diff --git a/README.md b/README.md
index f3a8b654d..581c5b6f7 100644
--- a/README.md
+++ b/README.md
@@ -495,6 +495,7 @@ No modules.
| [private\_subnet\_names](#input\_private\_subnet\_names) | Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
| [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no |
| [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
+| [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
| [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
| [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
| [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
@@ -509,6 +510,7 @@ No modules.
| [public\_subnet\_names](#input\_public\_subnet\_names) | Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
| [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no |
| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
+| [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
| [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
| [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf
index 5473a92e2..e9071a794 100644
--- a/examples/simple-vpc/main.tf
+++ b/examples/simple-vpc/main.tf
@@ -36,6 +36,12 @@ module "vpc" {
Name = "overridden-name-public"
}
+ public_subnet_tags_per_az = {
+ "${local.region}a" = {
+ "availability-zone" = "${local.region}a"
+ }
+ }
+
tags = local.tags
vpc_tags = {
diff --git a/main.tf b/main.tf
index 3ef5d813f..7da643e60 100644
--- a/main.tf
+++ b/main.tf
@@ -377,6 +377,7 @@ resource "aws_subnet" "public" {
},
var.tags,
var.public_subnet_tags,
+ lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})
)
}
@@ -404,6 +405,7 @@ resource "aws_subnet" "private" {
},
var.tags,
var.private_subnet_tags,
+ lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})
)
}
diff --git a/variables.tf b/variables.tf
index e6561ef73..4bd5da093 100644
--- a/variables.tf
+++ b/variables.tf
@@ -486,12 +486,24 @@ variable "public_subnet_tags" {
default = {}
}
+variable "public_subnet_tags_per_az" {
+ description = "Additional tags for the public subnets where the primary key is the AZ"
+ type = map(map(string))
+ default = {}
+}
+
variable "private_subnet_tags" {
description = "Additional tags for the private subnets"
type = map(string)
default = {}
}
+variable "private_subnet_tags_per_az" {
+ description = "Additional tags for the private subnets where the primary key is the AZ"
+ type = map(map(string))
+ default = {}
+}
+
variable "outpost_subnet_tags" {
description = "Additional tags for the outpost subnets"
type = map(string)