diff --git a/az/main.tf b/az/main.tf index 93a1ed3..54d34f2 100644 --- a/az/main.tf +++ b/az/main.tf @@ -2,48 +2,50 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Variables -data "aws_region" "current" {} +data "aws_region" "current" { +} -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { +} locals { # Calculates the number of AZs to be provisioned based on various possible inputs - azs_provisioned_count = "${local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned}" + azs_provisioned_count = local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned # Check to see if availability zones are being overridden. Some AWS regions do not support VPC in all AZs and it can vary by account. - azs_provisioned_override_enabled = "${length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false"}" + azs_provisioned_override_enabled = length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false" # Check to see if DMZ CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - dmz_cidrs_override_enabled = "${length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + dmz_cidrs_override_enabled = length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false" # Check to see if elastic IPs are to be provisioned. NAT gateways require EIPs. - eips_enabled_check = "${var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0}" + eips_enabled_check = var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0 # Check to see if private LAN subnets are to be provisioned. - lans_enabled_check = "${local.lans_per_az_checked > 0 ? 1 : 0}" + lans_enabled_check = local.lans_per_az_checked > 0 ? 1 : 0 # Check to see if LAN CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + lan_cidrs_override_enabled = length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false" # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ. - lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}" + lans_multiplier = local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1 # Handles scenario where an emptry string is passed in for lans_per_az - lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}" + lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : "1" # Check to see if NAT gateways are to be provisioned - nat_gateways_enabled_check = "${var.nat_gateways_enabled == "true" ? 1 : 0}" + nat_gateways_enabled_check = var.nat_gateways_enabled == "true" ? 1 : 0 # Check to see if NAT gateways are NOT to be provisioned - nat_gateways_not_enabled_check = "${var.nat_gateways_enabled != "true" ? 1 : 0}" + nat_gateways_not_enabled_check = var.nat_gateways_enabled != "true" ? 1 : 0 # default subnet tags default_subnet_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" } } @@ -53,29 +55,40 @@ locals { ### Provisions subnets data "aws_vpc" "base" { - id = "${var.vpc_id}" + id = var.vpc_id } resource "aws_subnet" "dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : element(data.aws_availability_zones.available.names, count.index) # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index)}" - map_public_ip_on_launch = "${var.enable_dmz_public_ips}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" + cidr_block = local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count], + count.index, + ) + map_public_ip_on_launch = var.enable_dmz_public_ips + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_dmz_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-dmz-${count.index}" + }, + ) } ### Associates subnet with routing table resource "aws_route_table_association" "rta_dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count - route_table_id = "${var.rt_dmz_id}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + route_table_id = var.rt_dmz_id + subnet_id = element(aws_subnet.dmz.*.id, count.index) } ### Provisions NATs @@ -89,11 +102,6 @@ data "aws_ami" "nat_ami" { values = ["x86_64"] } - filter { - name = "name" - values = ["amzn-ami-vpc-nat*"] - } - filter { name = "root-device-type" values = ["ebs"] @@ -106,42 +114,42 @@ data "aws_ami" "nat_ami" { } resource "aws_eip" "eip_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check vpc = true } resource "aws_eip_association" "eip_nat_assoc" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - instance_id = "${element(aws_instance.nat.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id, count.index) + instance_id = element(aws_instance.nat.*.id, count.index) } resource "aws_instance" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check - ami = "${coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id)}" + ami = coalesce(var.nat_ami_override, data.aws_ami.nat_ami.id) associate_public_ip_address = true - instance_type = "${var.nat_instance_type}" - key_name = "${var.nat_key_name}" + instance_type = var.nat_instance_type + key_name = var.nat_key_name source_dest_check = false - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" - vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] + subnet_id = element(aws_subnet.dmz.