From 1e801064ad725c248d5d51120ab259b23c8066eb Mon Sep 17 00:00:00 2001 From: Mayur Nagekar Date: Tue, 16 Oct 2018 14:40:34 +0530 Subject: [PATCH 01/21] Fix for the error: module.vpc.aws_redshift_subnet_group.redshift: only lowercase alphanumeric characters and hyphens allowed in name Read more: https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/180 --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f09a07e30..5aa8c546e 100644 --- a/main.tf +++ b/main.tf @@ -220,7 +220,7 @@ resource "aws_subnet" "redshift" { resource "aws_redshift_subnet_group" "redshift" { count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? 1 : 0}" - name = "${var.name}" + name = "${lower(var.name)}" description = "Redshift subnet group for ${var.name}" subnet_ids = ["${aws_subnet.redshift.*.id}"] From 57604d2e3837dde13987bc626b7fefe714935ca2 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 11 Dec 2018 20:33:48 +0100 Subject: [PATCH 02/21] Updated pre-commit version with new terraform-docs script --- .pre-commit-config.yaml | 4 +- README.md | 237 +++++++++--------- examples/complete-vpc/README.md | 17 +- .../issue-108-route-already-exists/README.md | 13 +- .../README.md | 13 +- .../issue-46-no-private-subnets/README.md | 13 +- examples/manage-default-vpc/README.md | 5 +- examples/secondary-cidr-blocks/README.md | 13 +- examples/simple-vpc/README.md | 11 +- examples/test_fixture/README.md | 3 +- .../README.md | 15 +- 11 files changed, 167 insertions(+), 177 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c8df55229..6262d4e7a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.7.2 + rev: v1.7.4 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v1.2.3 + rev: v2.0.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 3c0a237af..2fda390ab 100644 --- a/README.md +++ b/README.md @@ -162,136 +162,135 @@ Terraform version 0.10.3 or newer is required for this module to work. * Few tests and edge cases examples: [#46](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-46-no-private-subnets), [#44](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-44-asymmetric-private-subnets), [#108](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-108-route-already-exists) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | -| assign_generated_ipv6_cidr_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | -| azs | A list of availability zones in the region | string | `` | no | +| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | +| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | +| azs | A list of availability zones in the region | list | `[]` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | -| create_database_subnet_group | Controls if database subnet group should be created | string | `true` | no | -| create_database_subnet_route_table | Controls if separate route table for database should be created | string | `false` | no | -| create_elasticache_subnet_route_table | Controls if separate route table for elasticache should be created | string | `false` | no | -| create_redshift_subnet_route_table | Controls if separate route table for redshift should be created | string | `false` | no | -| create_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | -| database_route_table_tags | Additional tags for the database route tables | string | `` | no | -| database_subnet_group_tags | Additional tags for the database subnet group | string | `` | no | -| database_subnet_suffix | Suffix to append to database subnets name | string | `db` | no | -| database_subnet_tags | Additional tags for the database subnets | string | `` | no | -| database_subnets | A list of database subnets | list | `` | no | -| default_vpc_enable_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | -| default_vpc_enable_dns_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | -| default_vpc_enable_dns_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | -| default_vpc_name | Name to be used on the Default VPC | string | `` | no | -| default_vpc_tags | Additional tags for the Default VPC | string | `` | no | -| dhcp_options_domain_name | Specifies DNS name for DHCP options set | string | `` | no | -| dhcp_options_domain_name_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `` | no | -| dhcp_options_netbios_name_servers | Specify a list of netbios servers for DHCP options set | list | `` | no | -| dhcp_options_netbios_node_type | Specify netbios node_type for DHCP options set | string | `` | no | -| dhcp_options_ntp_servers | Specify a list of NTP servers for DHCP options set | list | `` | no | -| dhcp_options_tags | Additional tags for the DHCP option set | string | `` | no | -| elasticache_route_table_tags | Additional tags for the elasticache route tables | string | `` | no | -| elasticache_subnet_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | -| elasticache_subnet_tags | Additional tags for the elasticache subnets | string | `` | no | -| elasticache_subnets | A list of elasticache subnets | list | `` | no | -| enable_dhcp_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | -| enable_dns_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | -| enable_dns_support | Should be true to enable DNS support in the VPC | string | `true` | no | -| enable_dynamodb_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | -| enable_nat_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | -| enable_s3_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | -| enable_vpn_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | -| external_nat_ip_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `` | no | -| igw_tags | Additional tags for the internet gateway | string | `` | no | -| instance_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | -| intra_route_table_tags | Additional tags for the intra route tables | string | `` | no | -| intra_subnet_tags | Additional tags for the intra subnets | string | `` | no | -| intra_subnets | A list of intra subnets | list | `` | no | -| manage_default_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | -| map_public_ip_on_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | +| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | +| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | +| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | +| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | +| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | +| database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | +| database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | +| database\_subnet\_suffix | Suffix to append to database subnets name | string | `db` | no | +| database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | +| database\_subnets | A list of database subnets | list | `[]` | no | +| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | +| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | +| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | +| default\_vpc\_name | Name to be used on the Default VPC | string | `` | no | +| default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | +| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `` | no | +| dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | +| dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | +| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `` | no | +| dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | +| dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | +| elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | +| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | +| elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | +| elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | +| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | +| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | +| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `true` | no | +| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | +| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | +| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | +| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | +| external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | +| igw\_tags | Additional tags for the internet gateway | map | `{}` | no | +| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | +| intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | +| intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | +| intra\_subnets | A list of intra subnets | list | `[]` | no | +| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | +| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | | name | Name to be used on all the resources as identifier | string | `` | no | -| nat_eip_tags | Additional tags for the NAT EIP | string | `` | no | -| nat_gateway_tags | Additional tags for the NAT gateways | string | `` | no | -| one_nat_gateway_per_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | -| private_route_table_tags | Additional tags for the private route tables | string | `` | no | -| private_subnet_suffix | Suffix to append to private subnets name | string | `private` | no | -| private_subnet_tags | Additional tags for the private subnets | string | `` | no | -| private_subnets | A list of private subnets inside the VPC | string | `` | no | -| propagate_private_route_tables_vgw | Should be true if you want route table propagation | string | `false` | no | -| propagate_public_route_tables_vgw | Should be true if you want route table propagation | string | `false` | no | -| public_route_table_tags | Additional tags for the public route tables | string | `` | no | -| public_subnet_suffix | Suffix to append to public subnets name | string | `public` | no | -| public_subnet_tags | Additional tags for the public subnets | string | `` | no | -| public_subnets | A list of public subnets inside the VPC | string | `` | no | -| redshift_route_table_tags | Additional tags for the redshift route tables | string | `` | no | -| redshift_subnet_group_tags | Additional tags for the redshift subnet group | string | `` | no | -| redshift_subnet_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | -| redshift_subnet_tags | Additional tags for the redshift subnets | string | `` | no | -| redshift_subnets | A list of redshift subnets | list | `` | no | -| reuse_nat_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | -| secondary_cidr_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | string | `` | no | -| single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | -| tags | A map of tags to add to all resources | string | `` | no | -| vpc_tags | Additional tags for the VPC | string | `` | no | -| vpn_gateway_id | ID of VPN Gateway to attach to the VPC | string | `` | no | -| vpn_gateway_tags | Additional tags for the VPN gateway | string | `` | no | +| nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | +| nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | +| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | +| private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | +| private\_subnet\_suffix | Suffix to append to private subnets name | string | `private` | no | +| private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | +| private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | +| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | +| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | +| public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | +| public\_subnet\_suffix | Suffix to append to public subnets name | string | `public` | no | +| public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | +| public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | +| redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | +| redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | +| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | +| redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | +| redshift\_subnets | A list of redshift subnets | list | `[]` | no | +| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | +| secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | +| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | +| tags | A map of tags to add to all resources | map | `{}` | no | +| vpc\_tags | Additional tags for the VPC | map | `{}` | no | +| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `` | no | +| vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| database_route_table_ids | List of IDs of database route tables | -| database_subnet_group | ID of database subnet group | -| database_subnets | List of IDs of database subnets | -| database_subnets_cidr_blocks | List of cidr_blocks of database subnets | -| default_network_acl_id | The ID of the default network ACL | -| default_route_table_id | The ID of the default route table | -| default_security_group_id | The ID of the security group created by default on VPC creation | -| default_vpc_cidr_block | The CIDR block of the VPC | -| default_vpc_default_network_acl_id | The ID of the default network ACL | -| default_vpc_default_route_table_id | The ID of the default route table | -| default_vpc_default_security_group_id | The ID of the security group created by default on VPC creation | -| default_vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support | -| default_vpc_enable_dns_support | Whether or not the VPC has DNS support | -| default_vpc_id | The ID of the VPC | -| default_vpc_instance_tenancy | Tenancy of instances spin up within VPC | -| default_vpc_main_route_table_id | The ID of the main route table associated with this VPC | -| elasticache_route_table_ids | List of IDs of elasticache route tables | -| elasticache_subnet_group | ID of elasticache subnet group | -| elasticache_subnet_group_name | Name of elasticache subnet group | -| elasticache_subnets | List of IDs of elasticache subnets | -| elasticache_subnets_cidr_blocks | List of cidr_blocks of elasticache subnets | -| igw_id | The ID of the Internet Gateway | -| intra_route_table_ids | List of IDs of intra route tables | -| intra_subnets | List of IDs of intra subnets | -| intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets | -| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway | -| natgw_ids | List of NAT Gateway IDs | -| private_route_table_ids | List of IDs of private route tables | -| private_subnets | List of IDs of private subnets | -| private_subnets_cidr_blocks | List of cidr_blocks of private subnets | -| public_route_table_ids | List of IDs of public route tables | -| public_subnets | List of IDs of public subnets | -| public_subnets_cidr_blocks | List of cidr_blocks of