diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md
deleted file mode 100644
index 687d70232..000000000
--- a/.chglog/CHANGELOG.tpl.md
+++ /dev/null
@@ -1,111 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file.
-
-{{ if .Versions -}}
-
-## [Unreleased]
-{{ if .Unreleased.CommitGroups -}}
-{{ range .Unreleased.CommitGroups -}}
-### {{ .Title }}
-{{ range .Commits -}}
-{{/* SKIPPING RULES - START */ -}}
-{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
-{{- if not (contains .Subject "[ci skip]") -}}
-{{- if not (contains .Subject "[skip ci]") -}}
-{{- if not (hasPrefix .Subject "Merge pull request ") -}}
-{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
-{{- /* SKIPPING RULES - END */ -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
-{{/* SKIPPING RULES - START */ -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{/* SKIPPING RULES - END */ -}}
-{{ end }}
-{{ end -}}
-{{ else }}
-{{ range .Unreleased.Commits -}}
-{{/* SKIPPING RULES - START */ -}}
-{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
-{{- if not (contains .Subject "[ci skip]") -}}
-{{- if not (contains .Subject "[skip ci]") -}}
-{{- if not (hasPrefix .Subject "Merge pull request ") -}}
-{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
-{{- /* SKIPPING RULES - END */ -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
-{{/* SKIPPING RULES - START */ -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{/* SKIPPING RULES - END */ -}}
-{{ end }}
-{{ end -}}
-{{ end -}}
-
-{{ range .Versions }}
-
-## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
-{{ if .CommitGroups -}}
-{{ range .CommitGroups -}}
-### {{ .Title }}
-{{ range .Commits -}}
-{{/* SKIPPING RULES - START */ -}}
-{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
-{{- if not (contains .Subject "[ci skip]") -}}
-{{- if not (contains .Subject "[skip ci]") -}}
-{{- if not (hasPrefix .Subject "Merge pull request ") -}}
-{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
-{{- /* SKIPPING RULES - END */ -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
-{{/* SKIPPING RULES - START */ -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{/* SKIPPING RULES - END */ -}}
-{{ end }}
-{{ end -}}
-{{ else }}
-{{ range .Commits -}}
-{{/* SKIPPING RULES - START */ -}}
-{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
-{{- if not (contains .Subject "[ci skip]") -}}
-{{- if not (contains .Subject "[skip ci]") -}}
-{{- if not (hasPrefix .Subject "Merge pull request ") -}}
-{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
-{{- /* SKIPPING RULES - END */ -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
-{{/* SKIPPING RULES - START */ -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-{{/* SKIPPING RULES - END */ -}}
-{{ end }}
-{{ end -}}
-
-{{- if .NoteGroups -}}
-{{ range .NoteGroups -}}
-### {{ .Title }}
-{{ range .Notes }}
-{{ .Body }}
-{{ end }}
-{{ end -}}
-{{ end -}}
-{{ end -}}
-
-{{- if .Versions }}
-[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
-{{ range .Versions -}}
-{{ if .Tag.Previous -}}
-[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
-{{ end -}}
-{{ end -}}
-{{ end -}}
diff --git a/.chglog/config.yml b/.chglog/config.yml
deleted file mode 100644
index 5c3fa357c..000000000
--- a/.chglog/config.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-style: github
-template: CHANGELOG.tpl.md
-info:
- title: CHANGELOG
- repository_url: https://github.com/terraform-aws-modules/terraform-aws-vpc
-options:
- header:
- pattern: "^(.*)$"
- pattern_maps:
- - Subject
diff --git a/.github/contributing.md b/.github/contributing.md
new file mode 100644
index 000000000..b7c27a5cc
--- /dev/null
+++ b/.github/contributing.md
@@ -0,0 +1,34 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Update the README.md with details of changes including example hcl blocks and [example files](./examples) if appropriate.
+2. Run pre-commit hooks `pre-commit run -a`.
+3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release. The terraform-aws-vpc maintainers take care of updating the CHANGELOG as they merge.
+
+## Checklists for contributions
+
+- [ ] Add [semantics prefix](#semantic-pull-requests) to your PR or Commits (at least one of your commit groups)
+- [ ] CI tests are passing
+- [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-vpc/#doc-generation
+- [ ] Run pre-commit hooks `pre-commit run -a`
+
+## Semantic Pull Requests
+
+To generate changelog, Pull Requests or Commits must have semantic and must follow conventional specs below:
+
+- `feat:` for new features
+- `fix:` for bug fixes
+- `improvement:` for enhancements
+- `docs:` for documentation and examples
+- `refactor:` for code refactoring
+- `test:` for tests
+- `ci:` for CI purpose
+- `chore:` for chores stuff
+
+The `chore` prefix skipped during changelog generation. It can be used for `chore: update changelog` commit message by example.
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
new file mode 100644
index 000000000..6b6c9cec0
--- /dev/null
+++ b/.github/workflows/lock.yml
@@ -0,0 +1,21 @@
+name: 'Lock Threads'
+
+on:
+ schedule:
+ - cron: '50 1 * * *'
+
+jobs:
+ lock:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: dessant/lock-threads@v4
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ issue-comment: >
+ I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
+ If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
+ issue-inactive-days: '30'
+ pr-comment: >
+ I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
+ If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
+ pr-inactive-days: '30'
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
new file mode 100644
index 000000000..cb32a0f81
--- /dev/null
+++ b/.github/workflows/pr-title.yml
@@ -0,0 +1,52 @@
+name: 'Validate PR title'
+
+on:
+ pull_request_target:
+ types:
+ - opened
+ - edited
+ - synchronize
+
+jobs:
+ main:
+ name: Validate PR title
+ runs-on: ubuntu-latest
+ steps:
+ # Please look up the latest version from
+ # https://github.com/amannn/action-semantic-pull-request/releases
+ - uses: amannn/action-semantic-pull-request@v5.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ # Configure which types are allowed.
+ # Default: https://github.com/commitizen/conventional-commit-types
+ types: |
+ fix
+ feat
+ docs
+ ci
+ chore
+ # Configure that a scope must always be provided.
+ requireScope: false
+ # Configure additional validation for the subject based on a regex.
+ # This example ensures the subject starts with an uppercase character.
+ subjectPattern: ^[A-Z].+$
+ # If `subjectPattern` is configured, you can use this property to override
+ # the default error message that is shown when the pattern doesn't match.
+ # The variables `subject` and `title` can be used within the message.
+ subjectPatternError: |
+ The subject "{subject}" found in the pull request title "{title}"
+ didn't match the configured pattern. Please ensure that the subject
+ starts with an uppercase character.
+ # For work-in-progress PRs you can typically use draft pull requests
+ # from Github. However, private repositories on the free plan don't have
+ # this option and therefore this action allows you to opt-in to using the
+ # special "[WIP]" prefix to indicate this state. This will avoid the
+ # validation of the PR title and the pull request checks remain pending.
+ # Note that a second check will be reported if this is enabled.
+ wip: true
+ # When using "Squash and merge" on a PR with only one commit, GitHub
+ # will suggest using that commit message instead of the PR title for the
+ # merge commit, and it's easy to commit this by mistake. Enable this option
+ # to also validate the commit message for one commit PRs.
+ validateSingleCommit: false
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index ab9aef239..cb8267134 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -2,98 +2,82 @@ name: Pre-Commit
on:
pull_request:
- push:
branches:
+ - main
- master
+env:
+ TERRAFORM_DOCS_VERSION: v0.16.0
+ TFLINT_VERSION: v0.44.1
+
jobs:
- # Min Terraform version(s)
- getDirectories:
- name: Get root directories
+ collectInputs:
+ name: Collect workflow inputs
runs-on: ubuntu-latest
+ outputs:
+ directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Checkout
- uses: actions/checkout@v2
- - name: Install Python
- uses: actions/setup-python@v2
- - name: Build matrix
- id: matrix
- run: |
- DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))")
- echo "::set-output name=directories::$DIRS"
- outputs:
- directories: ${{ steps.matrix.outputs.directories }}
+ uses: actions/checkout@v3
+
+ - name: Get root directories
+ id: dirs
+ uses: clowdhaus/terraform-composite-actions/directories@v1.8.3
preCommitMinVersions:
- name: Min TF validate
- needs: getDirectories
+ name: Min TF pre-commit
+ needs: collectInputs
runs-on: ubuntu-latest
strategy:
matrix:
- directory: ${{ fromJson(needs.getDirectories.outputs.directories) }}
+ directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
- name: Checkout
- uses: actions/checkout@v2
- - name: Install Python
- uses: actions/setup-python@v2
+ uses: actions/checkout@v3
+
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.0.2
+ uses: clowdhaus/terraform-min-max@v1.2.4
with:
directory: ${{ matrix.directory }}
- - name: Install Terraform v${{ steps.minMax.outputs.minVersion }}
- uses: hashicorp/setup-terraform@v1
- with:
- terraform_version: ${{ steps.minMax.outputs.minVersion }}
- - name: Install pre-commit dependencies
- run: pip install pre-commit
- - name: Execute pre-commit
+
+ - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
- run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*
- - name: Execute pre-commit
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+ with:
+ terraform-version: ${{ steps.minMax.outputs.minVersion }}
+ tflint-version: ${{ env.TFLINT_VERSION }}
+ args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+ - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
- run: pre-commit run terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+ with:
+ terraform-version: ${{ steps.minMax.outputs.minVersion }}
+ tflint-version: ${{ env.TFLINT_VERSION }}
+ args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
- # Max Terraform version
- getBaseVersion:
- name: Module max TF version
+ preCommitMaxVersion:
+ name: Max TF pre-commit
runs-on: ubuntu-latest
+ needs: collectInputs
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.ref }}
+ repository: ${{github.event.pull_request.head.repo.full_name}}
+
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.0.2
- outputs:
- minVersion: ${{ steps.minMax.outputs.minVersion }}
- maxVersion: ${{ steps.minMax.outputs.maxVersion }}
+ uses: clowdhaus/terraform-min-max@v1.2.4
- preCommitMaxVersion:
- name: Max TF pre-commit
- runs-on: ubuntu-latest
- needs: getBaseVersion
- strategy:
- fail-fast: false
- matrix:
- version:
- - ${{ needs.getBaseVersion.outputs.maxVersion }}
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- - name: Install Python
- uses: actions/setup-python@v2
- - name: Install Terraform v${{ matrix.version }}
- uses: hashicorp/setup-terraform@v1
+ - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
with:
- terraform_version: ${{ matrix.version }}
- - name: Install pre-commit dependencies
- run: |
- pip install pre-commit
- curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.13.0/terraform-docs-v0.13.0-$(uname)-amd64.tar.gz && tar -xzf terraform-docs.tar.gz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
- curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
- - name: Execute pre-commit
- # Run all pre-commit checks on max version supported
- if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }}
- run: pre-commit run --color=always --show-diff-on-failure --all-files
+ terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+ tflint-version: ${{ env.TFLINT_VERSION }}
+ terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+ install-hcledit: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..81f674740
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,37 @@
+name: Release
+
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ - master
+ paths:
+ - '**/*.tpl'
+ - '**/*.py'
+ - '**/*.tf'
+ - '.github/workflows/release.yml'
+
+jobs:
+ release:
+ name: Release
+ runs-on: ubuntu-latest
+ # Skip running release workflow on forks
+ if: github.repository_owner == 'terraform-aws-modules'
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ persist-credentials: false
+ fetch-depth: 0
+
+ - name: Release
+ uses: cycjimmy/semantic-release-action@v3
+ with:
+ semantic_version: 18.0.0
+ extra_plugins: |
+ @semantic-release/changelog@6.0.0
+ @semantic-release/git@10.0.0
+ conventional-changelog-conventionalcommits@4.6.3
+ env:
+ GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml
new file mode 100644
index 000000000..50379957f
--- /dev/null
+++ b/.github/workflows/stale-actions.yaml
@@ -0,0 +1,32 @@
+name: 'Mark or close stale issues and PRs'
+on:
+ schedule:
+ - cron: '0 0 * * *'
+
+jobs:
+ stale:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/stale@v6
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ # Staling issues and PR's
+ days-before-stale: 30
+ stale-issue-label: stale
+ stale-pr-label: stale
+ stale-issue-message: |
+ This issue has been automatically marked as stale because it has been open 30 days
+ with no activity. Remove stale label or comment or this issue will be closed in 10 days
+ stale-pr-message: |
+ This PR has been automatically marked as stale because it has been open 30 days
+ with no activity. Remove stale label or comment or this PR will be closed in 10 days
+ # Not stale if have this labels or part of milestone
+ exempt-issue-labels: bug,wip,on-hold
+ exempt-pr-labels: bug,wip,on-hold
+ exempt-all-milestones: true
+ # Close issue operations
+ # Label will be automatically removed if the issues are no longer closed nor locked.
+ days-before-close: 10
+ delete-branch: true
+ close-issue-message: This issue was automatically closed because of stale in 10 days
+ close-pr-message: This PR was automatically closed because of stale in 10 days
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6dda89313..0f3428382 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,12 @@
repos:
- - repo: git://github.com/antonbabenko/pre-commit-terraform
- rev: v1.50.0
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.81.0
hooks:
- id: terraform_fmt
- id: terraform_validate
- id: terraform_docs
+ args:
+ - '--args=--lockfile=false'
- id: terraform_tflint
args:
- '--args=--only=terraform_deprecated_interpolation'
@@ -20,7 +22,8 @@ repos:
- '--args=--only=terraform_required_providers'
- '--args=--only=terraform_standard_module_structure'
- '--args=--only=terraform_workspace_remote'
- - repo: git://github.com/pre-commit/pre-commit-hooks
- rev: v3.4.0
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.4.0
hooks:
- id: check-merge-conflict
+ - id: end-of-file-fixer
diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 000000000..66b3eefd6
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,45 @@
+{
+ "branches": [
+ "main",
+ "master"
+ ],
+ "ci": false,
+ "plugins": [
+ [
+ "@semantic-release/commit-analyzer",
+ {
+ "preset": "conventionalcommits"
+ }
+ ],
+ [
+ "@semantic-release/release-notes-generator",
+ {
+ "preset": "conventionalcommits"
+ }
+ ],
+ [
+ "@semantic-release/github",
+ {
+ "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+ "labels": false,
+ "releasedLabels": false
+ }
+ ],
+ [
+ "@semantic-release/changelog",
+ {
+ "changelogFile": "CHANGELOG.md",
+ "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+ }
+ ],
+ [
+ "@semantic-release/git",
+ {
+ "assets": [
+ "CHANGELOG.md"
+ ],
+ "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+ }
+ ]
+ ]
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e8737c953..1792b27bb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,11 +1,228 @@
-# Change Log
+# Changelog
All notable changes to this project will be documented in this file.
-
-## [Unreleased]
+### [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.1...v5.1.2) (2023-09-07)
+### Bug Fixes
+
+* The number of intra subnets should not influence the number of NAT gateways provisioned ([#968](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/968)) ([1e36f9f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/1e36f9f8a01eb26be83d8e1ce2227a6890390b0e))
+
+### [5.1.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.0...v5.1.1) (2023-07-25)
+
+
+### Bug Fixes
+
+* Ensure database route table output works ([#926](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/926)) ([e4c48d4](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/e4c48d4675718d5bd8c72c6b934c70c0f4bf1670)), closes [#857](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/857)
+
+## [5.1.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.0.0...v5.1.0) (2023-07-15)
+
+
+### Features
+
+* Add support for creating a security group for VPC endpoint(s) ([#962](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/962)) ([802d5f1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/802d5f14c29db4e50b3f2aaf87950845594a31bd))
+
+## [5.0.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.2...v5.0.0) (2023-05-30)
+
+
+### ⚠ BREAKING CHANGES
+
+* Bump Terraform AWS Provider version to 5.0 (#941)
+
+### Features
+
+* Bump Terraform AWS Provider version to 5.0 ([#941](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/941)) ([2517eb9](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/2517eb98a39500897feecd27178994055ee2eb5e))
+
+### [4.0.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.1...v4.0.2) (2023-05-15)
+
+
+### Bug Fixes
+
+* Add dns64 routes ([#924](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/924)) ([743798d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/743798daa14b8a5b827b37053ca7e3c5b8865c06))
+
+### [4.0.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v4.0.0...v4.0.1) (2023-04-07)
+
+
+### Bug Fixes
+
+* Add missing private subnets to max subnet length local ([#920](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/920)) ([6f51f34](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6f51f34d9c91d62984ff985aad6b5ef03eb2a75a))
+
+## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.19.0...v4.0.0) (2023-04-07)
+
+
+### ⚠ BREAKING CHANGES
+
+* Support enabling NAU metrics in "aws_vpc" resource (#838)
+
+### Features
+
+* Support enabling NAU metrics in "aws_vpc" resource ([#838](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/838)) ([44e6eaa](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/44e6eaa154a9e78c8d6e86d1c735f95825b270db))
+
+## [3.19.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.18.1...v3.19.0) (2023-01-13)
+
+
+### Features
+
+* Add public and private tags per az ([#860](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/860)) ([a82c9d3](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/a82c9d3272e3a83d22f70f174133dd26c24eee21))
+
+
+### Bug Fixes
+
+* Use a version for to avoid GitHub API rate limiting on CI workflows ([#876](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/876)) ([2a0319e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/2a0319ec3244169997c6dac0d7850897ba9b9162))
+
+### [3.18.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.18.0...v3.18.1) (2022-10-27)
+
+
+### Bug Fixes
+
+* Update CI configuration files to use latest version ([#850](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/850)) ([b94561d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/b94561dc61b8bbedb5e36e0334e030edf03a1c7b))
+
+## [3.18.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.17.0...v3.18.0) (2022-10-21)
+
+
+### Features
+
+* Added ability to specify CloudWatch Log group name for VPC Flow logs ([#847](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/847)) ([80d6318](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/80d631884126075e1adbe2d410f46ef6b9ea8a19))
+
+## [3.17.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.16.1...v3.17.0) (2022-10-21)
+
+
+### Features
+
+* Add custom subnet names ([#816](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/816)) ([4416e37](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/4416e379ed9a9b650a12a629441410f326b44c0c))
+
+### [3.16.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.16.0...v3.16.1) (2022-10-14)
+
+
+### Bug Fixes
+
+* Prevent an error when VPC Flow log log_group and role is not created ([#844](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/844)) ([b0c81ad](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/b0c81ad61214069f8fa6d35492716c9d4cac9096))
+
+## [3.16.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.15.0...v3.16.0) (2022-09-26)
+
+
+### Features
+
+* Add IPAM IPv6 support ([#718](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/718)) ([4fe7745](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/4fe7745ddb675af3bd50daf335ad3ffa16d08a98))
+
+## [3.15.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.4...v3.15.0) (2022-09-25)
+
+
+### Features
+
+* Add IPAM IPv4 support ([#716](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/716)) ([6eddcad](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6eddcad72867cd9df536d13ea8fdac15e0eebbd4))
+
+### [3.14.4](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.3...v3.14.4) (2022-09-05)
+
+
+### Bug Fixes
+
+* Remove EC2-classic deprecation warnings by hardcoding classiclink values to `null` ([#826](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/826)) ([736931b](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/736931b0a707115a1fbeb45e0d6f784199cba95e))
+
+### [3.14.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.2...v3.14.3) (2022-09-02)
+
+
+### Bug Fixes
+
+* Allow `security_group_ids` to take `null` values ([#825](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/825)) ([67ef09a](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/67ef09a1717f155d9a2f22a867230bf872af4cef))
+
+### [3.14.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.1...v3.14.2) (2022-06-20)
+
+
+### Bug Fixes
+
+* Compact CIDR block outputs to avoid empty diffs ([#802](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/802)) ([c3fd156](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/c3fd1566df23cc4a2d3447b1964956964b9830a3))
+
+### [3.14.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.14.0...v3.14.1) (2022-06-16)
+
+
+### Bug Fixes
+
+* Declare data resource only for requested VPC endpoints ([#800](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/800)) ([024fbc0](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/024fbc01bf468240213666dfd4428f5b425794d1))
+
+## [3.14.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.13.0...v3.14.0) (2022-03-31)
+
+
+### Features
+
+* Change to allow create variable within specific vpc objects ([#773](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/773)) ([5913d7e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/5913d7ebe9805c8c5f39a7afb6b28bf1c4e9505e))
+
+## [3.13.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.12.0...v3.13.0) (2022-03-11)
+
+
+### Features
+
+* Made it clear that we stand with Ukraine ([acb0ae5](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/acb0ae548d7c6dd0594565c7a6087f65b4c45f93))
+
+## [3.12.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.5...v3.12.0) (2022-02-07)
+
+
+### Features
+
+* Added custom route for NAT gateway ([#748](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/748)) ([728a4d1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/728a4d114000f256a24d8d4bc9895184df533d0c))
+
+### [3.11.5](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.4...v3.11.5) (2022-01-28)
+
+
+### Bug Fixes
+
+* Addresses persistent diff with manage_default_network_acl ([#737](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/737)) ([d247d8e](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/d247d8e44728a86d0024a2da9b0cd34ad218c33a))
+
+### [3.11.4](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.3...v3.11.4) (2022-01-26)
+
+
+### Bug Fixes
+
+* Fixed redshift_route_table_ids outputs ([#739](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/739)) ([7c8df92](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/7c8df92f471af5f40ac126f2bb194722d92228f3))
+
+### [3.11.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.2...v3.11.3) (2022-01-13)
+
+
+### Bug Fixes
+
+* Update tags for default resources to correct spurious plan diffs ([#730](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/730)) ([d1adf74](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/d1adf743b27ef131b559ec15c7aadc37466a74b9))
+
+### [3.11.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.1...v3.11.2) (2022-01-11)
+
+
+### Bug Fixes
+
+* Correct `for_each` map on VPC endpoints to propagate endpoint maps correctly ([#729](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/729)) ([19fcf0d](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/19fcf0d68027dea10ecaa456ccea1cb50567e388))
+
+### [3.11.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.0...v3.11.1) (2022-01-10)
+
+
+### Bug Fixes
+
+* update CI/CD process to enable auto-release workflow ([#711](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/711)) ([57ba0ef](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/57ba0ef08063390636daedcf88f71443281c2b84))
+
+
+## [v3.11.0] - 2021-11-04
+
+- feat: Add tags to VPC flow logs IAM policy ([#706](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/706))
+
+
+
+## [v3.10.0] - 2021-10-15
+
+- fix: Enabled destination_options only for VPC Flow Logs on S3 ([#703](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/703))
+
+
+
+## [v3.9.0] - 2021-10-15
+
+- feat: Added timeout block to aws_default_route_table resource ([#701](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/701))
+
+
+
+## [v3.8.0] - 2021-10-14
+
+- feat: Added support for VPC Flow Logs in Parquet format ([#700](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/700))
+- docs: Fixed docs in simple-vpc
+- chore: Updated outputs in example ([#690](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/690))
+- Updated pre-commit
+
## [v3.7.0] - 2021-08-31
@@ -1313,7 +1530,11 @@ All notable changes to this project will be documented in this file.
