From acd87a96b0b68cf77ff78bd4605cacc8b5d01a33 Mon Sep 17 00:00:00 2001 From: Alex Bryant Date: Wed, 9 Dec 2020 15:14:51 -0700 Subject: [PATCH 1/6] added outpost subnet support and example --- examples/outpost-subnets/main.tf | 36 ++++++++++++++++++++++++++++++++ main.tf | 35 +++++++++++++++++++++++++++++++ variables.tf | 36 ++++++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+) create mode 100644 examples/outpost-subnets/main.tf diff --git a/examples/outpost-subnets/main.tf b/examples/outpost-subnets/main.tf new file mode 100644 index 000000000..cf13fdf4e --- /dev/null +++ b/examples/outpost-subnets/main.tf @@ -0,0 +1,36 @@ +provider "aws" { + region = "us-west-2" +} + +module "vpc" { + source = "../terraform-aws-vpc" + + name = "outpost-example" + + cidr = "10.0.0.0/16" + + azs = ["us-west-2a", "us-west-2b", "us-west-2c"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + outpost_subnets = ["10.0.50.0/24"] + create_outpost_subnet = true + outpost_arn = "arn:aws:outposts:us-west-2:116668991109:outpost/op-0a8c1ab53b023a5a4" + + enable_ipv6 = true + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + Name = "overridden-name-public" + } + + tags = { + Owner = "user" + Environment = "dev" + } + + vpc_tags = { + Name = "vpc-name" + } +} diff --git a/main.tf b/main.tf index cf33ab61f..252f97832 100644 --- a/main.tf +++ b/main.tf @@ -419,6 +419,30 @@ resource "aws_subnet" "private" { ) } +################# +# Outpost subnet +################# +resource "aws_subnet" "outpost" { + count = var.create_vpc && var.create_outpost_subnet == true ? length(var.outpost_subnets) : 0 + + vpc_id = local.vpc_id + cidr_block = var.outpost_subnets[count.index] + availability_zone = var.outpost_az + outpost_arn = var.outpost_arn + + tags = merge( + { + "Name" = format( + "%s-${var.outpost_subnet_suffix}-%s", + var.name, + element(var.azs, count.index), + ) + }, + var.tags, + var.outpost_subnet_tags, + ) +} + ################## # Database subnet ################## @@ -1042,6 +1066,16 @@ resource "aws_route_table_association" "private" { ) } +resource "aws_route_table_association" "outpost" { + count = var.create_vpc && var.create_outpost_subnet == true ? length(var.outpost_subnets) : 0 + + subnet_id = element(aws_subnet.outpost.*.id, count.index) + route_table_id = element( + aws_route_table.private.*.id, + var.single_nat_gateway ? 0 : count.index, + ) +} + resource "aws_route_table_association" "database" { count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0 @@ -1201,3 +1235,4 @@ resource "aws_default_vpc" "this" { var.default_vpc_tags, ) } + diff --git a/variables.tf b/variables.tf index e75560c40..71ff0d1e3 100644 --- a/variables.tf +++ b/variables.tf @@ -124,6 +124,12 @@ variable "private_subnet_suffix" { default = "private" } +variable "outpost_subnet_suffix" { + description = "Suffix to append to outpost subnets name" + type = string + default = "outpost" +} + variable "intra_subnet_suffix" { description = "Suffix to append to intra subnets name" type = string @@ -160,6 +166,12 @@ variable "private_subnets" { default = [] } +variable "outpost_subnets" { + description = "A list of outpost subnets inside the VPC" + type = list(string) + default = [] +} + variable "database_subnets" { description = "A list of database subnets" type = list(string) @@ -2267,6 +2279,12 @@ variable "private_subnet_tags" { default = {} } +variable "outpost_subnet_tags" { + description = "Additional tags for the outpost subnets" + type = map(string) + default = {} +} + variable "public_route_table_tags" { description = "Additional tags for the public route tables" type = map(string) @@ -2902,3 +2920,21 @@ variable "create_egress_only_igw" { type = bool default = true } + +variable "create_outpost_subnet" { + description = "Controls if an outpost subnet is deployed" + type = bool + default = false +} + +variable "outpost_arn" { + description = "ARN of outpost you want to create a subnet in" + type = string + default = "" +} + +variable "outpost_az" { + description = "AZ where outpost is anchored" + type = string + default = "" +} From 0dd4a4dbe7b0c42d176eda13be02679c9f5d57d1 Mon Sep 17 00:00:00 2001 From: Alex Bryant Date: Wed, 9 Dec 2020 16:06:51 -0700 Subject: [PATCH 2/6] addded outputs and updated readme --- examples/outpost-subnets/README.md | 54 +++++++++++++++++++++++++++ examples/outpost-subnets/main.tf | 5 ++- examples/outpost-subnets/outputs.tf | 38 +++++++++++++++++++ examples/outpost-subnets/variables.tf | 0 examples/outpost-subnets/versions.tf | 7 ++++ outputs.tf | 5 +++ 6 files changed, 107 insertions(+), 