public subnets | -| redshift_route_table_ids | List of IDs of redshift route tables | -| redshift_subnet_group | ID of redshift subnet group | -| redshift_subnets | List of IDs of redshift subnets | -| redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets | -| vgw_id | The ID of the VPN Gateway | -| vpc_cidr_block | The CIDR block of the VPC | -| vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support | -| vpc_enable_dns_support | Whether or not the VPC has DNS support | -| vpc_endpoint_dynamodb_id | The ID of VPC endpoint for DynamoDB | -| vpc_endpoint_dynamodb_pl_id | The prefix list for the DynamoDB VPC endpoint. | -| vpc_endpoint_s3_id | The ID of VPC endpoint for S3 | -| vpc_endpoint_s3_pl_id | The prefix list for the S3 VPC endpoint. | -| vpc_id | The ID of the VPC | -| vpc_instance_tenancy | Tenancy of instances spin up within VPC | -| vpc_main_route_table_id | The ID of the main route table associated with this VPC | -| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC | +| database\_route\_table\_ids | List of IDs of database route tables | +| database\_subnet\_group | ID of database subnet group | +| database\_subnets | List of IDs of database subnets | +| database\_subnets\_cidr\_blocks | List of cidr_blocks of database subnets | +| default\_network\_acl\_id | The ID of the default network ACL | +| default\_route\_table\_id | The ID of the default route table | +| default\_security\_group\_id | The ID of the security group created by default on VPC creation | +| default\_vpc\_cidr\_block | The CIDR block of the VPC | +| default\_vpc\_default\_network\_acl\_id | The ID of the default network ACL | +| default\_vpc\_default\_route\_table\_id | The ID of the default route table | +| default\_vpc\_default\_security\_group\_id | The ID of the security group created by default on VPC creation | +| default\_vpc\_enable\_dns\_hostnames | Whether or not the VPC has DNS hostname support | +| default\_vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | +| default\_vpc\_id | The ID of the VPC | +| default\_vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | +| default\_vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | +| elasticache\_route\_table\_ids | List of IDs of elasticache route tables | +| elasticache\_subnet\_group | ID of elasticache subnet group | +| elasticache\_subnet\_group\_name | Name of elasticache subnet group | +| elasticache\_subnets | List of IDs of elasticache subnets | +| elasticache\_subnets\_cidr\_blocks | List of cidr_blocks of elasticache subnets | +| igw\_id | The ID of the Internet Gateway | +| intra\_route\_table\_ids | List of IDs of intra route tables | +| intra\_subnets | List of IDs of intra subnets | +| intra\_subnets\_cidr\_blocks | List of cidr_blocks of intra subnets | +| nat\_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| natgw\_ids | List of NAT Gateway IDs | +| private\_route\_table\_ids | List of IDs of private route tables | +| private\_subnets | List of IDs of private subnets | +| private\_subnets\_cidr\_blocks | List of cidr_blocks of private subnets | +| public\_route\_table\_ids | List of IDs of public route tables | +| public\_subnets | List of IDs of public subnets | +| public\_subnets\_cidr\_blocks | List of cidr_blocks of public subnets | +| redshift\_route\_table\_ids | List of IDs of redshift route tables | +| redshift\_subnet\_group | ID of redshift subnet group | +| redshift\_subnets | List of IDs of redshift subnets | +| redshift\_subnets\_cidr\_blocks | List of cidr_blocks of redshift subnets | +| vgw\_id | The ID of the VPN Gateway | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_enable\_dns\_hostnames | Whether or not the VPC has DNS hostname support | +| vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | +| vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB | +| vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. | +| vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | +| vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | +| vpc\_id | The ID of the VPC | +| vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | +| vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | +| vpc\_secondary\_cidr\_blocks | List of secondary CIDR blocks of the VPC | diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index c8d26a451..31670d6ce 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -17,18 +17,17 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| intra_subnets | List of IDs of intra subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| redshift_subnets | List of IDs of redshift subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| intra\_subnets | List of IDs of intra subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| redshift\_subnets | List of IDs of redshift subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/issue-108-route-already-exists/README.md b/examples/issue-108-route-already-exists/README.md index bd2c57560..7aa22941a 100644 --- a/examples/issue-108-route-already-exists/README.md +++ b/examples/issue-108-route-already-exists/README.md @@ -19,16 +19,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/issue-44-asymmetric-private-subnets/README.md b/examples/issue-44-asymmetric-private-subnets/README.md index 24c4db444..2484554d2 100644 --- a/examples/issue-44-asymmetric-private-subnets/README.md +++ b/examples/issue-44-asymmetric-private-subnets/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/issue-46-no-private-subnets/README.md b/examples/issue-46-no-private-subnets/README.md index 958b13289..b87e05e37 100644 --- a/examples/issue-46-no-private-subnets/README.md +++ b/examples/issue-46-no-private-subnets/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index 6c509e6ea..3adff908b 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -17,12 +17,11 @@ $ terraform apply Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| default_vpc_cidr_block | The CIDR block of the VPC | -| default_vpc_id | Default VPC | +| default\_vpc\_cidr\_block | The CIDR block of the VPC | +| default\_vpc\_id | The ID of the Default VPC | diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 6d7cade4d..feb462fe3 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_cidr_block | CIDR blocks | -| vpc_id | VPC | -| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | +| vpc\_secondary\_cidr\_blocks | List of secondary CIDR blocks of the VPC | diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index ff94ad03c..97c48ea83 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -17,15 +17,14 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_cidr_block | CIDR blocks | -| vpc_id | VPC | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index fc2ab69bd..db7173a41 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -21,12 +21,11 @@ Finished in 4.25 seconds (files took 2.75 seconds to load) This will destroy any existing test resources, create the resources afresh, run the tests, report back, and destroy the resources. - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| region | | string | `eu-west-1` | no | +| region | - | string | `eu-west-1` | no | ## Outputs diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md index 332c12a25..0688e3a2c 100644 --- a/examples/vpc-separate-private-route-tables/README.md +++ b/examples/vpc-separate-private-route-tables/README.md @@ -17,17 +17,16 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| redshift_subnets | List of IDs of elasticache subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| redshift\_subnets | List of IDs of elasticache subnets | +| vpc\_id | The ID of the VPC | From 81895e74ab6aa09942b8c348f71a68583bc1023b Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 12 Dec 2018 13:32:53 +0100 Subject: [PATCH 03/21] Added IGW route for DB subnets (based on #179) --- README.md | 14 ++++++++++++++ examples/complete-vpc/main.tf | 7 ++++++- main.tf | 12 ++++++++++++ variables.tf | 5 +++++ 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fda390ab..dcb4dfd4a 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,19 @@ module "vpc" { } ``` +## Public access to RDS instances + +Sometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments: + +```hcl + create_database_subnet_group = true + create_database_subnet_route_table = true + create_database_internet_gateway_route = true + + enable_dns_hostnames = true + enable_dns_support = true +``` + ## Terraform version Terraform version 0.10.3 or newer is required for this module to work. @@ -170,6 +183,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | | azs | A list of availability zones in the region | list | `[]` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | +| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | | create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 67e3d2bc0..0e49bad0f 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -17,13 +17,18 @@ module "vpc" { redshift_subnets = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"] intra_subnets = ["10.10.51.0/24", "10.10.52.0/24", "10.10.53.0/24"] - create_database_subnet_group = false + create_database_subnet_group = true + create_database_subnet_route_table = true + create_database_internet_gateway_route = true enable_nat_gateway = true single_nat_gateway = true enable_vpn_gateway = true + enable_dns_hostnames = true + enable_dns_support = true + enable_s3_endpoint = true enable_dynamodb_endpoint = true diff --git a/main.tf b/main.tf index 5aa8c546e..091c36585 100644 --- a/main.tf +++ b/main.tf @@ -121,6 +121,18 @@ resource "aws_route_table" "database" { tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}" } +resource "aws_route" "database_internet_gateway" { + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0}" + + route_table_id = "${aws_route_table.database.id}" + destination_cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.this.id}" + + timeouts { + create = "5m" + } +} + ################# # Redshift routes ################# diff --git a/variables.tf b/variables.tf index 13af9383f..8694fbfa4 100644 --- a/variables.tf +++ b/variables.tf @@ -107,6 +107,11 @@ variable "create_database_subnet_group" { default = true } +variable "create_database_internet_gateway_route" { + description = "Controls if an internet gateway route for public database access should be created" + default = false +} + variable "azs" { description = "A list of availability zones in the region" default = [] From 14b42376937fbbfd826d4be914c65021ac61e007 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 12 Dec 2018 13:35:19 +0100 Subject: [PATCH 04/21] Reverted complete-example --- examples/complete-vpc/main.tf | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 0e49bad0f..67e3d2bc0 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -17,18 +17,13 @@ module "vpc" { redshift_subnets = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"] intra_subnets = ["10.10.51.0/24", "10.10.52.0/24", "10.10.53.0/24"] - create_database_subnet_group = true - create_database_subnet_route_table = true - create_database_internet_gateway_route = true + create_database_subnet_group = false enable_nat_gateway = true single_nat_gateway = true enable_vpn_gateway = true - enable_dns_hostnames = true - enable_dns_support = true - enable_s3_endpoint = true enable_dynamodb_endpoint = true From 4e484aa7f4d48172a200f2b59e543830ee55ea1c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 27 Dec 2018 12:53:07 +0100 Subject: [PATCH 05/21] Added azs to outputs which is an argument --- README.md | 1 + examples/simple-vpc/README.md | 1 + examples/simple-vpc/outputs.tf | 6 ++++++ outputs.tf | 4 ++++ 4 files changed, 12 insertions(+) diff --git a/README.md b/README.md index dcb4dfd4a..5916aac27 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | |------|-------------| +| azs | A list of availability zones spefified as argument to this module | | database\_route\_table\_ids | List of IDs of database route tables | | database\_subnet\_group | ID of database subnet group | | database\_subnets | List of IDs of database subnets | diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index 97c48ea83..ccb7ccecd 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -21,6 +21,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Description | |------|-------------| +| azs | A list of availability zones spefified as argument to this module | | nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | | private\_subnets | List of IDs of private subnets | | public\_subnets | List of IDs of public subnets | diff --git a/examples/simple-vpc/outputs.tf b/examples/simple-vpc/outputs.tf index 35eb73359..7ab197f4a 100644 --- a/examples/simple-vpc/outputs.tf +++ b/examples/simple-vpc/outputs.tf @@ -31,3 +31,9 @@ output "nat_public_ips" { description = "List of public Elastic IPs created for AWS NAT Gateway" value = ["${module.vpc.nat_public_ips}"] } + +# AZs +output "azs" { + description = "A list of availability zones spefified as argument to this module" + value = ["${module.vpc.azs}"] +} diff --git a/outputs.tf b/outputs.tf index c19aba155..64ebabf61 100644 --- a/outputs.tf +++ b/outputs.tf @@ -278,3 +278,7 @@ output "default_vpc_main_route_table_id" { // value = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}" //} +output "azs" { + description = "A list of availability zones spefified as argument to this module" + value = "${var.azs}" +} From 8a293e73b8263998f283e160692b50b96b660eed Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 10 Jan 2019 10:45:47 +0100 Subject: [PATCH 06/21] Added possibility to control creation of elasticache and redshift subnet groups --- README.md | 4 +++- main.tf | 4 ++-- outputs.tf | 2 +- variables.tf | 22 ++++++++++++++++------ 4 files changed, 22 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5916aac27..e228ffd79 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,9 @@ Terraform version 0.10.3 or newer is required for this module to work. | create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | +| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `true` | no | | create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | +| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `true` | no | | create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | | create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | | database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | @@ -255,7 +257,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | |------|-------------| -| azs | A list of availability zones spefified as argument to this module | +| azs | A list of availability zones specified as argument to this module | | database\_route\_table\_ids | List of IDs of database route tables | | database\_subnet\_group | ID of database subnet group | | database\_subnets | List of IDs of database subnets | diff --git a/main.tf b/main.tf index 091c36585..a4156ba26 100644 --- a/main.tf +++ b/main.tf @@ -230,7 +230,7 @@ resource "aws_subnet" "redshift" { } resource "aws_redshift_subnet_group" "redshift" { - count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? 