- Initial commit
-[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.7.0...HEAD
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.11.0...HEAD
+[v3.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.10.0...v3.11.0
+[v3.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.9.0...v3.10.0
+[v3.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.8.0...v3.9.0
+[v3.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.7.0...v3.8.0
[v3.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.6.0...v3.7.0
[v3.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.5.0...v3.6.0
[v3.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v3.4.0...v3.5.0
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 558dac5a6..000000000
--- a/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-.PHONY: changelog release
-
-changelog:
- git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o`
-
-release:
- semtag final -s minor
diff --git a/README.md b/README.md
index 3977adf24..73c591304 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
Terraform module which creates VPC resources on AWS.
+[](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
+
## Usage
```hcl
@@ -83,7 +85,7 @@ If both `single_nat_gateway` and `one_nat_gateway_per_az` are set to `true`, the
### One NAT Gateway per subnet (default)
-By default, the module will determine the number of NAT Gateways to create based on the the `max()` of the private subnet lists (`database_subnets`, `elasticache_subnets`, `private_subnets`, and `redshift_subnets`). The module **does not** take into account the number of `intra_subnets`, since the latter are designed to have no Internet access via NAT Gateway. For example, if your configuration looks like the following:
+By default, the module will determine the number of NAT Gateways to create based on the `max()` of the private subnet lists (`database_subnets`, `elasticache_subnets`, `private_subnets`, and `redshift_subnets`). The module **does not** take into account the number of `intra_subnets`, since the latter are designed to have no Internet access via NAT Gateway. For example, if your configuration looks like the following:
```hcl
database_subnets = ["10.0.21.0/24", "10.0.22.0/24"]
@@ -120,6 +122,14 @@ You can add additional tags with `intra_subnet_tags` as with other subnet types.
VPC Flow Log allows to capture IP traffic for a specific network interface (ENI), subnet, or entire VPC. This module supports enabling or disabling VPC Flow Logs for entire VPC. If you need to have VPC Flow Logs for subnet or ENI, you have to manage it outside of this module with [aws_flow_log resource](https://www.terraform.io/docs/providers/aws/r/flow_log.html).
+### VPC Flow Log Examples
+
+By default `file_format` is `plain-text`. You can also specify `parquet` to have logs written in Apache Parquet format.
+
+```
+flow_log_file_format = "parquet"
+```
+
### Permissions Boundary
If your organization requires a permissions boundary to be attached to the VPC Flow Log role, make sure that you specify an ARN of the permissions boundary policy as `vpc_flow_log_permissions_boundary` argument. Read more about required [IAM policy for publishing flow logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html#flow-logs-iam).
@@ -171,31 +181,88 @@ Sometimes it is handy to have public access to Redshift clusters (for example if
It is possible to integrate this VPC module with [terraform-aws-transit-gateway module](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway) which handles the creation of TGW resources and VPC attachments. See [complete example there](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete).
+## VPC CIDR from AWS IP Address Manager (IPAM)
+
+It is possible to have your VPC CIDR assigned from an [AWS IPAM Pool](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool). However, In order to build subnets within this module Terraform must know subnet CIDRs to properly plan the amount of resources to build. Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time. You can get around this by "previewing" the CIDR and then using that as the subnet values.
+
+_Note: Due to race conditions with `terraform plan`, it is not possible to use `ipv4_netmask_length` or a pools `allocation_default_netmask_length` within this module. You must explicitly set the CIDRs for a pool to use._
+
+```hcl
+# Find the pool RAM shared to your account
+# Info on RAM sharing pools: https://docs.aws.amazon.com/vpc/latest/ipam/share-pool-ipam.html
+data "aws_vpc_ipam_pool" "ipv4_example" {
+ filter {
+ name = "description"
+ values = ["*mypool*"]
+ }
+
+ filter {
+ name = "address-family"
+ values = ["ipv4"]
+ }
+}
+
+# Preview next CIDR from pool
+data "aws_vpc_ipam_preview_next_cidr" "previewed_cidr" {
+ ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id
+ netmask_length = 24
+}
+
+data "aws_region" "current" {}
+
+# Calculate subnet cidrs from previewed IPAM CIDR
+locals {
+ partition = cidrsubnets(data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr, 2, 2)
+ private_subnets = cidrsubnets(local.partition[0], 2, 2)
+ public_subnets = cidrsubnets(local.partition[1], 2, 2)
+ azs = formatlist("${data.aws_region.current.name}%s", ["a", "b"])
+}
+
+module "vpc_cidr_from_ipam" {
+ source = "terraform-aws-modules/vpc/aws"
+ name = "vpc-cidr-from-ipam"
+ ipv4_ipam_pool_id = data.aws_vpc_ipam_pool.ipv4_example.id
+ azs = local.azs
+ cidr = data.aws_vpc_ipam_preview_next_cidr.previewed_cidr.cidr
+ private_subnets = local.private_subnets
+ public_subnets = local.public_subnets
+}
+```
+
## Examples
-- [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple-vpc)
-- [Simple VPC with secondary CIDR blocks](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/secondary-cidr-blocks)
-- [Complete VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete-vpc) with VPC Endpoints.
-- [VPC with IPv6 enabled](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6)
+- [Complete VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/complete) with VPC Endpoints.
+- [VPC using IPAM](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipam)
+- [Dualstack IPv4/IPv6 VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-dualstack)
+- [IPv6 only subnets/VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/ipv6-only)
+- [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc)
- [Network ACL](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/network-acls)
-- [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs)
- [VPC with Outpost](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/outpost)
-- [Manage Default VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/manage-default-vpc)
+- [VPC with secondary CIDR blocks](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/secondary-cidr-blocks)
+- [VPC with unique route tables](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/separate-route-tables)
+- [Simple VPC](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/simple)
+- [VPC Flow Logs](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/vpc-flow-logs)
- [Few tests and edge case examples](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issues)
+## Contributing
+
+Report issues/questions/feature requests on in the [issues](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/new) section.
+
+Full contributing [guidelines are covered here](.github/contributing.md).
+
## Requirements
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.38 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.38 |
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
@@ -243,9 +310,11 @@ No modules.
| [aws_network_acl_rule.redshift_inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
| [aws_network_acl_rule.redshift_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | resource |
| [aws_redshift_subnet_group.redshift](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_subnet_group) | resource |
+| [aws_route.database_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.database_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.database_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.database_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.private_dns64_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.private_ipv6_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
@@ -287,52 +356,58 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | `string` | `"64512"` | no |
-| [assign\_ipv6\_address\_on\_creation](#input\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `false` | no |
+| [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN | `string` | `"64512"` | no |
| [azs](#input\_azs) | A list of availability zones names or ids in the region | `list(string)` | `[]` | no |
-| [cidr](#input\_cidr) | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | `string` | `"0.0.0.0/0"` | no |
+| [cidr](#input\_cidr) | (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id` | `string` | `"10.0.0.0/16"` | no |
| [create\_database\_internet\_gateway\_route](#input\_create\_database\_internet\_gateway\_route) | Controls if an internet gateway route for public database access should be created | `bool` | `false` | no |
| [create\_database\_nat\_gateway\_route](#input\_create\_database\_nat\_gateway\_route) | Controls if a nat gateway route should be created to give internet access to the database subnets | `bool` | `false` | no |
| [create\_database\_subnet\_group](#input\_create\_database\_subnet\_group) | Controls if database subnet group should be created (n.b. database\_subnets must also be set) | `bool` | `true` | no |
| [create\_database\_subnet\_route\_table](#input\_create\_database\_subnet\_route\_table) | Controls if separate route table for database should be created | `bool` | `false` | no |
-| [create\_egress\_only\_igw](#input\_create\_egress\_only\_igw) | Controls if an Egress Only Internet Gateway is created and its related routes. | `bool` | `true` | no |
+| [create\_egress\_only\_igw](#input\_create\_egress\_only\_igw) | Controls if an Egress Only Internet Gateway is created and its related routes | `bool` | `true` | no |
| [create\_elasticache\_subnet\_group](#input\_create\_elasticache\_subnet\_group) | Controls if elasticache subnet group should be created | `bool` | `true` | no |
| [create\_elasticache\_subnet\_route\_table](#input\_create\_elasticache\_subnet\_route\_table) | Controls if separate route table for elasticache should be created | `bool` | `false` | no |
| [create\_flow\_log\_cloudwatch\_iam\_role](#input\_create\_flow\_log\_cloudwatch\_iam\_role) | Whether to create IAM role for VPC Flow Logs | `bool` | `false` | no |
| [create\_flow\_log\_cloudwatch\_log\_group](#input\_create\_flow\_log\_cloudwatch\_log\_group) | Whether to create CloudWatch log group for VPC Flow Logs | `bool` | `false` | no |
-| [create\_igw](#input\_create\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them. | `bool` | `true` | no |
+| [create\_igw](#input\_create\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them | `bool` | `true` | no |
| [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no |
| [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no |
| [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no |
| [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no |
| [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no |
+| [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no |
| [database\_acl\_tags](#input\_database\_acl\_tags) | Additional tags for the database subnets network ACL | `map(string)` | `{}` | no |
| [database\_dedicated\_network\_acl](#input\_database\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no |
| [database\_inbound\_acl\_rules](#input\_database\_inbound\_acl\_rules) | Database subnets inbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [database\_outbound\_acl\_rules](#input\_database\_outbound\_acl\_rules) | Database subnets outbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [database\_route\_table\_tags](#input\_database\_route\_table\_tags) | Additional tags for the database route tables | `map(string)` | `{}` | no |
-| [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [database\_subnet\_enable\_dns64](#input\_database\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [database\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_database\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
| [database\_subnet\_group\_name](#input\_database\_subnet\_group\_name) | Name of database subnet group | `string` | `null` | no |
| [database\_subnet\_group\_tags](#input\_database\_subnet\_group\_tags) | Additional tags for the database subnet group | `map(string)` | `{}` | no |
+| [database\_subnet\_ipv6\_native](#input\_database\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [database\_subnet\_ipv6\_prefixes](#input\_database\_subnet\_ipv6\_prefixes) | Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [database\_subnet\_names](#input\_database\_subnet\_names) | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [database\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_database\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no |
| [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no |
-| [database\_subnets](#input\_database\_subnets) | A list of database subnets | `list(string)` | `[]` | no |
+| [database\_subnets](#input\_database\_subnets) | A list of database subnets inside the VPC | `list(string)` | `[]` | no |
| [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
| [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
-| [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | Name to be used on the Default Network ACL | `string` | `""` | no |
+| [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | Name to be used on the Default Network ACL | `string` | `null` | no |
| [default\_network\_acl\_tags](#input\_default\_network\_acl\_tags) | Additional tags for the Default Network ACL | `map(string)` | `{}` | no |
+| [default\_route\_table\_name](#input\_default\_route\_table\_name) | Name to be used on the default route table | `string` | `null` | no |
| [default\_route\_table\_propagating\_vgws](#input\_default\_route\_table\_propagating\_vgws) | List of virtual gateways for propagation | `list(string)` | `[]` | no |
| [default\_route\_table\_routes](#input\_default\_route\_table\_routes) | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no |
| [default\_route\_table\_tags](#input\_default\_route\_table\_tags) | Additional tags for the default route table | `map(string)` | `{}` | no |
-| [default\_security\_group\_egress](#input\_default\_security\_group\_egress) | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no |
-| [default\_security\_group\_ingress](#input\_default\_security\_group\_ingress) | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no |
-| [default\_security\_group\_name](#input\_default\_security\_group\_name) | Name to be used on the default security group | `string` | `"default"` | no |
+| [default\_security\_group\_egress](#input\_default\_security\_group\_egress) | List of maps of egress rules to set on the default security group | `list(map(string))` | `[]` | no |
+| [default\_security\_group\_ingress](#input\_default\_security\_group\_ingress) | List of maps of ingress rules to set on the default security group | `list(map(string))` | `[]` | no |
+| [default\_security\_group\_name](#input\_default\_security\_group\_name) | Name to be used on the default security group | `string` | `null` | no |
| [default\_security\_group\_tags](#input\_default\_security\_group\_tags) | Additional tags for the default security group | `map(string)` | `{}` | no |
-| [default\_vpc\_enable\_classiclink](#input\_default\_vpc\_enable\_classiclink) | Should be true to enable ClassicLink in the Default VPC | `bool` | `false` | no |
-| [default\_vpc\_enable\_dns\_hostnames](#input\_default\_vpc\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the Default VPC | `bool` | `false` | no |
+| [default\_vpc\_enable\_dns\_hostnames](#input\_default\_vpc\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the Default VPC | `bool` | `true` | no |
| [default\_vpc\_enable\_dns\_support](#input\_default\_vpc\_enable\_dns\_support) | Should be true to enable DNS support in the Default VPC | `bool` | `true` | no |
-| [default\_vpc\_name](#input\_default\_vpc\_name) | Name to be used on the Default VPC | `string` | `""` | no |
+| [default\_vpc\_name](#input\_default\_vpc\_name) | Name to be used on the Default VPC | `string` | `null` | no |
| [default\_vpc\_tags](#input\_default\_vpc\_tags) | Additional tags for the Default VPC | `map(string)` | `{}` | no |
| [dhcp\_options\_domain\_name](#input\_dhcp\_options\_domain\_name) | Specifies DNS name for DHCP options set (requires enable\_dhcp\_options set to true) | `string` | `""` | no |
| [dhcp\_options\_domain\_name\_servers](#input\_dhcp\_options\_domain\_name\_servers) | Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable\_dhcp\_options set to true) | `list(string)` | [
"AmazonProvidedDNS"
]
| no |
@@ -345,34 +420,43 @@ No modules.
| [elasticache\_inbound\_acl\_rules](#input\_elasticache\_inbound\_acl\_rules) | Elasticache subnets inbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [elasticache\_outbound\_acl\_rules](#input\_elasticache\_outbound\_acl\_rules) | Elasticache subnets outbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [elasticache\_route\_table\_tags](#input\_elasticache\_route\_table\_tags) | Additional tags for the elasticache route tables | `map(string)` | `{}` | no |
-| [elasticache\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_elasticache\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [elasticache\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_elasticache\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [elasticache\_subnet\_enable\_dns64](#input\_elasticache\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [elasticache\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_elasticache\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [elasticache\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_elasticache\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
| [elasticache\_subnet\_group\_name](#input\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group | `string` | `null` | no |
| [elasticache\_subnet\_group\_tags](#input\_elasticache\_subnet\_group\_tags) | Additional tags for the elasticache subnet group | `map(string)` | `{}` | no |
+| [elasticache\_subnet\_ipv6\_native](#input\_elasticache\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [elasticache\_subnet\_ipv6\_prefixes](#input\_elasticache\_subnet\_ipv6\_prefixes) | Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [elasticache\_subnet\_names](#input\_elasticache\_subnet\_names) | Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [elasticache\_subnet\_suffix](#input\_elasticache\_subnet\_suffix) | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no |
| [elasticache\_subnet\_tags](#input\_elasticache\_subnet\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no |
-| [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets | `list(string)` | `[]` | no |
-| [enable\_classiclink](#input\_enable\_classiclink) | Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
-| [enable\_classiclink\_dns\_support](#input\_enable\_classiclink\_dns\_support) | Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
+| [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets inside the VPC | `list(string)` | `[]` | no |
| [enable\_dhcp\_options](#input\_enable\_dhcp\_options) | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no |
-| [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `false` | no |
+| [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `true` | no |
| [enable\_dns\_support](#input\_enable\_dns\_support) | Should be true to enable DNS support in the VPC | `bool` | `true` | no |
| [enable\_flow\_log](#input\_enable\_flow\_log) | Whether or not to enable VPC Flow Logs | `bool` | `false` | no |
-| [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | `bool` | `false` | no |
+| [enable\_ipv6](#input\_enable\_ipv6) | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | `bool` | `false` | no |
| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no |
+| [enable\_network\_address\_usage\_metrics](#input\_enable\_network\_address\_usage\_metrics) | Determines whether network address usage metrics are enabled for the VPC | `bool` | `null` | no |
| [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no |
| [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
| [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no |
| [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no |
-| [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided. | `string` | `""` | no |
-| [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs. | `string` | `null` | no |
-| [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs. | `string` | `"/aws/vpc-flow-log/"` | no |
-| [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no |
-| [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no |
-| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no |
-| [flow\_log\_log\_format](#input\_flow\_log\_log\_format) | The fields to include in the flow log record, in the order in which they should appear. | `string` | `null` | no |
-| [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no |
-| [flow\_log\_traffic\_type](#input\_flow\_log\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no |
+| [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `""` | no |
+| [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no |
+| [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs | `string` | `"/aws/vpc-flow-log/"` | no |
+| [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `""` | no |
+| [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | `number` | `null` | no |
+| [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided | `string` | `""` | no |
+| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no |
+| [flow\_log\_file\_format](#input\_flow\_log\_file\_format) | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no |
+| [flow\_log\_hive\_compatible\_partitions](#input\_flow\_log\_hive\_compatible\_partitions) | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no |
+| [flow\_log\_log\_format](#input\_flow\_log\_log\_format) | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no |
+| [flow\_log\_max\_aggregation\_interval](#input\_flow\_log\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds | `number` | `600` | no |
+| [flow\_log\_per\_hour\_partition](#input\_flow\_log\_per\_hour\_partition) | (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries | `bool` | `false` | no |
+| [flow\_log\_traffic\_type](#input\_flow\_log\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL | `string` | `"ALL"` | no |
| [igw\_tags](#input\_igw\_tags) | Additional tags for the internet gateway | `map(string)` | `{}` | no |
| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
| [intra\_acl\_tags](#input\_intra\_acl\_tags) | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no |
@@ -380,28 +464,48 @@ No modules.