2 deletions(-) create mode 100644 examples/outpost-subnets/README.md create mode 100644 examples/outpost-subnets/outputs.tf create mode 100644 examples/outpost-subnets/variables.tf create mode 100644 examples/outpost-subnets/versions.tf diff --git a/examples/outpost-subnets/README.md b/examples/outpost-subnets/README.md new file mode 100644 index 000000000..f7920e948 --- /dev/null +++ b/examples/outpost-subnets/README.md @@ -0,0 +1,54 @@ +# VPC with Outpost Subnet + +Configuration in this directory creates a vpc with public / private / and a private outpost subnet. + +This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs. + +[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.13.0 | +| aws | >= 3.0 | + +## Providers + +No provider. + +## Inputs + +| Name | Description | +|------|-------------| +| outpost_arn | The ARN of the outpost where you would like subnet deployed | +| outpost_az | AZ where outpost is anchored| + +Note - without these input variables the subnet(s) will still create however they will be homed to the region not the outpost. + +## Outputs + +| Name | Description | +|------|-------------| +| azs | A list of availability zones spefified as argument to this module | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| outpost\_subnets | List of IDs of the outpost subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | + + diff --git a/examples/outpost-subnets/main.tf b/examples/outpost-subnets/main.tf index cf13fdf4e..49301d272 100644 --- a/examples/outpost-subnets/main.tf +++ b/examples/outpost-subnets/main.tf @@ -3,7 +3,7 @@ provider "aws" { } module "vpc" { - source = "../terraform-aws-vpc" + source = "../../../terraform-aws-vpc" name = "outpost-example" @@ -12,9 +12,10 @@ module "vpc" { azs = ["us-west-2a", "us-west-2b", "us-west-2c"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] - outpost_subnets = ["10.0.50.0/24"] + outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"] create_outpost_subnet = true outpost_arn = "arn:aws:outposts:us-west-2:116668991109:outpost/op-0a8c1ab53b023a5a4" + outpost_az = "us-west-2a" enable_ipv6 = true diff --git a/examples/outpost-subnets/outputs.tf b/examples/outpost-subnets/outputs.tf new file mode 100644 index 000000000..79ea42744 --- /dev/null +++ b/examples/outpost-subnets/outputs.tf @@ -0,0 +1,38 @@ +# VPC +output "vpc_id" { + description = "The ID of the VPC" + value = module.vpc.vpc_id +} + +# CIDR blocks +output "vpc_cidr_block" { + description = "The CIDR block of the VPC" + value = module.vpc.vpc_cidr_block +} + +# Subnets +output "private_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.private_subnets +} + +output "public_subnets" { + description = "List of IDs of public subnets" + value = module.vpc.public_subnets +} +# NAT gateways +output "nat_public_ips" { + description = "List of public Elastic IPs created for AWS NAT Gateway" + value = module.vpc.nat_public_ips +} + +# AZs +output "azs" { + description = "A list of availability zones spefified as argument to this module" + value = module.vpc.azs +} + +output "outpost_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.outpost_subnets +} diff --git a/examples/outpost-subnets/variables.tf b/examples/outpost-subnets/variables.tf new file mode 100644 index 000000000..e69de29bb diff --git a/examples/outpost-subnets/versions.tf b/examples/outpost-subnets/versions.tf new file mode 100644 index 000000000..c82e21055 --- /dev/null +++ b/examples/outpost-subnets/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_version = ">= 0.12.21" + + required_providers { + aws = ">= 3.0" + } +} diff --git a/outputs.tf b/outputs.tf index 16a9a6cad..687b10ea0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -93,6 +93,11 @@ output "public_subnets" { value = aws_subnet.public.*.id } +output "outpost_subnets" { + description = "List of IDs of outpost subnets" + value = aws_subnet.outpost.*.id +} + output "public_subnet_arns" { description = "List of ARNs of public subnets" value = aws_subnet.public.