variables.tf | 2 +- examples/basic/variables.tf | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/az/main.tf b/az/main.tf index 1604d1b..ac2281b 100644 --- a/az/main.tf +++ b/az/main.tf @@ -60,10 +60,10 @@ resource "aws_subnet" "dmz" { count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${var.azs_provisioned_override[count.index]}" : data.aws_availability_zones.available.names[count.index] # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = local.dmz_cidrs_override_enabled ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) + cidr_block = local.dmz_cidrs_override_enabled ? var.dmz_cidrs_override[count.index] : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) map_public_ip_on_launch = var.enable_dmz_public_ips vpc_id = var.vpc_id @@ -75,7 +75,7 @@ resource "aws_route_table_association" "rta_dmz" { count = local.azs_provisioned_count route_table_id = var.rt_dmz_id - subnet_id = element(aws_subnet.dmz.*.id,count.index) + subnet_id = aws_subnet.dmz.*.id[count.index] } ### Provisions NATs @@ -114,8 +114,8 @@ resource "aws_eip" "eip_nat" { resource "aws_eip_association" "eip_nat_assoc" { count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check - allocation_id = element(aws_eip.eip_nat.*.id,count.index) - instance_id = element(aws_instance.nat.*.id,count.index) + allocation_id = aws_eip.eip_nat.*.id[count.index] + instance_id = aws_instance.nat.*.id[count.index] } resource "aws_instance" "nat" { @@ -126,7 +126,7 @@ resource "aws_instance" "nat" { instance_type = var.nat_instance_type key_name = var.nat_key_name source_dest_check = false - subnet_id = element(aws_subnet.dmz.*.id,count.index) + subnet_id = aws_subnet.dmz.*.id[count.index] vpc_security_group_ids = [element(aws_security_group.sg_nat.*.id,count.index)] tags = { @@ -182,10 +182,10 @@ resource "aws_subnet" "lan" { count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${var.azs_provisioned_override[count.index]}" : data.aws_availability_zones.available.names[count.index] # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = local.lan_cidrs_override_enabled ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) + cidr_block = local.lan_cidrs_override_enabled ? var.lan_cidrs_override[count.index] : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count)) vpc_id = var.vpc_id tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}")) diff --git a/az/variables.tf b/az/variables.tf index a5636b4..7c47b39 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -55,7 +55,7 @@ variable "azs_provisioned" { variable "azs_provisioned_override" { type = list description = "List of availability zones to be provisioned." - default = ["non_empty_list"] + default = ["non_empty_list"] // } variable "dmz_cidrs_override" { diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 81d2537..a36d2ae 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -20,7 +20,7 @@ variable "enable_dns" { variable "enable_hostnames" { type = bool //set false for test - default = false + default = true } variable "region" { @@ -48,7 +48,7 @@ variable "azs_provisioned" { variable "enable_dmz_public_ips" { type = bool //set false for testing - default = false + default = true } variable "lans_per_az" { @@ -59,7 +59,7 @@ variable "lans_per_az" { variable "nat_eips_enabled" { type = bool //set false for test - default = false + default = true } ## VPG parameters From 7867bdc96eb9891488bdbc618993c3bf3ea64d7d Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Wed, 19 Aug 2020 16:55:13 -0400 Subject: [PATCH 09/12] changed back variable default values that were changed during testing. --- examples/basic/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index a36d2ae..6d779ee 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -20,7 +20,7 @@ variable "enable_dns" { variable "enable_hostnames" { type = bool //set false for test - default = true + default = false } variable "region" { @@ -48,7 +48,7 @@ variable "azs_provisioned" { variable "enable_dmz_public_ips" { type = bool //set false for testing - default = true + default = false } variable "lans_per_az" { @@ -59,11 +59,11 @@ variable "lans_per_az" { variable "nat_eips_enabled" { type = bool //set false for test - default = true + default = false } ## VPG parameters variable "vpc_attach" { type = bool - default = true + default = false } From f3da271e53374a96fa20d792775552588bab1e0e Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Thu, 20 Aug 2020 16:31:15 -0400 Subject: [PATCH 10/12] fixed issue