*.id, count.index) + vpc_security_group_ids = [element(aws_security_group.sg_nat.*.id, count.index)] - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_security_group" "sg_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check description = "${var.stack_item_fullname} NAT security group" name_prefix = "${var.stack_item_label}-nat-" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id egress { cidr_blocks = ["0.0.0.0/0"] @@ -152,25 +160,37 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + cidr_blocks = [local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.lans_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + )] description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" to_port = 0 } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_nat_gateway" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id, count.index) + subnet_id = element(aws_subnet.dmz.*.id, count.index) } ### @@ -179,27 +199,38 @@ resource "aws_nat_gateway" "nat" { ### Provisions subnet resource "aws_subnet" "lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : element(data.aws_availability_zones.available.names, count.index) # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" + cidr_block = local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.lans_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + ) + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_lan_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-lan-${count.index}" + }, + ) } ### Provisions routing table resource "aws_route_table" "rt_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${var.vpc_id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-lan-${count.index}" } @@ -207,8 +238,9 @@ resource "aws_route_table" "rt_lan" { ### Associates subnet with routing table resource "aws_route_table_association" "rta_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - route_table_id = "${element(aws_route_table.rt_lan.*.id,count.index)}" - subnet_id = "${element(aws_subnet.lan.*.id,count.index)}" + route_table_id = element(aws_route_table.rt_lan.*.id, count.index) + subnet_id = element(aws_subnet.lan.*.id, count.index) } + diff --git a/az/outputs.tf b/az/outputs.tf index ad000ce..f169fcd 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -2,36 +2,37 @@ ## Returns Subnet IDs output "dmz_ids" { - value = ["${aws_subnet.dmz.*.id}"] + value = [aws_subnet.dmz.*.id] } output "lan_ids" { - value = ["${aws_subnet.lan.*.id}"] + value = [aws_subnet.lan.*.id] } ## Returns Subnet CIDR blocks output "dmz_cidrs" { - value = ["${aws_subnet.dmz.*.cidr_block}"] + value = [aws_subnet.dmz.*.cidr_block] } output "lan_cidrs" { - value = ["${aws_subnet.lan.*.cidr_block}"] + value = [aws_subnet.lan.*.cidr_block] } ## Returns information about the NATs output "eip_nat_ids" { - value = ["${aws_eip.eip_nat.*.id}"] + value = [aws_eip.eip_nat.*.id] } output "eip_nat_ips" { - value = ["${aws_eip.eip_nat.*.public_ip}"] + value = [aws_eip.eip_nat.*.public_ip] } output "nat_ids" { - value = ["${compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id))}"] + value = [compact(concat(aws_instance.nat.*.id, aws_nat_gateway.nat.*.id))] } ## Returns the routing table ID output "rt_lan_ids" { - value = ["${aws_route_table.rt_lan.*.id}"] + value = [aws_route_table.rt_lan.*.id] } + diff --git a/az/variables.tf b/az/variables.tf index 967a4ad..a83a546 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -2,26 +2,38 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } +variable "additional_dmz_tags" { + type = map(string) + description = "Additional tags to apply at the dmz subnet level, if any" + default = {} +} + +variable "additional_lan_tags" { + type = map(string) + description = "Additional tags to apply at the lan subnet level, if any" + default = {} +} + variable "additional_subnet_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the subnet level, if any" default = {} } ## VPC parameters variable "az_cidrsubnet_newbits" { - type = "map" + type = map(string) description = "The number of bits by which to extend the CIDR range for the given number of AZs." default = { @@ -35,7 +47,7 @@ variable "az_cidrsubnet_newbits" { } variable "az_cidrsubnet_offset" { - type = "map" + type = map(string) description = "The number of AZs to provision for." default = { @@ -47,83 +59,84 @@ variable "az_cidrsubnet_offset" { } variable "azs_provisioned" { - type = "string" + type = string description = "The number of availability zones to be provisioned." default = "2" } variable "azs_provisioned_override" { - type = "list" + type = list(string) description = "List of availability zones to be provisioned." default = ["non_empty_list"] } variable "dmz_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the DMZ subnet(s) to cover." default = ["non_empty_list"] } variable "enable_dmz_public_ips" { - type = "string" + type = string description = "Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address. Default is false." default = "" } variable "lan_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the