1 : 0}" + count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0}" name = "${lower(var.name)}" description = "Redshift subnet group for ${var.name}" @@ -253,7 +253,7 @@ resource "aws_subnet" "elasticache" { } resource "aws_elasticache_subnet_group" "elasticache" { - count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? 1 : 0}" + count = "${var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0}" name = "${var.name}" description = "ElastiCache subnet group for ${var.name}" diff --git a/outputs.tf b/outputs.tf index 64ebabf61..8d6b08b6e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -279,6 +279,6 @@ output "default_vpc_main_route_table_id" { //} output "azs" { - description = "A list of availability zones spefified as argument to this module" + description = "A list of availability zones specified as argument to this module" value = "${var.azs}" } diff --git a/variables.tf b/variables.tf index 8694fbfa4..5f423959c 100644 --- a/variables.tf +++ b/variables.tf @@ -81,6 +81,12 @@ variable "elasticache_subnets" { default = [] } +variable "intra_subnets" { + type = "list" + description = "A list of intra subnets" + default = [] +} + variable "create_database_subnet_route_table" { description = "Controls if separate route table for database should be created" default = false @@ -96,17 +102,21 @@ variable "create_elasticache_subnet_route_table" { default = false } -variable "intra_subnets" { - type = "list" - description = "A list of intra subnets" - default = [] -} - variable "create_database_subnet_group" { description = "Controls if database subnet group should be created" default = true } +variable "create_elasticache_subnet_group" { + description = "Controls if elasticache subnet group should be created" + default = true +} + +variable "create_redshift_subnet_group" { + description = "Controls if redshift subnet group should be created" + default = true +} + variable "create_database_internet_gateway_route" { description = "Controls if an internet gateway route for public database access should be created" default = false From ce5212fb0d286104a1fdd4746633e327f5ee04de Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 17 Jan 2019 21:15:41 +0100 Subject: [PATCH 07/21] Added SSM and EC2 VPC endpoints (fixes #195, #194) --- README.md | 94 ++++++++++++++++++-------------- examples/complete-vpc/README.md | 3 + examples/complete-vpc/main.tf | 28 +++++++++- examples/complete-vpc/outputs.tf | 34 ++++++++++++ examples/test_fixture/README.md | 2 +- main.tf | 42 ++++++++++++++ outputs.tf | 72 +++++++++++++++++------- variables.tf | 40 ++++++++++++++ 8 files changed, 251 insertions(+), 64 deletions(-) diff --git a/README.md b/README.md index e228ffd79..46a32b22c 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ These types of resources are supported: * [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) * [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html) * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) -* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (S3 and DynamoDB) +* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (Gateway: S3, DynamoDB; Interface: EC2, SSM) * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) @@ -179,78 +179,86 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | -| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | +| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `"64512"` | no | +| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no | | azs | A list of availability zones in the region | list | `[]` | no | -| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | -| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | -| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | -| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | -| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `true` | no | -| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | -| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `true` | no | -| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | -| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | +| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no | +| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no | +| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no | +| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no | +| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no | +| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `"false"` | no | +| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `"true"` | no | +| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `"false"` | no | +| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `"true"` | no | | database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | | database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | -| database\_subnet\_suffix | Suffix to append to database subnets name | string | `db` | no | +| database\_subnet\_suffix | Suffix to append to database subnets name | string | `"db"` | no | | database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | | database\_subnets | A list of database subnets | list | `[]` | no | -| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | -| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | -| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | -| default\_vpc\_name | Name to be used on the Default VPC | string | `` | no | +| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `"true"` | no | +| default\_vpc\_name | Name to be used on the Default VPC | string | `""` | no | | default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | -| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `` | no | +| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `""` | no | | dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | | dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | -| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `` | no | +| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `""` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | +| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `"false"` | no | +| ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | list | `[]` | no | +| ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | -| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | +| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no | | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | | elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | -| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | -| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | -| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `true` | no | -| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | -| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | -| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | -| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | +| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no | +| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no | +| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no | +| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no | +| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no | +| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | +| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | +| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | +| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | | igw\_tags | Additional tags for the internet gateway | map | `{}` | no | -| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | +| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no | | intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | | intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | | intra\_subnets | A list of intra subnets | list | `[]` | no | -| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | -| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | -| name | Name to be used on all the resources as identifier | string | `` | no | +| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `"false"` | no | +| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `"true"` | no | +| name | Name to be used on all the resources as identifier | string | `""` | no | | nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | | nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | -| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | +| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `"false"` | no | | private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | -| private\_subnet\_suffix | Suffix to append to private subnets name | string | `private` | no | +| private\_subnet\_suffix | Suffix to append to private subnets name | string | `"private"` | no | | private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | | private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | -| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | -| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | +| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | +| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | | public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | -| public\_subnet\_suffix | Suffix to append to public subnets name | string | `public` | no | +| public\_subnet\_suffix | Suffix to append to public subnets name | string | `"public"` | no | | public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | | public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | | redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | -| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | +| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `"redshift"` | no | | redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | | redshift\_subnets | A list of redshift subnets | list | `[]` | no | -| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | +| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no | | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | -| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | +| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | +| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | +| ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | +| ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | tags | A map of tags to add to all resources | map | `{}` | no | | vpc\_tags | Additional tags for the VPC | map | `{}` | no | -| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `` | no | +| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no | | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | ## Outputs @@ -302,8 +310,14 @@ Terraform version 0.10.3 or newer is required for this module to work. | vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | | vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB | | vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. | +| vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. | +| vpc\_endpoint\_ec2\_id | The ID of VPC endpoint for EC2 | +| vpc\_endpoint\_ec2\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 | | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | +| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | +| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | | vpc\_id | The ID of the VPC | | vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | | vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index 31670d6ce..7a0a4a96d 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -28,6 +28,9 @@ Note that this example may create resources which can cost money (AWS Elastic IP | private\_subnets | List of IDs of private subnets | | public\_subnets | List of IDs of public subnets | | redshift\_subnets | List of IDs of redshift subnets | +| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | +| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | | vpc\_id | The ID of the VPC | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 67e3d2bc0..59da401fc 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -2,6 +2,11 @@ provider "aws" { region = "eu-west-1" } +data "aws_security_group" "default" { + name = "default" + vpc_id = "${module.vpc.vpc_id}" +} + module "vpc" { source = "../../" @@ -19,18 +24,35 @@ module "vpc" { create_database_subnet_group = false + enable_dns_hostnames = true + enable_dns_support = true + enable_nat_gateway = true single_nat_gateway = true enable_vpn_gateway = true - enable_s3_endpoint = true - enable_dynamodb_endpoint = true - enable_dhcp_options = true dhcp_options_domain_name = "service.consul" dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] + # VPC endpoint for S3 + enable_s3_endpoint = true + + # VPC endpoint for DynamoDB + enable_dynamodb_endpoint = true + + # VPC endpoint for SSM + enable_ssm_endpoint = true + ssm_endpoint_private_dns_enabled = true + ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + // ssm_endpoint_subnet_ids = ["..."] + + # VPC Endpoint for EC2 + enable_ec2_endpoint = true + ec2_endpoint_private_dns_enabled = true + ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] tags = { Owner = "user" Environment = "staging" diff --git a/examples/complete-vpc/outputs.tf b/examples/complete-vpc/outputs.tf index 3cbd012be..871359d39 100644 --- a/examples/complete-vpc/outputs.tf +++ b/examples/complete-vpc/outputs.tf @@ -40,3 +40,37 @@ output "nat_public_ips" { description = "List of public Elastic IPs created for AWS NAT Gateway" value = ["${module.vpc.nat_public_ips}"] } + +# VPC endpoints +output "vpc_endpoint_ssm_id" { + description = "The ID of VPC endpoint for SSM" + value = "${module.vpc.vpc_endpoint_ssm_id}" +} + +output "vpc_endpoint_ssm_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSM." + value = ["${module.vpc.vpc_endpoint_ssm_network_interface_ids}"] +} + +output "vpc_endpoint_ssm_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSM." + value = ["${module.vpc.vpc_endpoint_ssm_dns_entry}"] +} + +// +//# VPC endpoints +//output "vpc_endpoint_ec2_id" { +// description = "The ID of VPC endpoint for EC2" +// value = "${module.vpc.vpc_endpoint_ec2_id}" +//} +// +//output "vpc_endpoint_ec2_network_interface_ids" { +// description = "One or more network interfaces for the VPC Endpoint for EC2." +// value = ["${module.vpc.vpc_endpoint_ec2_network_interface_ids}"] +//} +// +//output "vpc_endpoint_ec2_dns_entry" { +// description = "The DNS entries for the VPC Endpoint for EC2." +// value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"] +//} + diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index db7173a41..2fec823b1 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -25,7 +25,7 @@ This will destroy any existing test resources, create the resources afresh, run | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| region | - | string | `eu-west-1` | no | +| region | | string | `"eu-west-1"` | no | ## Outputs diff --git a/main.tf b/main.tf index a4156ba26..f15da46d7 100644 --- a/main.tf +++ b/main.tf @@ -393,6 +393,48 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { route_table_id = "${aws_route_table.public.id}" } +###################### +# VPC Endpoint for SSM +###################### +data "aws_vpc_endpoint_service" "ssm" { + count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" + + service = "ssm" +} + +resource "aws_vpc_endpoint" "ssm" { + count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ssm.