with complete example involving dhcp due to parameter types. --- dhcp/variables.tf | 4 ++-- examples/complete/main.tf | 10 +++++----- examples/complete/variables.tf | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/dhcp/variables.tf b/dhcp/variables.tf index 92dd260..92037e0 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -43,9 +43,9 @@ variable "netbios_name_servers" { } variable "netbios_node_type" { - type = string + type = number description = "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network." - default = "" + default = 2 } variable "ntp_servers" { diff --git a/examples/complete/main.tf b/examples/complete/main.tf index a5bdb66..35d4edd 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -26,10 +26,10 @@ module "vpc_dhcp" { source = "../../dhcp" domain_name = var.domain_name - name_servers = var.name_servers //[] removed - netbios_name_servers = var.netbios_name_servers //[]removed + name_servers = var.name_servers + netbios_name_servers = var.netbios_name_servers netbios_node_type = var.netbios_node_type - ntp_servers = var.ntp_servers //[] removed + ntp_servers = var.ntp_servers stack_item_fullname = var.stack_item_fullname stack_item_label = var.stack_item_label vpc_id = module.vpc_base.vpc_id @@ -38,7 +38,7 @@ module "vpc_dhcp" { ## Configures ACLs resource "aws_network_acl" "acl" { vpc_id = module.vpc_base.vpc_id - subnet_ids = concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids) //[] removed + subnet_ids = concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids) tags = { application = var.stack_item_fullname @@ -88,7 +88,7 @@ module "vpc_az" { rt_dmz_id = module.vpc_base.rt_dmz_id stack_item_label = var.stack_item_label stack_item_fullname = var.stack_item_fullname - vgw_ids = module.vpc_vpg.vpg_id + vgw_ids = [module.vpc_vpg.vpg_id] vpc_id = module.vpc_base.vpc_id } diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 947389a..2aaee74 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -37,7 +37,7 @@ variable "lans_per_az" { variable "nat_gateways_enabled" { type = bool - default = true + default = false } variable "region" { @@ -67,8 +67,9 @@ variable "netbios_name_servers" { } variable "netbios_node_type" { - type = string - default = "" + type = number + //set to 2 for test + default = 2 } variable "ntp_servers" { From a6ba3d64992e6e7f2d558a05b10119c115f4f6e9 Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Mon, 14 Sep 2020 14:12:40 -0400 Subject: [PATCH 11/12] minor fixes to variable files, added new static resources added in v0.12 upgrade and corresponding variables, made required version greater than 0.12 --- az/main.tf | 92 +++++++++++++++++++++++++++++---- az/outputs.tf | 2 +- az/variables.tf | 27 +++++++--- base/main.tf | 6 ++- base/variables.tf | 4 +- dhcp/main.tf | 2 +- dhcp/variables.tf | 6 +-- examples/basic/main.tf | 4 +- examples/basic/variables.tf | 17 +++--- examples/complete/.DS_Store | Bin 0 -> 6148 bytes examples/complete/main.tf | 18 ++++--- examples/complete/variables.tf | 23 +++++---- examples/peering/main.tf | 4 +- examples/peering/variables.tf | 17 +++--- peer/main.tf | 37 ++++++++----- vpg/main.tf | 2 +- 16 files changed, 179 insertions(+), 82 deletions(-) create mode 100644 examples/complete/.DS_Store diff --git a/az/main.tf b/az/main.tf index ac2281b..1e35c59 100644 --- a/az/main.tf +++ b/az/main.tf @@ -2,7 +2,7 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Variables @@ -33,7 +33,19 @@ locals { lans_multiplier = local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1 # Handles scenario where an emptry string is passed in for lans_per_az - lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : "1" + lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : 1 + + # Check to see if private static subnets are to be provisioned. + statics_enabled_check = local.statics_per_az_checked > 0 ? 1 : 0 + + # Check to see if static CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. + static_cidrs_override_enabled = length(var.static_cidrs_override) > 0 && var.static_cidrs_override[0] != "non_empty_list" ? true : false + + # Multiplier to be used in downstream calculation based on the number of static subnets per AZ. + statics_multiplier = local.statics_per_az_checked >= 0 ? local.statics_per_az_checked : 1 + + # Handles scenario where an emptry string is passed in for statics_per_az + statics_per_az_checked = var.statics_per_az != "" ? var.statics_per_az : 0 # Check to see if NAT gateways are to be provisioned nat_gateways_enabled_check = var.nat_gateways_enabled ? 