*.arn From 1c73bbda32e1988b176e380854a2c549ba1a4d08 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 6 Apr 2021 20:56:14 +0200 Subject: [PATCH 3/6] feat: Added remaining bits for Outpost support (NACL, ipv6, examples) --- .github/workflows/pre-commit.yml | 38 ++++---- README.md | 18 ++++ examples/outpost-subnets/README.md | 47 +++++---- examples/outpost-subnets/main.tf | 141 ++++++++++++++++++++++++--- examples/outpost-subnets/outputs.tf | 2 +- examples/outpost-subnets/versions.tf | 2 +- main.tf | 74 ++++++++++++-- outputs.tf | 2 +- variables.tf | 74 +++++++++++--- 9 files changed, 323 insertions(+), 75 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 7eaa782be..59cd0a896 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,30 +7,30 @@ on: - master jobs: -# Min Terraform version(s) + # Min Terraform version(s) getDirectories: - name: Get root directories - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Install Python - uses: actions/setup-python@v2 - - name: Build matrix - id: matrix - run: | - DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") - echo "::set-output name=directories::$DIRS" - outputs: - directories: ${{ steps.matrix.outputs.directories }} + name: Get root directories + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Python + uses: actions/setup-python@v2 + - name: Build matrix + id: matrix + run: | + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + echo "::set-output name=directories::$DIRS" + outputs: + directories: ${{ steps.matrix.outputs.directories }} preCommitMinVersions: name: Min TF validate needs: getDirectories runs-on: ubuntu-latest strategy: - matrix: - directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} + matrix: + directory: ${{ fromJson(needs.getDirectories.outputs.directories) }} steps: - name: Checkout uses: actions/checkout@v2 @@ -59,7 +59,7 @@ jobs: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf) -# Max Terraform version + # Max Terraform version getBaseVersion: name: Module max TF version runs-on: ubuntu-latest @@ -94,7 +94,7 @@ jobs: - name: Install pre-commit dependencies run: | pip install pre-commit - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12.0-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ + curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v0.12\..+?-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit # Run all pre-commit checks on max version supported diff --git a/README.md b/README.md index 14824c31f..d1c4eae9a 100644 --- a/README.md +++ b/README.md @@ -220,6 +220,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway * [VPC with IPv6 enabled](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6) * [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls) * [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs) +* [VPC with Outpost subnets](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost-subnets) * [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc) * Few tests and edge cases examples: [#46](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-46-no-private-subnets), [#44](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-44-asymmetric-private-subnets), [#108](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-108-route-already-exists) @@ -264,6 +265,7 @@ No modules. | [aws_network_acl.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | | [aws_network_acl.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | | [aws_network_acl.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | +| [aws_network_acl.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | | [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | | [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | | [aws_network_acl.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | @@ -273,6 +275,8 @@ No modules. | [aws_network_acl_rule.elasticache_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.intra_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.intra_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | +| [aws_network_acl_rule.outpost_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | +| [aws_network_acl_rule.outpost_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.private_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.private_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | | [aws_network_acl_rule.public_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource | @@ -296,6 +300,7 @@ No modules. | [aws_route_table_association.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | | [aws_route_table_association.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | | [aws_route_table_association.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_route_table_association.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | | [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | | [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | | [aws_route_table_association.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | @@ -303,6 +308,7 @@ No modules. | [aws_subnet.