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ssm_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" +} + +###################### +# VPC Endpoint for EC2 +###################### +data "aws_vpc_endpoint_service" "ec2" { + count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" + + service = "ec2" +} + +resource "aws_vpc_endpoint" "ec2" { + count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ec2.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ec2_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" +} + ########################## # Route table association ########################## diff --git a/outputs.tf b/outputs.tf index 8d6b08b6e..0fcd28c3f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -193,31 +193,11 @@ output "igw_id" { value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}" } -output "vpc_endpoint_s3_id" { - description = "The ID of VPC endpoint for S3" - value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}" -} - -output "vpc_endpoint_s3_pl_id" { - description = "The prefix list for the S3 VPC endpoint." - value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}" -} - -output "vpc_endpoint_dynamodb_id" { - description = "The ID of VPC endpoint for DynamoDB" - value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}" -} - output "vgw_id" { description = "The ID of the VPN Gateway" value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}" } -output "vpc_endpoint_dynamodb_pl_id" { - description = "The prefix list for the DynamoDB VPC endpoint." - value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}" -} - output "default_vpc_id" { description = "The ID of the VPC" value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}" @@ -278,6 +258,58 @@ output "default_vpc_main_route_table_id" { // value = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}" //} +# VPC Endpoints +output "vpc_endpoint_s3_id" { + description = "The ID of VPC endpoint for S3" + value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}" +} + +output "vpc_endpoint_s3_pl_id" { + description = "The prefix list for the S3 VPC endpoint." + value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}" +} + +output "vpc_endpoint_dynamodb_id" { + description = "The ID of VPC endpoint for DynamoDB" + value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}" +} + +output "vpc_endpoint_dynamodb_pl_id" { + description = "The prefix list for the DynamoDB VPC endpoint." + value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}" +} + +output "vpc_endpoint_ssm_id" { + description = "The ID of VPC endpoint for SSM" + value = "${element(concat(aws_vpc_endpoint.ssm.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ssm_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSM." + value = "${flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)}" +} + +output "vpc_endpoint_ssm_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSM." + value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}" +} + +output "vpc_endpoint_ec2_id" { + description = "The ID of VPC endpoint for EC2" + value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ec2_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EC2" + value = "${flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)}" +} + +output "vpc_endpoint_ec2_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EC2." + value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}" +} + +# Static values (arguments) output "azs" { description = "A list of availability zones specified as argument to this module" value = "${var.azs}" diff --git a/variables.tf b/variables.tf index 5f423959c..4c778ada5 100644 --- a/variables.tf +++ b/variables.tf @@ -173,6 +173,46 @@ variable "enable_s3_endpoint" { default = false } +variable "enable_ssm_endpoint" { + description = "Should be true if you want to provision an SSM endpoint to the VPC" + default = false +} + +variable "ssm_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SSM endpoint" + default = [] +} + +variable "ssm_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "ssm_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint" + default = false +} + +variable "enable_ec2_endpoint" { + description = "Should be true if you want to provision an EC2 endpoint to the VPC" + default = false +} + +variable "ec2_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint" + default = [] +} + +variable "ec2_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint" + default = false +} + +variable "ec2_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" default = true From 01601169c00c68f37d5df8a80cc17c88f02c04d0 Mon Sep 17 00:00:00 2001 From: ebarault Date: Fri, 11 Jan 2019 18:47:09 +0100 Subject: [PATCH 08/21] adding option to create a route to nat gateway in database subnets --- main.tf | 13 ++++++++++++- variables.tf | 5 +++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a4156ba26..d3d1be44d 100644 --- a/main.tf +++ b/main.tf @@ -122,7 +122,7 @@ resource "aws_route_table" "database" { } resource "aws_route" "database_internet_gateway" { - count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0}" + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0}" route_table_id = "${aws_route_table.database.id}" destination_cidr_block = "0.0.0.0/0" @@ -133,6 +133,17 @@ resource "aws_route" "database_internet_gateway" { } } +resource "aws_route" "database_nat_gateway" { + count = "${var.create_vpc && var.enable_nat_gateway && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_nat_gateway_route && !var.create_database_internet_gateway_route ? local.nat_gateway_count : 0}" + route_table_id = "${element(aws_route_table.private.*.id, count.index)}" + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}" + + timeouts { + create = "5m" + } +} + ################# # Redshift routes ################# diff --git a/variables.tf b/variables.tf index 5f423959c..9665bef59 100644 --- a/variables.tf +++ b/variables.tf @@ -122,6 +122,11 @@ variable "create_database_internet_gateway_route" { default = false } +variable "create_database_nat_gateway_route" { + description = "Controls if a nat gateway route should be created to give internet access to the database subnets" + default = false +} + variable "azs" { description = "A list of availability zones in the region" default = [] From 8e2f50e6c8f8fd8b0abcaf2c4150d7446276fcaa Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 18 Jan 2019 12:16:50 +0100 Subject: [PATCH 09/21] Reordered vars in count for database_nat_gateway route --- .pre-commit-config.yaml | 4 ++-- README.md | 1 + main.tf | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6262d4e7a..c8299b7a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.7.4 + rev: v1.8.1 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v2.0.0 + rev: v2.1.0 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 46a32b22c..5bde0c2a6 100644 --- a/README.md +++ b/README.md @@ -184,6 +184,7 @@ Terraform version 0.10.3 or newer is required for this module to work. | azs | A list of availability zones in the region | list | `[]` | no | | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no | | create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no | +| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no | | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no | | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no | | create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no | diff --git a/main.tf b/main.tf index 3a5645cc9..48ccf584a 100644 --- a/main.tf +++ b/main.tf @@ -134,7 +134,7 @@ resource "aws_route" "database_internet_gateway" { } resource "aws_route" "database_nat_gateway" { - count = "${var.create_vpc && var.enable_nat_gateway && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_nat_gateway_route && !var.create_database_internet_gateway_route ? local.nat_gateway_count : 0}" + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0}" route_table_id = "${element(aws_route_table.private.*.id, count.index)}" destination_cidr_block = "0.0.0.0/0" nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}" From c1c373687d41066c5762e47b3453c95a6c3d7f19 Mon Sep 17 00:00:00 2001 From: thebugfinder Date: Tue, 22 Jan 2019 08:51:17 +0100 Subject: [PATCH 10/21] add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm. --- main.tf | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- outputs.tf | 30 ++++++++++++++++++++++++++++++ variables.tf | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 116 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 48ccf584a..6d3b88c7f 100644 --- a/main.tf +++ b/main.tf @@ -404,9 +404,9 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { route_table_id = "${aws_route_table.public.id}" } -###################### +####################### # VPC Endpoint for SSM -###################### +####################### data "aws_vpc_endpoint_service" "ssm" { count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" @@ -425,9 +425,30 @@ resource "aws_vpc_endpoint" "ssm" { private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" } -###################### +############################### +# VPC Endpoint for SSMMESSAGES +############################### +data "aws_vpc_endpoint_service" "ssmmessages" { + count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" + + service = "ssmmessages" +} + +resource "aws_vpc_endpoint" "ssmmessages" { + count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ssmmessages_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}" +} + +####################### # VPC Endpoint for EC2 -###################### +####################### data "aws_vpc_endpoint_service" "ec2" { count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" @@ -446,6 +467,27 @@ resource "aws_vpc_endpoint" "ec2" { private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" } +############################### +# VPC Endpoint for EC2MESSAGES +############################### +data "aws_vpc_endpoint_service" "ec2messages" { + count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" + + service = "ec2messages" +} + +resource "aws_vpc_endpoint" "ec2messages" { + count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ec2messages.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ec2messages_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" +} + ########################## # Route table association ########################## diff --git a/outputs.tf b/outputs.tf index 0fcd28c3f..14ada0390 100644 --- a/outputs.tf +++ b/outputs.tf @@ -294,6 +294,21 @@ output "vpc_endpoint_ssm_dns_entry" { value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}" } +output "vpc_endpoint_ssmmessages_id" { + description = "The ID of VPC endpoint for SSMMESSAGES" + value = "${element(concat(aws_vpc_endpoint.ssmmessages.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ssmmessages_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGS." + value = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}" +} + +output "vpc_endpoint_ssmmessages_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSMMESSAGES." + value = "${flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)}" +} + output "vpc_endpoint_ec2_id" { description = "The ID of VPC endpoint for EC2" value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}" @@ -309,6 +324,21 @@ output "vpc_endpoint_ec2_dns_entry" { value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}" } +output "vpc_endpoint_ec2messages_id" { + description = "The ID of VPC endpoint for EC2MESSAGES" + value = "${element(concat(aws_vpc_endpoint.ec2messages.