| [intra\_inbound\_acl\_rules](#input\_intra\_inbound\_acl\_rules) | Intra subnets inbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [intra\_outbound\_acl\_rules](#input\_intra\_outbound\_acl\_rules) | Intra subnets outbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [intra\_route\_table\_tags](#input\_intra\_route\_table\_tags) | Additional tags for the intra route tables | `map(string)` | `{}` | no |
-| [intra\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_intra\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [intra\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_intra\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [intra\_subnet\_enable\_dns64](#input\_intra\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [intra\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_intra\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [intra\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_intra\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
+| [intra\_subnet\_ipv6\_native](#input\_intra\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [intra\_subnet\_ipv6\_prefixes](#input\_intra\_subnet\_ipv6\_prefixes) | Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [intra\_subnet\_names](#input\_intra\_subnet\_names) | Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [intra\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_intra\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no |
| [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no |
-| [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no |
-| [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
-| [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `false` | no |
-| [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `false` | no |
+| [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets inside the VPC | `list(string)` | `[]` | no |
+| [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR | `string` | `null` | no |
+| [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id | `number` | `null` | no |
+| [ipv6\_cidr](#input\_ipv6\_cidr) | (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length` | `string` | `null` | no |
+| [ipv6\_cidr\_block\_network\_border\_group](#input\_ipv6\_cidr\_block\_network\_border\_group) | By default when an IPv6 CIDR is assigned to a VPC a default ipv6\_cidr\_block\_network\_border\_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones | `string` | `null` | no |
+| [ipv6\_ipam\_pool\_id](#input\_ipv6\_ipam\_pool\_id) | (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block` | `string` | `null` | no |
+| [ipv6\_netmask\_length](#input\_ipv6\_netmask\_length) | (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56` | `number` | `null` | no |
+| [manage\_default\_network\_acl](#input\_manage\_default\_network\_acl) | Should be true to adopt and manage Default Network ACL | `bool` | `true` | no |
+| [manage\_default\_route\_table](#input\_manage\_default\_route\_table) | Should be true to manage default route table | `bool` | `true` | no |
+| [manage\_default\_security\_group](#input\_manage\_default\_security\_group) | Should be true to adopt and manage default security group | `bool` | `true` | no |
| [manage\_default\_vpc](#input\_manage\_default\_vpc) | Should be true to adopt and manage Default VPC | `bool` | `false` | no |
-| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no |
+| [map\_customer\_owned\_ip\_on\_launch](#input\_map\_customer\_owned\_ip\_on\_launch) | Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false` | `bool` | `false` | no |
+| [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false` | `bool` | `false` | no |
| [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |
| [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no |
+| [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no |
| [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no |
-| [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | `bool` | `false` | no |
+| [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no |
| [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no |
-| [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in. | `string` | `null` | no |
-| [outpost\_az](#input\_outpost\_az) | AZ where Outpost is anchored. | `string` | `null` | no |
+| [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no |
+| [outpost\_az](#input\_outpost\_az) | AZ where Outpost is anchored | `string` | `null` | no |
| [outpost\_dedicated\_network\_acl](#input\_outpost\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for outpost subnets | `bool` | `false` | no |
| [outpost\_inbound\_acl\_rules](#input\_outpost\_inbound\_acl\_rules) | Outpost subnets inbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [outpost\_outbound\_acl\_rules](#input\_outpost\_outbound\_acl\_rules) | Outpost subnets outbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
-| [outpost\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_outpost\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [outpost\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_outpost\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [outpost\_subnet\_enable\_dns64](#input\_outpost\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [outpost\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_outpost\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [outpost\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_outpost\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
+| [outpost\_subnet\_ipv6\_native](#input\_outpost\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [outpost\_subnet\_ipv6\_prefixes](#input\_outpost\_subnet\_ipv6\_prefixes) | Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [outpost\_subnet\_names](#input\_outpost\_subnet\_names) | Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no |
| [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no |
| [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no |
@@ -410,10 +514,17 @@ No modules.
| [private\_inbound\_acl\_rules](#input\_private\_inbound\_acl\_rules) | Private subnets inbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [private\_outbound\_acl\_rules](#input\_private\_outbound\_acl\_rules) | Private subnets outbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [private\_route\_table\_tags](#input\_private\_route\_table\_tags) | Additional tags for the private route tables | `map(string)` | `{}` | no |
-| [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [private\_subnet\_enable\_dns64](#input\_private\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_private\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
+| [private\_subnet\_ipv6\_native](#input\_private\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [private\_subnet\_ipv6\_prefixes](#input\_private\_subnet\_ipv6\_prefixes) | Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [private\_subnet\_names](#input\_private\_subnet\_names) | Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [private\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_private\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no |
| [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
+| [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
| [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
| [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
| [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
@@ -423,27 +534,42 @@ No modules.
| [public\_inbound\_acl\_rules](#input\_public\_inbound\_acl\_rules) | Public subnets inbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [public\_outbound\_acl\_rules](#input\_public\_outbound\_acl\_rules) | Public subnets outbound network ACLs | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [public\_route\_table\_tags](#input\_public\_route\_table\_tags) | Additional tags for the public route tables | `map(string)` | `{}` | no |
-| [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [public\_subnet\_enable\_dns64](#input\_public\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_public\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_public\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
+| [public\_subnet\_ipv6\_native](#input\_public\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [public\_subnet\_ipv6\_prefixes](#input\_public\_subnet\_ipv6\_prefixes) | Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [public\_subnet\_names](#input\_public\_subnet\_names) | Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [public\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_public\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no |
| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
+| [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
| [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
+| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
| [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
| [redshift\_dedicated\_network\_acl](#input\_redshift\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for redshift subnets | `bool` | `false` | no |
| [redshift\_inbound\_acl\_rules](#input\_redshift\_inbound\_acl\_rules) | Redshift subnets inbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [redshift\_outbound\_acl\_rules](#input\_redshift\_outbound\_acl\_rules) | Redshift subnets outbound network ACL rules | `list(map(string))` | [
{
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_action": "allow",
"rule_number": 100,
"to_port": 0
}
]
| no |
| [redshift\_route\_table\_tags](#input\_redshift\_route\_table\_tags) | Additional tags for the redshift route tables | `map(string)` | `{}` | no |
-| [redshift\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_redshift\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
+| [redshift\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_redshift\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no |
+| [redshift\_subnet\_enable\_dns64](#input\_redshift\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no |
+| [redshift\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_redshift\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no |
+| [redshift\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch](#input\_redshift\_subnet\_enable\_resource\_name\_dns\_aaaa\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true` | `bool` | `true` | no |
| [redshift\_subnet\_group\_name](#input\_redshift\_subnet\_group\_name) | Name of redshift subnet group | `string` | `null` | no |
| [redshift\_subnet\_group\_tags](#input\_redshift\_subnet\_group\_tags) | Additional tags for the redshift subnet group | `map(string)` | `{}` | no |
+| [redshift\_subnet\_ipv6\_native](#input\_redshift\_subnet\_ipv6\_native) | Indicates whether to create an IPv6-only subnet. Default: `false` | `bool` | `false` | no |
| [redshift\_subnet\_ipv6\_prefixes](#input\_redshift\_subnet\_ipv6\_prefixes) | Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list | `list(string)` | `[]` | no |
+| [redshift\_subnet\_names](#input\_redshift\_subnet\_names) | Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated | `list(string)` | `[]` | no |
+| [redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no |
| [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no |
| [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no |
-| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets | `list(string)` | `[]` | no |
+| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |
| [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
| [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| [use\_ipam\_pool](#input\_use\_ipam\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no |
| [vpc\_flow\_log\_permissions\_boundary](#input\_vpc\_flow\_log\_permissions\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no |
| [vpc\_flow\_log\_tags](#input\_vpc\_flow\_log\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no |
| [vpc\_tags](#input\_vpc\_tags) | Additional tags for the VPC | `map(string)` | `{}` | no |
@@ -458,9 +584,9 @@ No modules.
| [azs](#output\_azs) | A list of availability zones specified as argument to this module |
| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
-| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route. |
-| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route. |
-| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route. |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
@@ -516,8 +642,8 @@ No modules.
| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
-| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route. |
-| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route. |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
@@ -526,8 +652,8 @@ No modules.
| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
-| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route. |
-| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route. |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
@@ -538,7 +664,7 @@ No modules.
| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
-| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshidt route table association |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
@@ -573,3 +699,9 @@ Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with he
## License
Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/LICENSE) for full details.
+
+## Additional information for users from Russia and Belarus
+
+* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).
+* Russia has brought sorrow and devastations to millions of Ukrainians, killed [thousands of innocent people](https://www.ohchr.org/en/news/2023/06/ukraine-civilian-casualty-update-19-june-2023), damaged thousands of buildings including [critical infrastructure](https://www.aljazeera.com/gallery/2022/12/17/russia-launches-another-major-missile-attack-on-ukraine), caused ecocide by [blowing up a dam](https://www.reuters.com/world/europe/ukraine-security-service-says-it-intercepted-call-proving-russia-destroyed-2023-06-09/), [bombed theater](https://www.cnn.com/2022/03/16/europe/ukraine-mariupol-bombing-theater-intl/index.html) in Mariupol that had "Children" marking on the ground, [raped men and boys](https://www.theguardian.com/world/2022/may/03/men-and-boys-among-alleged-victims-by-russian-soldiers-in-ukraine), [deported children](https://www.bbc.com/news/world-europe-64992727) in the occupied territoris, and forced [millions of people](https://www.unrefugees.org/emergencies/ukraine/) to flee.
+* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
new file mode 100644
index 000000000..abf1e2a2b
--- /dev/null
+++ b/UPGRADE-4.0.md
@@ -0,0 +1,66 @@
+# Upgrade from v3.x to v4.x
+
+If you have any questions regarding this upgrade process, please consult the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/) directory:
+
+If you find a bug, please open an issue with supporting configuration to reproduce.
+
+## List of backwards incompatible changes
+
+- The minimum required Terraform version is now 1.0
+- The minimum required AWS provider version is now 4.x (4.35.0 at time of writing)
+- `assign_ipv6_address_on_creation` has been removed; use the respective subnet type equivalent instead (i.e. - `public_subnet_assign_ipv6_address_on_creation`)
+- `enable_classiclink` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730
+- `enable_classiclink_dns_support` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730
+
+## Additional changes
+
+### Modified
+
+- `map_public_ip_on_launch` now defaults to `false`
+- `enable_dns_hostnames` now defaults to `true`
+- `enable_dns_support` now defaults to `true`
+- `manage_default_security_group` now defaults to `true`
+- `manage_default_route_table` now defaults to `true`
+- `manage_default_network_acl` now defaults to `true`
+- The default name for the default security group, route table, and network ACL has changed to fallback to append `-default` to the VPC name if a specific name is not provided
+- The default fallback value for outputs has changed from an empty string to `null`
+
+### Variable and output changes
+
+1. Removed variables:
+
+ - `assign_ipv6_address_on_creation` has been removed; use the respective subnet type equivalent instead (i.e. - `public_subnet_assign_ipv6_address_on_creation`)
+ - `enable_classiclink` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730
+ - `enable_classiclink_dns_support` has been removed; it is no longer supported by AWS https://github.com/hashicorp/terraform/issues/31730
+
+2. Renamed variables:
+
+ - None
+
+3. Added variables:
+
+ - VPC
+ - `ipv6_cidr_block_network_border_group`
+ - `enable_network_address_usage_metrics`
+ - Subnets
+ - `*_subnet_enable_dns64` for each subnet type
+ - `*_subnet_enable_resource_name_dns_aaaa_record_on_launch` for each subnet type
+ - `*_subnet_enable_resource_name_dns_a_record_on_launch` for each subnet type
+ - `*_subnet_ipv6_native` for each subnet type
+ - `*_subnet_private_dns_hostname_type_on_launch` for each subnet type
+
+4. Removed outputs:
+
+ - None
+
+5. Renamed outputs:
+
+ - None
+
+6. Added outputs:
+
+ - None
+
+### State Changes
+
+None
diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md
deleted file mode 100644
index 4acc80200..000000000
--- a/examples/complete-vpc/README.md
+++ /dev/null
@@ -1,74 +0,0 @@
-# Complete VPC
-
-Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup).
-
-There are public, private, database, ElastiCache, intra (private w/o Internet access) subnets, and NAT Gateways created in each availability zone.
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 3.28 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | ../../modules/vpc-endpoints | |
-| [vpc\_endpoints\_nocreate](#module\_vpc\_endpoints\_nocreate) | ../../modules/vpc-endpoints | |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.generic_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
-| [aws_vpc_endpoint_service.dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
-| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
-| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
-| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
-| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
-| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
-| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
-| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
-| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
-| [vpc\_endpoint\_lambda\_dns\_entry](#output\_vpc\_endpoint\_lambda\_dns\_entry) | The DNS entries for the VPC Endpoint for Lambda. |
-| [vpc\_endpoint\_lambda\_id](#output\_vpc\_endpoint\_lambda\_id) | The ID of VPC endpoint for Lambda |
-| [vpc\_endpoint\_lambda\_network\_interface\_ids](#output\_vpc\_endpoint\_lambda\_network\_interface\_ids) | One or more network interfaces for the VPC Endpoint for Lambda. |
-| [vpc\_endpoint\_ssm\_dns\_entry](#output\_vpc\_endpoint\_ssm\_dns\_entry) | The DNS entries for the VPC Endpoint for SSM. |
-| [vpc\_endpoint\_ssm\_id](#output\_vpc\_endpoint\_ssm\_id) | The ID of VPC endpoint for SSM |
-| [vpc\_endpoint\_ssm\_network\_interface\_ids](#output\_vpc\_endpoint\_ssm\_network\_interface\_ids) | One or more network interfaces for the VPC Endpoint for SSM. |
-| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
-
diff --git a/examples/complete-vpc/outputs.tf b/examples/complete-vpc/outputs.tf
deleted file mode 100644
index 7dd0b6ddf..000000000
--- a/examples/complete-vpc/outputs.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-# VPC
-output "vpc_id" {
- description = "The ID of the VPC"
- value = module.vpc.vpc_id
-}
-
-# Subnets
-output "private_subnets" {
- description = "List of IDs of private subnets"
- value = module.vpc.private_subnets
-}
-
-output "public_subnets" {
- description = "List of IDs of public subnets"
- value = module.vpc.public_subnets
-}
-
-output "database_subnets" {
- description = "List of IDs of database subnets"
- value = module.vpc.database_subnets
-}
-
-output "elasticache_subnets" {
- description = "List of IDs of elasticache subnets"
- value = module.vpc.elasticache_subnets
-}
-
-output "redshift_subnets" {
- description = "List of IDs of redshift subnets"
- value = module.vpc.redshift_subnets
-}
-
-output "intra_subnets" {
- description = "List of IDs of intra subnets"
- value = module.vpc.intra_subnets
-}
-
-# NAT gateways
-output "nat_public_ips" {
- description = "List of public Elastic IPs created for AWS NAT Gateway"
- value = module.vpc.nat_public_ips
-}
-
-# VPC endpoints
-output "vpc_endpoint_ssm_id" {
- description = "The ID of VPC endpoint for SSM"
- value = module.vpc_endpoints.endpoints["ssm"].id
-}
-
-output "vpc_endpoint_ssm_network_interface_ids" {
- description = "One or more network interfaces for the VPC Endpoint for SSM."
- value = module.vpc_endpoints.endpoints["ssm"].network_interface_ids
-}
-
-output "vpc_endpoint_ssm_dns_entry" {
- description = "The DNS entries for the VPC Endpoint for SSM."
- value = module.vpc_endpoints.endpoints["ssm"].dns_entry
-}
-
-output "vpc_endpoint_lambda_id" {
- description = "The ID of VPC endpoint for Lambda"
- value = module.vpc_endpoints.endpoints["lambda"].id
-}
-
-output "vpc_endpoint_lambda_network_interface_ids" {
- description = "One or more network interfaces for the VPC Endpoint for Lambda."
- value = module.vpc_endpoints.endpoints["lambda"].network_interface_ids
-}
-
-output "vpc_endpoint_lambda_dns_entry" {
- description = "The DNS entries for the VPC Endpoint for Lambda."
- value = module.vpc_endpoints.endpoints["lambda"].dns_entry
-}
-
-# Customer Gateway
-output "cgw_ids" {
- description = "List of IDs of Customer Gateway"
- value = module.vpc.cgw_ids
-}
-
-output "this_customer_gateway" {
- description = "Map of Customer Gateway attributes"
- value = module.vpc.this_customer_gateway
-}
diff --git a/examples/complete/README.md b/examples/complete/README.md
new file mode 100644
index 000000000..d6e4eb4a8
--- /dev/null
+++ b/examples/complete/README.md
@@ -0,0 +1,168 @@
+# Complete VPC
+
+Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple](../simple) for more simplified setup).
