From 8bfd7d595b48d6d54bb1c97696fcee8bbeefebd8 Mon Sep 17 00:00:00 2001 From: Cristobal Villarroel Date: Thu, 22 Jul 2021 08:26:44 -0700 Subject: [PATCH 01/10] Allow subnet specific tags This commit allows the use of tags that are specific to the dmz and tags that are specific to the lan. --- az/main.tf | 4 ++-- az/variables.tf | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/az/main.tf b/az/main.tf index 93a1ed3..2378783 100644 --- a/az/main.tf +++ b/az/main.tf @@ -67,7 +67,7 @@ resource "aws_subnet" "dmz" { map_public_ip_on_launch = "${var.enable_dmz_public_ips}" vpc_id = "${var.vpc_id}" - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" + tags = "${merge(local.default_subnet_tags, var.additional_dmz_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" } ### Associates subnet with routing table @@ -188,7 +188,7 @@ resource "aws_subnet" "lan" { cidr_block = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" vpc_id = "${var.vpc_id}" - tags = "${merge(local.default_subnet_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" + tags = "${merge(local.default_subnet_tags, var.additional_lan_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" } ### Provisions routing table diff --git a/az/variables.tf b/az/variables.tf index 967a4ad..8ad20ef 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -13,6 +13,18 @@ variable "stack_item_label" { default = "qckstrt" } +variable "additional_dmz_tags" { + type = "map" + description = "Additional tags to apply at the dmz subnet level, if any" + default = {} +} + +variable "additional_lan_tags" { + type = "map" + description = "Additional tags to apply at the lan subnet level, if any" + default = {} +} + variable "additional_subnet_tags" { type = "map" description = "Additional tags to apply at the subnet level, if any" From 15efed4da7bf41573dd258e320848f49ea1f44fc Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 14:43:53 -0500 Subject: [PATCH 02/10] Upgrade az module to tf12 --- az/main.tf | 155 ++++++++++++++++++++++++++++++------------------ az/outputs.tf | 17 +++--- az/variables.tf | 43 +++++++------- 3 files changed, 127 insertions(+), 88 deletions(-) diff --git a/az/main.tf b/az/main.tf index 2378783..cec2539 100644 --- a/az/main.tf +++ b/az/main.tf @@ -2,48 +2,50 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Variables -data "aws_region" "current" {} +data "aws_region" "current" { +} -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { +} locals { # Calculates the number of AZs to be provisioned based on various possible inputs - azs_provisioned_count = "${local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned}" + azs_provisioned_count = local.azs_provisioned_override_enabled == "true" ? length(var.azs_provisioned_override) : var.azs_provisioned # Check to see if availability zones are being overridden. Some AWS regions do not support VPC in all AZs and it can vary by account. - azs_provisioned_override_enabled = "${length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false"}" + azs_provisioned_override_enabled = length(var.azs_provisioned_override) > 0 && var.azs_provisioned_override[0] != "non_empty_list" ? "true" : "false" # Check to see if DMZ CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - dmz_cidrs_override_enabled = "${length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + dmz_cidrs_override_enabled = length(var.dmz_cidrs_override) > 0 && var.dmz_cidrs_override[0] != "non_empty_list" ? "true" : "false" # Check to see if elastic IPs are to be provisioned. NAT gateways require EIPs. - eips_enabled_check = "${var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0}" + eips_enabled_check = var.nat_eips_enabled == "true" || var.nat_gateways_enabled == "true" ? 1 : 0 # Check to see if private LAN subnets are to be provisioned. - lans_enabled_check = "${local.lans_per_az_checked > 0 ? 1 : 0}" + lans_enabled_check = local.lans_per_az_checked > 0 ? 1 : 0 # Check to see if LAN CIDRs are being overridden. An empty list causes problems in some of the downstream formualtion. - lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}" + lan_cidrs_override_enabled = length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false" # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ. - lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}" + lans_multiplier = local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1 # Handles scenario where an emptry string is passed in for lans_per_az - lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}" + lans_per_az_checked = var.lans_per_az != "" ? var.lans_per_az : "1" # Check to see if NAT gateways are to be provisioned - nat_gateways_enabled_check = "${var.nat_gateways_enabled == "true" ? 1 : 0}" + nat_gateways_enabled_check = var.nat_gateways_enabled == "true" ? 1 : 0 # Check to see if NAT gateways are NOT to be provisioned - nat_gateways_not_enabled_check = "${var.nat_gateways_enabled != "true" ? 1 : 0}" + nat_gateways_not_enabled_check = var.nat_gateways_enabled != "true" ? 1 : 0 # default subnet tags default_subnet_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" } } @@ -53,29 +55,40 @@ locals { ### Provisions subnets data "aws_vpc" "base" { - id = "${var.vpc_id}" + id = var.vpc_id } resource "aws_subnet" "dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : element(data.aws_availability_zones.available.names, count.index) # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count),count.index)}" - map_public_ip_on_launch = "${var.enable_dmz_public_ips}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(local.default_subnet_tags, var.additional_dmz_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-dmz-${count.index}"))}" + cidr_block = local.dmz_cidrs_override_enabled == "true" ? element(var.dmz_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count], + count.index, + ) + map_public_ip_on_launch = var.enable_dmz_public_ips + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_dmz_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-dmz-${count.index}" + }, + ) } ### Associates subnet with routing table resource "aws_route_table_association" "rta_dmz" { - count = "${local.azs_provisioned_count}" + count = local.azs_provisioned_count - route_table_id = "${var.rt_dmz_id}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + route_table_id = var.rt_dmz_id + subnet_id = element(aws_subnet.dmz.