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ec2messages_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES" + value = "${flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)}" +} + +output "vpc_endpoint_ec2messages_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EC2MESSAGES." + value = "${flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)}" +} + # Static values (arguments) output "azs" { description = "A list of availability zones specified as argument to this module" diff --git a/variables.tf b/variables.tf index cff021398..d60ef0f1b 100644 --- a/variables.tf +++ b/variables.tf @@ -198,6 +198,26 @@ variable "ssm_endpoint_private_dns_enabled" { default = false } +variable "enable_ssmmessages_endpoint" { + description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC" + default = false +} + +variable "ssmmessages_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint" + default = [] +} + +variable "ssmmessages_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "ssmmessages_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint" + default = false +} + variable "enable_ec2_endpoint" { description = "Should be true if you want to provision an EC2 endpoint to the VPC" default = false @@ -218,6 +238,26 @@ variable "ec2_endpoint_subnet_ids" { default = [] } +variable "enable_ec2messages_endpoint" { + description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC" + default = false +} + +variable "ec2messages_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint" + default = [] +} + +variable "ec2messages_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint" + default = false +} + +variable "ec2messages_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" default = true From f96e59c786573d628d4d15ad3cce876d93037cd5 Mon Sep 17 00:00:00 2001 From: thebugfinder Date: Tue, 22 Jan 2019 08:58:18 +0100 Subject: [PATCH 11/21] fix typo --- outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 14ada0390..277706622 100644 --- a/outputs.tf +++ b/outputs.tf @@ -300,7 +300,7 @@ output "vpc_endpoint_ssmmessages_id" { } output "vpc_endpoint_ssmmessages_network_interface_ids" { - description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGS." + description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES." value = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}" } From 92596fa7359a1fea5d2a7ac702fdc8a58b1fe5c0 Mon Sep 17 00:00:00 2001 From: thebugfinder Date: Fri, 1 Feb 2019 08:41:34 +0100 Subject: [PATCH 12/21] add additional endpoints to examples --- examples/complete-vpc/main.tf | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 59da401fc..d90448803 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -43,16 +43,27 @@ module "vpc" { enable_dynamodb_endpoint = true # VPC endpoint for SSM - enable_ssm_endpoint = true - ssm_endpoint_private_dns_enabled = true - ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + enable_ssm_endpoint = true + ssm_endpoint_private_dns_enabled = true + ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] // ssm_endpoint_subnet_ids = ["..."] + # VPC endpoint for SSMMESSAGES + enable_ssmmessages_endpoint = true + ssmmessages_endpoint_private_dns_enabled = true + ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + # VPC Endpoint for EC2 - enable_ec2_endpoint = true - ec2_endpoint_private_dns_enabled = true - ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + enable_ec2_endpoint = true + ec2_endpoint_private_dns_enabled = true + ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for EC2MESSAGES + enable_ec2messages_endpoint = true + ec2messages_endpoint_private_dns_enabled = true + ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + tags = { Owner = "user" Environment = "staging" From d001144718e6e0a94369ee4639d4eacb65c6fafe Mon Sep 17 00:00:00 2001 From: thebugfinder Date: Fri, 1 Feb 2019 08:59:20 +0100 Subject: [PATCH 13/21] add files updated by pre-commit --- README.md | 102 ++++++++++++++++++-------------- examples/complete-vpc/main.tf | 15 ++--- examples/test_fixture/README.md | 2 +- 3 files changed, 65 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 5bde0c2a6..c75b4c161 100644 --- a/README.md +++ b/README.md @@ -179,87 +179,95 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `"64512"` | no | -| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no | +| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | +| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | | azs | A list of availability zones in the region | list | `[]` | no | -| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no | -| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no | -| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no | -| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no | -| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no | -| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no | -| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `"false"` | no | -| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `"true"` | no | -| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `"false"` | no | -| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `"true"` | no | +| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | +| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | +| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `false` | no | +| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | +| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | +| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `true` | no | +| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | +| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `true` | no | +| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | +| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | | database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | | database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | -| database\_subnet\_suffix | Suffix to append to database subnets name | string | `"db"` | no | +| database\_subnet\_suffix | Suffix to append to database subnets name | string | `db` | no | | database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | | database\_subnets | A list of database subnets | list | `[]` | no | -| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `"false"` | no | -| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `"false"` | no | -| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `"true"` | no | -| default\_vpc\_name | Name to be used on the Default VPC | string | `""` | no | +| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | +| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | +| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | +| default\_vpc\_name | Name to be used on the Default VPC | string | `` | no | | default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | -| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `""` | no | +| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `` | no | | dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | | dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | -| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `""` | no | +| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | -| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `"false"` | no | +| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `false` | no | | ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | list | `[]` | no | | ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ec2messages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint | string | `false` | no | +| ec2messages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint | list | `[]` | no | +| ec2messages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | -| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no | +| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | | elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | -| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no | -| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no | -| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no | -| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no | -| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no | -| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | -| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | -| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | -| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | +| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | +| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | +| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `true` | no | +| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | +| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `false` | no | +| enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `false` | no | +| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | +| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | +| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `false` | no | +| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `false` | no | +| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | | igw\_tags | Additional tags for the internet gateway | map | `{}` | no | -| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no | +| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | | intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | | intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | | intra\_subnets | A list of intra subnets | list | `[]` | no | -| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `"false"` | no | -| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `"true"` | no | -| name | Name to be used on all the resources as identifier | string | `""` | no | +| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | +| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | +| name | Name to be used on all the resources as identifier | string | `` | no | | nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | | nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | -| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `"false"` | no | +| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | | private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | -| private\_subnet\_suffix | Suffix to append to private subnets name | string | `"private"` | no | +| private\_subnet\_suffix | Suffix to append to private subnets name | string | `private` | no | | private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | | private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | -| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | -| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | +| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | +| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | | public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | -| public\_subnet\_suffix | Suffix to append to public subnets name | string | `"public"` | no | +| public\_subnet\_suffix | Suffix to append to public subnets name | string | `public` | no | | public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | | public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | | redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | -| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `"redshift"` | no | +| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | | redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | | redshift\_subnets | A list of redshift subnets | list | `[]` | no | -| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no | +| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | -| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | -| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | +| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | +| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `false` | no | | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `false` | no | +| ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no | +| ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | tags | A map of tags to add to all resources | map | `{}` | no | | vpc\_tags | Additional tags for the VPC | map | `{}` | no | -| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no | +| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `` | no | | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | ## Outputs @@ -314,11 +322,17 @@ Terraform version 0.10.3 or newer is required for this module to work. | vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. | | vpc\_endpoint\_ec2\_id | The ID of VPC endpoint for EC2 | | vpc\_endpoint\_ec2\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 | +| vpc\_endpoint\_ec2messages\_dns\_entry | The DNS entries for the VPC Endpoint for EC2MESSAGES. | +| vpc\_endpoint\_ec2messages\_id | The ID of VPC endpoint for EC2MESSAGES | +| vpc\_endpoint\_ec2messages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2MESSAGES | | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | | vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | | vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | | vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. | +| vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES | +| vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. | | vpc\_id | The ID of the VPC | | vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | | vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index d90448803..c35c3f2dd 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -43,9 +43,9 @@ module "vpc" { enable_dynamodb_endpoint = true # VPC endpoint for SSM - enable_ssm_endpoint = true - ssm_endpoint_private_dns_enabled = true - ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + enable_ssm_endpoint = true + ssm_endpoint_private_dns_enabled = true + ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] // ssm_endpoint_subnet_ids = ["..."] @@ -53,17 +53,14 @@ module "vpc" { enable_ssmmessages_endpoint = true ssmmessages_endpoint_private_dns_enabled = true ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] - # VPC Endpoint for EC2 - enable_ec2_endpoint = true - ec2_endpoint_private_dns_enabled = true - ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] - + enable_ec2_endpoint = true + ec2_endpoint_private_dns_enabled = true + ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] # VPC Endpoint for EC2MESSAGES enable_ec2messages_endpoint = true ec2messages_endpoint_private_dns_enabled = true ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] - tags = { Owner = "user" Environment = "staging" diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index 2fec823b1..db7173a41 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -25,7 +25,7 @@ This will destroy any existing test resources, create the resources afresh, run | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| region | | string | `"eu-west-1"` | no | +| region | - | string | `eu-west-1` | no | ## Outputs From 3caad3222495afce8e5b2dd59e7ef2db6b8a9a69 Mon Sep 17 00:00:00 2001 From: thebugfinder Date: Fri, 1 Feb 2019 20:27:59 +0100 Subject: [PATCH 14/21] switch to terraform-docs v0.6.0 --- README.md | 96 ++++++++++++++++----------------- examples/test_fixture/README.md | 2 +- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index c75b4c161..08514a572 100644 --- a/README.md +++ b/README.md @@ -179,95 +179,95 @@ Terraform version 0.10.3 or newer is required for this module to work. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | -| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | +| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `"64512"` | no | +| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no | | azs | A list of availability zones in the region | list | `[]` | no | -| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | -| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no | -| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `false` | no | -| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no | -| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no | -| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `true` | no | -| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no | -| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `true` | no | -| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `false` | no | -| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | +| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no | +| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no | +| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no | +| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no | +| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no | +| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no | +| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `"false"` | no | +| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `"true"` | no | +| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `"false"` | no | +| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `"true"` | no | | database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | | database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | -| database\_subnet\_suffix | Suffix to append to database subnets name | string | `db` | no | +| database\_subnet\_suffix | Suffix to append to database subnets name | string | `"db"` | no | | database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | | database\_subnets | A list of database subnets | list | `[]` | no | -| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | -| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | -| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | -| default\_vpc\_name | Name to be used on the Default VPC | string | `` | no | +| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `"true"` | no | +| default\_vpc\_name | Name to be used on the Default VPC | string | `""` | no | | default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | -| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `` | no | +| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `""` | no | | dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | | dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | -| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `` | no | +| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `""` | no | | dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | | dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | -| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `false` | no | +| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `"false"` | no | | ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | list | `[]` | no | | ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | -| ec2messages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint | string | `false` | no | +| ec2messages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint | string | `"false"` | no | | ec2messages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint | list | `[]` | no | | ec2messages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | -| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | +| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no | | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | | elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | -| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | -| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | -| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `true` | no | -| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | -| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `false` | no | -| enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `false` | no | -| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | -| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | -| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `false` | no | -| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `false` | no | -| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | +| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no | +| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no | +| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no | +| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no | +| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no | +| enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `"false"` | no | +| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | +| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | +| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | +| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no | +| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | | external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | | igw\_tags | Additional tags for the internet gateway | map | `{}` | no | -| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | +| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no | | intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | | intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | | intra\_subnets | A list of intra subnets | list | `[]` | no | -| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | -| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | -| name | Name to be used on all the resources as identifier | string | `` | no | +| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `"false"` | no | +| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `"true"` | no | +| name | Name to be used on all the resources as identifier | string | `""` | no | | nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | | nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | -| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | +| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `"false"` | no | | private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | -| private\_subnet\_suffix | Suffix to append to private subnets name | string | `private` | no | +| private\_subnet\_suffix | Suffix to append to private subnets name | string | `"private"` | no | | private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | | private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | -| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | -| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `false` | no | +| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | +| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | | public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | -| public\_subnet\_suffix | Suffix to append to public subnets name | string | `public` | no | +| public\_subnet\_suffix | Suffix to append to public subnets name | string | `"public"` | no | | public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | | public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | | redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | | redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | -| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | +| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `"redshift"` | no | | redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | | redshift\_subnets | A list of redshift subnets | list | `[]` | no | -| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | +| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no | | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | -| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | -| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `false` | no | +| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | +| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | -| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `false` | no | +| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `"false"` | no | | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no | | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | tags | A map of tags to add to all resources | map | `{}` | no | | vpc\_tags | Additional tags for the VPC | map | `{}` | no | -| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `` | no | +| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no | | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | ## Outputs diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index db7173a41..2fec823b1 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -25,7 +25,7 @@ This will destroy any existing test resources, create the resources afresh, run | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| region | - | string | `eu-west-1` | no | +| region | | string | `"eu-west-1"` | no | ## Outputs From 33e8809fe88f495f74cadc2a8e3a8e1c9f78f15d Mon Sep 17 00:00:00 2001 From: Michiel Dhadamus Date: Tue, 12 Feb 2019 14:27:52 +0100 Subject: [PATCH 15/21] Added option to create ECR api and dkr endpoints --- main.tf | 38 ++++++++++++++++++++++++++++++++++++++ variables.tf | 30 ++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/main.tf b/main.tf index 48ccf584a..0cb6ec228 100644 --- a/main.tf +++ b/main.tf @@ -367,6 +367,44 @@ resource "aws_vpc_endpoint_route_table_association" "public_s3" { route_table_id = "${aws_route_table.public.id}" } +########################## +# VPC Endpoint for ECR API +########################## +data "aws_vpc_endpoint_service" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + service = "ecr.api" +} + +resource "aws_vpc_endpoint" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + vpc_endpoint_type = "Interface" + vpc_id = "${local.vpc_id}" + security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] + service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" + private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" +} + +########################## +# VPC Endpoint for ECR DKR +########################## +data "aws_vpc_endpoint_service" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + service = "ecr.dkr" +} + +resource "aws_vpc_endpoint" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + vpc_endpoint_type = "Interface" + vpc_id = "${local.vpc_id}" + security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] + service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" + private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" +} + ############################ # VPC Endpoint for DynamoDB ############################ diff --git a/variables.tf b/variables.tf index cff021398..d152ca47d 100644 --- a/variables.tf +++ b/variables.tf @@ -178,6 +178,36 @@ variable "enable_s3_endpoint" { default = false } +variable "enable_ecr_api_endpoint" { + description = "Should be true if you want to provision an ecr api endpoint to the VPC" + default = false +} + +variable "ecr_api_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" + default = false +} + +variable "ecr_api_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint" + default = [] +} + +variable "enable_ecr_dkr_endpoint" { + description = "Should be true if you want to provision an ecr dkr endpoint to the VPC" + default = false +} + +variable "ecr_dkr_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" + default = false +} + +variable "ecr_dkr_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint" + default = [] +} + variable "enable_ssm_endpoint" { description = "Should be true if you want to provision an SSM endpoint to the VPC" default = false From 176a596fc8b7fbdf267b404c1dce42de83d19108 Mon Sep 17 00:00:00 2001 From: Michiel Dhadamus Date: Tue, 12 Feb 2019 16:33:01 +0100 Subject: [PATCH 16/21] Added subnet ids to ecr endpoints --- main.tf | 2 ++ variables.tf | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/main.tf b/main.tf index 0cb6ec228..fbda01b86 100644 --- a/main.tf +++ b/main.tf @@ -382,6 +382,7 @@ resource "aws_vpc_endpoint" "ecr_api" { vpc_endpoint_type = "Interface" vpc_id = "${local.vpc_id}" security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" } @@ -401,6 +402,7 @@ resource "aws_vpc_endpoint" "ecr_dkr" { vpc_endpoint_type = "Interface" vpc_id = "${local.vpc_id}" security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" } diff --git a/variables.tf b/variables.tf index d152ca47d..9430fefa3 100644 --- a/variables.tf +++ b/variables.tf @@ -183,6 +183,11 @@ variable "enable_ecr_api_endpoint" { default = false } +variable "ecr_api_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used." + default = [] +} + variable "ecr_api_endpoint_private_dns_enabled" { description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" default = false @@ -198,6 +203,11 @@ variable "enable_ecr_dkr_endpoint" { default = false } +variable "ecr_dkr_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used." + default = [] +} + variable "ecr_dkr_endpoint_private_dns_enabled" { description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" default = false From bd089fb5f65a6212ba2f20cadf3ea7313e01235a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Feb 2019 09:47:47 +0100 Subject: [PATCH 17/21] Fixed formatting after #205 --- README.md | 4 +++- examples/complete-vpc/main.tf | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 08514a572..f43bee808 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,9 @@ These types of resources are supported: * [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) * [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html) * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) -* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (Gateway: S3, DynamoDB; Interface: EC2, SSM) +* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html): + * Gateway: S3, DynamoDB + * Interface: EC2, SSM, EC2 Messages, SSM Messages * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index c35c3f2dd..8f6e14e25 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -45,22 +45,23 @@ module "vpc" { # VPC endpoint for SSM enable_ssm_endpoint = true ssm_endpoint_private_dns_enabled = true - ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] - - // ssm_endpoint_subnet_ids = ["..."] + ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] # ssm_endpoint_subnet_ids = ["..."] # VPC endpoint for SSMMESSAGES enable_ssmmessages_endpoint = true ssmmessages_endpoint_private_dns_enabled = true ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + # VPC Endpoint for EC2 enable_ec2_endpoint = true ec2_endpoint_private_dns_enabled = true ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + # VPC Endpoint for EC2MESSAGES enable_ec2messages_endpoint = true ec2messages_endpoint_private_dns_enabled = true ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + tags = { Owner = "user" Environment = "staging" From 03eded61e4dd31598ed6cd7089493614d7105b9a Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Feb 2019 09:56:55 +0100 Subject: [PATCH 18/21] Fixed formatting after #213 --- README.md | 10 ++++- examples/complete-vpc/main.tf | 10 +++++ main.tf | 82 ++++++++++++++++++----------------- variables.tf | 80 +++++++++++++++++----------------- 4 files changed, 101 insertions(+), 81 deletions(-) diff --git a/README.md b/README.md index f43bee808..d50399d2f 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ These types of resources are supported: * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html): * Gateway: S3, DynamoDB - * Interface: EC2, SSM, EC2 Messages, SSM Messages + * Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) @@ -216,6 +216,12 @@ Terraform version 0.10.3 or newer is required for this module to work. | ec2messages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint | string | `"false"` | no | | ec2messages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint | list | `[]` | no | | ec2messages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ecr\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint | string | `"false"` | no | +| ecr\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR API endpoint | list | `[]` | no | +| ecr\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used. | list | `[]` | no | +| ecr\_dkr\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint | string | `"false"` | no | +| ecr\_dkr\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR DKR endpoint | list | `[]` | no | +| ecr\_dkr\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used. | list | `[]` | no | | elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | | elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no | | elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | @@ -226,6 +232,8 @@ Terraform version 0.10.3 or newer is required for this module to work. | enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no | | enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no | | enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `"false"` | no | +| enable\_ecr\_api\_endpoint | Should be true if you want to provision an ecr api endpoint to the VPC | string | `"false"` | no | +| enable\_ecr\_dkr\_endpoint | Should be true if you want to provision an ecr dkr endpoint to the VPC | string | `"false"` | no | | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 8f6e14e25..0f38fda90 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -62,6 +62,16 @@ module "vpc" { ec2messages_endpoint_private_dns_enabled = true ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + # VPC Endpoint for ECR API + enable_ecr_api_endpoint = true + ecr_api_endpoint_private_dns_enabled = true + ecr_api_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for ECR DKR + enable_ecr_dkr_endpoint = true + ecr_dkr_endpoint_private_dns_enabled = true + ecr_dkr_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + tags = { Owner = "user" Environment = "staging" diff --git a/main.tf b/main.tf index 3eb088f0d..6e74a3cb4 100644 --- a/main.tf +++ b/main.tf @@ -367,46 +367,6 @@ resource "aws_vpc_endpoint_route_table_association" "public_s3" { route_table_id = "${aws_route_table.public.id}" } -########################## -# VPC Endpoint for ECR API -########################## -data "aws_vpc_endpoint_service" "ecr_api" { - count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" - - service = "ecr.api" -} - -resource "aws_vpc_endpoint" "ecr_api" { - count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" - - vpc_endpoint_type = "Interface" - vpc_id = "${local.vpc_id}" - security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] - subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] - service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" - private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" -} - -########################## -# VPC Endpoint for ECR DKR -########################## -data "aws_vpc_endpoint_service" "ecr_dkr" { - count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" - - service = "ecr.dkr" -} - -resource "aws_vpc_endpoint" "ecr_dkr" { - count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" - - vpc_endpoint_type = "Interface" - vpc_id = "${local.vpc_id}" - security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] - subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] - service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" - private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" -} - ############################ # VPC Endpoint for DynamoDB ############################ @@ -528,6 +488,48 @@ resource "aws_vpc_endpoint" "ec2messages" { private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" } +########################### +# VPC Endpoint for ECR API +########################### +data "aws_vpc_endpoint_service" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + service = "ecr.api" +} + +resource "aws_vpc_endpoint" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" +} + +########################### +# VPC Endpoint for ECR DKR +########################### +data "aws_vpc_endpoint_service" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + service = "ecr.dkr" +} + +resource "aws_vpc_endpoint" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" +} + ########################## # Route table association ########################## diff --git a/variables.tf b/variables.tf index 711802569..3467a87c4 100644 --- a/variables.tf +++ b/variables.tf @@ -178,46 +178,6 @@ variable "enable_s3_endpoint" { default = false } -variable "enable_ecr_api_endpoint" { - description = "Should be true if you want to provision an ecr api endpoint to the VPC" - default = false -} - -variable "ecr_api_endpoint_subnet_ids" { - description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used." - default = [] -} - -variable "ecr_api_endpoint_private_dns_enabled" { - description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" - default = false -} - -variable "ecr_api_endpoint_security_group_ids" { - description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint" - default = [] -} - -variable "enable_ecr_dkr_endpoint" { - description = "Should be true if you want to provision an ecr dkr endpoint to the VPC" - default = false -} - -variable "ecr_dkr_endpoint_subnet_ids" { - description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used." - default = [] -} - -variable "ecr_dkr_endpoint_private_dns_enabled" { - description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" - default = false -} - -variable "ecr_dkr_endpoint_security_group_ids" { - description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint" - default = [] -} - variable "enable_ssm_endpoint" { description = "Should be true if you want to provision an SSM endpoint to the VPC" default = false @@ -298,6 +258,46 @@ variable "ec2messages_endpoint_subnet_ids" { default = [] } +variable "enable_ecr_api_endpoint" { + description = "Should be true if you want to provision an ecr api endpoint to the VPC" + default = false +} + +variable "ecr_api_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used." + default = [] +} + +variable "ecr_api_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" + default = false +} + +variable "ecr_api_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint" + default = [] +} + +variable "enable_ecr_dkr_endpoint" { + description = "Should be true if you want to provision an ecr dkr endpoint to the VPC" + default = false +} + +variable "ecr_dkr_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used." + default = [] +} + +variable "ecr_dkr_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" + default = false +} + +variable "ecr_dkr_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint" + default = [] +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" default = true From b65963edbd9981f686d522ea120d1e874c0fd6f0 Mon Sep 17 00:00:00 2001 From: Kinnaird McQuade Date: Thu, 21 Feb 2019 13:02:55 -0500 Subject: [PATCH 19/21] Added intra subnet suffix. (#220) * Added intra subnet suffix. * Fixed duplicate intra * Fixed tag --- main.tf | 4 ++-- variables.tf | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 6e74a3cb4..fce2925fa 100644 --- a/main.tf +++ b/main.tf @@ -174,7 +174,7 @@ resource "aws_route_table" "intra" { vpc_id = "${local.vpc_id}" - tags = "${merge(map("Name", "${var.name}-intra"), var.tags, var.intra_route_table_tags)}" + tags = "${merge(map("Name", "${var.name}-${var.intra_subnet_suffix}"), var.tags, var.intra_route_table_tags)}" } ################ @@ -281,7 +281,7 @@ resource "aws_subnet" "intra" { cidr_block = "${var.intra_subnets[count.index]}" availability_zone = "${element(var.azs, count.index)}" - tags = "${merge(map("Name", format("%s-intra-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}" + tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}" } ############## diff --git a/variables.tf b/variables.tf index 3467a87c4..b052c6448 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,11 @@ variable "private_subnet_suffix" { default = "private" } +variable "intra_subnet_suffix" { + description = "Suffix to append to intra subnets name" + default = "intra" +} + variable "database_subnet_suffix" { description = "Suffix to append to database subnets name" default = "db" From b12e9163c4d97db44e9d50427969af3bc06afe16 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 21 Feb 2019 19:16:51 +0100 Subject: [PATCH 20/21] Added CHANGELOG.md (#221) --- .chglog/CHANGELOG.tpl.md | 51 ++++ .chglog/config.yml | 10 + CHANGELOG.md | 531 +++++++++++++++++++++++++++++++++++++++ Makefile | 7 + 4 files changed, 599 insertions(+) create mode 100644 .chglog/CHANGELOG.tpl.md create mode 100644 .chglog/config.yml create mode 100644 CHANGELOG.md create mode 100644 Makefile diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md new file mode 100644 index 000000000..389f9114a --- /dev/null +++ b/.chglog/CHANGELOG.tpl.md @@ -0,0 +1,51 @@ +{{ if .Versions -}} + +## [Unreleased] +{{ if .Unreleased.CommitGroups -}} +{{ range .Unreleased.CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Unreleased.Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ end -}} + +{{ range .Versions }} + +## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }} +{{ if .CommitGroups -}} +{{ range .CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} + +{{- if .NoteGroups -}} +{{ range .NoteGroups -}} +### {{ .Title }} +{{ range .Notes }} +{{ .Body }} +{{ end }} +{{ end -}} +{{ end -}} +{{ end -}} + +{{- if .Versions }} +[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD +{{ range .Versions -}} +{{ if .Tag.Previous -}} +[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }} +{{ end -}} +{{ end -}} +{{ end -}} \ No newline at end of file diff --git a/.chglog/config.yml b/.chglog/config.yml new file mode 100644 index 000000000..5c3fa357c --- /dev/null +++ b/.chglog/config.yml @@ -0,0 +1,10 @@ +style: github +template: CHANGELOG.tpl.md +info: + title: CHANGELOG + repository_url: https://github.com/terraform-aws-modules/terraform-aws-vpc +options: + header: + pattern: "^(.*)$" + pattern_maps: + - Subject diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..a5fe68bdc --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,531 @@ + +## [Unreleased] + + + + +## [v1.57.0] - 0001-01-01 + + + + +## [v1.56.0] - 2019-02-21 + +- Added intra subnet suffix. ([#220](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/220)) + + + +## [v1.55.0] - 2019-02-14 + +- Fixed formatting after [#213](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/213) +- Merge pull request [#213](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/213) from michieldhadamus/ecr-endpoints +- Added subnet ids to ecr endpoints +- Added option to create ECR api and dkr endpoints + + + +## [v1.54.0] - 2019-02-14 + +- Fixed formatting after [#205](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/205) +- Merge pull request [#205](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/205) from tbugfinder/extend_endpoints +- switch to terraform-docs v0.6.0 +- add files updated by pre-commit +- add additional endpoints to examples +- fix typo +- add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm. +- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1) from terraform-aws-modules/master + + + +## [v1.53.0] - 2019-01-18 + +- Reordered vars in count for database_nat_gateway route +- Merge pull request [#201](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/201) from ebarault/feat/database-route-to-natgw +- adding option to create a route to nat gateway in database subnets + + + +## [v1.52.0] - 2019-01-17 + +- Merge pull request [#202](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/202) from terraform-aws-modules/ssm_and_ec2_vpc_endpoints +- Added SSM and EC2 VPC endpoints (fixes [#195](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/195), [#194](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/194)) + + + +## [v1.51.0] - 2019-01-10 + +- Merge pull request [#199](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/199) from terraform-aws-modules/elasticache_subnet_group +- Added possibility to control creation of elasticache and redshift subnet groups + + + +## [v1.50.0] - 2018-12-27 + +- Added azs to outputs which is an argument + + + +## [v1.49.0] - 2018-12-12 + +- Merge pull request [#191](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/191) from terraform-aws-modules/feature-db-igw-public-access +- Reverted complete-example +- Added IGW route for DB subnets (based on [#179](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/179)) + + + +## [v1.48.0] - 2018-12-11 + +- Updated pre-commit version with new terraform-docs script + + + +## [v1.47.0] - 2018-12-11 + +- Merge pull request [#181](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/181) from Miyurz/fix/redshift-name-issue +- Fix for the error: module.vpc.aws_redshift_subnet_group.redshift: only lowercase alphanumeric characters and hyphens allowed in name + + + +## [v1.46.0] - 2018-10-06 + +- Fixed [#177](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/177) - public_subnets should not always be validated + + + +## [v1.45.0] - 2018-10-01 + +- Updated README.md after merge +- Added amazon_side_asn to vpn_gateway ([#159](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/159)) + + + +## [v1.44.0] - 2018-09-18 + +- Reordering tag merging ([#148](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/148)) + + + +## [v1.43.2] - 2018-09-17 + +- Updated link to cloudcraft + + + +## [v1.43.1] - 2018-09-17 + +- Updated link to cloudcraft + + + +## [v1.43.0] - 2018-09-16 + +- Removed comments starting from # to fix README +- Added cloudcraft.co as a sponsor for this module +- Added cloudcraft.co as a sponsor for this module + + + +## [v1.42.0] - 2018-09-14 + +- add vars for custom subnet and route table names ([#168](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/168)) + + + +## [v1.41.0] - 2018-09-04 + +- Add secondary CIDR block support ([#163](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/163)) + + + +## [v1.40.0] - 2018-08-19 + +- Removed IPv6 from outputs (fixed [#157](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/157)) ([#158](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/158)) + + + +## [v1.39.0] - 2018-08-19 + +- Add minimum support for IPv6 to VPC ([#156](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/156)) + + + +## [v1.38.0] - 2018-08-18 + +- Provide separate route tables for db/elasticache/redshift ([#155](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/155)) +- Fixing typo overriden -> overridden ([#150](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/150)) + + + +## [v1.37.0] - 2018-06-22 + +- Removed obsolete default_route_table_tags (fixed [#146](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/146)) + + + +## [v1.36.0] - 2018-06-20 + +- Allow tags override for all resources (fix for [#138](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/138)) ([#145](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/145)) + + + +## [v1.35.0] - 2018-06-20 + +- Updated README after [#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141) +- Add `nat_gateway_tags` input ([#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141)) + + + +## [v1.34.0] - 2018-06-05 + +- Fixed creation of aws_vpc_endpoint_route_table_association when intra_subnets are not set (fixes 137) + + + +## [v1.33.0] - 2018-06-04 + +- Added missing route_table for intra_subnets, and prepare the release +- Adding "intra subnets" as a class ([#135](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/135)) + + + +## [v1.32.0] - 2018-05-24 + +- Prepared release, updated README a bit +- Fix [#117](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/117) - Add `one_nat_gateway_per_az` functionality ([#129](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/129)) + + + +## [v1.31.0] - 2018-05-16 + +- Added pre-commit hook to autogenerate terraform-docs ([#127](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/127)) + + + +## [v1.30.0] - 2018-04-09 + +- Fixed formatting +- Added longer timeouts for aws_route create ([#113](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/113)) + + + +## [v1.29.0] - 2018-04-05 + +- Creates a single private route table when single_nat_gateway is true ([#83](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/83)) + + + +## [v1.28.0] - 2018-04-05 + +- Ensures the correct number of S3 and DDB VPC Endpoint associations ([#90](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/90)) + + + +## [v1.27.0] - 2018-04-05 + +- Removed aws_default_route_table and aws_main_route_table_association, added potentially failed example ([#111](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/111)) + + + +## [v1.26.0] - 2018-03-06 + +- Added default CIDR block as 0.0.0.0/0 ([#93](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/93)) + + + +## [v1.25.0] - 2018-03-02 + +- Fixed complete example +- Make terraform recognize lists when uring variables ([#92](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/92)) + + + +## [v1.24.0-pre] - 2018-03-01 + +- Fixed description +- Fixed aws_vpn_gateway_route_propagation for default route table + + + +## [v1.23.0] - 2018-02-10 + +- Extended aws_vpn_gateway use case. ([#67](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/67)) + + + +## [v1.22.1] - 2018-02-10 + +- Removed classiclink from outputs because it is not present in recent regions ([#78](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/78)) + + + +## [v1.22.0] - 2018-02-09 + +- Added support for default VPC resource ([#75](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/75)) + + + +## [v1.21.0] - 2018-02-09 + +- Added possibility to create VPC conditionally ([#74](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/74)) + + + +## [v1.20.0] - 2018-02-09 + +- Manage Default Route Table under Terraform ([#69](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/69)) + + + +## [v1.19.0] - 2018-02-09 + +- Only create one public route association for s3 endpoint ([#73](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/73)) + + + +## [v1.18.0] - 2018-02-05 + +- Adding tests for vpc, subnets, and route tables ([#31](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/31)) +- Improve documentation about the usage of external NAT gateway IPs ([#66](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/66)) + + + +## [v1.17.0] - 2018-01-21 + +- Issue [#58](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/58): Add ElastiCache subnet group name output. ([#60](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/60)) + + + +## [v1.16.0] - 2018-01-21 + +- Terraform fmt +- Issue [#56](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/56): Added tags for elastic ips ([#61](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/61)) + + + +## [v1.15.0] - 2018-01-19 + +- Lowercase database subnet group name ([#57](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/57)) + + + +## [v1.14.0] - 2018-01-11 + +- Add Redshift subnets ([#54](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/54)) +- [ci skip] Get more Open Source Helpers ([#51](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/51)) + + + +## [v1.13.0] - 2018-01-03 + +- Ignore changes to propagating_vgws of private routing table ([#50](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/50)) + + + +## [v1.12.0] - 2017-12-12 + +- Downgraded require_version from 0.10.13 to 0.10.3 ([#48](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/48)) + + + +## [v1.11.0] - 2017-12-11 + +- Added fix for issue when no private subnets are defined ([#47](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/47)) + + + +## [v1.10.0] - 2017-12-11 + +- Fixing edge case when VPC is not symmetrical with few private subnets ([#45](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/45)) + + + +## [v1.9.1] - 2017-12-07 + +- Minor fix in README + + + +## [v1.9.0] - 2017-12-07 + +- Allow passing in EIPs for the NAT Gateways ([#38](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/38)) + + + +## [v1.8.0] - 2017-12-06 + +- change conditional private routes ([#36](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/36)) + + + +## [v1.7.0] - 2017-12-06 + +- Add extra tags for DHCP option set ([#42](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/42)) +- Add "default_route_table_id" to outputs ([#41](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/41)) + + + +## [v1.6.0] - 2017-12-06 + +- Add support for additional tags on VPC ([#43](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/43)) +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) +- Set enable_dns_support=true by default + + + +## [v1.4.1] - 2017-11-23 + +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) + + + +## [v1.5.0] - 2017-11-23 + + + + +## [v1.5.1] - 2017-11-23 + +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) +- Set enable_dns_support=true by default +- Updated descriptions for DNS variables (closes [#14](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/14)) + + + +## [v1.4.0] - 2017-11-22 + +- Add version requirements in README.md (fixes [#32](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/32)) +- Add version requirements in README.md + + + +## [v1.3.0] - 2017-11-16 + +- make sure outputs are always valid ([#29](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/29)) +- Add tags to the aws_vpc_dhcp_options resource ([#30](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/30)) + + + +## [v1.2.0] - 2017-11-11 + +- Add support for DHCP options set ([#20](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/20)) + + + +## [v1.1.0] - 2017-11-11 + +- [#22](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/22) add vpn gateway feature ([#24](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/24)) +- Add cidr_block outputs to public and private subnets ([#19](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/19)) +- Merge pull request [#13](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/13) from felixb/nat-gateway-tags +- Add AZ to natgateway name + + + +## [v1.0.4] - 2017-10-20 + +- Merge pull request [#12](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/12) from michalschott/master +- NAT gateway should be tagged too. + + + +## [v1.0.3] - 2017-10-12 + +- Make aws_vpc_endpoint_service conditional +- Merge pull request [#7](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/7) from eheydrick/variable-descriptions +- Improve variable descriptions + + + +## [v1.0.2] - 2017-09-27 + +- Merge pull request [#6](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/6) from mgresko/fix_govcloud +- disable dynamodb data source when not needed + + + +## [v1.0.1] - 2017-09-26 + +- Updated link in README +- Merge pull request [#3](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/3) from gas-buddy/gasbuddy/eherot/custom_route_tags +- Allow the user to define custom tags for route tables + + + +## v1.0.0 - 2017-09-12 + +- Updated README +- Updated README +- Aded examples and updated names +- Added descriptions, applied fmt +- Removed parts of readme +- Initial commit +- Initial commit + + +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.57.0...HEAD +[v1.57.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.56.0...v1.57.0 +[v1.56.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.55.0...v1.56.0 +[v1.55.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.54.0...v1.55.0 +[v1.54.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.53.0...v1.54.0 +[v1.53.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.52.0...v1.53.0 +[v1.52.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.51.0...v1.52.0 +[v1.51.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.50.0...v1.51.0 +[v1.50.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.49.0...v1.50.0 +[v1.49.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.48.0...v1.49.0 +[v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.47.0...v1.48.0 +[v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.46.0...v1.47.0 +[v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.45.0...v1.46.0 +[v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.44.0...v1.45.0 +[v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.2...v1.44.0 +[v1.43.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.1...v1.43.2 +[v1.43.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.0...v1.43.1 +[v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.42.0...v1.43.0 +[v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.41.0...v1.42.0 +[v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.40.0...v1.41.0 +[v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.39.0...v1.40.0 +[v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.38.0...v1.39.0 +[v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.37.0...v1.38.0 +[v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.36.0...v1.37.0 +[v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.35.0...v1.36.0 +[v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.34.0...v1.35.0 +[v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.33.0...v1.34.0 +[v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.32.0...v1.33.0 +[v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.31.0...v1.32.0 +[v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.30.0...v1.31.0 +[v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.29.0...v1.30.0 +[v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.28.0...v1.29.0 +[v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.27.0...v1.28.0 +[v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.26.0...v1.27.0 +[v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.25.0...v1.26.0 +[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.24.0-pre...v1.25.0 +[v1.24.0-pre]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.23.0...v1.24.0-pre +[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.1...v1.23.0 +[v1.22.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.0...v1.22.1 +[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.21.0...v1.22.0 +[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.20.0...v1.21.0 +[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.19.0...v1.20.0 +[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.18.0...v1.19.0 +[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.17.0...v1.18.0 +[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.16.0...v1.17.0 +[v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.15.0...v1.16.0 +[v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.14.0...v1.15.0 +[v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.13.0...v1.14.0 +[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.12.0...v1.13.0 +[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.11.0...v1.12.0 +[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.10.0...v1.11.0 +[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.1...v1.10.0 +[v1.9.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.0...v1.9.1 +[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.8.0...v1.9.0 +[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.7.0...v1.8.0 +[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.6.0...v1.7.0 +[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.1...v1.6.0 +[v1.4.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.0...v1.4.1 +[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.1...v1.5.0 +[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.0...v1.5.1 +[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.3.0...v1.4.0 +[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.2.0...v1.3.0 +[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.1.0...v1.2.0 +[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.4...v1.1.0 +[v1.0.4]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.3...v1.0.4 +[v1.0.3]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.2...v1.0.3 +[v1.0.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.1...v1.0.2 +[v1.0.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.0...v1.0.1 diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..558dac5a6 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: changelog release + +changelog: + git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` + +release: + semtag final -s minor From ad7164bbc82942475d57ffeda12331c5dc744684 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 21 Feb 2019 19:18:50 +0100 Subject: [PATCH 21/21] Bump version --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5fe68bdc..40a4af6bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,9 @@ -## [v1.57.0] - 0001-01-01 +## [v1.57.0] - 2019-02-21 +- Added CHANGELOG.md ([#221](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/221))