+
+There are public, private, database, ElastiCache, intra (private w/o Internet access) subnets, and NAT Gateways created in each availability zone.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | ../../ | n/a |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | ../../modules/vpc-endpoints | n/a |
+| [vpc\_endpoints\_nocreate](#module\_vpc\_endpoints\_nocreate) | ../../modules/vpc-endpoints | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_security_group.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.generic_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_endpoints](#output\_vpc\_endpoints) | Array containing the full resource object and attributes for all endpoints created |
+| [vpc\_endpoints\_security\_group\_arn](#output\_vpc\_endpoints\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group |
+| [vpc\_endpoints\_security\_group\_id](#output\_vpc\_endpoints\_security\_group\_id) | ID of the security group |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/complete-vpc/main.tf b/examples/complete/main.tf
similarity index 56%
rename from examples/complete-vpc/main.tf
rename to examples/complete/main.tf
index 6ce367f7b..514355631 100644
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete/main.tf
@@ -1,14 +1,20 @@
provider "aws" {
- region = "eu-west-1"
+ region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
- name = "complete-example"
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
tags = {
- Owner = "user"
- Environment = "staging"
- Name = "complete"
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
}
}
@@ -20,27 +26,31 @@ module "vpc" {
source = "../../"
name = local.name
- cidr = "20.10.0.0/16" # 10.0.0.0/8 is reserved for EC2-Classic
-
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["20.10.1.0/24", "20.10.2.0/24", "20.10.3.0/24"]
- public_subnets = ["20.10.11.0/24", "20.10.12.0/24", "20.10.13.0/24"]
- database_subnets = ["20.10.21.0/24", "20.10.22.0/24", "20.10.23.0/24"]
- elasticache_subnets = ["20.10.31.0/24", "20.10.32.0/24", "20.10.33.0/24"]
- redshift_subnets = ["20.10.41.0/24", "20.10.42.0/24", "20.10.43.0/24"]
- intra_subnets = ["20.10.51.0/24", "20.10.52.0/24", "20.10.53.0/24"]
-
- create_database_subnet_group = false
-
- manage_default_route_table = true
- default_route_table_tags = { DefaultRouteTable = true }
+ cidr = local.vpc_cidr
+
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+ database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+ elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
+ redshift_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 16)]
+ intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 20)]
+
+ private_subnet_names = ["Private Subnet One", "Private Subnet Two"]
+ # public_subnet_names omitted to show default name generation for all three subnets
+ database_subnet_names = ["DB Subnet One"]
+ elasticache_subnet_names = ["Elasticache Subnet One", "Elasticache Subnet Two"]
+ redshift_subnet_names = ["Redshift Subnet One", "Redshift Subnet Two", "Redshift Subnet Three"]
+ intra_subnet_names = []
+
+ create_database_subnet_group = false
+ manage_default_network_acl = false
+ manage_default_route_table = false
+ manage_default_security_group = false
enable_dns_hostnames = true
enable_dns_support = true
- enable_classiclink = true
- enable_classiclink_dns_support = true
-
enable_nat_gateway = true
single_nat_gateway = true
@@ -62,11 +72,6 @@ module "vpc" {
dhcp_options_domain_name = "service.consul"
dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
- # Default security group - ingress/egress rules cleared to deny all
- manage_default_security_group = true
- default_security_group_ingress = []
- default_security_group_egress = []
-
# VPC Flow Logs (Cloudwatch log group and IAM role will be created)
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
@@ -83,8 +88,17 @@ module "vpc" {
module "vpc_endpoints" {
source = "../../modules/vpc-endpoints"
- vpc_id = module.vpc.vpc_id
- security_group_ids = [data.aws_security_group.default.id]
+ vpc_id = module.vpc.vpc_id
+
+ create_security_group = true
+ security_group_name_prefix = "${local.name}-vpc-endpoints-"
+ security_group_description = "VPC endpoint security group"
+ security_group_rules = {
+ ingress_https = {
+ description = "HTTPS from VPC"
+ cidr_blocks = [module.vpc.vpc_cidr_block]
+ }
+ }
endpoints = {
s3 = {
@@ -98,41 +112,17 @@ module "vpc_endpoints" {
policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
tags = { Name = "dynamodb-vpc-endpoint" }
},
- ssm = {
- service = "ssm"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
- ssmmessages = {
- service = "ssmmessages"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
- lambda = {
- service = "lambda"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
ecs = {
service = "ecs"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
ecs_telemetry = {
+ create = false
service = "ecs-telemetry"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
},
- ec2 = {
- service = "ec2"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
- ec2messages = {
- service = "ec2messages"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
ecr_api = {
service = "ecr.api"
private_dns_enabled = true
@@ -145,20 +135,11 @@ module "vpc_endpoints" {
subnet_ids = module.vpc.private_subnets
policy = data.aws_iam_policy_document.generic_endpoint_policy.json
},
- kms = {
- service = "kms"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
- codedeploy = {
- service = "codedeploy"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
- codedeploy_commands_secure = {
- service = "codedeploy-commands-secure"
+ rds = {
+ service = "rds"
private_dns_enabled = true
subnet_ids = module.vpc.private_subnets
+ security_group_ids = [aws_security_group.rds.id]
},
}
@@ -178,21 +159,6 @@ module "vpc_endpoints_nocreate" {
# Supporting Resources
################################################################################
-data "aws_security_group" "default" {
- name = "default"
- vpc_id = module.vpc.vpc_id
-}
-
-# Data source used to avoid race condition
-data "aws_vpc_endpoint_service" "dynamodb" {
- service = "dynamodb"
-
- filter {
- name = "service-type"
- values = ["Gateway"]
- }
-}
-
data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
statement {
effect = "Deny"
@@ -206,9 +172,9 @@ data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
condition {
test = "StringNotEquals"
- variable = "aws:sourceVpce"
+ variable = "aws:sourceVpc"
- values = [data.aws_vpc_endpoint_service.dynamodb.id]
+ values = [module.vpc.vpc_id]
}
}
}
@@ -226,9 +192,25 @@ data "aws_iam_policy_document" "generic_endpoint_policy" {
condition {
test = "StringNotEquals"
- variable = "aws:sourceVpce"
+ variable = "aws:SourceVpc"
- values = [data.aws_vpc_endpoint_service.dynamodb.id]
+ values = [module.vpc.vpc_id]
}
}
}
+
+resource "aws_security_group" "rds" {
+ name_prefix = "${local.name}-rds"
+ description = "Allow PostgreSQL inbound traffic"
+ vpc_id = module.vpc.vpc_id
+
+ ingress {
+ description = "TLS from VPC"
+ from_port = 5432
+ to_port = 5432
+ protocol = "tcp"
+ cidr_blocks = [module.vpc.vpc_cidr_block]
+ }
+
+ tags = local.tags
+}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
new file mode 100644
index 000000000..24be1a37c
--- /dev/null
+++ b/examples/complete/outputs.tf
@@ -0,0 +1,551 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
+
+# VPC endpoints
+output "vpc_endpoints" {
+ description = "Array containing the full resource object and attributes for all endpoints created"
+ value = module.vpc_endpoints.endpoints
+}
+
+output "vpc_endpoints_security_group_arn" {
+ description = "Amazon Resource Name (ARN) of the security group"
+ value = module.vpc_endpoints.security_group_arn
+}
+
+output "vpc_endpoints_security_group_id" {
+ description = "ID of the security group"
+ value = module.vpc_endpoints.security_group_id
+}
diff --git a/examples/complete-vpc/variables.tf b/examples/complete/variables.tf
similarity index 100%
rename from examples/complete-vpc/variables.tf
rename to examples/complete/variables.tf
diff --git a/examples/complete-vpc/versions.tf b/examples/complete/versions.tf
similarity index 60%
rename from examples/complete-vpc/versions.tf
rename to examples/complete/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/complete-vpc/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/ipam/README.md b/examples/ipam/README.md
new file mode 100644
index 000000000..07373875a
--- /dev/null
+++ b/examples/ipam/README.md
@@ -0,0 +1,174 @@
+# VPC with IPAM pool
+
+Configuration in this directory creates set of VPC resources using the CIDR provided by an IPAM pool.
+
+Note: Due to the nature of vending CIDR blocks from an IPAM pool, the IPAM pool must exist prior to creating a VPC using one of the CIDRs from the pool.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply -target=aws_vpc_ipam_preview_next_cidr.this # CIDR pool must exist before assigning CIDR from pool
+$ terraform apply
+```
+
+To destroy this example you can execute:
+
+```bash
+$ terraform destroy -target=module.vpc # destroy VPC that uses the IPAM pool CIDR first
+$ terraform destroy
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc\_ipam\_set\_cidr](#module\_vpc\_ipam\_set\_cidr) | ../.. | n/a |
+| [vpc\_ipam\_set\_netmask](#module\_vpc\_ipam\_set\_netmask) | ../.. | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_vpc_ipam.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam) | resource |
+| [aws_vpc_ipam_pool.ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
+| [aws_vpc_ipam_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool) | resource |
+| [aws_vpc_ipam_pool_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr) | resource |
+| [aws_vpc_ipam_preview_next_cidr.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_preview_next_cidr) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/ipam/main.tf b/examples/ipam/main.tf
new file mode 100644
index 000000000..d43851202
--- /dev/null
+++ b/examples/ipam/main.tf
@@ -0,0 +1,149 @@
+provider "aws" {
+ region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+ name = "ex-${basename(path.cwd)}"
+ region = "eu-west-1"
+
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+ preview_partition = cidrsubnets(aws_vpc_ipam_preview_next_cidr.this.cidr, 2, 2, 2)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+}
+
+################################################################################
+# VPC Module
+################################################################################
+
+# IPv4
+module "vpc_ipam_set_netmask" {
+ source = "../.."
+
+ name = "${local.name}-set-netmask"
+
+ use_ipam_pool = true
+ ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id
+ ipv4_netmask_length = 16
+ azs = local.azs
+
+ private_subnets = cidrsubnets(local.preview_partition[0], 2, 2, 2)
+ public_subnets = cidrsubnets(local.preview_partition[1], 2, 2, 2)
+
+ tags = local.tags
+
+ depends_on = [
+ aws_vpc_ipam_pool_cidr.this
+ ]
+}
+
+module "vpc_ipam_set_cidr" {
+ source = "../.."
+
+ name = "${local.name}-set-cidr"
+
+ use_ipam_pool = true
+ ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id
+ cidr = "10.1.0.0/16"
+ azs = local.azs
+
+ private_subnets = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"]
+ public_subnets = ["10.1.11.0/24", "10.1.12.0/24", "10.1.13.0/24"]
+
+ tags = local.tags
+}
+
+# # IPv6 - Requires having a CIDR plus its message and signature (see below)
+# module "vpc_ipv6_ipam_set_netmask" {
+# source = "../.."
+
+# name = "${local.name}-ipv6-set-netmask"
+
+# use_ipam_pool = true
+# ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id
+# ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6.id
+# ipv6_netmask_length = 56
+# azs = local.azs
+
+# tags = local.tags
+# }
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+/*
+NOTES ON IPAM USAGE:
+
+In order to build subnets with your VPC Terraform must know subnet CIDRs to properly plan # of resources to build.
+Since CIDR is derived by IPAM by calling CreateVpc this is not possible within a module unless cidr is known ahead of time.
+We can get around this by "previewing" the CIDR and then using that as the subnet values.
+
+In the example above we use `cidrsubnets()` to calculate a public and private "partitions" (group of cidrs) then calculate the specific
+CIDRs for each subnet type.
+
+For an explanation on prolonged delete times on IPAM pools see 2nd
+*note* in terraform docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr
+*/
+
+resource "aws_vpc_ipam" "this" {
+ operating_regions {
+ region_name = local.region
+ }
+
+ tags = local.tags
+}
+
+# IPv4
+resource "aws_vpc_ipam_pool" "this" {
+ description = "IPv4 pool"
+ address_family = "ipv4"
+ ipam_scope_id = aws_vpc_ipam.this.private_default_scope_id
+ locale = local.region
+ allocation_default_netmask_length = 16
+
+ tags = local.tags
+}
+
+resource "aws_vpc_ipam_pool_cidr" "this" {
+ ipam_pool_id = aws_vpc_ipam_pool.this.id
+ cidr = "10.0.0.0/8"
+}
+
+resource "aws_vpc_ipam_preview_next_cidr" "this" {
+ ipam_pool_id = aws_vpc_ipam_pool.this.id
+
+ depends_on = [
+ aws_vpc_ipam_pool_cidr.this
+ ]
+}
+
+# IPv6
+resource "aws_vpc_ipam_pool" "ipv6" {
+ description = "IPv6 pool"
+ address_family = "ipv6"
+ ipam_scope_id = aws_vpc_ipam.this.public_default_scope_id
+ locale = local.region
+ allocation_default_netmask_length = 56
+ publicly_advertisable = false
+ aws_service = "ec2"
+
+ tags = local.tags
+}
+
+# # Requires having a CIDR plus its message and signature
+# resource "aws_vpc_ipam_pool_cidr" "ipv6" {
+# ipam_pool_id = aws_vpc_ipam_pool.ipv6.id
+# cidr = var.ipv6_cidr
+
+# cidr_authorization_context {
+# message = var.message
+# signature = var.signature
+# }
+# }
diff --git a/examples/ipam/outputs.tf b/examples/ipam/outputs.tf
new file mode 100644
index 000000000..47ca2117c
--- /dev/null
+++ b/examples/ipam/outputs.tf
@@ -0,0 +1,535 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc_ipam_set_netmask.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc_ipam_set_netmask.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc_ipam_set_netmask.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc_ipam_set_netmask.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc_ipam_set_netmask.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc_ipam_set_netmask.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc_ipam_set_netmask.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc_ipam_set_netmask.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc_ipam_set_netmask.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc_ipam_set_netmask.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc_ipam_set_netmask.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc_ipam_set_netmask.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc_ipam_set_netmask.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc_ipam_set_netmask.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc_ipam_set_netmask.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc_ipam_set_netmask.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc_ipam_set_netmask.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc_ipam_set_netmask.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc_ipam_set_netmask.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc_ipam_set_netmask.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc_ipam_set_netmask.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc_ipam_set_netmask.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc_ipam_set_netmask.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc_ipam_set_netmask.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc_ipam_set_netmask.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc_ipam_set_netmask.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc_ipam_set_netmask.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc_ipam_set_netmask.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc_ipam_set_netmask.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc_ipam_set_netmask.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc_ipam_set_netmask.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc_ipam_set_netmask.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc_ipam_set_netmask.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc_ipam_set_netmask.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc_ipam_set_netmask.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc_ipam_set_netmask.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc_ipam_set_netmask.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc_ipam_set_netmask.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc_ipam_set_netmask.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc_ipam_set_netmask.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc_ipam_set_netmask.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc_ipam_set_netmask.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc_ipam_set_netmask.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc_ipam_set_netmask.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc_ipam_set_netmask.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc_ipam_set_netmask.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc_ipam_set_netmask.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc_ipam_set_netmask.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc_ipam_set_netmask.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc_ipam_set_netmask.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc_ipam_set_netmask.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc_ipam_set_netmask.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc_ipam_set_netmask.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc_ipam_set_netmask.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc_ipam_set_netmask.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc_ipam_set_netmask.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc_ipam_set_netmask.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc_ipam_set_netmask.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc_ipam_set_netmask.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc_ipam_set_netmask.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc_ipam_set_netmask.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc_ipam_set_netmask.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc_ipam_set_netmask.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc_ipam_set_netmask.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc_ipam_set_netmask.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc_ipam_set_netmask.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc_ipam_set_netmask.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc_ipam_set_netmask.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc_ipam_set_netmask.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc_ipam_set_netmask.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc_ipam_set_netmask.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc_ipam_set_netmask.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc_ipam_set_netmask.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc_ipam_set_netmask.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc_ipam_set_netmask.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc_ipam_set_netmask.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc_ipam_set_netmask.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc_ipam_set_netmask.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc_ipam_set_netmask.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc_ipam_set_netmask.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc_ipam_set_netmask.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc_ipam_set_netmask.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc_ipam_set_netmask.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc_ipam_set_netmask.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc_ipam_set_netmask.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc_ipam_set_netmask.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc_ipam_set_netmask.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc_ipam_set_netmask.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc_ipam_set_netmask.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc_ipam_set_netmask.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc_ipam_set_netmask.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc_ipam_set_netmask.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc_ipam_set_netmask.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc_ipam_set_netmask.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc_ipam_set_netmask.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/ipv6/variables.tf b/examples/ipam/variables.tf
similarity index 100%
rename from examples/ipv6/variables.tf
rename to examples/ipam/variables.tf
diff --git a/examples/ipv6/versions.tf b/examples/ipam/versions.tf
similarity index 60%
rename from examples/ipv6/versions.tf
rename to examples/ipam/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/ipv6/versions.tf
+++ b/examples/ipam/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/ipv6-dualstack/README.md b/examples/ipv6-dualstack/README.md
new file mode 100644
index 000000000..3318683ec
--- /dev/null
+++ b/examples/ipv6-dualstack/README.md
@@ -0,0 +1,158 @@
+# VPC with IPv6 enabled
+
+Configuration in this directory creates set of VPC resources with IPv6 enabled on VPC and subnets.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | ../.. | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/ipv6-dualstack/main.tf b/examples/ipv6-dualstack/main.tf
new file mode 100644
index 000000000..d71f8fe35
--- /dev/null
+++ b/examples/ipv6-dualstack/main.tf
@@ -0,0 +1,49 @@
+provider "aws" {
+ region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+ name = "ex-${basename(path.cwd)}"
+ region = "eu-west-1"
+
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+}
+
+################################################################################
+# VPC Module
+################################################################################
+
+module "vpc" {
+ source = "../.."
+
+ name = local.name
+ cidr = local.vpc_cidr
+
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+ database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+
+ enable_nat_gateway = true
+
+ create_database_subnet_route_table = true
+ create_database_internet_gateway_route = true
+
+ enable_ipv6 = true
+ public_subnet_assign_ipv6_address_on_creation = true
+
+ public_subnet_ipv6_prefixes = [0, 1, 2]
+ private_subnet_ipv6_prefixes = [3, 4, 5]
+ database_subnet_ipv6_prefixes = [6, 7, 8]
+
+ tags = local.tags
+}
diff --git a/examples/ipv6-dualstack/outputs.tf b/examples/ipv6-dualstack/outputs.tf
new file mode 100644
index 000000000..77f244a90
--- /dev/null
+++ b/examples/ipv6-dualstack/outputs.tf
@@ -0,0 +1,535 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/simple-vpc/variables.tf b/examples/ipv6-dualstack/variables.tf
similarity index 100%
rename from examples/simple-vpc/variables.tf
rename to examples/ipv6-dualstack/variables.tf
diff --git a/examples/vpc-separate-private-route-tables/versions.tf b/examples/ipv6-dualstack/versions.tf
similarity index 60%
rename from examples/vpc-separate-private-route-tables/versions.tf
rename to examples/ipv6-dualstack/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/vpc-separate-private-route-tables/versions.tf
+++ b/examples/ipv6-dualstack/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/ipv6-only/README.md b/examples/ipv6-only/README.md
new file mode 100644
index 000000000..eb8cea2e0
--- /dev/null
+++ b/examples/ipv6-only/README.md
@@ -0,0 +1,158 @@
+# IPv6 Only VPC
+
+Configuration in this directory creates set of VPC resources with IPv6 only enabled on VPC and subnets.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | ../.. | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/ipv6-only/main.tf b/examples/ipv6-only/main.tf
new file mode 100644
index 000000000..ba737316d
--- /dev/null
+++ b/examples/ipv6-only/main.tf
@@ -0,0 +1,43 @@
+provider "aws" {
+ region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+ name = "ex-${basename(path.cwd)}"
+ region = "eu-west-1"
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+}
+
+################################################################################
+# VPC Module
+################################################################################
+
+module "vpc" {
+ source = "../.."
+
+ name = local.name
+
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+ enable_ipv6 = true
+
+ public_subnet_ipv6_native = true
+ public_subnet_ipv6_prefixes = [0, 1, 2]
+ private_subnet_ipv6_native = true
+ private_subnet_ipv6_prefixes = [3, 4, 5]
+
+ # RDS currently only supports dual-stack so IPv4 CIDRs will need to be provided for subnets
+ # database_subnet_ipv6_native = true
+ # database_subnet_ipv6_prefixes = [6, 7, 8]
+
+ enable_nat_gateway = false
+ create_egress_only_igw = true
+
+ tags = local.tags
+}
diff --git a/examples/ipv6-only/outputs.tf b/examples/ipv6-only/outputs.tf
new file mode 100644
index 000000000..77f244a90
--- /dev/null
+++ b/examples/ipv6-only/outputs.tf
@@ -0,0 +1,535 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/vpc-separate-private-route-tables/variables.tf b/examples/ipv6-only/variables.tf
similarity index 100%
rename from examples/vpc-separate-private-route-tables/variables.tf
rename to examples/ipv6-only/variables.tf
diff --git a/examples/simple-vpc/versions.tf b/examples/ipv6-only/versions.tf
similarity index 60%
rename from examples/simple-vpc/versions.tf
rename to examples/ipv6-only/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/simple-vpc/versions.tf
+++ b/examples/ipv6-only/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/ipv6/README.md b/examples/ipv6/README.md
deleted file mode 100644
index b7ae18733..000000000
--- a/examples/ipv6/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# VPC with IPv6 enabled
-
-Configuration in this directory creates set of VPC resources with IPv6 enabled on VPC and subnets.
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [vpc](#module\_vpc) | ../.. | |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [ipv6\_association\_id](#output\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
-| [ipv6\_cidr\_block](#output\_ipv6\_cidr\_block) | The IPv6 CIDR block |
-| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
-
diff --git a/examples/ipv6/main.tf b/examples/ipv6/main.tf
deleted file mode 100644
index ce6709921..000000000
--- a/examples/ipv6/main.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-provider "aws" {
- region = local.region
-}
-
-locals {
- region = "eu-west-1"
-}
-
-################################################################################
-# VPC Module
-################################################################################
-
-module "vpc" {
- source = "../.."