*.id, count.index) } ### Provisions NATs @@ -106,42 +119,42 @@ data "aws_ami" "nat_ami" { } resource "aws_eip" "eip_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check vpc = true } resource "aws_eip_association" "eip_nat_assoc" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.eips_enabled_check * local.nat_gateways_not_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - instance_id = "${element(aws_instance.nat.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id, count.index) + instance_id = element(aws_instance.nat.*.id, count.index) } resource "aws_instance" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check - ami = "${coalesce(var.nat_ami_override,data.aws_ami.nat_ami.id)}" + ami = coalesce(var.nat_ami_override, data.aws_ami.nat_ami.id) associate_public_ip_address = true - instance_type = "${var.nat_instance_type}" - key_name = "${var.nat_key_name}" + instance_type = var.nat_instance_type + key_name = var.nat_key_name source_dest_check = false - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" - vpc_security_group_ids = ["${element(aws_security_group.sg_nat.*.id,count.index)}"] + subnet_id = element(aws_subnet.dmz.*.id, count.index) + vpc_security_group_ids = [element(aws_security_group.sg_nat.*.id, count.index)] - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_security_group" "sg_nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_not_enabled_check description = "${var.stack_item_fullname} NAT security group" name_prefix = "${var.stack_item_label}-nat-" - vpc_id = "${var.vpc_id}" + vpc_id = var.vpc_id egress { cidr_blocks = ["0.0.0.0/0"] @@ -152,25 +165,37 @@ resource "aws_security_group" "sg_nat" { } ingress { - cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + cidr_blocks = [local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.lans_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + )] description = "Ingress from ${var.stack_item_label}-lan-${count.index}" from_port = 0 protocol = "-1" to_port = 0 } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-nat-${count.index}" } } resource "aws_nat_gateway" "nat" { - count = "${local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check}" + count = local.azs_provisioned_count * local.lans_enabled_check * local.nat_gateways_enabled_check - allocation_id = "${element(aws_eip.eip_nat.*.id,count.index)}" - subnet_id = "${element(aws_subnet.dmz.*.id,count.index)}" + allocation_id = element(aws_eip.eip_nat.*.id, count.index) + subnet_id = element(aws_subnet.dmz.*.id, count.index) } ### @@ -179,27 +204,38 @@ resource "aws_nat_gateway" "nat" { ### Provisions subnet resource "aws_subnet" "lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier # Selects the first N number of AZs available for VPC use in the given region, where N is the requested number of AZs to provision. This order can be overidden by passing in an explicit list of AZ letters to be used. - availability_zone = "${local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override,count.index)}" : element(data.aws_availability_zones.available.names,count.index)}" + availability_zone = local.azs_provisioned_override_enabled == "true" ? "${data.aws_region.current.name}${element(var.azs_provisioned_override, count.index)}" : element(data.aws_availability_zones.available.names, count.index) # Provisions N number of evenly allocated address spaces from the overall VPC CIDR block, where N is the requested number of AZs to provision multiplied by the number of LAN subnets to provision per AZ. Address space per subnet can be overidden by passing in an explicit list of CIDRs to be used. - cidr_block = "${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}" - vpc_id = "${var.vpc_id}" - - tags = "${merge(local.default_subnet_tags, var.additional_lan_tags, var.additional_subnet_tags, map("Name", "${var.stack_item_label}-lan-${count.index}"))}" + cidr_block = local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override, count.index) : cidrsubnet( + data.aws_vpc.base.cidr_block, + var.az_cidrsubnet_newbits[local.azs_provisioned_count * local.lans_multiplier], + count.index + var.az_cidrsubnet_offset[local.azs_provisioned_count], + ) + vpc_id = var.vpc_id + + tags = merge( + local.default_subnet_tags, + var.additional_lan_tags, + var.additional_subnet_tags, + { + "Name" = "${var.stack_item_label}-lan-${count.index}" + }, + ) } ### Provisions routing table resource "aws_route_table" "rt_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${var.vpc_id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = var.vpc_id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-lan-${count.index}" } @@ -207,8 +243,9 @@ resource "aws_route_table" "rt_lan" { ### Associates subnet with routing table resource "aws_route_table_association" "rta_lan" { - count = "${local.azs_provisioned_count * local.lans_multiplier}" + count = local.azs_provisioned_count * local.lans_multiplier - route_table_id = "${element(aws_route_table.rt_lan.*.id,count.index)}" - subnet_id = "${element(aws_subnet.lan.*.id,count.index)}" + route_table_id = element(aws_route_table.rt_lan.*.id, count.index) + subnet_id = element(aws_subnet.lan.*.id, count.index) } + diff --git a/az/outputs.tf b/az/outputs.tf index ad000ce..f169fcd 100644 --- a/az/outputs.tf +++ b/az/outputs.tf @@ -2,36 +2,37 @@ ## Returns Subnet IDs output "dmz_ids" { - value = ["${aws_subnet.dmz.*.id}"] + value = [aws_subnet.dmz.*.id] } output "lan_ids" { - value = ["${aws_subnet.lan.*.id}"] + value = [aws_subnet.lan.*.id] } ## Returns Subnet CIDR blocks output "dmz_cidrs" { - value = ["${aws_subnet.dmz.*.cidr_block}"] + value = [aws_subnet.dmz.*.cidr_block] } output "lan_cidrs" { - value = ["${aws_subnet.lan.*.cidr_block}"] + value = [aws_subnet.lan.*.cidr_block] } ## Returns information about the NATs output "eip_nat_ids" { - value = ["${aws_eip.eip_nat.*.id}"] + value = [aws_eip.eip_nat.*.id] } output "eip_nat_ips" { - value = ["${aws_eip.eip_nat.*.public_ip}"] + value = [aws_eip.eip_nat.*.public_ip] } output "nat_ids" { - value = ["${compact(concat(aws_instance.nat.