LAN subnet(s) to cover." default = ["non_empty_list"] } variable "lans_per_az" { - type = "string" + type = string description = "The number of private LAN subnets to be provisioned per AZ" default = "1" } variable "nat_ami_override" { - type = "string" + type = string description = "Custom NAT Amazon machine image" default = "" } variable "nat_eips_enabled" { - type = "string" + type = string description = "Flag for specifying allocation of Elastic IPs to NATs for the purposes of whitelisting. This value is overriden to 'true' when utilizing NAT gateways." default = "false" } variable "nat_gateways_enabled" { - type = "string" + type = string description = "Flag for specifying utilization of managed NAT gateways over EC2 based NAT instances." default = "false" } variable "nat_instance_type" { - type = "string" + type = string description = "NAT EC2 instance type" default = "t2.nano" } variable "nat_key_name" { - type = "string" + type = string description = "NAT EC2 key pair name" default = "" } variable "rt_dmz_id" { - type = "string" + type = string description = "The ID of the DMZ routing table" } variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways to associate with the routing tables for route propagation." default = [] } variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } + diff --git a/base/main.tf b/base/main.tf index f8f3b9c..0c5fa15 100644 --- a/base/main.tf +++ b/base/main.tf @@ -2,15 +2,15 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Set default instance tennancy if not provided locals { - default_instance_tenancy = "${length(var.instance_tenancy) >= 1 ? "${var.instance_tenancy}" : "default"}" + default_instance_tenancy = length(var.instance_tenancy) >= 1 ? var.instance_tenancy : "default" default_vpc_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpc" } @@ -18,23 +18,21 @@ locals { ## Provisions Virtual Private Cloud (VPC) resource "aws_vpc" "vpc" { - cidr_block = "${var.vpc_cidr}" - instance_tenancy = "${local.default_instance_tenancy}" - enable_dns_support = "${var.enable_dns}" - enable_dns_hostnames = "${var.enable_hostnames}" - enable_classiclink = "${var.enable_classiclink}" - enable_classiclink_dns_support = "${var.enable_classiclink_dns_support}" - assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" - - tags = "${merge(local.default_vpc_tags, var.additional_vpc_tags)}" + cidr_block = var.vpc_cidr + instance_tenancy = local.default_instance_tenancy + enable_dns_support = var.enable_dns + enable_dns_hostnames = var.enable_hostnames + assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block + + tags = merge(local.default_vpc_tags, var.additional_vpc_tags) } ## Provisions Internet gateways resource "aws_internet_gateway" "igw" { - vpc_id = "${aws_vpc.vpc.id}" + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-igw" } @@ -42,11 +40,11 @@ resource "aws_internet_gateway" "igw" { ## Provisions DMZ routing table resource "aws_route_table" "rt_dmz" { - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${aws_vpc.vpc.id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dmz" } @@ -69,7 +67,7 @@ data "aws_iam_policy_document" "flow_log_role" { } resource "aws_iam_role" "flow_log_role" { - assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}" + assume_role_policy = data.aws_iam_policy_document.flow_log_role.json name_prefix = "${var.stack_item_label}-vpc-logs-" } @@ -83,19 +81,20 @@ data "aws_iam_policy_document" "flow_log_policy" { "logs:DescribeLogStreams", ] - resources = ["${aws_cloudwatch_log_group.flow_log_group.arn}"] + resources = [aws_cloudwatch_log_group.flow_log_group.arn] } } resource "aws_iam_role_policy" "flow_log_role_policies" { name = "logs" - policy = "${data.aws_iam_policy_document.flow_log_policy.json}" - role = "${aws_iam_role.flow_log_role.id}" + policy = data.aws_iam_policy_document.flow_log_policy.json + role = aws_iam_role.flow_log_role.id } resource "aws_flow_log" "flow_log" { - log_destination = "${aws_cloudwatch_log_group.flow_log_group.arn}" - iam_role_arn = "${aws_iam_role.flow_log_role.arn}" - vpc_id = "${aws_vpc.vpc.id}" - traffic_type = "${var.flow_log_traffic_type}" + log_destination = aws_cloudwatch_log_group.flow_log_group.arn + iam_role_arn = aws_iam_role.flow_log_role.arn + vpc_id = aws_vpc.vpc.id + traffic_type = var.flow_log_traffic_type } + diff --git a/base/outputs.tf b/base/outputs.tf index eeb5798..2a07e58 100644 --- a/base/outputs.tf +++ b/base/outputs.tf @@ -1,21 +1,22 @@ # Output Variables output "flow_log_id" { - value = "${aws_flow_log.flow_log.id}" + value = aws_flow_log.flow_log.id } output "igw_id" { - value = "${aws_internet_gateway.igw.id}" + value = aws_internet_gateway.igw.id } output "rt_dmz_id" { - value = "${aws_route_table.rt_dmz.id}" + value = aws_route_table.rt_dmz.id } output "vpc_id" { - value = "${aws_vpc.vpc.id}" + value = aws_vpc.vpc.id } output "vpc_default_security_group_id" { - value = "${aws_vpc.vpc.default_security_group_id}" + value = aws_vpc.vpc.default_security_group_id } + diff --git a/base/variables.tf b/base/variables.tf index 0301dc7..aeb967a 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -2,76 +2,65 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_vpc_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the VPC level, if any" default = {} } ## VPC parameters variable "assign_generated_ipv6_cidr_block" { - type = "string" + type = string description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." default = "false" } -variable "enable_classiclink" { - type = "string" - description = "A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. Defaults false." - default = "" -} - -variable "enable_classiclink_dns_support" { - type = "string" - description = "A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - default = "false" -} - variable "enable_dns" { - type = "string" + type = string description = "A boolean flag to enable/disable DNS support in the VPC. Defaults true." default = "" } variable "enable_hostnames" { - type = "string" + type = string description = "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false." default = "" } variable "instance_tenancy" { - type = "string" + type = string description = "A tenancy option for instances launched into the VPC." default = "" } variable "vpc_cidr" { - type = "string" + type = string description = "The CIDR block for the VPC." default = "172.16.0.0/21" } ## Flow log parameters variable "flow_log_traffic_type" { - type = "string" + type = string description = "The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL" default = "ALL" } ## Routing parameters variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways for propagation." default = [] } + diff --git a/dhcp/main.tf b/dhcp/main.tf index 384ea94..cb91570 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -2,29 +2,30 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Provisions DHCP options resource "aws_vpc_dhcp_options" "dhcp" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == "true" ? "1" : "0" - domain_name = "${var.domain_name}" - domain_name_servers = ["${compact(var.name_servers)}"] - netbios_name_servers = ["${compact(var.netbios_name_servers)}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${compact(var.ntp_servers)}"] + domain_name = var.domain_name + domain_name_servers = compact(var.name_servers) + netbios_name_servers = compact(var.netbios_name_servers) + netbios_node_type = var.netbios_node_type + ntp_servers = compact(var.ntp_servers) - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dhcp" } } resource "aws_vpc_dhcp_options_association" "dns_resolver" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == "true" ? "1" : "0" - dhcp_options_id = "${aws_vpc_dhcp_options.dhcp.id}" - vpc_id = "${var.vpc_id}" + dhcp_options_id = aws_vpc_dhcp_options.dhcp[0].id + vpc_id = var.vpc_id } + diff --git a/dhcp/outputs.tf b/dhcp/outputs.tf index 76da62d..8f3be35 100644 --- a/dhcp/outputs.tf +++ b/dhcp/outputs.tf @@ -1,5 +1,6 @@ # Output variables output "dhcp_id" { - value = "${join(",",compact(aws_vpc_dhcp_options.dhcp.*.id))}" + value = join(",", compact(aws_vpc_dhcp_options.dhcp.*.id)) } + diff --git a/dhcp/variables.tf b/dhcp/variables.tf index e0e4d65..bdc87e9 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -2,54 +2,55 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } ## DHCP parameters variable "domain_name" { - type = "string" + type = string description = "The suffix domain name to use by default when resolving non Fully Qualified Domain Names" default = "" } variable "enable" { - type = "string" + type = string description = "Determine if resources should be added. Used if you want to include conditionally in a module." default = "true" } variable "name_servers" { - type = "list" + type = list(string) description = "List of name servers to configure in '/etc/resolv.conf'" default = ["AmazonProvidedDNS"] } variable "netbios_name_servers" { - type = "list" + type = list(string) description = "List of NETBIOS name servers" default = [] } variable "netbios_node_type" { - type = "string" + type = string description = "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network." default = "" } variable "ntp_servers" { - type = "list" + type = list(string) description = "List of NTP servers to configure" default = [] } + diff --git a/examples/basic/main.tf b/examples/basic/main.tf index b5f0368..4ff5a8d 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,11 +11,11 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_dns = "${var.enable_dns}" - enable_hostnames = "${var.enable_hostnames}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -24,10 +24,10 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures VPC Availabilty Zones @@ -36,14 +36,14 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned = "${var.azs_provisioned}" - enable_dmz_public_ips = "${var.enable_dmz_public_ips}" - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "${var.nat_eips_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + azs_provisioned = var.azs_provisioned + enable_dmz_public_ips = var.enable_dmz_public_ips + lans_per_az = var.lans_per_az + nat_eips_enabled = var.nat_eips_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures Virtual Private Gateway @@ -52,23 +52,24 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_attach = "${var.vpc_attach}" - vpc_id = "${module.vpc_base.vpc_id}" + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_attach = var.vpc_attach + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat" { - count = "${var.azs_provisioned * var.lans_per_az}" + count = var.azs_provisioned * var.lans_per_az destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } + diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index b5e0702..8d01a4f 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -1,17 +1,18 @@ # Output Variables output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } + diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 9aa7cbb..db5bcb5 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -2,61 +2,62 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC base parameters variable "enable_dns" { - type = "string" + type = string default = "" } variable "enable_hostnames" { - type = "string" + type = string default = "" } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } ## AZ parameters variable "azs_provisioned" { - type = "string" + type = string default = "" } variable "enable_dmz_public_ips" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" + type = string default = "1" } variable "nat_eips_enabled" { - type = "string" + type = string default = "" } ## VPG parameters variable "vpc_attach" { - type = "string" + type = string default = "" } + diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/basic/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b710805..8f8b710 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,12 +11,12 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_classiclink = "${var.enable_classiclink}" - enable_hostnames = "${var.enable_hostnames}" - instance_tenancy = "${var.instance_tenancy}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_classiclink = var.enable_classiclink + enable_hostnames = var.enable_hostnames + instance_tenancy = var.instance_tenancy + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -25,23 +25,31 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - name_servers = ["${var.name_servers}"] - netbios_name_servers = ["${var.netbios_name_servers}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${var.ntp_servers}"] - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + name_servers = [var.name_servers] + netbios_name_servers = [var.netbios_name_servers] + netbios_node_type = var.netbios_node_type + ntp_servers = [var.ntp_servers] + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures ACLs resource "aws_network_acl" "acl" { - vpc_id = "${module.vpc_base.vpc_id}" - subnet_ids = ["${concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids)}"] - - tags { - application = "${var.stack_item_fullname}" + vpc_id = module.vpc_base.vpc_id + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + subnet_ids = [concat(module.vpc_az.lan_ids, module.vpc_az.dmz_ids)] + + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-acl" } @@ -54,9 +62,9 @@ module "vpc_vpg" { source = "../../vpg" vpc_attach = "true" - vpc_id = "${module.vpc_base.vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + vpc_id = module.vpc_base.vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } module "vpc_az" { @@ -64,59 +72,70 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned_override = "${var.azs_provisioned_override}" + azs_provisioned_override = var.azs_provisioned_override - dmz_cidrs_override = ["${cidrsubnet(var.vpc_cidr,3,0)}", - "${cidrsubnet(var.vpc_cidr,3,1)}", - "${cidrsubnet(var.vpc_cidr,3,2)}", - "${cidrsubnet(var.vpc_cidr,3,3)}", + dmz_cidrs_override = [ + cidrsubnet(var.vpc_cidr, 3, 0), + cidrsubnet(var.vpc_cidr, 3, 1), + cidrsubnet(var.vpc_cidr, 3, 2), + cidrsubnet(var.vpc_cidr, 3, 3), ] - lan_cidrs_override = ["${cidrsubnet(var.vpc_cidr,4,8)}", - "${cidrsubnet(var.vpc_cidr,4,9)}", - "${cidrsubnet(var.vpc_cidr,4,10)}", - "${cidrsubnet(var.vpc_cidr,4,11)}", - "${cidrsubnet(var.vpc_cidr,4,12)}", - "${cidrsubnet(var.vpc_cidr,4,13)}", - "${cidrsubnet(var.vpc_cidr,4,14)}", - "${cidrsubnet(var.vpc_cidr,4,15)}", + lan_cidrs_override = [ + cidrsubnet(var.vpc_cidr, 4, 8), + cidrsubnet(var.vpc_cidr, 4, 9), + cidrsubnet(var.vpc_cidr, 4, 10), + cidrsubnet(var.vpc_cidr, 4, 11), + cidrsubnet(var.vpc_cidr, 4, 12), + cidrsubnet(var.vpc_cidr, 4, 13), + cidrsubnet(var.vpc_cidr, 4, 14), + cidrsubnet(var.vpc_cidr, 4, 15), ] - lans_per_az = "${var.lans_per_az}" + lans_per_az = var.lans_per_az nat_eips_enabled = "false" - nat_gateways_enabled = "${var.nat_gateways_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_label = "${var.stack_item_label}" - stack_item_fullname = "${var.stack_item_fullname}" - vgw_ids = ["${module.vpc_vpg.vpg_id}"] - vpc_id = "${module.vpc_base.vpc_id}" + nat_gateways_enabled = var.nat_gateways_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_label = var.stack_item_label + stack_item_fullname = var.stack_item_fullname + vgw_ids = [module.vpc_vpg.vpg_id] + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat-gw" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "1" : "0")}" + count = length(var.azs_provisioned_override) * length(var.lans_per_az) > 0 ? var.lans_per_az : "1" * signum(var.nat_gateways_enabled == "true" ? "1" : "0") destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + nat_gateway_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } resource "aws_route" "lan-to-nat" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "0" : "1")}" + count = length(var.azs_provisioned_override) * length(var.lans_per_az) > 0 ? var.lans_per_az : "1" * signum(var.nat_gateways_enabled == "true" ? "0" : "1") destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } resource "aws_vpc_endpoint" "s3-ep" { - route_table_ids = ["${module.vpc_az.rt_lan_ids}"] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + route_table_ids = [module.vpc_az.rt_lan_ids] service_name = "com.amazonaws.${var.region}.s3" - vpc_id = "${module.vpc_base.vpc_id}" + vpc_id = module.vpc_base.vpc_id } + diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 802e775..8ccda69 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,17 +1,18 @@ # Output variables output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } + diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index ce245c6..f7b84c7 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -2,74 +2,75 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC Parameters variable "azs_provisioned_override" { - type = "list" + type = list(string) default = ["a", "c", "d", "e"] } variable "enable_classiclink" { - type = "string" + type = string default = "" } variable "enable_hostnames" { - type = "string" + type = string default = "" } variable "instance_tenancy" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" + type = string default = "" } variable "nat_gateways_enabled" { - type = "string" + type = string default = "" } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } variable "name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_node_type" { - type = "string" + type = string default = "" } variable "ntp_servers" { - type = "list" + type = list(string) default = [] } + diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/peering/main.tf b/examples/peering/main.tf index 33feeb1..69f41e7 100644 --- a/examples/peering/main.tf +++ b/examples/peering/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures VPC peering connection @@ -14,27 +14,28 @@ module "vpc_peer" { accepter_allow_classic_link_to_remote = "false" accepter_allow_remote_dns = "true" accepter_allow_to_remote_classic_link = "true" - accepter_vpc_id = "${var.accepter_vpc_id}" + accepter_vpc_id = var.accepter_vpc_id requester_allow_classic_link_to_remote = "true" requester_allow_remote_dns = "false" requester_allow_to_remote_classic_link = "false" - requester_vpc_id = "${var.requester_vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + requester_vpc_id = var.requester_vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } resource "aws_route" "requester-to-accepter" { - count = "${length(var.requester_rt_lan_ids)}" + count = length(var.requester_rt_lan_ids) - destination_cidr_block = "${var.accepter_vpc_cidr}" - route_table_id = "${element(var.requester_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.accepter_vpc_cidr + route_table_id = element(var.requester_rt_lan_ids, count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } resource "aws_route" "accepter-to-requester" { - count = "${length(var.accepter_rt_lan_ids)}" + count = length(var.accepter_rt_lan_ids) - destination_cidr_block = "${var.requester_vpc_cidr}" - route_table_id = "${element(var.accepter_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.requester_vpc_cidr + route_table_id = element(var.accepter_rt_lan_ids, count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } + diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 226ae86..a10e449 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -2,46 +2,47 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering Parameters variable "accepter_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the peer VPC routing tables." } variable "accepter_vpc_cidr" { - type = "string" + type = string description = "The ID of the peer VPC." } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." } variable "region" { - type = "string" + type = string } variable "requester_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the requesting VPC routing tables." } variable "requester_vpc_cidr" { - type = "string" + type = string description = "The ID of the requester VPC." } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." } + diff --git a/examples/peering/versions.tf