generated from aws-ia/.github
-
Notifications
You must be signed in to change notification settings - Fork 31
/
main.tf
75 lines (60 loc) · 2.79 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
locals {
description = var.pool_config.description == null ? replace(var.implied_description, "/", "-") : var.pool_config.description
name = var.pool_config.name == null ? var.implied_name : var.pool_config.name
tags = merge(var.pool_config.tags, {
Name = local.name }
)
ram_share_enabled = try(length(var.pool_config.ram_share_principals), 0) > 0
pool_cidrs = var.pool_config.cidr == null ? [var.pool_config.netmask_length] : var.pool_config.cidr
cidr_authorization_contexts = {
for k, v in var.cidr_authorization_contexts : v.cidr => {
message = v.message,
signature = v.signature
}
}
}
resource "aws_vpc_ipam_pool" "sub" {
address_family = var.address_family
ipam_scope_id = var.ipam_scope_id
source_ipam_pool_id = var.source_ipam_pool_id
description = local.description
locale = var.implied_locale != "None" ? var.implied_locale : var.pool_config.locale
allocation_default_netmask_length = var.pool_config.allocation_default_netmask_length
allocation_max_netmask_length = var.pool_config.allocation_max_netmask_length
allocation_min_netmask_length = var.pool_config.allocation_min_netmask_length
allocation_resource_tags = var.pool_config.allocation_resource_tags
auto_import = var.pool_config.auto_import
aws_service = var.pool_config.aws_service
publicly_advertisable = var.pool_config.publicly_advertisable
public_ip_source = var.pool_config.public_ip_source
tags = local.tags
}
resource "aws_vpc_ipam_pool_cidr" "sub" {
for_each = toset(local.pool_cidrs)
ipam_pool_id = aws_vpc_ipam_pool.sub.id
cidr = length(regexall("/", each.key)) > 0 ? each.key : null
netmask_length = length(regexall("/", each.key)) == 0 ? each.key : null
dynamic "cidr_authorization_context" {
for_each = length(var.cidr_authorization_contexts) == 0 ? [] : [1]
content {
message = local.cidr_authorization_contexts[each.key].message
signature = local.cidr_authorization_contexts[each.key].signature
}
}
}
resource "aws_ram_resource_share" "sub" {
count = local.ram_share_enabled ? 1 : 0
# if a user specifies a var.pool.description must validate there is no / which is invalid for RAM names
name = replace(local.description, "/", "-")
tags = local.tags
}
resource "aws_ram_resource_association" "sub" {
count = local.ram_share_enabled ? 1 : 0
resource_arn = aws_vpc_ipam_pool.sub.arn
resource_share_arn = aws_ram_resource_share.sub[0].arn
}
resource "aws_ram_principal_association" "sub" {
for_each = local.ram_share_enabled ? toset(var.pool_config.ram_share_principals) : []
principal = each.key
resource_share_arn = aws_ram_resource_share.sub[0].arn
}