-
- name = "ipv6"
- cidr = "10.0.0.0/16"
-
- azs = ["${local.region}a", "${local.region}b"]
- private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
- public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
- database_subnets = ["10.0.103.0/24", "10.0.104.0/24"]
-
- enable_nat_gateway = false
-
- create_database_subnet_route_table = true
- create_database_internet_gateway_route = true
-
- enable_ipv6 = true
- assign_ipv6_address_on_creation = true
-
- private_subnet_assign_ipv6_address_on_creation = false
-
- public_subnet_ipv6_prefixes = [0, 1]
- private_subnet_ipv6_prefixes = [2, 3]
- database_subnet_ipv6_prefixes = [4, 5]
-
- tags = {
- Owner = "user"
- Environment = "dev"
- }
-}
diff --git a/examples/ipv6/outputs.tf b/examples/ipv6/outputs.tf
deleted file mode 100644
index 9d5581ccb..000000000
--- a/examples/ipv6/outputs.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-# VPC
-output "vpc_id" {
- description = "The ID of the VPC"
- value = module.vpc.vpc_id
-}
-
-output "ipv6_cidr_block" {
- description = "The IPv6 CIDR block"
- value = module.vpc.vpc_ipv6_cidr_block
-}
-
-output "ipv6_association_id" {
- description = "The association ID for the IPv6 CIDR block"
- value = module.vpc.vpc_ipv6_association_id
-}
diff --git a/examples/issues/README.md b/examples/issues/README.md
index ff541a3ac..92cc3a4ca 100644
--- a/examples/issues/README.md
+++ b/examples/issues/README.md
@@ -24,24 +24,28 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [vpc\_issue\_108](#module\_vpc\_issue\_108) | ../../ | |
-| [vpc\_issue\_44](#module\_vpc\_issue\_44) | ../../ | |
-| [vpc\_issue\_46](#module\_vpc\_issue\_46) | ../../ | |
+| [vpc\_issue\_108](#module\_vpc\_issue\_108) | ../../ | n/a |
+| [vpc\_issue\_44](#module\_vpc\_issue\_44) | ../../ | n/a |
+| [vpc\_issue\_46](#module\_vpc\_issue\_46) | ../../ | n/a |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/issues/main.tf b/examples/issues/main.tf
index a838239d3..9e23b806f 100644
--- a/examples/issues/main.tf
+++ b/examples/issues/main.tf
@@ -2,8 +2,19 @@ provider "aws" {
region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
}
################################################################################
@@ -16,7 +27,7 @@ module "vpc_issue_44" {
name = "asymmetrical"
cidr = "10.0.0.0/16"
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
+ azs = local.azs
private_subnets = ["10.0.1.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
@@ -24,10 +35,10 @@ module "vpc_issue_44" {
create_database_subnet_group = true
enable_nat_gateway = true
- tags = {
+ tags = merge({
Issue = "44"
Name = "asymmetrical"
- }
+ }, local.tags)
}
################################################################################
@@ -40,7 +51,7 @@ module "vpc_issue_46" {
name = "no-private-subnets"
cidr = "10.0.0.0/16"
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
+ azs = local.azs
public_subnets = ["10.0.0.0/22", "10.0.4.0/22", "10.0.8.0/22"]
private_subnets = []
database_subnets = ["10.0.128.0/24", "10.0.129.0/24"]
@@ -50,10 +61,10 @@ module "vpc_issue_46" {
enable_dns_hostnames = true
enable_nat_gateway = false
- tags = {
+ tags = merge({
Issue = "46"
Name = "no-private-subnets"
- }
+ }, local.tags)
}
################################################################################
@@ -66,15 +77,15 @@ module "vpc_issue_108" {
name = "route-already-exists"
cidr = "10.0.0.0/16"
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
+ azs = local.azs
private_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.254.240/28", "10.0.254.224/28", "10.0.254.208/28"]
single_nat_gateway = true
enable_nat_gateway = true
- tags = {
+ tags = merge({
Issue = "108"
Name = "route-already-exists"
- }
+ }, local.tags)
}
diff --git a/examples/issues/versions.tf b/examples/issues/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/issues/versions.tf
+++ b/examples/issues/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md
index 2863e276e..0c506f33f 100644
--- a/examples/manage-default-vpc/README.md
+++ b/examples/manage-default-vpc/README.md
@@ -2,7 +2,7 @@
Configuration in this directory does not create new VPC resources, but it adopts [Default VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html) created by AWS to allow management of it using Terraform.
-This is not usual type of resource in Terraform, so use it carefully. More information is [here](https://www.terraform.io/docs/providers/aws/r/default_vpc.html).
+This is not usual type of resource in Terraform, so use it carefully. More information is [here](https://www.terraform.io/docs/providers/aws/r/default_vpc).
## Usage
@@ -21,8 +21,8 @@ Run `terraform destroy` when you don't need these resources.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
@@ -32,7 +32,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
+| [vpc](#module\_vpc) | ../../ | n/a |
## Resources
@@ -46,6 +46,111 @@ No inputs.
| Name | Description |
|------|-------------|
-| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
diff --git a/examples/manage-default-vpc/main.tf b/examples/manage-default-vpc/main.tf
index 8e3797432..ec8c532da 100644
--- a/examples/manage-default-vpc/main.tf
+++ b/examples/manage-default-vpc/main.tf
@@ -3,7 +3,14 @@ provider "aws" {
}
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
}
################################################################################
@@ -18,5 +25,6 @@ module "vpc" {
manage_default_vpc = true
default_vpc_name = "default"
default_vpc_enable_dns_hostnames = true
-}
+ tags = local.tags
+}
diff --git a/examples/manage-default-vpc/outputs.tf b/examples/manage-default-vpc/outputs.tf
index ce193dd8d..77f244a90 100644
--- a/examples/manage-default-vpc/outputs.tf
+++ b/examples/manage-default-vpc/outputs.tf
@@ -1,11 +1,535 @@
-# Default VPC
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
output "default_vpc_id" {
description = "The ID of the Default VPC"
value = module.vpc.default_vpc_id
}
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
output "default_vpc_cidr_block" {
- description = "The CIDR block of the VPC"
+ description = "The CIDR block of the Default VPC"
value = module.vpc.default_vpc_cidr_block
}
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/manage-default-vpc/versions.tf b/examples/manage-default-vpc/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/manage-default-vpc/versions.tf
+++ b/examples/manage-default-vpc/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md
index 26834dce4..4e6ca7a0c 100644
--- a/examples/network-acls/README.md
+++ b/examples/network-acls/README.md
@@ -23,22 +23,26 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
+| [vpc](#module\_vpc) | ../../ | n/a |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
@@ -48,17 +52,111 @@ No inputs.
| Name | Description |
|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
-| [module\_vpc](#output\_module\_vpc) | Module VPC |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
diff --git a/examples/network-acls/main.tf b/examples/network-acls/main.tf
index 0d820aac8..35c3a2211 100644
--- a/examples/network-acls/main.tf
+++ b/examples/network-acls/main.tf
@@ -2,9 +2,21 @@ provider "aws" {
region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+
network_acls = {
default_inbound = [
{
@@ -162,13 +174,13 @@ locals {
module "vpc" {
source = "../../"
- name = "network-acls-example"
- cidr = "10.0.0.0/16"
+ name = local.name
+ cidr = local.vpc_cidr
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
- public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
- elasticache_subnets = ["10.0.201.0/24", "10.0.202.0/24", "10.0.203.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+ elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
public_dedicated_network_acl = true
public_inbound_acl_rules = concat(local.network_acls["default_inbound"], local.network_acls["public_inbound"])
@@ -189,10 +201,7 @@ module "vpc" {
Name = "overridden-name-public"
}
- tags = {
- Owner = "user"
- Environment = "dev"
- }
+ tags = local.tags
vpc_tags = {
Name = "vpc-name"
diff --git a/examples/network-acls/outputs.tf b/examples/network-acls/outputs.tf
index 4c590e764..77f244a90 100644
--- a/examples/network-acls/outputs.tf
+++ b/examples/network-acls/outputs.tf
@@ -1,51 +1,451 @@
-# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
-# CIDR blocks
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = module.vpc.vpc_cidr_block
}
-# Subnets
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
-# NAT gateways
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
-# Network ACLs
-output "public_network_acl_id" {
- description = "ID of the public network ACL"
- value = module.vpc.public_network_acl_id
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
}
-output "private_network_acl_id" {
- description = "ID of the private network ACL"
- value = module.vpc.private_network_acl_id
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
}
-output "elasticache_network_acl_id" {
- description = "ID of the elasticache network ACL"
- value = module.vpc.elasticache_network_acl_id
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
}
-output "default_network_acl_id" {
- description = "The ID of the default network ACL"
- value = module.vpc.default_network_acl_id
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
}
output "public_network_acl_arn" {
@@ -53,17 +453,83 @@ output "public_network_acl_arn" {
value = module.vpc.public_network_acl_arn
}
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
output "private_network_acl_arn" {
description = "ARN of the private network ACL"
value = module.vpc.private_network_acl_arn
}
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
output "elasticache_network_acl_arn" {
description = "ARN of the elasticache network ACL"
value = module.vpc.elasticache_network_acl_arn
}
-output "module_vpc" {
- description = "Module VPC"
- value = module.vpc
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
}
diff --git a/examples/network-acls/versions.tf b/examples/network-acls/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/network-acls/versions.tf
+++ b/examples/network-acls/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/outpost/README.md b/examples/outpost/README.md
index 51ce3067a..8c7173bb9 100644
--- a/examples/outpost/README.md
+++ b/examples/outpost/README.md
@@ -23,20 +23,20 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.28 |
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
+| [vpc](#module\_vpc) | ../../ | n/a |
## Resources
@@ -53,11 +53,111 @@ No inputs.
| Name | Description |
|------|-------------|
-| [azs](#output\_azs) | A list of availability zones specified as argument to this module |
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
-| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of private subnets |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
diff --git a/examples/outpost/main.tf b/examples/outpost/main.tf
index d923e083d..b65e8d75a 100644
--- a/examples/outpost/main.tf
+++ b/examples/outpost/main.tf
@@ -6,9 +6,21 @@ provider "aws" {
}
}
+data "aws_availability_zones" "available" {}
+
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+
network_acls = {
outpost_inbound = [
{
@@ -105,16 +117,6 @@ locals {
}
}
-################################################################################
-# Supporting Resources
-################################################################################
-
-data "aws_outposts_outpost" "shared" {
- name = "SEA19.07"
-}
-
-data "aws_availability_zones" "available" {}
-
################################################################################
# VPC Module
################################################################################
@@ -122,16 +124,12 @@ data "aws_availability_zones" "available" {}
module "vpc" {
source = "../../"
- name = "outpost-example"
- cidr = "10.0.0.0/16"
+ name = local.name
+ cidr = local.vpc_cidr
- azs = [
- data.aws_availability_zones.available.names[0],
- data.aws_availability_zones.available.names[1],
- data.aws_availability_zones.available.names[2],
- ]
- private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
- public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
# Outpost is using single AZ specified in `outpost_az`
outpost_subnets = ["10.0.50.0/24", "10.0.51.0/24"]
@@ -152,8 +150,13 @@ module "vpc" {
outpost_inbound_acl_rules = local.network_acls["outpost_inbound"]
outpost_outbound_acl_rules = local.network_acls["outpost_outbound"]
- tags = {
- Owner = "user"
- Environment = "dev"
- }
+ tags = local.tags
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+data "aws_outposts_outpost" "shared" {
+ name = "SEA19.07"
}
diff --git a/examples/outpost/outputs.tf b/examples/outpost/outputs.tf
index ff40ad182..77f244a90 100644
--- a/examples/outpost/outputs.tf
+++ b/examples/outpost/outputs.tf
@@ -1,39 +1,535 @@
-# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
-# CIDR blocks
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = module.vpc.vpc_cidr_block
}
-# Subnets
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
output "outpost_subnets" {
- description = "List of IDs of private subnets"
+ description = "List of IDs of outpost subnets"
value = module.vpc.outpost_subnets
}
-# NAT gateways
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
-# AZs
-output "azs" {
- description = "A list of availability zones specified as argument to this module"
- value = module.vpc.azs
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
}
diff --git a/examples/outpost/versions.tf b/examples/outpost/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/outpost/versions.tf
+++ b/examples/outpost/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md
index 29715df89..5054d43f9 100644
--- a/examples/secondary-cidr-blocks/README.md
+++ b/examples/secondary-cidr-blocks/README.md
@@ -21,22 +21,26 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
+| [vpc](#module\_vpc) | ../../ | n/a |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
@@ -46,10 +50,111 @@ No inputs.
| Name | Description |
|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
diff --git a/examples/secondary-cidr-blocks/main.tf b/examples/secondary-cidr-blocks/main.tf
index 76cb4c551..5c963bb94 100644
--- a/examples/secondary-cidr-blocks/main.tf
+++ b/examples/secondary-cidr-blocks/main.tf
@@ -2,8 +2,21 @@ provider "aws" {
region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
+
+ vpc_cidr = "10.0.0.0/16"
+ secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"]
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
}
################################################################################
@@ -13,30 +26,20 @@ locals {
module "vpc" {
source = "../../"
- name = "secondary-cidr-blocks-example"
-
- cidr = "10.0.0.0/16"
- secondary_cidr_blocks = ["10.1.0.0/16", "10.2.0.0/16"]
-
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.0.1.0/24", "10.1.2.0/24", "10.2.3.0/24"]
- public_subnets = ["10.0.101.0/24", "10.1.102.0/24", "10.2.103.0/24"]
+ name = local.name
+ cidr = local.vpc_cidr
- enable_ipv6 = true
+ secondary_cidr_blocks = local.secondary_cidr_blocks # can add up to 5 total CIDR blocks
- enable_nat_gateway = true
- single_nat_gateway = true
+ azs = local.azs
+ private_subnets = concat(
+ [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)],
+ [for k, v in local.azs : cidrsubnet(element(local.secondary_cidr_blocks, 0), 2, k)],
+ [for k, v in local.azs : cidrsubnet(element(local.secondary_cidr_blocks, 1), 2, k)],
+ )
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
- public_subnet_tags = {
- Name = "overridden-name-public"
- }
+ enable_nat_gateway = false
- tags = {
- Owner = "user"
- Environment = "dev"
- }
-
- vpc_tags = {
- Name = "vpc-name"
- }
+ tags = local.tags
}
diff --git a/examples/secondary-cidr-blocks/outputs.tf b/examples/secondary-cidr-blocks/outputs.tf
index c110ed2ab..77f244a90 100644
--- a/examples/secondary-cidr-blocks/outputs.tf
+++ b/examples/secondary-cidr-blocks/outputs.tf
@@ -1,34 +1,535 @@
-# VPC
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
-# CIDR blocks
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
value = module.vpc.vpc_cidr_block
}
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC"
value = module.vpc.vpc_secondary_cidr_blocks
}
-# Subnets
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
output "private_subnets" {
description = "List of IDs of private subnets"
value = module.vpc.private_subnets
}
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
output "public_subnets" {
description = "List of IDs of public subnets"
value = module.vpc.public_subnets
}
-# NAT gateways
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
value = module.vpc.nat_public_ips
}
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/secondary-cidr-blocks/versions.tf b/examples/secondary-cidr-blocks/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/examples/secondary-cidr-blocks/versions.tf
+++ b/examples/secondary-cidr-blocks/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/examples/separate-route-tables/README.md b/examples/separate-route-tables/README.md
new file mode 100644
index 000000000..57ee751f9
--- /dev/null
+++ b/examples/separate-route-tables/README.md
@@ -0,0 +1,160 @@
+# VPC with separate private route tables
+
+Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup).
+
+There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/separate-route-tables/main.tf b/examples/separate-route-tables/main.tf
new file mode 100644
index 000000000..99cf9828f
--- /dev/null
+++ b/examples/separate-route-tables/main.tf
@@ -0,0 +1,47 @@
+provider "aws" {
+ region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+ name = "ex-${basename(path.cwd)}"
+ region = "eu-west-1"
+
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+}
+
+################################################################################
+# VPC Module
+################################################################################
+
+module "vpc" {
+ source = "../../"
+
+ name = local.name
+ cidr = local.vpc_cidr
+
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+ database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+ elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
+ redshift_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 16)]
+ intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 20)]
+
+ create_database_subnet_route_table = true
+ create_elasticache_subnet_route_table = true
+ create_redshift_subnet_route_table = true
+
+ single_nat_gateway = true
+ enable_nat_gateway = true
+
+ tags = local.tags
+}
diff --git a/examples/separate-route-tables/outputs.tf b/examples/separate-route-tables/outputs.tf
new file mode 100644
index 000000000..77f244a90
--- /dev/null
+++ b/examples/separate-route-tables/outputs.tf
@@ -0,0 +1,535 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/separate-route-tables/variables.tf b/examples/separate-route-tables/variables.tf
new file mode 100644
index 000000000..e69de29bb
diff --git a/examples/separate-route-tables/versions.tf b/examples/separate-route-tables/versions.tf
new file mode 100644
index 000000000..ddfcb0e05
--- /dev/null
+++ b/examples/separate-route-tables/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.0"
+ }
+ }
+}
diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md
deleted file mode 100644
index 692d5077a..000000000
--- a/examples/simple-vpc/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# Simple VPC
-
-Configuration in this directory creates set of VPC resources which may be sufficient for development environment.
-
-There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones.
-
-This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs.
-
-[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones).
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [azs](#output\_azs) | A list of availability zones spefified as argument to this module |
-| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
-| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
-| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
-| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
-| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
-
diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf
deleted file mode 100644
index 63de4446e..000000000
--- a/examples/simple-vpc/main.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-provider "aws" {
- region = local.region
-}
-
-locals {
- region = "eu-west-1"
-}
-
-################################################################################
-# VPC Module
-################################################################################
-
-module "vpc" {
- source = "../../"
-
- name = "simple-example"
- cidr = "10.0.0.0/16"
-
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
- public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
-
- enable_ipv6 = true
-
- enable_nat_gateway = false
- single_nat_gateway = true
-
- public_subnet_tags = {
- Name = "overridden-name-public"
- }
-
- tags = {
- Owner = "user"
- Environment = "dev"
- }
-
- vpc_tags = {
- Name = "vpc-name"
- }
-}
diff --git a/examples/simple-vpc/outputs.tf b/examples/simple-vpc/outputs.tf
deleted file mode 100644
index 288dc8729..000000000
--- a/examples/simple-vpc/outputs.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-# VPC
-output "vpc_id" {
- description = "The ID of the VPC"
- value = module.vpc.vpc_id
-}
-
-# CIDR blocks
-output "vpc_cidr_block" {
- description = "The CIDR block of the VPC"
- value = module.vpc.vpc_cidr_block
-}
-
-# Subnets
-output "private_subnets" {
- description = "List of IDs of private subnets"
- value = module.vpc.private_subnets
-}
-
-output "public_subnets" {
- description = "List of IDs of public subnets"
- value = module.vpc.public_subnets
-}
-
-# NAT gateways
-output "nat_public_ips" {
- description = "List of public Elastic IPs created for AWS NAT Gateway"
- value = module.vpc.nat_public_ips
-}
-
-# AZs
-output "azs" {
- description = "A list of availability zones spefified as argument to this module"
- value = module.vpc.azs
-}
-
diff --git a/examples/simple/README.md b/examples/simple/README.md
new file mode 100644
index 000000000..0d5658b4a
--- /dev/null
+++ b/examples/simple/README.md
@@ -0,0 +1,164 @@
+# Simple VPC
+
+Configuration in this directory creates set of VPC resources which may be sufficient for development environment.