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_subnet.outpost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | @@ -799,6 +805,17 @@ No modules. | [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no | | [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no | | [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no | +| [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no | +| [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in. | `string` | `null` | no | +| [outpost\_az](#input\_outpost\_az) | AZ where Outpost is anchored. | `string` | `null` | no | +| [outpost\_dedicated\_network\_acl](#input\_outpost\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for outpost subnets | `bool` | `false` | no | +| [outpost\_inbound\_acl\_rules](#input\_outpost\_inbound\_acl\_rules) | Outpost subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| [outpost\_outbound\_acl\_rules](#input\_outpost\_outbound\_acl\_rules) | Outpost subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| [outpost\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_outpost\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no | +| [outpost\_subnet\_ipv6\_prefixes](#input\_outpost\_subnet\_ipv6\_prefixes) | Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no | +| [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no | +| [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no | +| [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no | | [private\_acl\_tags](#input\_private\_acl\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no | | [private\_dedicated\_network\_acl](#input\_private\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no | | [private\_inbound\_acl\_rules](#input\_private\_inbound\_acl\_rules) | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | @@ -982,6 +999,7 @@ No modules. | [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | | [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | | [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | +| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | | [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route. | | [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route. | | [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | diff --git a/examples/outpost-subnets/README.md b/examples/outpost-subnets/README.md index f7920e948..f2227e0dd 100644 --- a/examples/outpost-subnets/README.md +++ b/examples/outpost-subnets/README.md @@ -1,8 +1,8 @@ # VPC with Outpost Subnet -Configuration in this directory creates a vpc with public / private / and a private outpost subnet. +Configuration in this directory creates a VPC with public, private, and private outpost subnets. -This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs. +This configuration uses data-source to find an available Outpost by name. Change it according to your needs in order to run this example, as necessary. [Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). @@ -23,32 +23,41 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 3.0 | +| [terraform](#requirement\_terraform) | >= 0.12.21 | +| [aws](#requirement\_aws) | >= 3.5.0 | ## Providers -No provider. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.5.0 | -## Inputs +## Modules -| Name | Description | -|------|-------------| -| outpost_arn | The ARN of the outpost where you would like subnet deployed | -| outpost_az | AZ where outpost is anchored| +| Name | Source | Version | +|------|--------|---------| +| [vpc](#module\_vpc) | ../../ | | -Note - without these input variables the subnet(s) will still create however they will be homed to the region not the outpost. +## Resources + +| Name | Type | +|------|------| +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_outposts_outpost.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/outposts_outpost) | data source | + +## Inputs + +No inputs. ## Outputs | Name | Description | |------|-------------| -| azs | A list of availability zones spefified as argument to this module | -| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | -| private\_subnets | List of IDs of private subnets | -| public\_subnets | List of IDs of public subnets | -| outpost\_subnets | List of IDs of the outpost subnets | -| vpc\_cidr\_block | The CIDR block of the VPC | -| vpc\_id | The ID of the VPC | - +| [azs](#output\_azs) | A list of availability zones specified as argument to this module | +| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | +| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of private subnets | +| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | +| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | +| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC | +| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | diff --git a/examples/outpost-subnets/main.tf b/examples/outpost-subnets/main.tf index 49301d272..49bb96735 100644 --- a/examples/outpost-subnets/main.tf +++ b/examples/outpost-subnets/main.tf @@ -1,37 +1,150 @@ provider "aws" { region = "us-west-2" + + assume_role { + role_arn = "arn:aws:iam::562806027032:role/outpost-shared-anton" + } +} + +data "aws_outposts_outpost" "shared" { + name = "SEA19.07" } +data "aws_availability_zones" "available" {} + module "vpc" { - source = "../../../terraform-aws-vpc" + source = "../../" name = "outpost-example" cidr = "10.0.0.0/16" - azs = ["us-west-2a", "us-west-2b", "us-west-2c"] - private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] - public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] - outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"] - create_outpost_subnet = true - outpost_arn = "arn:aws:outposts:us-west-2:116668991109:outpost/op-0a8c1ab53b023a5a4" - outpost_az = "us-west-2a" + azs = [ + data.aws_availability_zones.available.names[0], + data.aws_availability_zones.available.names[1], + data.aws_availability_zones.available.names[2], + ] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + # Outpost is using single AZ specified in `outpost_az` + outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"] + outpost_arn = data.aws_outposts_outpost.shared.arn + outpost_az = data.aws_outposts_outpost.shared.availability_zone - enable_ipv6 = true + # IPv6 + enable_ipv6 = true + outpost_subnet_assign_ipv6_address_on_creation = true + outpost_subnet_ipv6_prefixes = [2, 3, 4] + # NAT Gateway enable_nat_gateway = true single_nat_gateway = true - public_subnet_tags = { - Name = "overridden-name-public" - } + # Network ACLs + outpost_dedicated_network_acl = true + outpost_inbound_acl_rules = local.network_acls["outpost_inbound"] + outpost_outbound_acl_rules = local.network_acls["outpost_outbound"] tags = { Owner = "user" Environment = "dev" } +} - vpc_tags = { - Name = "vpc-name" +locals { + network_acls = { + outpost_inbound = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 110 + rule_action = "allow" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 120 + rule_action = "allow" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 130 + rule_action = "allow" + from_port = 3389 + to_port = 3389 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 140 + rule_action = "allow" + from_port = 80 + to_port = 80 + protocol = "tcp" + ipv6_cidr_block = "::/0" + }, + ] + outpost_outbound = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 110 + rule_action = "allow" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_block = "0.0.0.0/0" + }, + { + rule_number = 120 + rule_action = "allow" + from_port = 1433 + to_port = 1433 + protocol = "tcp" + cidr_block = "10.0.100.0/22" + }, + { + rule_number = 130 + rule_action = "allow" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_block = "10.0.100.0/22" + }, + { + rule_number = 140 + rule_action = "allow" + icmp_code = -1 + icmp_type = 8 + protocol = "icmp" + cidr_block = "10.0.0.0/22" + }, + { + rule_number = 150 + rule_action = "allow" + from_port = 90 + to_port = 90 + protocol = "tcp" + ipv6_cidr_block = "::/0" + }, + ] } } diff --git a/examples/outpost-subnets/outputs.tf b/examples/outpost-subnets/outputs.tf index 79ea42744..a83eb009d 100644 --- a/examples/outpost-subnets/outputs.tf +++ b/examples/outpost-subnets/outputs.tf @@ -28,7 +28,7 @@ output "nat_public_ips" { # AZs output "azs" { - description = "A list of availability zones spefified as argument to this module" + description = "A list of availability zones specified as argument to this module" value = module.vpc.azs } diff --git a/examples/outpost-subnets/versions.tf b/examples/outpost-subnets/versions.tf index c82e21055..cf5a417d4 100644 --- a/examples/outpost-subnets/versions.tf +++ b/examples/outpost-subnets/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.21" required_providers { - aws = ">= 3.0" + aws = ">= 3.5.0" } } diff --git a/main.tf b/main.tf index 252f97832..6388d4c14 100644 --- a/main.tf +++ b/main.tf @@ -423,11 +423,15 @@ resource "aws_subnet" "private" { # Outpost subnet ################# resource "aws_subnet" "outpost" { - count = var.create_vpc && var.create_outpost_subnet == true ? length(var.outpost_subnets) : 0 + count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 + + vpc_id = local.vpc_id + cidr_block = var.outpost_subnets[count.index] + availability_zone = var.outpost_az + assign_ipv6_address_on_creation = var.outpost_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.outpost_subnet_assign_ipv6_address_on_creation + + ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null - vpc_id = local.vpc_id - cidr_block = var.outpost_subnets[count.index] - availability_zone = var.outpost_az outpost_arn = var.outpost_arn tags = merge( @@ -435,7 +439,7 @@ resource "aws_subnet" "outpost" { "Name" = format( "%s-${var.outpost_subnet_suffix}-%s", var.name, - element(var.azs, count.index), + var.outpost_az, ) }, var.tags, @@ -609,6 +613,7 @@ resource "aws_default_network_acl" "this" { aws_subnet.database.