*.id,aws_nat_gateway.nat.*.id))}"] + value = [compact(concat(aws_instance.nat.*.id, aws_nat_gateway.nat.*.id))] } ## Returns the routing table ID output "rt_lan_ids" { - value = ["${aws_route_table.rt_lan.*.id}"] + value = [aws_route_table.rt_lan.*.id] } + diff --git a/az/variables.tf b/az/variables.tf index 8ad20ef..a83a546 100644 --- a/az/variables.tf +++ b/az/variables.tf @@ -2,38 +2,38 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_dmz_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the dmz subnet level, if any" default = {} } variable "additional_lan_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the lan subnet level, if any" default = {} } variable "additional_subnet_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the subnet level, if any" default = {} } ## VPC parameters variable "az_cidrsubnet_newbits" { - type = "map" + type = map(string) description = "The number of bits by which to extend the CIDR range for the given number of AZs." default = { @@ -47,7 +47,7 @@ variable "az_cidrsubnet_newbits" { } variable "az_cidrsubnet_offset" { - type = "map" + type = map(string) description = "The number of AZs to provision for." default = { @@ -59,83 +59,84 @@ variable "az_cidrsubnet_offset" { } variable "azs_provisioned" { - type = "string" + type = string description = "The number of availability zones to be provisioned." default = "2" } variable "azs_provisioned_override" { - type = "list" + type = list(string) description = "List of availability zones to be provisioned." default = ["non_empty_list"] } variable "dmz_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the DMZ subnet(s) to cover." default = ["non_empty_list"] } variable "enable_dmz_public_ips" { - type = "string" + type = string description = "Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address. Default is false." default = "" } variable "lan_cidrs_override" { - type = "list" + type = list(string) description = "The CIDR block(s) you want the LAN subnet(s) to cover." default = ["non_empty_list"] } variable "lans_per_az" { - type = "string" + type = string description = "The number of private LAN subnets to be provisioned per AZ" default = "1" } variable "nat_ami_override" { - type = "string" + type = string description = "Custom NAT Amazon machine image" default = "" } variable "nat_eips_enabled" { - type = "string" + type = string description = "Flag for specifying allocation of Elastic IPs to NATs for the purposes of whitelisting. This value is overriden to 'true' when utilizing NAT gateways." default = "false" } variable "nat_gateways_enabled" { - type = "string" + type = string description = "Flag for specifying utilization of managed NAT gateways over EC2 based NAT instances." default = "false" } variable "nat_instance_type" { - type = "string" + type = string description = "NAT EC2 instance type" default = "t2.nano" } variable "nat_key_name" { - type = "string" + type = string description = "NAT EC2 key pair name" default = "" } variable "rt_dmz_id" { - type = "string" + type = string description = "The ID of the DMZ routing table" } variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways to associate with the routing tables for route propagation." default = [] } variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } + From c17bd19b79bc93a8cfa454c7b330dabfbc9de485 Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:10:55 -0500 Subject: [PATCH 03/10] Remove unsupported args The args "enable_classiclink" and "enable_classiclink_dns_support" are no longer supported for resource type "aws_vpc" on later AWS provider version. Since a later AWS provider version is required to make this module compatible with tf12, the unsupported args will be removed. --- base/main.tf | 2 -- base/variables.tf | 12 ------------ 2 files changed, 14 deletions(-) diff --git a/base/main.tf b/base/main.tf index f8f3b9c..dc1d960 100644 --- a/base/main.tf +++ b/base/main.tf @@ -22,8 +22,6 @@ resource "aws_vpc" "vpc" { instance_tenancy = "${local.default_instance_tenancy}" enable_dns_support = "${var.enable_dns}" enable_dns_hostnames = "${var.enable_hostnames}" - enable_classiclink = "${var.enable_classiclink}" - enable_classiclink_dns_support = "${var.enable_classiclink_dns_support}" assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" tags = "${merge(local.default_vpc_tags, var.additional_vpc_tags)}" diff --git a/base/variables.tf b/base/variables.tf index 0301dc7..7692949 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -26,18 +26,6 @@ variable "assign_generated_ipv6_cidr_block" { default = "false" } -variable "enable_classiclink" { - type = "string" - description = "A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. Defaults false." - default = "" -} - -variable "enable_classiclink_dns_support" { - type = "string" - description = "A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic." - default = "false" -} - variable "enable_dns" { type = "string" description = "A boolean flag to enable/disable DNS support in the VPC. Defaults true." From ee99297c0d928532e58a9cdd78d91e931acd7509 Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:14:39 -0500 Subject: [PATCH 04/10] Upgrade module base to tf12 --- base/main.tf | 49 ++++++++++++++++++++++++----------------------- base/outputs.tf | 11 ++++++----- base/variables.tf | 21 ++++++++++---------- 3 files changed, 42 insertions(+), 39 deletions(-) diff --git a/base/main.tf b/base/main.tf index dc1d960..0c5fa15 100644 --- a/base/main.tf +++ b/base/main.tf @@ -2,15 +2,15 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Set default instance tennancy if not provided locals { - default_instance_tenancy = "${length(var.instance_tenancy) >= 1 ? "${var.instance_tenancy}" : "default"}" + default_instance_tenancy = length(var.instance_tenancy) >= 1 ? var.instance_tenancy : "default" default_vpc_tags = { - application = "${var.stack_item_fullname}" + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpc" } @@ -18,21 +18,21 @@ locals { ## Provisions Virtual Private Cloud (VPC) resource "aws_vpc" "vpc" { - cidr_block = "${var.vpc_cidr}" - instance_tenancy = "${local.default_instance_tenancy}" - enable_dns_support = "${var.enable_dns}" - enable_dns_hostnames = "${var.enable_hostnames}" - assign_generated_ipv6_cidr_block = "${var.assign_generated_ipv6_cidr_block}" + cidr_block = var.vpc_cidr + instance_tenancy = local.default_instance_tenancy + enable_dns_support = var.enable_dns + enable_dns_hostnames = var.enable_hostnames + assign_generated_ipv6_cidr_block = var.assign_generated_ipv6_cidr_block - tags = "${merge(local.default_vpc_tags, var.additional_vpc_tags)}" + tags = merge(local.default_vpc_tags, var.additional_vpc_tags) } ## Provisions Internet gateways resource "aws_internet_gateway" "igw" { - vpc_id = "${aws_vpc.vpc.id}" + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-igw" } @@ -40,11 +40,11 @@ resource "aws_internet_gateway" "igw" { ## Provisions DMZ routing table resource "aws_route_table" "rt_dmz" { - propagating_vgws = ["${compact(var.vgw_ids)}"] - vpc_id = "${aws_vpc.vpc.id}" + propagating_vgws = compact(var.vgw_ids) + vpc_id = aws_vpc.vpc.id - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dmz" } @@ -67,7 +67,7 @@ data "aws_iam_policy_document" "flow_log_role" { } resource "aws_iam_role" "flow_log_role" { - assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}" + assume_role_policy = data.aws_iam_policy_document.flow_log_role.json name_prefix = "${var.stack_item_label}-vpc-logs-" } @@ -81,19 +81,20 @@ data "aws_iam_policy_document" "flow_log_policy" { "logs:DescribeLogStreams", ] - resources = ["${aws_cloudwatch_log_group.flow_log_group.arn}"] + resources = [aws_cloudwatch_log_group.flow_log_group.arn] } } resource "aws_iam_role_policy" "flow_log_role_policies" { name = "logs" - policy = "${data.aws_iam_policy_document.flow_log_policy.json}" - role = "${aws_iam_role.flow_log_role.id}" + policy = data.aws_iam_policy_document.flow_log_policy.json + role = aws_iam_role.flow_log_role.id } resource "aws_flow_log" "flow_log" { - log_destination = "${aws_cloudwatch_log_group.flow_log_group.arn}" - iam_role_arn = "${aws_iam_role.flow_log_role.arn}" - vpc_id = "${aws_vpc.vpc.id}" - traffic_type = "${var.flow_log_traffic_type}" + log_destination = aws_cloudwatch_log_group.flow_log_group.arn + iam_role_arn = aws_iam_role.flow_log_role.arn + vpc_id = aws_vpc.vpc.id + traffic_type = var.flow_log_traffic_type } + diff --git a/base/outputs.tf b/base/outputs.tf index eeb5798..2a07e58 100644 --- a/base/outputs.tf +++ b/base/outputs.tf @@ -1,21 +1,22 @@ # Output Variables output "flow_log_id" { - value = "${aws_flow_log.flow_log.id}" + value = aws_flow_log.flow_log.id } output "igw_id" { - value = "${aws_internet_gateway.igw.id}" + value = aws_internet_gateway.igw.id } output "rt_dmz_id" { - value = "${aws_route_table.rt_dmz.id}" + value = aws_route_table.rt_dmz.id } output "vpc_id" { - value = "${aws_vpc.vpc.id}" + value = aws_vpc.vpc.id } output "vpc_default_security_group_id" { - value = "${aws_vpc.vpc.default_security_group_id}" + value = aws_vpc.vpc.default_security_group_id } + diff --git a/base/variables.tf b/base/variables.tf index 7692949..aeb967a 100644 --- a/base/variables.tf +++ b/base/variables.tf @@ -2,64 +2,65 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." default = "VPC Quick Start" } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." default = "qckstrt" } variable "additional_vpc_tags" { - type = "map" + type = map(string) description = "Additional tags to apply at the VPC level, if any" default = {} } ## VPC parameters variable "assign_generated_ipv6_cidr_block" { - type = "string" + type = string description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block." default = "false" } variable "enable_dns" { - type = "string" + type = string description = "A boolean flag to enable/disable DNS support in the VPC. Defaults true." default = "" } variable "enable_hostnames" { - type = "string" + type = string description = "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false." default = "" } variable "instance_tenancy" { - type = "string" + type = string description = "A tenancy option for instances launched into the VPC." default = "" } variable "vpc_cidr" { - type = "string" + type = string description = "The CIDR block for the VPC." default = "172.16.0.0/21" } ## Flow log parameters variable "flow_log_traffic_type" { - type = "string" + type = string description = "The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL" default = "ALL" } ## Routing parameters variable "vgw_ids" { - type = "list" + type = list(string) description = "A list of virtual gateways for propagation." default = [] } + From 479351ae59237cfecb2dd441f8a6d379788ba73b Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:15:51 -0500 Subject: [PATCH 05/10] Upgrade module dhcp to tf12 --- dhcp/main.tf | 25 +++++++++++++------------ dhcp/outputs.tf | 3 ++- dhcp/variables.tf | 19 ++++++++++--------- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/dhcp/main.tf b/dhcp/main.tf index 384ea94..cb91570 100644 --- a/dhcp/main.tf +++ b/dhcp/main.tf @@ -2,29 +2,30 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Provisions DHCP options resource "aws_vpc_dhcp_options" "dhcp" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == "true" ? "1" : "0" - domain_name = "${var.domain_name}" - domain_name_servers = ["${compact(var.name_servers)}"] - netbios_name_servers = ["${compact(var.netbios_name_servers)}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${compact(var.ntp_servers)}"] + domain_name = var.domain_name + domain_name_servers = compact(var.name_servers) + netbios_name_servers = compact(var.netbios_name_servers) + netbios_node_type = var.netbios_node_type + ntp_servers = compact(var.ntp_servers) - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-dhcp" } } resource "aws_vpc_dhcp_options_association" "dns_resolver" { - count = "${var.enable == "true" ? "1" : "0"}" + count = var.enable == "true" ? "1" : "0" - dhcp_options_id = "${aws_vpc_dhcp_options.dhcp.id}" - vpc_id = "${var.vpc_id}" + dhcp_options_id = aws_vpc_dhcp_options.dhcp[0].id + vpc_id = var.vpc_id } + diff --git a/dhcp/outputs.tf b/dhcp/outputs.tf index 76da62d..8f3be35 100644 --- a/dhcp/outputs.tf +++ b/dhcp/outputs.tf @@ -1,5 +1,6 @@ # Output variables output "dhcp_id" { - value = "${join(",",compact(aws_vpc_dhcp_options.dhcp.