+
+There is a public and private subnet created per availability zone in addition to single NAT Gateway shared between all 3 availability zones.
+
+This configuration uses Availability Zone IDs and Availability Zone names for demonstration purposes. Normally, you need to specify only names or IDs.
+
+[Read more about AWS regions, availability zones and local zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones).
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cgw\_arns](#output\_cgw\_arns) | List of ARNs of Customer Gateway |
+| [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway |
+| [database\_internet\_gateway\_route\_id](#output\_database\_internet\_gateway\_route\_id) | ID of the database internet gateway route |
+| [database\_ipv6\_egress\_route\_id](#output\_database\_ipv6\_egress\_route\_id) | ID of the database IPv6 egress route |
+| [database\_nat\_gateway\_route\_ids](#output\_database\_nat\_gateway\_route\_ids) | List of IDs of the database nat gateway route |
+| [database\_network\_acl\_arn](#output\_database\_network\_acl\_arn) | ARN of the database network ACL |
+| [database\_network\_acl\_id](#output\_database\_network\_acl\_id) | ID of the database network ACL |
+| [database\_route\_table\_association\_ids](#output\_database\_route\_table\_association\_ids) | List of IDs of the database route table association |
+| [database\_route\_table\_ids](#output\_database\_route\_table\_ids) | List of IDs of database route tables |
+| [database\_subnet\_arns](#output\_database\_subnet\_arns) | List of ARNs of database subnets |
+| [database\_subnet\_group](#output\_database\_subnet\_group) | ID of database subnet group |
+| [database\_subnet\_group\_name](#output\_database\_subnet\_group\_name) | Name of database subnet group |
+| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
+| [database\_subnets\_cidr\_blocks](#output\_database\_subnets\_cidr\_blocks) | List of cidr\_blocks of database subnets |
+| [database\_subnets\_ipv6\_cidr\_blocks](#output\_database\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of database subnets in an IPv6 enabled VPC |
+| [default\_network\_acl\_id](#output\_default\_network\_acl\_id) | The ID of the default network ACL |
+| [default\_route\_table\_id](#output\_default\_route\_table\_id) | The ID of the default route table |
+| [default\_security\_group\_id](#output\_default\_security\_group\_id) | The ID of the security group created by default on VPC creation |
+| [default\_vpc\_arn](#output\_default\_vpc\_arn) | The ARN of the Default VPC |
+| [default\_vpc\_cidr\_block](#output\_default\_vpc\_cidr\_block) | The CIDR block of the Default VPC |
+| [default\_vpc\_default\_network\_acl\_id](#output\_default\_vpc\_default\_network\_acl\_id) | The ID of the default network ACL of the Default VPC |
+| [default\_vpc\_default\_route\_table\_id](#output\_default\_vpc\_default\_route\_table\_id) | The ID of the default route table of the Default VPC |
+| [default\_vpc\_default\_security\_group\_id](#output\_default\_vpc\_default\_security\_group\_id) | The ID of the security group created by default on Default VPC creation |
+| [default\_vpc\_enable\_dns\_hostnames](#output\_default\_vpc\_enable\_dns\_hostnames) | Whether or not the Default VPC has DNS hostname support |
+| [default\_vpc\_enable\_dns\_support](#output\_default\_vpc\_enable\_dns\_support) | Whether or not the Default VPC has DNS support |
+| [default\_vpc\_id](#output\_default\_vpc\_id) | The ID of the Default VPC |
+| [default\_vpc\_instance\_tenancy](#output\_default\_vpc\_instance\_tenancy) | Tenancy of instances spin up within Default VPC |
+| [default\_vpc\_main\_route\_table\_id](#output\_default\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with the Default VPC |
+| [dhcp\_options\_id](#output\_dhcp\_options\_id) | The ID of the DHCP options |
+| [egress\_only\_internet\_gateway\_id](#output\_egress\_only\_internet\_gateway\_id) | The ID of the egress only Internet Gateway |
+| [elasticache\_network\_acl\_arn](#output\_elasticache\_network\_acl\_arn) | ARN of the elasticache network ACL |
+| [elasticache\_network\_acl\_id](#output\_elasticache\_network\_acl\_id) | ID of the elasticache network ACL |
+| [elasticache\_route\_table\_association\_ids](#output\_elasticache\_route\_table\_association\_ids) | List of IDs of the elasticache route table association |
+| [elasticache\_route\_table\_ids](#output\_elasticache\_route\_table\_ids) | List of IDs of elasticache route tables |
+| [elasticache\_subnet\_arns](#output\_elasticache\_subnet\_arns) | List of ARNs of elasticache subnets |
+| [elasticache\_subnet\_group](#output\_elasticache\_subnet\_group) | ID of elasticache subnet group |
+| [elasticache\_subnet\_group\_name](#output\_elasticache\_subnet\_group\_name) | Name of elasticache subnet group |
+| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
+| [elasticache\_subnets\_cidr\_blocks](#output\_elasticache\_subnets\_cidr\_blocks) | List of cidr\_blocks of elasticache subnets |
+| [elasticache\_subnets\_ipv6\_cidr\_blocks](#output\_elasticache\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of elasticache subnets in an IPv6 enabled VPC |
+| [igw\_arn](#output\_igw\_arn) | The ARN of the Internet Gateway |
+| [igw\_id](#output\_igw\_id) | The ID of the Internet Gateway |
+| [intra\_network\_acl\_arn](#output\_intra\_network\_acl\_arn) | ARN of the intra network ACL |
+| [intra\_network\_acl\_id](#output\_intra\_network\_acl\_id) | ID of the intra network ACL |
+| [intra\_route\_table\_association\_ids](#output\_intra\_route\_table\_association\_ids) | List of IDs of the intra route table association |
+| [intra\_route\_table\_ids](#output\_intra\_route\_table\_ids) | List of IDs of intra route tables |
+| [intra\_subnet\_arns](#output\_intra\_subnet\_arns) | List of ARNs of intra subnets |
+| [intra\_subnets](#output\_intra\_subnets) | List of IDs of intra subnets |
+| [intra\_subnets\_cidr\_blocks](#output\_intra\_subnets\_cidr\_blocks) | List of cidr\_blocks of intra subnets |
+| [intra\_subnets\_ipv6\_cidr\_blocks](#output\_intra\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of intra subnets in an IPv6 enabled VPC |
+| [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway |
+| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
+| [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs |
+| [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL |
+| [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL |
+| [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets |
+| [outpost\_subnets](#output\_outpost\_subnets) | List of IDs of outpost subnets |
+| [outpost\_subnets\_cidr\_blocks](#output\_outpost\_subnets\_cidr\_blocks) | List of cidr\_blocks of outpost subnets |
+| [outpost\_subnets\_ipv6\_cidr\_blocks](#output\_outpost\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of outpost subnets in an IPv6 enabled VPC |
+| [private\_ipv6\_egress\_route\_ids](#output\_private\_ipv6\_egress\_route\_ids) | List of IDs of the ipv6 egress route |
+| [private\_nat\_gateway\_route\_ids](#output\_private\_nat\_gateway\_route\_ids) | List of IDs of the private nat gateway route |
+| [private\_network\_acl\_arn](#output\_private\_network\_acl\_arn) | ARN of the private network ACL |
+| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | ID of the private network ACL |
+| [private\_route\_table\_association\_ids](#output\_private\_route\_table\_association\_ids) | List of IDs of the private route table association |
+| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | List of IDs of private route tables |
+| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets |
+| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
+| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets |
+| [private\_subnets\_ipv6\_cidr\_blocks](#output\_private\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of private subnets in an IPv6 enabled VPC |
+| [public\_internet\_gateway\_ipv6\_route\_id](#output\_public\_internet\_gateway\_ipv6\_route\_id) | ID of the IPv6 internet gateway route |
+| [public\_internet\_gateway\_route\_id](#output\_public\_internet\_gateway\_route\_id) | ID of the internet gateway route |
+| [public\_network\_acl\_arn](#output\_public\_network\_acl\_arn) | ARN of the public network ACL |
+| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | ID of the public network ACL |
+| [public\_route\_table\_association\_ids](#output\_public\_route\_table\_association\_ids) | List of IDs of the public route table association |
+| [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | List of IDs of public route tables |
+| [public\_subnet\_arns](#output\_public\_subnet\_arns) | List of ARNs of public subnets |
+| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
+| [public\_subnets\_cidr\_blocks](#output\_public\_subnets\_cidr\_blocks) | List of cidr\_blocks of public subnets |
+| [public\_subnets\_ipv6\_cidr\_blocks](#output\_public\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of public subnets in an IPv6 enabled VPC |
+| [redshift\_network\_acl\_arn](#output\_redshift\_network\_acl\_arn) | ARN of the redshift network ACL |
+| [redshift\_network\_acl\_id](#output\_redshift\_network\_acl\_id) | ID of the redshift network ACL |
+| [redshift\_public\_route\_table\_association\_ids](#output\_redshift\_public\_route\_table\_association\_ids) | List of IDs of the public redshift route table association |
+| [redshift\_route\_table\_association\_ids](#output\_redshift\_route\_table\_association\_ids) | List of IDs of the redshift route table association |
+| [redshift\_route\_table\_ids](#output\_redshift\_route\_table\_ids) | List of IDs of redshift route tables |
+| [redshift\_subnet\_arns](#output\_redshift\_subnet\_arns) | List of ARNs of redshift subnets |
+| [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | ID of redshift subnet group |
+| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
+| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
+| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
+| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
+| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
+| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC |
+| [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | The CIDR block of the VPC |
+| [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support |
+| [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support |
+| [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group |
+| [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs |
+| [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| [vpc\_instance\_tenancy](#output\_vpc\_instance\_tenancy) | Tenancy of instances spin up within VPC |
+| [vpc\_ipv6\_association\_id](#output\_vpc\_ipv6\_association\_id) | The association ID for the IPv6 CIDR block |
+| [vpc\_ipv6\_cidr\_block](#output\_vpc\_ipv6\_cidr\_block) | The IPv6 CIDR block |
+| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | The ID of the main route table associated with this VPC |
+| [vpc\_owner\_id](#output\_vpc\_owner\_id) | The ID of the AWS account that owns the VPC |
+| [vpc\_secondary\_cidr\_blocks](#output\_vpc\_secondary\_cidr\_blocks) | List of secondary CIDR blocks of the VPC |
+
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
new file mode 100644
index 000000000..324977173
--- /dev/null
+++ b/examples/simple/main.tf
@@ -0,0 +1,35 @@
+provider "aws" {
+ region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+ name = "ex-${basename(path.cwd)}"
+ region = "eu-west-1"
+
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+}
+
+################################################################################
+# VPC Module
+################################################################################
+
+module "vpc" {
+ source = "../../"
+
+ name = local.name
+ cidr = local.vpc_cidr
+
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+
+ tags = local.tags
+}
diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf
new file mode 100644
index 000000000..77f244a90
--- /dev/null
+++ b/examples/simple/outputs.tf
@@ -0,0 +1,535 @@
+output "vpc_id" {
+ description = "The ID of the VPC"
+ value = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+ description = "The ARN of the VPC"
+ value = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+ description = "The CIDR block of the VPC"
+ value = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+ description = "The ID of the security group created by default on VPC creation"
+ value = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+ description = "The ID of the default network ACL"
+ value = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+ description = "The ID of the default route table"
+ value = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within VPC"
+ value = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support"
+ value = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support"
+ value = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with this VPC"
+ value = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+ description = "The association ID for the IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+ description = "The IPv6 CIDR block"
+ value = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks of the VPC"
+ value = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+ description = "The ID of the AWS account that owns the VPC"
+ value = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+ description = "List of IDs of private subnets"
+ value = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+ description = "List of ARNs of private subnets"
+ value = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of private subnets"
+ value = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+ value = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+output "outpost_subnets" {
+ description = "List of IDs of outpost subnets"
+ value = module.vpc.outpost_subnets
+}
+
+output "outpost_subnet_arns" {
+ description = "List of ARNs of outpost subnets"
+ value = module.vpc.outpost_subnet_arns
+}
+
+output "outpost_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of outpost subnets"
+ value = module.vpc.outpost_subnets_cidr_blocks
+}
+
+output "outpost_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+ value = module.vpc.outpost_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnets" {
+ description = "List of IDs of database subnets"
+ value = module.vpc.database_subnets
+}
+
+output "database_subnet_arns" {
+ description = "List of ARNs of database subnets"
+ value = module.vpc.database_subnet_arns
+}
+
+output "database_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of database subnets"
+ value = module.vpc.database_subnets_cidr_blocks
+}
+
+output "database_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+ value = module.vpc.database_subnets_ipv6_cidr_blocks
+}
+
+output "database_subnet_group" {
+ description = "ID of database subnet group"
+ value = module.vpc.database_subnet_group
+}
+
+output "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ value = module.vpc.database_subnet_group_name
+}
+
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = module.vpc.redshift_subnets
+}
+
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = module.vpc.redshift_subnet_arns
+}
+
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = module.vpc.redshift_subnets_cidr_blocks
+}
+
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = module.vpc.redshift_subnets_ipv6_cidr_blocks
+}
+
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = module.vpc.redshift_subnet_group
+}
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = module.vpc.elasticache_subnets
+}
+
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = module.vpc.elasticache_subnet_arns
+}
+
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = module.vpc.elasticache_subnets_cidr_blocks
+}
+
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+}
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = module.vpc.intra_subnets
+}
+
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = module.vpc.intra_subnet_arns
+}
+
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = module.vpc.intra_subnets_cidr_blocks
+}
+
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = module.vpc.intra_subnets_ipv6_cidr_blocks
+}
+
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group
+}
+
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = module.vpc.elasticache_subnet_group_name
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = module.vpc.private_route_table_ids
+}
+
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ value = module.vpc.database_route_table_ids
+}
+
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = module.vpc.redshift_route_table_ids
+}
+
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = module.vpc.elasticache_route_table_ids
+}
+
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = module.vpc.intra_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = module.vpc.database_internet_gateway_route_id
+}
+
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = module.vpc.database_nat_gateway_route_ids
+}
+
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = module.vpc.database_ipv6_egress_route_id
+}
+
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = module.vpc.private_route_table_association_ids
+}
+
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = module.vpc.database_route_table_association_ids
+}
+
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = module.vpc.redshift_route_table_association_ids
+}
+
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = module.vpc.redshift_public_route_table_association_ids
+}
+
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = module.vpc.elasticache_route_table_association_ids
+}
+
+output "intra_route_table_association_ids" {
+ description = "List of IDs of the intra route table association"
+ value = module.vpc.intra_route_table_association_ids
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+ description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+ description = "List of public Elastic IPs created for AWS NAT Gateway"
+ value = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+ description = "List of NAT Gateway IDs"
+ value = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = module.vpc.igw_id
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+ description = "The ID of the egress only Internet Gateway"
+ value = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+ description = "List of IDs of Customer Gateway"
+ value = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+ description = "List of ARNs of Customer Gateway"
+ value = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+ description = "Map of Customer Gateway attributes"
+ value = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+ description = "The ID of the VPN Gateway"
+ value = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+ description = "The ARN of the VPN Gateway"
+ value = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+ description = "The ID of the Default VPC"
+ value = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+ description = "The ARN of the Default VPC"
+ value = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+ description = "The CIDR block of the Default VPC"
+ value = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+ description = "The ID of the security group created by default on Default VPC creation"
+ value = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+ description = "The ID of the default network ACL of the Default VPC"
+ value = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+ description = "The ID of the default route table of the Default VPC"
+ value = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+ description = "Tenancy of instances spin up within Default VPC"
+ value = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+ description = "Whether or not the Default VPC has DNS support"
+ value = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+ description = "Whether or not the Default VPC has DNS hostname support"
+ value = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+ description = "The ID of the main route table associated with the Default VPC"
+ value = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = module.vpc.private_network_acl_arn
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_id
+}
+
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = module.vpc.outpost_network_acl_arn
+}
+
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = module.vpc.intra_network_acl_id
+}
+
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = module.vpc.intra_network_acl_arn
+}
+
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = module.vpc.database_network_acl_id
+}
+
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = module.vpc.database_network_acl_arn
+}
+
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_id
+}
+
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = module.vpc.redshift_network_acl_arn
+}
+
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_id
+}
+
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = module.vpc.elasticache_network_acl_arn
+}
+
+# VPC flow log
+output "vpc_flow_log_id" {
+ description = "The ID of the Flow Log resource"
+ value = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+ description = "The ARN of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+ description = "The type of the destination for VPC Flow Logs"
+ value = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+ value = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
new file mode 100644
index 000000000..e69de29bb
diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf
new file mode 100644
index 000000000..ddfcb0e05
--- /dev/null
+++ b/examples/simple/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.0"
+ }
+ }
+}
diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md
index 10d782ae5..d0cb120a8 100644
--- a/examples/vpc-flow-logs/README.md
+++ b/examples/vpc-flow-logs/README.md
@@ -23,25 +23,26 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
-| [random](#requirement\_random) | >= 2 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.28 |
-| [random](#provider\_random) | >= 2 |
+| [aws](#provider\_aws) | >= 5.0 |
+| [random](#provider\_random) | >= 2.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 1.0 |
-| [vpc\_with\_flow\_logs\_cloudwatch\_logs](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs) | ../../ | |
-| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default) | ../../ | |
-| [vpc\_with\_flow\_logs\_s3\_bucket](#module\_vpc\_with\_flow\_logs\_s3\_bucket) | ../../ | |
+| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
+| [vpc\_with\_flow\_logs\_cloudwatch\_logs](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs) | ../../ | n/a |
+| [vpc\_with\_flow\_logs\_cloudwatch\_logs\_default](#module\_vpc\_with\_flow\_logs\_cloudwatch\_logs\_default) | ../../ | n/a |
+| [vpc\_with\_flow\_logs\_s3\_bucket](#module\_vpc\_with\_flow\_logs\_s3\_bucket) | ../../ | n/a |
+| [vpc\_with\_flow\_logs\_s3\_bucket\_parquet](#module\_vpc\_with\_flow\_logs\_s3\_bucket\_parquet) | ../../ | n/a |
## Resources
@@ -52,6 +53,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP
| [aws_iam_role.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
| [aws_iam_policy_document.flow_log_cloudwatch_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.flow_log_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.vpc_flow_log_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf
index 4dd51d3b2..140aa0cd6 100644
--- a/examples/vpc-flow-logs/main.tf
+++ b/examples/vpc-flow-logs/main.tf
@@ -2,11 +2,22 @@ provider "aws" {
region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
+ name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
- s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}"
- cloudwatch_log_group_name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}"
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
+
+ tags = {
+ Example = local.name
+ GithubRepo = "terraform-aws-vpc"
+ GithubOrg = "terraform-aws-modules"
+ }
+
+ s3_bucket_name = "vpc-flow-logs-to-s3-${random_pet.this.id}"
}
################################################################################
@@ -16,60 +27,78 @@ locals {
module "vpc_with_flow_logs_s3_bucket" {
source = "../../"
- name = "vpc-flow-logs-s3-bucket"
- cidr = "10.30.0.0/16"
+ name = local.name
+ cidr = local.vpc_cidr
- azs = ["${local.region}a"]
- public_subnets = ["10.30.101.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
enable_flow_log = true
flow_log_destination_type = "s3"
- flow_log_destination_arn = module.s3_bucket.this_s3_bucket_arn
+ flow_log_destination_arn = module.s3_bucket.s3_bucket_arn
- vpc_flow_log_tags = {
- Name = "vpc-flow-logs-s3-bucket"
- }
+ vpc_flow_log_tags = local.tags
+}
+
+module "vpc_with_flow_logs_s3_bucket_parquet" {
+ source = "../../"
+
+ name = "${local.name}-parquet"
+ cidr = local.vpc_cidr
+
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+
+ enable_flow_log = true
+ flow_log_destination_type = "s3"
+ flow_log_destination_arn = module.s3_bucket.s3_bucket_arn
+ flow_log_file_format = "parquet"
+
+ vpc_flow_log_tags = local.tags
}
# CloudWatch Log Group and IAM role created automatically
module "vpc_with_flow_logs_cloudwatch_logs_default" {
source = "../../"
- name = "vpc-flow-logs-cloudwatch-logs-default"
- cidr = "10.10.0.0/16"
+ name = "${local.name}-cloudwatch-logs-default"
+ cidr = local.vpc_cidr
- azs = ["${local.region}a"]
- public_subnets = ["10.10.101.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
# Cloudwatch log group and IAM role will be created
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
- flow_log_max_aggregation_interval = 60
- vpc_flow_log_tags = {
- Name = "vpc-flow-logs-cloudwatch-logs-default"
- }
+ flow_log_max_aggregation_interval = 60
+ flow_log_cloudwatch_log_group_name_prefix = "/aws/my-amazing-vpc-flow-logz/"
+ flow_log_cloudwatch_log_group_name_suffix = "my-test"
+
+ vpc_flow_log_tags = local.tags
}
# CloudWatch Log Group and IAM role created separately
module "vpc_with_flow_logs_cloudwatch_logs" {
source = "../../"
- name = "vpc-flow-logs-cloudwatch-logs"
- cidr = "10.20.0.0/16"
+ name = "${local.name}-cloudwatch-logs"
+ cidr = local.vpc_cidr
- azs = ["${local.region}a"]
- public_subnets = ["10.20.101.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+ public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
enable_flow_log = true
flow_log_destination_type = "cloud-watch-logs"
flow_log_destination_arn = aws_cloudwatch_log_group.flow_log.arn
flow_log_cloudwatch_iam_role_arn = aws_iam_role.vpc_flow_log_cloudwatch.arn
- vpc_flow_log_tags = {
- Name = "vpc-flow-logs-cloudwatch-logs"
- }
+ vpc_flow_log_tags = local.tags
}
################################################################################
@@ -83,15 +112,13 @@ resource "random_pet" "this" {
# S3 Bucket
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
- version = "~> 1.0"
+ version = "~> 3.0"
bucket = local.s3_bucket_name
policy = data.aws_iam_policy_document.flow_log_s3.json
force_destroy = true
- tags = {
- Name = "vpc-flow-logs-s3-bucket"
- }
+ tags = local.tags
}
data "aws_iam_policy_document" "flow_log_s3" {
@@ -124,7 +151,7 @@ data "aws_iam_policy_document" "flow_log_s3" {
# Cloudwatch logs
resource "aws_cloudwatch_log_group" "flow_log" {
- name = local.cloudwatch_log_group_name
+ name = "vpc-flow-logs-to-cloudwatch-${random_pet.this.id}"
}
resource "aws_iam_role" "vpc_flow_log_cloudwatch" {
diff --git a/examples/vpc-flow-logs/outputs.tf b/examples/vpc-flow-logs/outputs.tf
index 067426fc7..4f7794230 100644
--- a/examples/vpc-flow-logs/outputs.tf
+++ b/examples/vpc-flow-logs/outputs.tf
@@ -55,4 +55,3 @@ output "vpc_flow_logs_s3_bucket_vpc_flow_log_destination_type" {
description = "The type of the destination for VPC Flow Logs"
value = module.vpc_with_flow_logs_s3_bucket.vpc_flow_log_destination_type
}
-
diff --git a/examples/vpc-flow-logs/versions.tf b/examples/vpc-flow-logs/versions.tf
index 2b46d6e06..383652286 100644
--- a/examples/vpc-flow-logs/versions.tf
+++ b/examples/vpc-flow-logs/versions.tf
@@ -1,15 +1,15 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
random = {
source = "hashicorp/random"
- version = ">= 2"
+ version = ">= 2.0"
}
}
}
diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md
deleted file mode 100644
index 264e99fac..000000000
--- a/examples/vpc-separate-private-route-tables/README.md
+++ /dev/null
@@ -1,56 +0,0 @@
-# VPC with separate private route tables
-
-Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup).