1 : 0 @@ -46,6 +58,8 @@ locals { application = var.stack_item_fullname managed_by = "terraform" } + + enable_dmz_public_ips = var.enable_dmz_public_ips } ## Provisions DMZ resources @@ -63,11 +77,20 @@ resource "aws_subnet" "dmz" { availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${var.azs_provisioned_override[count.index]}" : data.aws_availability_zones.available.names[count.index] # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = local.dmz_cidrs_override_enabled ? var.dmz_cidrs_override[count.index] : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index) + cidr_block = local.dmz_cidrs_override_enabled ? var.dmz_cidrs_override[count.index] : cidrsubnet( + data.aws_vpc.base.cidr_block, + lookup(var.az_cidrsubnet_newbits, + local.azs_provisioned_count),count.index + ) + map_public_ip_on_launch = var.enable_dmz_public_ips vpc_id = var.vpc_id - tags = merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}")) + tags = merge( + local.default_subnet_tags, + var.additional_subnet_tags, + map("Name", "${var.stack_item_label}-dmz-${count.index}") + ) } ### Associates subnet with routing table @@ -127,7 +150,7 @@ resource "aws_instance" "nat" { key_name = var.nat_key_name source_dest_check = false subnet_id = aws_subnet.dmz.*.id[count.index] - vpc_security_group_ids = [element(aws_security_group.sg_nat.*.id,count.index)] + vpc_security_group_ids = [aws_security_group.sg_nat.*.id[count.index]] tags = { application = var.stack_item_fullname @@ -152,7 +175,7 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = local.lan_cidrs_override_enabled == true ? [element(var.lan_cidrs_override,count.index)] : [cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))] + cidr_blocks = local.lan_cidrs_override_enabled ? [var.lan_cidrs_override[count.index]] : [cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))] description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" @@ -169,8 +192,8 @@ resource "aws_security_group" "sg_nat" { resource "aws_nat_gateway" "nat" { count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check - allocation_id = element(aws_eip.eip_nat.*.id,count.index) - subnet_id = element(aws_subnet.dmz.*.id,count.index) + allocation_id = aws_eip.eip_nat.*.id[count.index] + subnet_id = aws_subnet.dmz.*.id[count.index] } ### @@ -209,6 +232,55 @@ resource "aws_route_table" "rt_lan" { resource "aws_route_table_association" "rta_lan" { count = local.azs_provisioned_count * local.lans_multiplier - route_table_id = element(aws_route_table.rt_lan.*.id,count.index) - subnet_id = element(aws_subnet.lan.*.id,count.index) + route_table_id = aws_route_table.rt_lan.*.id[count.index] + subnet_id = aws_subnet.lan.*.id[count.index] } + +## Provisions static resources + +### Provisions subnet +resource "aws_subnet" "static" { + count = local.azs_provisioned_count * local.statics_multiplier + + # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. + availability_zone = local.azs_provisioned_override_enabled ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : data.aws_availability_zones.available.names[count.index] + + # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of static subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. + cidr_block = local.static_cidrs_override_enabled ? var.static_cidrs_override[count.index] : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.statics_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + ) + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-static-${count.index}" + }, + ) +} + +### Provisions routing table +resource "aws_route_table" "rt_static" { + count = local.azs_provisioned_count * local.statics_multiplier + + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id + + tags = { + application = var.stack_item_fullname + managed_by = "terraform" + Name = "${var.stack_item_label}-static-${count.index}" + } +} + +### Associates subnet with routing table +resource "aws_route_table_association" "rta_static" { + count = local.azs_provisioned_count * local.statics_multiplier + + route_table_id = aws_route_table.rt_static.*.id[count.index] + subnet_id = aws_subnet.static.*.id[count.index] +} + diff --git a/az/outputs.tf b/az/outputs.tf index 79253a6..1c1c260 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -33,5 +33,5 @@ output "nat_ids" { ## Returns the routing table ID output "rt_lan_ids" { - value = (aws_route_table.rt_lan.*.id) + value = aws_route_table.rt_lan.