*.id))}" + value = join(",", compact(aws_vpc_dhcp_options.dhcp.*.id)) } + diff --git a/dhcp/variables.tf b/dhcp/variables.tf index e0e4d65..bdc87e9 100644 --- a/dhcp/variables.tf +++ b/dhcp/variables.tf @@ -2,54 +2,55 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "vpc_id" { - type = "string" + type = string description = "The ID of the VPC" } ## DHCP parameters variable "domain_name" { - type = "string" + type = string description = "The suffix domain name to use by default when resolving non Fully Qualified Domain Names" default = "" } variable "enable" { - type = "string" + type = string description = "Determine if resources should be added. Used if you want to include conditionally in a module." default = "true" } variable "name_servers" { - type = "list" + type = list(string) description = "List of name servers to configure in '/etc/resolv.conf'" default = ["AmazonProvidedDNS"] } variable "netbios_name_servers" { - type = "list" + type = list(string) description = "List of NETBIOS name servers" default = [] } variable "netbios_node_type" { - type = "string" + type = string description = "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network." default = "" } variable "ntp_servers" { - type = "list" + type = list(string) description = "List of NTP servers to configure" default = [] } + From 682891d9a272360b724d38dedfb4159a803272e1 Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:21:34 -0500 Subject: [PATCH 06/10] The args "allow_vpc_to_remote_classic_link" and "allow_classic_link_to_remote_vpc" are no longer supported for resource type "aws_vpc_peering_connection_options" on later AWS provider versions. Since a later AWS provider version is required to make this module compatible with tf12, the unsupported args will be removed. --- peer/main.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/peer/main.tf b/peer/main.tf index 82a978c..b6e2bb3 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -16,15 +16,11 @@ resource "aws_vpc_peering_connection" "peer" { vpc_id = "${var.requester_vpc_id}" accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" } tags { @@ -41,15 +37,11 @@ resource "aws_vpc_peering_connection_accepter" "peer_accept" { vpc_peering_connection_id = "${var.vpc_peering_connection_id}" accepter { - allow_classic_link_to_remote_vpc = "${var.accepter_allow_classic_link_to_remote}" allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.accepter_allow_to_remote_classic_link}" } requester { - allow_classic_link_to_remote_vpc = "${var.requester_allow_classic_link_to_remote}" allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" - allow_vpc_to_remote_classic_link = "${var.requester_allow_to_remote_classic_link}" } tags { From e5b14b34889191c540f64cb822b33e34e403217d Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:23:34 -0500 Subject: [PATCH 07/10] Upgrade module peer to tf12 --- peer/main.tf | 37 +++++++++++++++++++------------------ peer/outputs.tf | 3 ++- peer/variables.tf | 31 ++++++++++++++++--------------- 3 files changed, 37 insertions(+), 34 deletions(-) diff --git a/peer/main.tf b/peer/main.tf index b6e2bb3..7c8d7dd 100644 --- a/peer/main.tf +++ b/peer/main.tf @@ -2,51 +2,52 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Provisions VPC peering resource "aws_vpc_peering_connection" "peer" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "0" : "1"}" + count = length(var.vpc_peering_connection_id) > 0 ? "0" : "1" - auto_accept = "${var.accepter_region != "" ? "false" : var.auto_accept}" - peer_owner_id = "${var.accepter_owner_id}" - peer_region = "${var.accepter_region}" - peer_vpc_id = "${var.accepter_vpc_id}" - vpc_id = "${var.requester_vpc_id}" + auto_accept = var.accepter_region != "" ? "false" : var.auto_accept + peer_owner_id = var.accepter_owner_id + peer_region = var.accepter_region + peer_vpc_id = var.accepter_vpc_id + vpc_id = var.requester_vpc_id accepter { - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns } requester { - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } resource "aws_vpc_peering_connection_accepter" "peer_accept" { - count = "${length(var.vpc_peering_connection_id) > 0 ? "1" : "0"}" + count = length(var.vpc_peering_connection_id) > 0 ? "1" : "0" - auto_accept = "${var.accepter_auto_accept}" - vpc_peering_connection_id = "${var.vpc_peering_connection_id}" + auto_accept = var.accepter_auto_accept + vpc_peering_connection_id = var.vpc_peering_connection_id accepter { - allow_remote_vpc_dns_resolution = "${var.accepter_allow_remote_dns}" + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_dns } requester { - allow_remote_vpc_dns_resolution = "${var.requester_allow_remote_dns}" + allow_remote_vpc_dns_resolution = var.requester_allow_remote_dns } - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-peer" } } + diff --git a/peer/outputs.tf b/peer/outputs.tf index 73063fd..898dd95 100644 --- a/peer/outputs.tf +++ b/peer/outputs.tf @@ -1,5 +1,6 @@ # Outputs output "peer_connection_id" { - value = "${join(",",aws_vpc_peering_connection.peer.*.id)}" + value = join(",", aws_vpc_peering_connection.peer.*.id) } + diff --git a/peer/variables.tf b/peer/variables.tf index 8c4cd40..95f1544 100644 --- a/peer/variables.tf +++ b/peer/variables.tf @@ -2,90 +2,91 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering parameters variable "accepter_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "accepter_allow_remote_dns" { - type = "string" + type = string description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC." default = "false" } variable "accepter_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "accepter_auto_accept" { - type = "string" + type = string description = "Accept the peering (both VPCs need to be in the same AWS account)." default = "" } variable "accepter_owner_id" { - type = "string" + type = string description = "The AWS account ID of the owner of the peer VPC." default = "" } variable "accepter_region" { - type = "string" + type = string description = "The region of the accepter VPC of the VPC Peering Connection." default = "" } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." default = "" } variable "auto_accept" { - type = "string" + type = string description = "Accept the peering (both VPCs need to be in the same AWS account and region)." default = "true" } variable "requester_allow_classic_link_to_remote" { - type = "string" + type = string description = "Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC." default = "" } variable "requester_allow_remote_dns" { - type = "string" + type = string description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC." default = "false" } variable "requester_allow_to_remote_classic_link" { - type = "string" + type = string description = "Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection." default = "" } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." default = "" } variable "vpc_peering_connection_id" { - type = "string" + type = string description = "The VPC Peering Connection ID to manage." default = "" } + From f4203464d210d79c8453432e2fe9767870223442 Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:26:02 -0500 Subject: [PATCH 08/10] Upgrade module vpg to tf12 --- vpg/main.tf | 15 ++++++++------- vpg/outputs.tf | 3 ++- vpg/variables.tf | 11 ++++++----- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/vpg/main.tf b/vpg/main.tf index ce65823..db10a7f 100644 --- a/vpg/main.tf +++ b/vpg/main.tf @@ -2,23 +2,24 @@ ## Set Terraform version constraint terraform { - required_version = "> 0.11.0" + required_version = ">= 0.12" } ## Gateway configuration resource "aws_vpn_gateway" "vpg" { - availability_zone = "${var.availability_zone}" + availability_zone = var.availability_zone - tags { - application = "${var.stack_item_fullname}" + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-vpg" } } resource "aws_vpn_gateway_attachment" "attach" { - count = "${length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0}" + count = length(var.vpc_attach) > 0 && var.vpc_attach == "true" ? 1 : 0 - vpc_id = "${var.vpc_id}" - vpn_gateway_id = "${aws_vpn_gateway.vpg.id}" + vpc_id = var.vpc_id + vpn_gateway_id = aws_vpn_gateway.vpg.id } + diff --git a/vpg/outputs.tf b/vpg/outputs.tf index 08d18d3..2c7dcd8 100644 --- a/vpg/outputs.tf +++ b/vpg/outputs.tf @@ -2,5 +2,6 @@ ## Returns ID of the VPG output "vpg_id" { - value = "${aws_vpn_gateway.vpg.id}" + value = aws_vpn_gateway.vpg.id } + diff --git a/vpg/variables.tf b/vpg/variables.tf index ded9b15..5d6ace7 100644 --- a/vpg/variables.tf +++ b/vpg/variables.tf @@ -2,30 +2,31 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## VPC parameters variable "availability_zone" { - type = "string" + type = string description = "The Availability Zone for the virtual private gateway." default = "" } variable "vpc_attach" { - type = "string" + type = string description = "Specifies whether the VPG should be associated with a VPC." default = "" } variable "vpc_id" { - type = "string" + type = string description = "The VPC ID to create in." default = "" } + From 51e4e0fa383002de266a24fc4f9f67ecf273fc85 Mon Sep 17 00:00:00 2001 From: Jourdan West Date: Wed, 9 Aug 2023 15:28:10 -0500 Subject: [PATCH 09/10] Upgrade module examples to tf12 --- examples/basic/main.tf | 55 ++++++++------- examples/basic/outputs.tf | 9 +-- examples/basic/variables.tf | 25 +++---- examples/basic/versions.tf | 4 ++ examples/complete/main.tf | 125 +++++++++++++++++++-------------- examples/complete/outputs.tf | 9 +-- examples/complete/variables.tf | 31 ++++---- examples/complete/versions.tf | 4 ++ examples/peering/main.tf | 27 +++---- examples/peering/variables.tf | 19 ++--- examples/peering/versions.tf | 4 ++ 11 files changed, 175 insertions(+), 137 deletions(-) create mode 100644 examples/basic/versions.tf create mode 100644 examples/complete/versions.tf create mode 100644 examples/peering/versions.tf diff --git a/examples/basic/main.tf b/examples/basic/main.tf index b5f0368..4ff5a8d 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,11 +11,11 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_dns = "${var.enable_dns}" - enable_hostnames = "${var.enable_hostnames}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_dns = var.enable_dns + enable_hostnames = var.enable_hostnames + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -24,10 +24,10 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures VPC Availabilty Zones @@ -36,14 +36,14 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned = "${var.azs_provisioned}" - enable_dmz_public_ips = "${var.enable_dmz_public_ips}" - lans_per_az = "${var.lans_per_az}" - nat_eips_enabled = "${var.nat_eips_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + azs_provisioned = var.azs_provisioned + enable_dmz_public_ips = var.enable_dmz_public_ips + lans_per_az = var.lans_per_az + nat_eips_enabled = var.nat_eips_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures Virtual Private Gateway @@ -52,23 +52,24 @@ module "vpc_vpg" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg" source = "../../vpg" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_attach = "${var.vpc_attach}" - vpc_id = "${module.vpc_base.vpc_id}" + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_attach = var.vpc_attach + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat" { - count = "${var.azs_provisioned * var.lans_per_az}" + count = var.azs_provisioned * var.lans_per_az destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } + diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf index b5e0702..8d01a4f 100644 --- a/examples/basic/outputs.tf +++ b/examples/basic/outputs.tf @@ -1,17 +1,18 @@ # Output Variables output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } + diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf index 9aa7cbb..db5bcb5 100644 --- a/examples/basic/variables.tf +++ b/examples/basic/variables.tf @@ -2,61 +2,62 @@ ## Resource tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC base parameters variable "enable_dns" { - type = "string" + type = string default = "" } variable "enable_hostnames" { - type = "string" + type = string default = "" } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } ## AZ parameters variable "azs_provisioned" { - type = "string" + type = string default = "" } variable "enable_dmz_public_ips" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" + type = string default = "1" } variable "nat_eips_enabled" { - type = "string" + type = string default = "" } ## VPG parameters variable "vpc_attach" { - type = "string" + type = string default = "" } + diff --git a/examples/basic/versions.tf b/examples/basic/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/basic/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/complete/main.tf b/examples/complete/main.tf index b710805..8f8b710 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures base VPC @@ -11,12 +11,12 @@ module "vpc_base" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//base" source = "../../base" - enable_classiclink = "${var.enable_classiclink}" - enable_hostnames = "${var.enable_hostnames}" - instance_tenancy = "${var.instance_tenancy}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_cidr = "${var.vpc_cidr}" + enable_classiclink = var.enable_classiclink + enable_hostnames = var.enable_hostnames + instance_tenancy = var.instance_tenancy + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_cidr = var.vpc_cidr } ## Configures DHCP @@ -25,23 +25,31 @@ module "vpc_dhcp" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//dhcp" source = "../../dhcp" - domain_name = "${var.domain_name}" - name_servers = ["${var.name_servers}"] - netbios_name_servers = ["${var.netbios_name_servers}"] - netbios_node_type = "${var.netbios_node_type}" - ntp_servers = ["${var.ntp_servers}"] - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" - vpc_id = "${module.vpc_base.vpc_id}" + domain_name = var.domain_name + name_servers = [var.name_servers] + netbios_name_servers = [var.netbios_name_servers] + netbios_node_type = var.netbios_node_type + ntp_servers = [var.ntp_servers] + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label + vpc_id = module.vpc_base.vpc_id } ## Configures ACLs resource "aws_network_acl" "acl" { - vpc_id = "${module.vpc_base.vpc_id}" - subnet_ids = ["${concat(module.vpc_az.lan_ids,module.vpc_az.dmz_ids)}"] - - tags { - application = "${var.stack_item_fullname}" + vpc_id = module.vpc_base.vpc_id + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + subnet_ids = [concat(module.vpc_az.lan_ids, module.vpc_az.dmz_ids)] + + tags = { + application = var.stack_item_fullname managed_by = "terraform" Name = "${var.stack_item_label}-acl" } @@ -54,9 +62,9 @@ module "vpc_vpg" { source = "../../vpg" vpc_attach = "true" - vpc_id = "${module.vpc_base.vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + vpc_id = module.vpc_base.vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } module "vpc_az" { @@ -64,59 +72,70 @@ module "vpc_az" { #source = "github.com/unifio/terraform-aws-vpc?ref=master//az" source = "../../az" - azs_provisioned_override = "${var.azs_provisioned_override}" + azs_provisioned_override = var.azs_provisioned_override - dmz_cidrs_override = ["${cidrsubnet(var.vpc_cidr,3,0)}", - "${cidrsubnet(var.vpc_cidr,3,1)}", - "${cidrsubnet(var.vpc_cidr,3,2)}", - "${cidrsubnet(var.vpc_cidr,3,3)}", + dmz_cidrs_override = [ + cidrsubnet(var.vpc_cidr, 3, 0), + cidrsubnet(var.vpc_cidr, 3, 1), + cidrsubnet(var.vpc_cidr, 3, 2), + cidrsubnet(var.vpc_cidr, 3, 3), ] - lan_cidrs_override = ["${cidrsubnet(var.vpc_cidr,4,8)}", - "${cidrsubnet(var.vpc_cidr,4,9)}", - "${cidrsubnet(var.vpc_cidr,4,10)}", - "${cidrsubnet(var.vpc_cidr,4,11)}", - "${cidrsubnet(var.vpc_cidr,4,12)}", - "${cidrsubnet(var.vpc_cidr,4,13)}", - "${cidrsubnet(var.vpc_cidr,4,14)}", - "${cidrsubnet(var.vpc_cidr,4,15)}", + lan_cidrs_override = [ + cidrsubnet(var.vpc_cidr, 4, 8), + cidrsubnet(var.vpc_cidr, 4, 9), + cidrsubnet(var.vpc_cidr, 4, 10), + cidrsubnet(var.vpc_cidr, 4, 11), + cidrsubnet(var.vpc_cidr, 4, 12), + cidrsubnet(var.vpc_cidr, 4, 13), + cidrsubnet(var.vpc_cidr, 4, 14), + cidrsubnet(var.vpc_cidr, 4, 15), ] - lans_per_az = "${var.lans_per_az}" + lans_per_az = var.lans_per_az nat_eips_enabled = "false" - nat_gateways_enabled = "${var.nat_gateways_enabled}" - rt_dmz_id = "${module.vpc_base.rt_dmz_id}" - stack_item_label = "${var.stack_item_label}" - stack_item_fullname = "${var.stack_item_fullname}" - vgw_ids = ["${module.vpc_vpg.vpg_id}"] - vpc_id = "${module.vpc_base.vpc_id}" + nat_gateways_enabled = var.nat_gateways_enabled + rt_dmz_id = module.vpc_base.rt_dmz_id + stack_item_label = var.stack_item_label + stack_item_fullname = var.stack_item_fullname + vgw_ids = [module.vpc_vpg.vpg_id] + vpc_id = module.vpc_base.vpc_id } ## Configures routing resource "aws_route" "dmz-to-igw" { destination_cidr_block = "0.0.0.0/0" - gateway_id = "${module.vpc_base.igw_id}" - route_table_id = "${module.vpc_base.rt_dmz_id}" + gateway_id = module.vpc_base.igw_id + route_table_id = module.vpc_base.rt_dmz_id } resource "aws_route" "lan-to-nat-gw" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "1" : "0")}" + count = length(var.azs_provisioned_override) * length(var.lans_per_az) > 0 ? var.lans_per_az : "1" * signum(var.nat_gateways_enabled == "true" ? "1" : "0") destination_cidr_block = "0.0.0.0/0" - nat_gateway_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + nat_gateway_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } resource "aws_route" "lan-to-nat" { - count = "${length(var.azs_provisioned_override) * (length(var.lans_per_az) > 0 ? var.lans_per_az : "1") * signum(var.nat_gateways_enabled == "true" ? "0" : "1")}" + count = length(var.azs_provisioned_override) * length(var.lans_per_az) > 0 ? var.lans_per_az : "1" * signum(var.nat_gateways_enabled == "true" ? "0" : "1") destination_cidr_block = "0.0.0.0/0" - instance_id = "${element(module.vpc_az.nat_ids,count.index)}" - route_table_id = "${element(module.vpc_az.rt_lan_ids,count.index)}" + instance_id = element(module.vpc_az.nat_ids, count.index) + route_table_id = element(module.vpc_az.rt_lan_ids, count.index) } resource "aws_vpc_endpoint" "s3-ep" { - route_table_ids = ["${module.vpc_az.rt_lan_ids}"] + # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to + # force an interpolation expression to be interpreted as a list by wrapping it + # in an extra set of list brackets. That form was supported for compatibility in + # v0.11, but is no longer supported in Terraform v0.12. + # + # If the expression in the following list itself returns a list, remove the + # brackets to avoid interpretation as a list of lists. If the expression + # returns a single list item then leave it as-is and remove this TODO comment. + route_table_ids = [module.vpc_az.rt_lan_ids] service_name = "com.amazonaws.