b/examples/peering/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/peering/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/peer/main.tf b/peer/main.tf index 82a978c..7c8d7dd 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -2,59 +2,52 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Provisions VPC peering resource "aws_vpc_peering_connection" "peer" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "0" : "1"}" + count = length(var.vpc_peering_connection_id) > 0 ? "0" : "1" - auto_accept = "${var.accepter_region != "" ? "false" : var.auto_accept}" - peer_owner_id = "${var.accepter_owner_id}" - peer_region = "${var.accepter_region}" - peer_vpc_id = "${var.accepter_vpc_id}" - vpc_id = "${var.requester_vpc_id}" + auto_accept = var.accepter_region != "" ? "false" : var.auto_accept + peer_owner_id = var.accepter_owner_id + peer_region = var.accepter_region + peer_vpc_id = var.accepter_vpc_id + vpc_id = var.requester_vpc_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } resource "aws_vpc_peering_connection_accepter" "peer_accept" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "1" : "0"}" + count = length(var.vpc_peering_connection_id) > 0 ? "1" : "0" - auto_accept = "${var.accepter_auto_accept}" - vpc_peering_connection_id = "${var.vpc_peering_connection_id}" + auto_accept = var.accepter_auto_accept + vpc_peering_connection_id = var.vpc_peering_connection_id accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } + diff --git a/peer/outputs.tf b/peer/outputs.tf index 73063fd..898dd95 100644 --- a/peer/outputs.tf +++ b/peer/outputs.tf @@ -1,5 +1,6 @@ # Outputs output "peer_connection_id" { - value = "${join(",",aws_vpc_peering_connection.peer.*.id)}" + value = join(",", aws_vpc_peering_connection.peer.*.id) } + diff --git a/peer/variables.tf b/peer/variables.tf index 8c4cd40..95f1544 100644 --- a/peer/variables.tf +++ b/peer/variables.tf @@ -2,90 +2,91 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering parameters variable "accepter_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "accepter_allow_remote_dns" { - type = "string" + type = string description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC." default = "false" } variable "accepter_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "accepter_auto_accept" { - type = "string" + type = string description = "Accept the peering (both VPCs need to be in the same AWS account)." default = "" } variable "accepter_owner_id" { - type = "string" + type = string description = "The AWS account ID of the owner of the peer VPC." default = "" } variable "accepter_region" { - type = "string" + type = string description = "The region of the accepter VPC of the VPC Peering Connection." default = "" } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." default = "" } variable "auto_accept" { - type = "string" + type = string description = "Accept the peering (both VPCs need to be in the same AWS account and region)." default = "true" } variable "requester_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "requester_allow_remote_dns" { - type = "string" + type = string description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC." default = "false" } variable "requester_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." default = "" } variable "vpc_peering_connection_id" { - type = "string" + type = string description = "The VPC Peering Connection ID to manage." default = "" } + diff --git a/vpg/main.tf b/vpg/main.tf index ce65823..db10a7f 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -2,23 +2,24 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Gateway configuration resource "aws_vpn_gateway" "vpg" { - availability_zone = "${var.availability_zone}" + availability_zone = var.availability_zone - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpg" } } resource "aws_vpn_gateway_attachment" "attach" { - count = "${length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0}" + count = length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0 - vpc_id = "${var.vpc_id}" - vpn_gateway_id = "${aws_vpn_gateway.vpg.id}" + vpc_id = var.vpc_id + vpn_gateway_id = aws_vpn_gateway.vpg.id } + diff --git a/vpg/outputs.tf b/vpg/outputs.tf index 08d18d3..2c7dcd8 100644 --- a/vpg/outputs.tf +++ b/vpg/outputs.tf @@ -2,5 +2,6 @@ ## Returns ID of the VPG output "vpg_id" { - value = "${aws_vpn_gateway.vpg.id}" + value = aws_vpn_gateway.vpg.id } + diff --git a/vpg/variables.tf b/vpg/variables.tf index ded9b15..5d6ace7 100644 --- a/vpg/variables.tf +++ b/vpg/variables.tf @@ -2,30 +2,31 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "availability_zone" { - type = "string" + type = string description = "The Availability Zone for the virtual private gateway." default = "" } variable "vpc_attach" { - type = "string" + type = string description = "Specifies whether the VPG should be associated with a VPC." default = "" } variable "vpc_id" { - type = "string" + type = string description = "The VPC ID to create in." default = "" } +