*.id } diff --git a/az/variables.tf b/az/variables.tf index 7c47b39..7d8c126 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -14,14 +14,14 @@ variable "stack_item_label" { } variable "additional_subnet_tags" { - type = map + type = map(string) description = "Additional tags to apply at the subnet level, if any" default = {} } ## VPC parameters variable "az_cidrsubnet_newbits" { - type = map + type = map(string) description = "The number of bits by which to extend the CIDR range for the given number of AZs." default = { @@ -35,7 +35,7 @@ variable "az_cidrsubnet_newbits" { } variable "az_cidrsubnet_offset" { - type = map + type = map(string) description = "The number of AZs to provision for." default = { @@ -53,13 +53,13 @@ variable "azs_provisioned" { } variable "azs_provisioned_override" { - type = list + type = list(string) description = "List of availability zones to be provisioned." - default = ["non_empty_list"] // + default = ["non_empty_list"] } variable "dmz_cidrs_override" { - type = list + type = list(string) description = "The CIDR block(s) you want the DMZ subnet(s) to cover." default = ["non_empty_list"] } @@ -71,7 +71,7 @@ variable "enable_dmz_public_ips" { } variable "lan_cidrs_override" { - type = list + type = list(string) description = "The CIDR block(s) you want the LAN subnet(s) to cover." default = ["non_empty_list"] } @@ -82,6 +82,17 @@ variable "lans_per_az" { default = 1 } +variable "static_cidrs_override" { + type = list(string) + description = "The CIDR block(s) you want the static subnet(s) to cover." + default = ["non_empty_list"] +} + +variable "statics_per_az" { + type = number + description = "The number of private static subnets to be provisioned per AZ" + default = 0 + variable "nat_ami_override" { type = string description = "Custom NAT Amazon machine image" @@ -118,7 +129,7 @@ variable "rt_dmz_id" { } variable "vgw_ids" { - type = list + type = list(string) description = "A list of virtual gateways to associate with the routing tables for route propagation." default = [] } diff --git a/base/main.tf b/base/main.tf index 7c37c40..78e4f62 100644 --- a/base/main.tf +++ b/base/main.tf @@ -2,12 +2,16 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Set default instance tennancy if not provided locals { default_instance_tenancy = length(var.instance_tenancy) >= 1 ? var.instance_tenancy : "default" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + enable_classiclink = var.enable_classiclink + enable_classiclink_dns_support = var.enable_classiclink_dns_support default_vpc_tags = { application = var.stack_item_fullname diff --git a/base/variables.tf b/base/variables.tf index 9f87836..33bb119 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -14,7 +14,7 @@ variable "stack_item_label" { } variable "additional_vpc_tags" { - type = map + type = map(string) description = "Additional tags to apply at the VPC level, if any" default = {} } @@ -71,7 +71,7 @@ variable "flow_log_traffic_type" { ## Routing parameters variable "vgw_ids" { - type = list + type = list(string) description = "A list of virtual gateways for propagation." default = [] } diff --git a/dhcp/main.tf b/dhcp/main.tf index 83a997e..c57732e 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -2,7 +2,7 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Provisions DHCP options diff --git a/dhcp/variables.tf b/dhcp/variables.tf index 92037e0..7fff44e 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -31,13 +31,13 @@ variable "enable" { } variable "name_servers" { - type = list + type = list(string) description = "List of name servers to configure in '/etc/resolv.conf'" default = ["AmazonProvidedDNS"] } variable "netbios_name_servers" { - type = list + type = list(string) description = "List of NETBIOS name servers" default = [] } @@ -49,7 +49,7 @@ variable "netbios_node_type" { } variable "ntp_servers" { - type = list + type = list(string) description = "List of NTP servers to configure" default = [] } diff --git a/examples/basic/main.tf b/examples/basic/main.tf index fc4a1cd..8e3502f 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -69,6 +69,6 @@ resource "aws_route" "lan-to-nat" { count = var.azs_provisioned * var.lans_per_az destination_cidr_block = "0.0.0.0/0" - instance_id = element(module.vpc_az.nat_ids,count.index) - route_table_id = element(module.vpc_az.rt_lan_ids,count.index) + instance_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 6d779ee..5ec01d5 