-
-There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**.
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [vpc](#module\_vpc) | ../../ | |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
-| [elasticache\_subnets](#output\_elasticache\_subnets) | List of IDs of elasticache subnets |
-| [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway |
-| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
-| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
-| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
-| [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
-
diff --git a/examples/vpc-separate-private-route-tables/main.tf b/examples/vpc-separate-private-route-tables/main.tf
deleted file mode 100644
index b9536fdd2..000000000
--- a/examples/vpc-separate-private-route-tables/main.tf
+++ /dev/null
@@ -1,39 +0,0 @@
-provider "aws" {
- region = local.region
-}
-
-locals {
- region = "eu-west-1"
-}
-
-################################################################################
-# VPC Module
-################################################################################
-
-module "vpc" {
- source = "../../"
-
- name = "vpc-separate-private-route-tables"
-
- cidr = "10.10.0.0/16"
-
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
- public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]
- database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
- elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]
- redshift_subnets = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"]
-
- create_database_subnet_route_table = true
- create_elasticache_subnet_route_table = true
- create_redshift_subnet_route_table = true
-
- single_nat_gateway = true
- enable_nat_gateway = true
-
- tags = {
- Owner = "user"
- Environment = "staging"
- Name = "separate-private-route-tables"
- }
-}
diff --git a/examples/vpc-separate-private-route-tables/outputs.tf b/examples/vpc-separate-private-route-tables/outputs.tf
deleted file mode 100644
index c7f5ef150..000000000
--- a/examples/vpc-separate-private-route-tables/outputs.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-# VPC
-output "vpc_id" {
- description = "The ID of the VPC"
- value = module.vpc.vpc_id
-}
-
-# Subnets
-output "private_subnets" {
- description = "List of IDs of private subnets"
- value = module.vpc.private_subnets
-}
-
-output "public_subnets" {
- description = "List of IDs of public subnets"
- value = module.vpc.public_subnets
-}
-
-output "database_subnets" {
- description = "List of IDs of database subnets"
- value = module.vpc.database_subnets
-}
-
-output "elasticache_subnets" {
- description = "List of IDs of elasticache subnets"
- value = module.vpc.elasticache_subnets
-}
-
-output "redshift_subnets" {
- description = "List of IDs of redshift subnets"
- value = module.vpc.redshift_subnets
-}
-
-# NAT gateways
-output "nat_public_ips" {
- description = "List of public Elastic IPs created for AWS NAT Gateway"
- value = module.vpc.nat_public_ips
-}
-
diff --git a/main.tf b/main.tf
index 58d202813..9d19218f1 100644
--- a/main.tf
+++ b/main.tf
@@ -1,21 +1,24 @@
locals {
+ len_public_subnets = max(length(var.public_subnets), length(var.public_subnet_ipv6_prefixes))
+ len_private_subnets = max(length(var.private_subnets), length(var.private_subnet_ipv6_prefixes))
+ len_database_subnets = max(length(var.database_subnets), length(var.database_subnet_ipv6_prefixes))
+ len_elasticache_subnets = max(length(var.elasticache_subnets), length(var.elasticache_subnet_ipv6_prefixes))
+ len_redshift_subnets = max(length(var.redshift_subnets), length(var.redshift_subnet_ipv6_prefixes))
+ len_intra_subnets = max(length(var.intra_subnets), length(var.intra_subnet_ipv6_prefixes))
+ len_outpost_subnets = max(length(var.outpost_subnets), length(var.outpost_subnet_ipv6_prefixes))
+
max_subnet_length = max(
- length(var.private_subnets),
- length(var.elasticache_subnets),
- length(var.database_subnets),
- length(var.redshift_subnets),
+ local.len_private_subnets,
+ local.len_public_subnets,
+ local.len_elasticache_subnets,
+ local.len_database_subnets,
+ local.len_redshift_subnets,
)
- nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
# Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
- vpc_id = element(
- concat(
- aws_vpc_ipv4_cidr_block_association.this.*.vpc_id,
- aws_vpc.this.*.id,
- [""],
- ),
- 0,
- )
+ vpc_id = try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id, aws_vpc.this[0].id, "")
+
+ create_vpc = var.create_vpc && var.putin_khuylo
}
################################################################################
@@ -23,83 +26,45 @@ locals {
################################################################################
resource "aws_vpc" "this" {
- count = var.create_vpc ? 1 : 0
+ count = local.create_vpc ? 1 : 0
+
+ cidr_block = var.use_ipam_pool ? null : var.cidr
+ ipv4_ipam_pool_id = var.ipv4_ipam_pool_id
+ ipv4_netmask_length = var.ipv4_netmask_length
+
+ assign_generated_ipv6_cidr_block = var.enable_ipv6 && !var.use_ipam_pool ? true : null
+ ipv6_cidr_block = var.ipv6_cidr
+ ipv6_ipam_pool_id = var.ipv6_ipam_pool_id
+ ipv6_netmask_length = var.ipv6_netmask_length
+ ipv6_cidr_block_network_border_group = var.ipv6_cidr_block_network_border_group
- cidr_block = var.cidr
- instance_tenancy = var.instance_tenancy
- enable_dns_hostnames = var.enable_dns_hostnames
- enable_dns_support = var.enable_dns_support
- enable_classiclink = var.enable_classiclink
- enable_classiclink_dns_support = var.enable_classiclink_dns_support
- assign_generated_ipv6_cidr_block = var.enable_ipv6
+ instance_tenancy = var.instance_tenancy
+ enable_dns_hostnames = var.enable_dns_hostnames
+ enable_dns_support = var.enable_dns_support
+ enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
tags = merge(
- {
- "Name" = format("%s", var.name)
- },
+ { "Name" = var.name },
var.tags,
var.vpc_tags,
)
}
resource "aws_vpc_ipv4_cidr_block_association" "this" {
- count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0
+ count = local.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0
+ # Do not turn this into `local.vpc_id`
vpc_id = aws_vpc.this[0].id
cidr_block = element(var.secondary_cidr_blocks, count.index)
}
-resource "aws_default_security_group" "this" {
- count = var.create_vpc && var.manage_default_security_group ? 1 : 0
-
- vpc_id = aws_vpc.this[0].id
-
- dynamic "ingress" {
- for_each = var.default_security_group_ingress
- content {
- self = lookup(ingress.value, "self", null)
- cidr_blocks = compact(split(",", lookup(ingress.value, "cidr_blocks", "")))
- ipv6_cidr_blocks = compact(split(",", lookup(ingress.value, "ipv6_cidr_blocks", "")))
- prefix_list_ids = compact(split(",", lookup(ingress.value, "prefix_list_ids", "")))
- security_groups = compact(split(",", lookup(ingress.value, "security_groups", "")))
- description = lookup(ingress.value, "description", null)
- from_port = lookup(ingress.value, "from_port", 0)
- to_port = lookup(ingress.value, "to_port", 0)
- protocol = lookup(ingress.value, "protocol", "-1")
- }
- }
-
- dynamic "egress" {
- for_each = var.default_security_group_egress
- content {
- self = lookup(egress.value, "self", null)
- cidr_blocks = compact(split(",", lookup(egress.value, "cidr_blocks", "")))
- ipv6_cidr_blocks = compact(split(",", lookup(egress.value, "ipv6_cidr_blocks", "")))
- prefix_list_ids = compact(split(",", lookup(egress.value, "prefix_list_ids", "")))
- security_groups = compact(split(",", lookup(egress.value, "security_groups", "")))
- description = lookup(egress.value, "description", null)
- from_port = lookup(egress.value, "from_port", 0)
- to_port = lookup(egress.value, "to_port", 0)
- protocol = lookup(egress.value, "protocol", "-1")
- }
- }
-
- tags = merge(
- {
- "Name" = format("%s", var.default_security_group_name)
- },
- var.tags,
- var.default_security_group_tags,
- )
-}
-
################################################################################
# DHCP Options Set
################################################################################
resource "aws_vpc_dhcp_options" "this" {
- count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
+ count = local.create_vpc && var.enable_dhcp_options ? 1 : 0
domain_name = var.dhcp_options_domain_name
domain_name_servers = var.dhcp_options_domain_name_servers
@@ -108,413 +73,476 @@ resource "aws_vpc_dhcp_options" "this" {
netbios_node_type = var.dhcp_options_netbios_node_type
tags = merge(
- {
- "Name" = format("%s", var.name)
- },
+ { "Name" = var.name },
var.tags,
var.dhcp_options_tags,
)
}
resource "aws_vpc_dhcp_options_association" "this" {
- count = var.create_vpc && var.enable_dhcp_options ? 1 : 0
+ count = local.create_vpc && var.enable_dhcp_options ? 1 : 0
vpc_id = local.vpc_id
dhcp_options_id = aws_vpc_dhcp_options.this[0].id
}
################################################################################
-# Internet Gateway
+# Publiс Subnets
################################################################################
-resource "aws_internet_gateway" "this" {
- count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0
+locals {
+ create_public_subnets = local.create_vpc && local.len_public_subnets > 0
+}
- vpc_id = local.vpc_id
+resource "aws_subnet" "public" {
+ count = local.create_public_subnets && (!var.one_nat_gateway_per_az || local.len_public_subnets >= length(var.azs)) ? local.len_public_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.public_subnet_ipv6_native ? true : var.public_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.public_subnet_ipv6_native ? null : element(concat(var.public_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.public_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.public_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.public_subnet_ipv6_native && var.public_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.public_subnet_ipv6_native
+ map_public_ip_on_launch = var.map_public_ip_on_launch
+ private_dns_hostname_type_on_launch = var.public_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = format("%s", var.name)
+ Name = try(
+ var.public_subnet_names[count.index],
+ format("${var.name}-${var.public_subnet_suffix}-%s", element(var.azs, count.index))
+ )
},
var.tags,
- var.igw_tags,
+ var.public_subnet_tags,
+ lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})
)
}
-resource "aws_egress_only_internet_gateway" "this" {
- count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0
+resource "aws_route_table" "public" {
+ count = local.create_public_subnets ? 1 : 0
vpc_id = local.vpc_id
tags = merge(
- {
- "Name" = format("%s", var.name)
- },
+ { "Name" = "${var.name}-${var.public_subnet_suffix}" },
var.tags,
- var.igw_tags,
+ var.public_route_table_tags,
)
}
-################################################################################
-# Default route
-################################################################################
+resource "aws_route_table_association" "public" {
+ count = local.create_public_subnets ? local.len_public_subnets : 0
-resource "aws_default_route_table" "default" {
- count = var.create_vpc && var.manage_default_route_table ? 1 : 0
+ subnet_id = element(aws_subnet.public[*].id, count.index)
+ route_table_id = aws_route_table.public[0].id
+}
- default_route_table_id = aws_vpc.this[0].default_route_table_id
- propagating_vgws = var.default_route_table_propagating_vgws
+resource "aws_route" "public_internet_gateway" {
+ count = local.create_public_subnets && var.create_igw ? 1 : 0
- dynamic "route" {
- for_each = var.default_route_table_routes
- content {
- # One of the following destinations must be provided
- cidr_block = route.value.cidr_block
- ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
+ route_table_id = aws_route_table.public[0].id
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.this[0].id
- # One of the following targets must be provided
- egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
- gateway_id = lookup(route.value, "gateway_id", null)
- instance_id = lookup(route.value, "instance_id", null)
- nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
- network_interface_id = lookup(route.value, "network_interface_id", null)
- transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
- vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
- vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
- }
+ timeouts {
+ create = "5m"
}
+}
- tags = merge(
- { "Name" = var.name },
- var.tags,
- var.default_route_table_tags,
- )
+resource "aws_route" "public_internet_gateway_ipv6" {
+ count = local.create_public_subnets && var.create_igw && var.enable_ipv6 ? 1 : 0
+
+ route_table_id = aws_route_table.public[0].id
+ destination_ipv6_cidr_block = "::/0"
+ gateway_id = aws_internet_gateway.this[0].id
}
################################################################################
-# Publiс routes
+# Public Network ACLs
################################################################################
-resource "aws_route_table" "public" {
- count = var.create_vpc && length(var.public_subnets) > 0 ? 1 : 0
+resource "aws_network_acl" "public" {
+ count = local.create_public_subnets && var.public_dedicated_network_acl ? 1 : 0
- vpc_id = local.vpc_id
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.public[*].id
tags = merge(
- {
- "Name" = format("%s-${var.public_subnet_suffix}", var.name)
- },
+ { "Name" = "${var.name}-${var.public_subnet_suffix}" },
var.tags,
- var.public_route_table_tags,
+ var.public_acl_tags,
)
}
-resource "aws_route" "public_internet_gateway" {
- count = var.create_vpc && var.create_igw && length(var.public_subnets) > 0 ? 1 : 0
+resource "aws_network_acl_rule" "public_inbound" {
+ count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_inbound_acl_rules) : 0
- route_table_id = aws_route_table.public[0].id
- destination_cidr_block = "0.0.0.0/0"
- gateway_id = aws_internet_gateway.this[0].id
+ network_acl_id = aws_network_acl.public[0].id
- timeouts {
- create = "5m"
- }
+ egress = false
+ rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.public_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
-resource "aws_route" "public_internet_gateway_ipv6" {
- count = var.create_vpc && var.create_igw && var.enable_ipv6 && length(var.public_subnets) > 0 ? 1 : 0
+resource "aws_network_acl_rule" "public_outbound" {
+ count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_outbound_acl_rules) : 0
- route_table_id = aws_route_table.public[0].id
- destination_ipv6_cidr_block = "::/0"
- gateway_id = aws_internet_gateway.this[0].id
+ network_acl_id = aws_network_acl.public[0].id
+
+ egress = true
+ rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.public_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
################################################################################
-# Private routes
-# There are as many routing tables as the number of NAT gateways
+# Private Subnets
################################################################################
-resource "aws_route_table" "private" {
- count = var.create_vpc && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
+locals {
+ create_private_subnets = local.create_vpc && local.len_private_subnets > 0
+}
- vpc_id = local.vpc_id
+resource "aws_subnet" "private" {
+ count = local.create_private_subnets ? local.len_private_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.private_subnet_ipv6_native ? true : var.private_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.private_subnet_ipv6_native ? null : element(concat(var.private_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.private_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.private_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.private_subnet_ipv6_native && var.private_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.private_subnet_ipv6_native
+ private_dns_hostname_type_on_launch = var.private_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format(
- "%s-${var.private_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
+ Name = try(
+ var.private_subnet_names[count.index],
+ format("${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index))
)
},
var.tags,
- var.private_route_table_tags,
+ var.private_subnet_tags,
+ lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})
)
}
-################################################################################
-# Database routes
-################################################################################
-
-resource "aws_route_table" "database" {
- count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : length(var.database_subnets) : 0
+# There are as many routing tables as the number of NAT gateways
+resource "aws_route_table" "private" {
+ count = local.create_private_subnets && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
vpc_id = local.vpc_id
tags = merge(
{
- "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format(
- "%s-${var.database_subnet_suffix}-%s",
- var.name,
+ "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format(
+ "${var.name}-${var.private_subnet_suffix}-%s",
element(var.azs, count.index),
)
},
var.tags,
- var.database_route_table_tags,
+ var.private_route_table_tags,
)
}
-resource "aws_route" "database_internet_gateway" {
- count = var.create_vpc && var.create_igw && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && false == var.create_database_nat_gateway_route ? 1 : 0
+resource "aws_route_table_association" "private" {
+ count = local.create_private_subnets ? local.len_private_subnets : 0
- route_table_id = aws_route_table.database[0].id
- destination_cidr_block = "0.0.0.0/0"
- gateway_id = aws_internet_gateway.this[0].id
+ subnet_id = element(aws_subnet.private[*].id, count.index)
+ route_table_id = element(
+ aws_route_table.private[*].id,
+ var.single_nat_gateway ? 0 : count.index,
+ )
+}
- timeouts {
- create = "5m"
- }
+################################################################################
+# Private Network ACLs
+################################################################################
+
+locals {
+ create_private_network_acl = local.create_private_subnets && var.private_dedicated_network_acl
}
-resource "aws_route" "database_nat_gateway" {
- count = var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && false == var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : length(var.database_subnets) : 0
+resource "aws_network_acl" "private" {
+ count = local.create_private_network_acl ? 1 : 0
- route_table_id = element(aws_route_table.database.*.id, count.index)
- destination_cidr_block = "0.0.0.0/0"
- nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.private[*].id
- timeouts {
- create = "5m"
- }
+ tags = merge(
+ { "Name" = "${var.name}-${var.private_subnet_suffix}" },
+ var.tags,
+ var.private_acl_tags,
+ )
}
-resource "aws_route" "database_ipv6_egress" {
- count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0
+resource "aws_network_acl_rule" "private_inbound" {
+ count = local.create_private_network_acl ? length(var.private_inbound_acl_rules) : 0
- route_table_id = aws_route_table.database[0].id
- destination_ipv6_cidr_block = "::/0"
- egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id
+ network_acl_id = aws_network_acl.private[0].id
- timeouts {
- create = "5m"
- }
+ egress = false
+ rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.private_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+}
+
+resource "aws_network_acl_rule" "private_outbound" {
+ count = local.create_private_network_acl ? length(var.private_outbound_acl_rules) : 0
+
+ network_acl_id = aws_network_acl.private[0].id
+
+ egress = true
+ rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.private_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
################################################################################
-# Redshift routes
+# Database Subnets
################################################################################
-resource "aws_route_table" "redshift" {
- count = var.create_vpc && var.create_redshift_subnet_route_table && length(var.redshift_subnets) > 0 ? 1 : 0
+locals {
+ create_database_subnets = local.create_vpc && local.len_database_subnets > 0
+ create_database_route_table = local.create_database_subnets && var.create_database_subnet_route_table
+}
- vpc_id = local.vpc_id
+resource "aws_subnet" "database" {
+ count = local.create_database_subnets ? local.len_database_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.database_subnet_ipv6_native ? true : var.database_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.database_subnet_ipv6_native ? null : element(concat(var.database_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.database_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.database_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.database_subnet_ipv6_native && var.database_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.database_subnet_ipv6_native
+ private_dns_hostname_type_on_launch = var.database_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = "${var.name}-${var.redshift_subnet_suffix}"
+ Name = try(
+ var.database_subnet_names[count.index],
+ format("${var.name}-${var.database_subnet_suffix}-%s", element(var.azs, count.index), )
+ )
},
var.tags,
- var.redshift_route_table_tags,
+ var.database_subnet_tags,
)
}