*.id, aws_subnet.redshift.*.id, aws_subnet.elasticache.*.id, + aws_subnet.outpost.*.id, ])), compact(flatten([ aws_network_acl.public.*.subnet_ids, @@ -617,6 +622,7 @@ resource "aws_default_network_acl" "this" { aws_network_acl.database.*.subnet_ids, aws_network_acl.redshift.*.subnet_ids, aws_network_acl.elasticache.*.subnet_ids, + aws_network_acl.outpost.*.subnet_ids, ])) ) @@ -762,6 +768,58 @@ resource "aws_network_acl_rule" "private_outbound" { ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null) } +####################### +# Outpost Network ACLs +####################### +resource "aws_network_acl" "outpost" { + count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0 + + vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0) + subnet_ids = aws_subnet.outpost.*.id + + tags = merge( + { + "Name" = format("%s-${var.outpost_subnet_suffix}", var.name) + }, + var.tags, + var.outpost_acl_tags, + ) +} + +resource "aws_network_acl_rule" "outpost_inbound" { + count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_inbound_acl_rules) : 0 + + network_acl_id = aws_network_acl.outpost[0].id + + egress = false + rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"] + rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"] + from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null) + to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null) + icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null) + icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null) + protocol = var.outpost_inbound_acl_rules[count.index]["protocol"] + cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null) + ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null) +} + +resource "aws_network_acl_rule" "outpost_outbound" { + count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_outbound_acl_rules) : 0 + + network_acl_id = aws_network_acl.outpost[0].id + + egress = true + rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"] + rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"] + from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null) + to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null) + icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null) + icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null) + protocol = var.outpost_outbound_acl_rules[count.index]["protocol"] + cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null) + ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null) +} + ######################## # Intra Network ACLs ######################## @@ -1067,12 +1125,12 @@ resource "aws_route_table_association" "private" { } resource "aws_route_table_association" "outpost" { - count = var.create_vpc && var.create_outpost_subnet == true ? length(var.outpost_subnets) : 0 + count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0 subnet_id = element(aws_subnet.outpost.*.id, count.index) route_table_id = element( - aws_route_table.private.*.id, - var.single_nat_gateway ? 0 : count.index, + aws_route_table.private.*.id, + var.single_nat_gateway ? 0 : count.index, ) } diff --git a/outputs.tf b/outputs.tf index 687b10ea0..a27cff2f9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -95,7 +95,7 @@ output "public_subnets" { output "outpost_subnets" { description = "List of IDs of outpost subnets" - value = aws_subnet.outpost.*.id + value = aws_subnet.outpost.