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -12,15 +12,12 @@ variable "stack_item_label" { ## VPC base parameters variable "enable_dns" { type = bool - - //set true for test - default = true + default = null } variable "enable_hostnames" { type = bool - //set false for test - default = false + default = null } variable "region" { @@ -30,7 +27,7 @@ variable "region" { variable "vpc_cidr" { type = string //set for test - default = "172.16.0.0/21" + //default = "172.16.0.0/21" } ## DHCP @@ -47,8 +44,7 @@ variable "azs_provisioned" { variable "enable_dmz_public_ips" { type = bool - //set false for testing - default = false + default = null } variable "lans_per_az" { @@ -58,12 +54,11 @@ variable "lans_per_az" { variable "nat_eips_enabled" { type = bool - //set false for test - default = false + default = null } ## VPG parameters variable "vpc_attach" { type = bool - default = false + default = null } diff --git a/examples/complete/.DS_Store b/examples/complete/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6 GIT binary patch literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 1 : 0) destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = element(module.vpc_az.nat_ids,count.index) - route_table_id = element(module.vpc_az.rt_lan_ids,count.index) + nat_gateway_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } resource "aws_route" "lan-to-nat" { count = length(var.azs_provisioned_override) * (var.lans_per_az > 0 ? var.lans_per_az : 1) * signum(var.nat_gateways_enabled == true ? 0 : 1) destination_cidr_block = "0.0.0.0/0" - instance_id = element(module.vpc_az.nat_ids,count.index) - route_table_id = element(module.vpc_az.rt_lan_ids,count.index) + instance_id = module.vpc_az.nat_ids[count.index] + route_table_id = module.vpc_az.rt_lan_ids[count.index] } resource "aws_vpc_endpoint" "s3-ep" { diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 2aaee74..d7194bf 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -11,18 +11,18 @@ variable "stack_item_label" { ## VPC Parameters variable "azs_provisioned_override" { - type = list + type = list(string) default = ["a", "c", "d", "e"] } variable "enable_classiclink" { type = bool - default = false + default = null } variable "enable_hostnames" { type = bool - default = false + default = null } variable "instance_tenancy" { @@ -37,17 +37,19 @@ variable "lans_per_az" { variable "nat_gateways_enabled" { type = bool - default = false + default = null } variable "region" { type = string - default = "us-east-1" + //set for test + //default = us-east-1 } variable "vpc_cidr" { type = string - default = "172.16.0.0/21" + //set for test + //default = "172.16.0.0/21" } ## DHCP @@ -57,22 +59,23 @@ variable "domain_name" { } variable "name_servers" { - type = list + type = list(string) default = [] } variable "netbios_name_servers" { - type = list + type = list(string) default = [] } variable "netbios_node_type" { type = number + default = null //set to 2 for test - default = 2 + //default = 2 } variable "ntp_servers" { - type = list + type = list(string) default = [] } diff --git a/examples/peering/main.tf b/examples/peering/main.tf index 50985bb..926eaed 100644 --- a/examples/peering/main.tf +++ b/examples/peering/main.tf @@ -27,7 +27,7 @@ resource "aws_route" "requester-to-accepter" { count = length(var.requester_rt_lan_ids) destination_cidr_block = var.accepter_vpc_cidr - route_table_id = element(var.requester_rt_lan_ids,count.index) + route_table_id = var.requester_rt_lan_ids[count.index] vpc_peering_connection_id = module.vpc_peer.peer_connection_id } @@ -35,6 +35,6 @@ resource "aws_route" "accepter-to-requester" { count = length(var.accepter_rt_lan_ids) destination_cidr_block = var.requester_vpc_cidr - route_table_id = element(var.accepter_rt_lan_ids,count.index) + route_table_id = var.accepter_rt_lan_ids[count.index] vpc_peering_connection_id = module.vpc_peer.peer_connection_id } diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 007ba1c..c390da3 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -13,42 +13,41 @@ variable "stack_item_label" { ## Peering Parameters variable "accepter_rt_lan_ids" { - type = list + type = list(string) description = "The IDs of the peer VPC routing tables." - + } variable "accepter_vpc_cidr" { type = string description = "The ID of the peer VPC." - + } variable "accepter_vpc_id" { type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." - + } variable "region" { type = string - default = "us-east-1" } variable "requester_rt_lan_ids" { - type = list + type = list(string) description = "The IDs of the requesting VPC routing tables." - + } variable "requester_vpc_cidr" { type = string description = "The ID of the requester VPC." - + } variable "requester_vpc_id" { type = string description = "The ID of the requester VPC." - + } diff --git a/peer/main.tf b/peer/main.tf index fbc718d..bbdfde9 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -2,7 +2,18 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" +} + +locals { + accepter_allow_classic_link_to_remote = var.accepter_allow_classic_link_to_remote + accepter_allow_remote_dns = var.accepter_allow_remote_dns + accepter_allow_to_remote_classic_link = var.accepter_allow_to_remote_classic_link + accepter_auto_accept = var.accepter_auto_accept + auto_accept = var.auto_accept + requester_allow_classic_link_to_remote = var.requester_allow_classic_link_to_remote + requester_allow_remote_dns = var.requester_allow_remote_dns + requester_allow_to_remote_classic_link = var.requester_allow_to_remote_classic_link } ## Provisions VPC peering @@ -16,15 +27,15 @@ resource "aws_vpc_peering_connection" "peer" { vpc_id = var.requester_vpc_id accepter { - allow_classic_link_to_remote_vpc = var.accepter_allow_classic_link_to_remote - allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns + allow_classic_link_to_remote_vpc = local.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.accepter_allow_remote_dns allow_vpc_to_remote_classic_link = var.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = var.requester_allow_classic_link_to_remote - allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns - allow_vpc_to_remote_classic_link = var.requester_allow_to_remote_classic_link + allow_classic_link_to_remote_vpc = local.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = local.requester_allow_to_remote_classic_link } tags = { @@ -37,19 +48,19 @@ resource "aws_vpc_peering_connection" "peer" { resource "aws_vpc_peering_connection_accepter" "peer_accept" { count = length(var.vpc_peering_connection_id) > 0 ? 1 : 0 - auto_accept = var.accepter_auto_accept + auto_accept = local.accepter_auto_accept vpc_peering_connection_id = var.vpc_peering_connection_id accepter { - allow_classic_link_to_remote_vpc = var.accepter_allow_classic_link_to_remote - allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns - allow_vpc_to_remote_classic_link = var.accepter_allow_to_remote_classic_link + allow_classic_link_to_remote_vpc = local.accepter_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.accepter_allow_remote_dns + allow_vpc_to_remote_classic_link = local.accepter_allow_to_remote_classic_link } requester { - allow_classic_link_to_remote_vpc = var.requester_allow_classic_link_to_remote - allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns - allow_vpc_to_remote_classic_link = var.requester_allow_to_remote_classic_link + allow_classic_link_to_remote_vpc = local.requester_allow_classic_link_to_remote + allow_remote_vpc_dns_resolution = local.requester_allow_remote_dns + allow_vpc_to_remote_classic_link = local.requester_allow_to_remote_classic_link } tags = { diff --git a/vpg/main.tf b/vpg/main.tf index a83ca99..9bcc8dc 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -2,7 +2,7 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = "> 0.12.0" } ## Gateway configuration From 06f0084f2f1fb18eb3386e7a584ee301837af3da Mon Sep 17 00:00:00 2001 From: domjgiordano Date: Mon, 14 Sep 2020 16:12:11 -0400 Subject: [PATCH 12/12] removed comments that were not needed --- az/outputs.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/az/outputs.tf b/az/outputs.tf index 1c1c260..17fcd8c 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -2,29 +2,29 @@ ## Returns Subnet IDs output "dmz_ids" { - value = aws_subnet.dmz.*.id // [] removed + value = aws_subnet.dmz.*.id } output "lan_ids" { - value = aws_subnet.lan.*.id // [] removed + value = aws_subnet.lan.*.id } ## Returns Subnet CIDR blocks output "dmz_cidrs" { - value = aws_subnet.dmz.*.cidr_block // [] removed + value = aws_subnet.dmz.*.cidr_block } output "lan_cidrs" { - value = aws_subnet.lan.*.cidr_block // [] removed + value = aws_subnet.lan.*.cidr_block } ## Returns information about the NATs output "eip_nat_ids" { - value = aws_eip.eip_nat.*.id // [] removed + value = aws_eip.eip_nat.*.id } output "eip_nat_ips" { - value = aws_eip.eip_nat.*.public_ip // [] removed + value = aws_eip.eip_nat.*.public_ip } output "nat_ids" {