${var.region}.s3" - vpc_id = "${module.vpc_base.vpc_id}" + vpc_id = module.vpc_base.vpc_id } + diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 802e775..8ccda69 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -1,17 +1,18 @@ # Output variables output "dmz_subnet_ids" { - value = "${module.vpc_az.dmz_ids}" + value = module.vpc_az.dmz_ids } output "lan_rt_ids" { - value = "${module.vpc_az.rt_lan_ids}" + value = module.vpc_az.rt_lan_ids } output "lan_subnet_ids" { - value = "${module.vpc_az.lan_ids}" + value = module.vpc_az.lan_ids } output "vpc_id" { - value = "${module.vpc_base.vpc_id}" + value = module.vpc_base.vpc_id } + diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index ce245c6..f7b84c7 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -2,74 +2,75 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string } variable "stack_item_label" { - type = "string" + type = string } ## VPC Parameters variable "azs_provisioned_override" { - type = "list" + type = list(string) default = ["a", "c", "d", "e"] } variable "enable_classiclink" { - type = "string" + type = string default = "" } variable "enable_hostnames" { - type = "string" + type = string default = "" } variable "instance_tenancy" { - type = "string" + type = string default = "" } variable "lans_per_az" { - type = "string" + type = string default = "" } variable "nat_gateways_enabled" { - type = "string" + type = string default = "" } variable "region" { - type = "string" + type = string } variable "vpc_cidr" { - type = "string" + type = string } ## DHCP variable "domain_name" { - type = "string" + type = string default = "" } variable "name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_name_servers" { - type = "list" + type = list(string) default = [] } variable "netbios_node_type" { - type = "string" + type = string default = "" } variable "ntp_servers" { - type = "list" + type = list(string) default = [] } + diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/complete/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/peering/main.tf b/examples/peering/main.tf index 33feeb1..69f41e7 100644 --- a/examples/peering/main.tf +++ b/examples/peering/main.tf @@ -2,7 +2,7 @@ ## Configures AWS provider provider "aws" { - region = "${var.region}" + region = var.region } ## Configures VPC peering connection @@ -14,27 +14,28 @@ module "vpc_peer" { accepter_allow_classic_link_to_remote = "false" accepter_allow_remote_dns = "true" accepter_allow_to_remote_classic_link = "true" - accepter_vpc_id = "${var.accepter_vpc_id}" + accepter_vpc_id = var.accepter_vpc_id requester_allow_classic_link_to_remote = "true" requester_allow_remote_dns = "false" requester_allow_to_remote_classic_link = "false" - requester_vpc_id = "${var.requester_vpc_id}" - stack_item_fullname = "${var.stack_item_fullname}" - stack_item_label = "${var.stack_item_label}" + requester_vpc_id = var.requester_vpc_id + stack_item_fullname = var.stack_item_fullname + stack_item_label = var.stack_item_label } resource "aws_route" "requester-to-accepter" { - count = "${length(var.requester_rt_lan_ids)}" + count = length(var.requester_rt_lan_ids) - destination_cidr_block = "${var.accepter_vpc_cidr}" - route_table_id = "${element(var.requester_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.accepter_vpc_cidr + route_table_id = element(var.requester_rt_lan_ids, count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } resource "aws_route" "accepter-to-requester" { - count = "${length(var.accepter_rt_lan_ids)}" + count = length(var.accepter_rt_lan_ids) - destination_cidr_block = "${var.requester_vpc_cidr}" - route_table_id = "${element(var.accepter_rt_lan_ids,count.index)}" - vpc_peering_connection_id = "${module.vpc_peer.peer_connection_id}" + destination_cidr_block = var.requester_vpc_cidr + route_table_id = element(var.accepter_rt_lan_ids, count.index) + vpc_peering_connection_id = module.vpc_peer.peer_connection_id } + diff --git a/examples/peering/variables.tf b/examples/peering/variables.tf index 226ae86..a10e449 100644 --- a/examples/peering/variables.tf +++ b/examples/peering/variables.tf @@ -2,46 +2,47 @@ ## Resource Tags variable "stack_item_fullname" { - type = "string" + type = string description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item." } variable "stack_item_label" { - type = "string" + type = string description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use." } ## Peering Parameters variable "accepter_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the peer VPC routing tables." } variable "accepter_vpc_cidr" { - type = "string" + type = string description = "The ID of the peer VPC." } variable "accepter_vpc_id" { - type = "string" + type = string description = "The ID of the VPC with which you are creating the VPC Peering Connection." } variable "region" { - type = "string" + type = string } variable "requester_rt_lan_ids" { - type = "list" + type = list(string) description = "The IDs of the requesting VPC routing tables." } variable "requester_vpc_cidr" { - type = "string" + type = string description = "The ID of the requester VPC." } variable "requester_vpc_id" { - type = "string" + type = string description = "The ID of the requester VPC." } + diff --git a/examples/peering/versions.tf b/examples/peering/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/examples/peering/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From 44c9426035945232709cf39013a7a914e806c3d8 Mon Sep 17 00:00:00 2001 From: Cristobal Villarroel Date: Tue, 19 Mar 2024 13:53:33 -0700 Subject: [PATCH 10/10] Remove name filter from AMI data resource --- az/main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/az/main.tf b/az/main.tf index cec2539..54d34f2 100644 --- a/az/main.tf +++ b/az/main.tf @@ -102,11 +102,6 @@ data "aws_ami" "nat_ami" { values = ["x86_64"] } - filter { - name = "name" - values = ["amzn-ami-vpc-nat*"] - } - filter { name = "root-device-type" values = ["ebs"]