*.id } output "public_subnet_arns" { diff --git a/variables.tf b/variables.tf index 71ff0d1e3..f23e60790 100644 --- a/variables.tf +++ b/variables.tf @@ -34,6 +34,12 @@ variable "public_subnet_ipv6_prefixes" { default = [] } +variable "outpost_subnet_ipv6_prefixes" { + description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" + type = list(string) + default = [] +} + variable "database_subnet_ipv6_prefixes" { description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" type = list(string) @@ -76,6 +82,12 @@ variable "public_subnet_assign_ipv6_address_on_creation" { default = null } +variable "outpost_subnet_assign_ipv6_address_on_creation" { + description = "Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" + type = bool + default = null +} + variable "database_subnet_assign_ipv6_address_on_creation" { description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch" type = bool @@ -2369,6 +2381,12 @@ variable "private_acl_tags" { default = {} } +variable "outpost_acl_tags" { + description = "Additional tags for the outpost subnets network ACL" + type = map(string) + default = {} +} + variable "intra_acl_tags" { description = "Additional tags for the intra subnets network ACL" type = map(string) @@ -2543,6 +2561,12 @@ variable "private_dedicated_network_acl" { default = false } +variable "outpost_dedicated_network_acl" { + description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets" + type = bool + default = false +} + variable "intra_dedicated_network_acl" { description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets" type = bool @@ -2679,6 +2703,38 @@ variable "private_outbound_acl_rules" { ] } +variable "outpost_inbound_acl_rules" { + description = "Outpost subnets inbound network ACLs" + type = list(map(string)) + + default = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] +} + +variable "outpost_outbound_acl_rules" { + description = "Outpost subnets outbound network ACLs" + type = list(map(string)) + + default = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] +} + variable "intra_inbound_acl_rules" { description = "Intra subnets inbound network ACLs" type = list(map(string)) @@ -2921,20 +2977,14 @@ variable "create_egress_only_igw" { default = true } -variable "create_outpost_subnet" { - description = "Controls if an outpost subnet is deployed" - type = bool - default = false -} - variable "outpost_arn" { - description = "ARN of outpost you want to create a subnet in" - type = string - default = "" + description = "ARN of Outpost you want to create a subnet in." + type = string + default = null } variable "outpost_az" { - description = "AZ where outpost is anchored" - type = string - default = "" + description = "AZ where Outpost is anchored." + type = string + default = null } From 65f6c2ee5a3dc7f5de01bcb24ca1f8ce7cfa5ab4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 6 Apr 2021 21:04:33 +0200 Subject: [PATCH 4/6] feat: Added more outputs --- README.md | 5 +++++ outputs.tf | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d1c4eae9a..055c180ae 100644 --- a/README.md +++ b/README.md @@ -999,7 +999,12 @@ No modules. | [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | | [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | | [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | +| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | +| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | +| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | | [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets | +| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets | +| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC | | [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route. | | [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route. | | [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL | diff --git a/outputs.tf b/outputs.tf index a27cff2f9..a6e3a68dc 100644 --- a/outputs.tf +++ b/outputs.tf @@ -93,11 +93,6 @@ output "public_subnets" { value = aws_subnet.public.*.id } -output "outpost_subnets" { - description = "List of IDs of outpost subnets" - value = aws_subnet.outpost.*.id -} - output "public_subnet_arns" { description = "List of ARNs of public subnets" value = aws_subnet.public.*.arn @@ -113,6 +108,26 @@ output "public_subnets_ipv6_cidr_blocks" { value = aws_subnet.public.*.ipv6_cidr_block } +output "outpost_subnets" { + description = "List of IDs of outpost subnets" + value = aws_subnet.outpost.*.id +} + +output "outpost_subnet_arns" { + description = "List of ARNs of outpost subnets" + value = aws_subnet.outpost.*.arn +} + +output "outpost_subnets_cidr_blocks" { + description = "List of cidr_blocks of outpost subnets" + value = aws_subnet.outpost.*.cidr_block +} + +output "outpost_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC" + value = aws_subnet.outpost.*.ipv6_cidr_block +} + output "database_subnets" { description = "List of IDs of database subnets" value = aws_subnet.database.*.id @@ -447,6 +462,16 @@ output "private_network_acl_arn" { value = concat(aws_network_acl.private.*.arn, [""])[0] } +output "outpost_network_acl_id" { + description = "ID of the outpost network ACL" + value = concat(aws_network_acl.outpost.*.id, [""])[0] +} + +output "outpost_network_acl_arn" { + description = "ARN of the outpost network ACL" + value = concat(aws_network_acl.outpost.*.arn, [""])[0] +} + output "intra_network_acl_id" { description = "ID of the intra network ACL" value = concat(aws_network_acl.intra.*.id, [""])[0] From 0362a0b829270ccb8f52e7bbb4b3e0831f6b8140 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 6 Apr 2021 21:21:16 +0200 Subject: [PATCH 5/6] feat: outputs --- examples/outpost-subnets/outputs.tf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/examples/outpost-subnets/outputs.tf b/examples/outpost-subnets/outputs.tf index a83eb009d..ff40ad182 100644 --- a/examples/outpost-subnets/outputs.tf +++ b/examples/outpost-subnets/outputs.tf @@ -20,6 +20,12 @@ output "public_subnets" { description = "List of IDs of public subnets" value = module.vpc.public_subnets } + +output "outpost_subnets" { + description = "List of IDs of private subnets" + value = module.vpc.outpost_subnets +} + # NAT gateways output "nat_public_ips" { description = "List of public Elastic IPs created for AWS NAT Gateway" @@ -31,8 +37,3 @@ output "azs" { description = "A list of availability zones specified as argument to this module" value = module.vpc.azs } - -output "outpost_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.outpost_subnets -} From d0fba14eb477a159689170ca47e17881cec332b5 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 6 Apr 2021 22:05:48 +0200 Subject: [PATCH 6/6] Renamed example --- README.md | 2 +- examples/{outpost-subnets => outpost}/README.md | 2 +- examples/{outpost-subnets => outpost}/main.tf | 0 examples/{outpost-subnets => outpost}/outputs.tf | 0 examples/{outpost-subnets => outpost}/variables.tf | 0 examples/{outpost-subnets => outpost}/versions.tf | 0 6 files changed, 2 insertions(+), 2 deletions(-) rename examples/{outpost-subnets => outpost}/README.md (99%) rename examples/{outpost-subnets => outpost}/main.tf (100%) rename examples/{outpost-subnets => outpost}/outputs.tf (100%) rename examples/{outpost-subnets => outpost}/variables.tf (100%) rename examples/{outpost-subnets => outpost}/versions.tf (100%) diff --git a/README.md b/README.md index 055c180ae..2b16892c5 100644 --- a/README.md +++ b/README.md @@ -220,7 +220,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway * [VPC with IPv6 enabled](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6) * [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls) * [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs) -* [VPC with Outpost subnets](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost-subnets) +* [VPC with Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost) * [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc) * Few tests and edge cases examples: [#46](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-46-no-private-subnets), [#44](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-44-asymmetric-private-subnets), [#108](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-108-route-already-exists) diff --git a/examples/outpost-subnets/README.md b/examples/outpost/README.md similarity index 99% rename from examples/outpost-subnets/README.md rename to examples/outpost/README.md index f2227e0dd..2c6200d90 100644 --- a/examples/outpost-subnets/README.md +++ b/examples/outpost/README.md @@ -2,7 +2,7 @@ Configuration in this directory creates a VPC with public, private, and private outpost subnets. -This configuration uses data-source to find an available Outpost by name. Change it according to your needs in order to run this example, as necessary. +This configuration uses data-source to find an available Outpost by name. Change it according to your needs in order to run this example. [Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones). diff --git a/examples/outpost-subnets/main.tf b/examples/outpost/main.tf similarity index 100% rename from examples/outpost-subnets/main.tf rename to examples/outpost/main.tf diff --git a/examples/outpost-subnets/outputs.tf b/examples/outpost/outputs.tf similarity index 100% rename from examples/outpost-subnets/outputs.tf rename to examples/outpost/outputs.tf diff --git a/examples/outpost-subnets/variables.tf b/examples/outpost/variables.tf similarity index 100% rename from examples/outpost-subnets/variables.tf rename to examples/outpost/variables.tf diff --git a/examples/outpost-subnets/versions.tf b/examples/outpost/versions.tf similarity index 100% rename from examples/outpost-subnets/versions.tf rename to examples/outpost/versions.tf