-################################################################################
-# Elasticache routes
-################################################################################
-
-resource "aws_route_table" "elasticache" {
- count = var.create_vpc && var.create_elasticache_subnet_route_table && length(var.elasticache_subnets) > 0 ? 1 : 0
+resource "aws_db_subnet_group" "database" {
+ count = local.create_database_subnets && var.create_database_subnet_group ? 1 : 0
- vpc_id = local.vpc_id
+ name = lower(coalesce(var.database_subnet_group_name, var.name))
+ description = "Database subnet group for ${var.name}"
+ subnet_ids = aws_subnet.database[*].id
tags = merge(
{
- "Name" = "${var.name}-${var.elasticache_subnet_suffix}"
+ "Name" = lower(coalesce(var.database_subnet_group_name, var.name))
},
var.tags,
- var.elasticache_route_table_tags,
+ var.database_subnet_group_tags,
)
}
-################################################################################
-# Intra routes
-################################################################################
-
-resource "aws_route_table" "intra" {
- count = var.create_vpc && length(var.intra_subnets) > 0 ? 1 : 0
+resource "aws_route_table" "database" {
+ count = local.create_database_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : local.len_database_subnets : 0
vpc_id = local.vpc_id
tags = merge(
{
- "Name" = "${var.name}-${var.intra_subnet_suffix}"
+ "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format(
+ "${var.name}-${var.database_subnet_suffix}-%s",
+ element(var.azs, count.index),
+ )
},
var.tags,
- var.intra_route_table_tags,
+ var.database_route_table_tags,
)
}
-################################################################################
-# Public subnet
-################################################################################
-
-resource "aws_subnet" "public" {
- count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0
-
- vpc_id = local.vpc_id
- cidr_block = element(concat(var.public_subnets, [""]), count.index)
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- map_public_ip_on_launch = var.map_public_ip_on_launch
- assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation
-
- ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null
+resource "aws_route_table_association" "database" {
+ count = local.create_database_subnets ? local.len_database_subnets : 0
- tags = merge(
- {
- "Name" = format(
- "%s-${var.public_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
- )
- },
- var.tags,
- var.public_subnet_tags,
+ subnet_id = element(aws_subnet.database[*].id, count.index)
+ route_table_id = element(
+ coalescelist(aws_route_table.database[*].id, aws_route_table.private[*].id),
+ var.create_database_subnet_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 0 : count.index : count.index,
)
}
-################################################################################
-# Private subnet
-################################################################################
+resource "aws_route" "database_internet_gateway" {
+ count = local.create_database_route_table && var.create_igw && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0
-resource "aws_subnet" "private" {
- count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
+ route_table_id = aws_route_table.database[0].id
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.this[0].id
- vpc_id = local.vpc_id
- cidr_block = var.private_subnets[count.index]
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- assign_ipv6_address_on_creation = var.private_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.private_subnet_assign_ipv6_address_on_creation
+ timeouts {
+ create = "5m"
+ }
+}
- ipv6_cidr_block = var.enable_ipv6 && length(var.private_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.private_subnet_ipv6_prefixes[count.index]) : null
+resource "aws_route" "database_nat_gateway" {
+ count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0
- tags = merge(
- {
- "Name" = format(
- "%s-${var.private_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
- )
- },
- var.tags,
- var.private_subnet_tags,
- )
+ route_table_id = element(aws_route_table.database[*].id, count.index)
+ destination_cidr_block = "0.0.0.0/0"
+ nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
+
+ timeouts {
+ create = "5m"
+ }
}
-################################################################################
-# Outpost subnet
-################################################################################
+resource "aws_route" "database_dns64_nat_gateway" {
+ count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0
-resource "aws_subnet" "outpost" {
- count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0
+ route_table_id = element(aws_route_table.database[*].id, count.index)
+ destination_ipv6_cidr_block = "64:ff9b::/96"
+ nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
- vpc_id = local.vpc_id
- cidr_block = var.outpost_subnets[count.index]
- availability_zone = var.outpost_az
- assign_ipv6_address_on_creation = var.outpost_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.outpost_subnet_assign_ipv6_address_on_creation
+ timeouts {
+ create = "5m"
+ }
+}
- ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null
+resource "aws_route" "database_ipv6_egress" {
+ count = local.create_database_route_table && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_internet_gateway_route ? 1 : 0
- outpost_arn = var.outpost_arn
+ route_table_id = aws_route_table.database[0].id
+ destination_ipv6_cidr_block = "::/0"
+ egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id
- tags = merge(
- {
- "Name" = format(
- "%s-${var.outpost_subnet_suffix}-%s",
- var.name,
- var.outpost_az,
- )
- },
- var.tags,
- var.outpost_subnet_tags,
- )
+ timeouts {
+ create = "5m"
+ }
}
################################################################################
-# Database subnet
+# Database Network ACLs
################################################################################
-resource "aws_subnet" "database" {
- count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
+locals {
+ create_database_network_acl = local.create_database_subnets && var.database_dedicated_network_acl
+}
- vpc_id = local.vpc_id
- cidr_block = var.database_subnets[count.index]
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.database_subnet_assign_ipv6_address_on_creation
+resource "aws_network_acl" "database" {
+ count = local.create_database_network_acl ? 1 : 0
- ipv6_cidr_block = var.enable_ipv6 && length(var.database_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.database_subnet_ipv6_prefixes[count.index]) : null
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.database[*].id
tags = merge(
- {
- "Name" = format(
- "%s-${var.database_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
- )
- },
+ { "Name" = "${var.name}-${var.database_subnet_suffix}" },
var.tags,
- var.database_subnet_tags,
+ var.database_acl_tags,
)
}
-resource "aws_db_subnet_group" "database" {
- count = var.create_vpc && length(var.database_subnets) > 0 && var.create_database_subnet_group ? 1 : 0
+resource "aws_network_acl_rule" "database_inbound" {
+ count = local.create_database_network_acl ? length(var.database_inbound_acl_rules) : 0
- name = lower(coalesce(var.database_subnet_group_name, var.name))
- description = "Database subnet group for ${var.name}"
- subnet_ids = aws_subnet.database.*.id
+ network_acl_id = aws_network_acl.database[0].id
- tags = merge(
- {
- "Name" = format("%s", lower(coalesce(var.database_subnet_group_name, var.name)))
- },
- var.tags,
- var.database_subnet_group_tags,
- )
+ egress = false
+ rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.database_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+}
+
+resource "aws_network_acl_rule" "database_outbound" {
+ count = local.create_database_network_acl ? length(var.database_outbound_acl_rules) : 0
+
+ network_acl_id = aws_network_acl.database[0].id
+
+ egress = true
+ rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.database_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
################################################################################
-# Redshift subnet
+# Redshift Subnets
################################################################################
-resource "aws_subnet" "redshift" {
- count = var.create_vpc && length(var.redshift_subnets) > 0 ? length(var.redshift_subnets) : 0
-
- vpc_id = local.vpc_id
- cidr_block = var.redshift_subnets[count.index]
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- assign_ipv6_address_on_creation = var.redshift_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.redshift_subnet_assign_ipv6_address_on_creation
+locals {
+ create_redshift_subnets = local.create_vpc && local.len_redshift_subnets > 0
+ create_redshift_route_table = local.create_redshift_subnets && var.create_redshift_subnet_route_table
+}
- ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null
+resource "aws_subnet" "redshift" {
+ count = local.create_redshift_subnets ? local.len_redshift_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.redshift_subnet_ipv6_native ? true : var.redshift_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.redshift_subnet_ipv6_native ? null : element(concat(var.redshift_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.redshift_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.redshift_subnet_ipv6_native && var.redshift_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.redshift_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.redshift_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.redshift_subnet_ipv6_native
+ private_dns_hostname_type_on_launch = var.redshift_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = format(
- "%s-${var.redshift_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
+ Name = try(
+ var.redshift_subnet_names[count.index],
+ format("${var.name}-${var.redshift_subnet_suffix}-%s", element(var.azs, count.index))
)
},
var.tags,
@@ -523,343 +551,313 @@ resource "aws_subnet" "redshift" {
}
resource "aws_redshift_subnet_group" "redshift" {
- count = var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0
+ count = local.create_redshift_subnets && var.create_redshift_subnet_group ? 1 : 0
name = lower(coalesce(var.redshift_subnet_group_name, var.name))
description = "Redshift subnet group for ${var.name}"
- subnet_ids = aws_subnet.redshift.*.id
+ subnet_ids = aws_subnet.redshift[*].id
tags = merge(
- {
- "Name" = format("%s", coalesce(var.redshift_subnet_group_name, var.name))
- },
+ { "Name" = coalesce(var.redshift_subnet_group_name, var.name) },
var.tags,
var.redshift_subnet_group_tags,
)
}
-################################################################################
-# ElastiCache subnet
-################################################################################
-
-resource "aws_subnet" "elasticache" {
- count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
-
- vpc_id = local.vpc_id
- cidr_block = var.elasticache_subnets[count.index]
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- assign_ipv6_address_on_creation = var.elasticache_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.elasticache_subnet_assign_ipv6_address_on_creation
+resource "aws_route_table" "redshift" {
+ count = local.create_redshift_route_table ? 1 : 0
- ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null
+ vpc_id = local.vpc_id
tags = merge(
- {
- "Name" = format(
- "%s-${var.elasticache_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
- )
- },
+ { "Name" = "${var.name}-${var.redshift_subnet_suffix}" },
var.tags,
- var.elasticache_subnet_tags,
+ var.redshift_route_table_tags,
)
}
-resource "aws_elasticache_subnet_group" "elasticache" {
- count = var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0
+resource "aws_route_table_association" "redshift" {
+ count = local.create_redshift_subnets && !var.enable_public_redshift ? local.len_redshift_subnets : 0
- name = coalesce(var.elasticache_subnet_group_name, var.name)
- description = "ElastiCache subnet group for ${var.name}"
- subnet_ids = aws_subnet.elasticache.*.id
+ subnet_id = element(aws_subnet.redshift[*].id, count.index)
+ route_table_id = element(
+ coalescelist(aws_route_table.redshift[*].id, aws_route_table.private[*].id),
+ var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
+ )
+}
- tags = merge(
- {
- "Name" = format("%s", coalesce(var.elasticache_subnet_group_name, var.name))
- },
- var.tags,
- var.elasticache_subnet_group_tags,
+resource "aws_route_table_association" "redshift_public" {
+ count = local.create_redshift_subnets && var.enable_public_redshift ? local.len_redshift_subnets : 0
+
+ subnet_id = element(aws_subnet.redshift[*].id, count.index)
+ route_table_id = element(
+ coalescelist(aws_route_table.redshift[*].id, aws_route_table.public[*].id),
+ var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
)
}
################################################################################
-# Intra subnets - private subnet without NAT gateway
+# Redshift Network ACLs
################################################################################
-resource "aws_subnet" "intra" {
- count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
+locals {
+ create_redshift_network_acl = local.create_redshift_subnets && var.redshift_dedicated_network_acl
+}
- vpc_id = local.vpc_id
- cidr_block = var.intra_subnets[count.index]
- availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
- availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
- assign_ipv6_address_on_creation = var.intra_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.intra_subnet_assign_ipv6_address_on_creation
+resource "aws_network_acl" "redshift" {
+ count = local.create_redshift_network_acl ? 1 : 0
- ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.redshift[*].id
tags = merge(
- {
- "Name" = format(
- "%s-${var.intra_subnet_suffix}-%s",
- var.name,
- element(var.azs, count.index),
- )
- },
+ { "Name" = "${var.name}-${var.redshift_subnet_suffix}" },
var.tags,
- var.intra_subnet_tags,
+ var.redshift_acl_tags,
)
}
+resource "aws_network_acl_rule" "redshift_inbound" {
+ count = local.create_redshift_network_acl ? length(var.redshift_inbound_acl_rules) : 0
+
+ network_acl_id = aws_network_acl.redshift[0].id
+
+ egress = false
+ rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+}
+
+resource "aws_network_acl_rule" "redshift_outbound" {
+ count = local.create_redshift_network_acl ? length(var.redshift_outbound_acl_rules) : 0
+
+ network_acl_id = aws_network_acl.redshift[0].id
+
+ egress = true
+ rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+}
+
################################################################################
-# Default Network ACLs
+# Elasticache Subnets
################################################################################
-resource "aws_default_network_acl" "this" {
- count = var.create_vpc && var.manage_default_network_acl ? 1 : 0
-
- default_network_acl_id = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0)
-
- # The value of subnet_ids should be any subnet IDs that are not set as subnet_ids
- # for any of the non-default network ACLs
- subnet_ids = setsubtract(
- compact(flatten([
- aws_subnet.public.*.id,
- aws_subnet.private.*.id,
- aws_subnet.intra.*.id,
- aws_subnet.database.*.id,
- aws_subnet.redshift.*.id,
- aws_subnet.elasticache.*.id,
- aws_subnet.outpost.*.id,
- ])),
- compact(flatten([
- aws_network_acl.public.*.subnet_ids,
- aws_network_acl.private.*.subnet_ids,
- aws_network_acl.intra.*.subnet_ids,
- aws_network_acl.database.*.subnet_ids,
- aws_network_acl.redshift.*.subnet_ids,
- aws_network_acl.elasticache.*.subnet_ids,
- aws_network_acl.outpost.*.subnet_ids,
- ]))
- )
+locals {
+ create_elasticache_subnets = local.create_vpc && local.len_elasticache_subnets > 0
+ create_elasticache_route_table = local.create_elasticache_subnets && var.create_elasticache_subnet_route_table
+}
- dynamic "ingress" {
- for_each = var.default_network_acl_ingress
- content {
- action = ingress.value.action
- cidr_block = lookup(ingress.value, "cidr_block", null)
- from_port = ingress.value.from_port
- icmp_code = lookup(ingress.value, "icmp_code", null)
- icmp_type = lookup(ingress.value, "icmp_type", null)
- ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null)
- protocol = ingress.value.protocol
- rule_no = ingress.value.rule_no
- to_port = ingress.value.to_port
- }
- }
- dynamic "egress" {
- for_each = var.default_network_acl_egress
- content {
- action = egress.value.action
- cidr_block = lookup(egress.value, "cidr_block", null)
- from_port = egress.value.from_port
- icmp_code = lookup(egress.value, "icmp_code", null)
- icmp_type = lookup(egress.value, "icmp_type", null)
- ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null)
- protocol = egress.value.protocol
- rule_no = egress.value.rule_no
- to_port = egress.value.to_port
- }
- }
+resource "aws_subnet" "elasticache" {
+ count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.elasticache_subnet_ipv6_native ? true : var.elasticache_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.elasticache_subnet_ipv6_native ? null : element(concat(var.elasticache_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.elasticache_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.elasticache_subnet_ipv6_native && var.elasticache_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.elasticache_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.elasticache_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.elasticache_subnet_ipv6_native
+ private_dns_hostname_type_on_launch = var.elasticache_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = format("%s", var.default_network_acl_name)
+ Name = try(
+ var.elasticache_subnet_names[count.index],
+ format("${var.name}-${var.elasticache_subnet_suffix}-%s", element(var.azs, count.index))
+ )
},
var.tags,
- var.default_network_acl_tags,
+ var.elasticache_subnet_tags,
)
}
-################################################################################
-# Public Network ACLs
-################################################################################
-
-resource "aws_network_acl" "public" {
- count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? 1 : 0
+resource "aws_elasticache_subnet_group" "elasticache" {
+ count = local.create_elasticache_subnets && var.create_elasticache_subnet_group ? 1 : 0
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.public.*.id
+ name = coalesce(var.elasticache_subnet_group_name, var.name)
+ description = "ElastiCache subnet group for ${var.name}"
+ subnet_ids = aws_subnet.elasticache[*].id
tags = merge(
- {
- "Name" = format("%s-${var.public_subnet_suffix}", var.name)
- },
+ { "Name" = coalesce(var.elasticache_subnet_group_name, var.name) },
var.tags,
- var.public_acl_tags,
+ var.elasticache_subnet_group_tags,
)
}
-resource "aws_network_acl_rule" "public_inbound" {
- count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_inbound_acl_rules) : 0
+resource "aws_route_table" "elasticache" {
+ count = local.create_elasticache_route_table ? 1 : 0
- network_acl_id = aws_network_acl.public[0].id
+ vpc_id = local.vpc_id
- egress = false
- rule_number = var.public_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.public_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.public_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.public_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.public_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.public_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.public_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.public_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.public_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ tags = merge(
+ { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" },
+ var.tags,
+ var.elasticache_route_table_tags,
+ )
}
-resource "aws_network_acl_rule" "public_outbound" {
- count = var.create_vpc && var.public_dedicated_network_acl && length(var.public_subnets) > 0 ? length(var.public_outbound_acl_rules) : 0
-
- network_acl_id = aws_network_acl.public[0].id
+resource "aws_route_table_association" "elasticache" {
+ count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0
- egress = true
- rule_number = var.public_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.public_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.public_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.public_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.public_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.public_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.public_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.public_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.public_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ subnet_id = element(aws_subnet.elasticache[*].id, count.index)
+ route_table_id = element(
+ coalescelist(
+ aws_route_table.elasticache[*].id,
+ aws_route_table.private[*].id,
+ ),
+ var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index,
+ )
}
################################################################################
-# Private Network ACLs
+# Elasticache Network ACLs
################################################################################
-resource "aws_network_acl" "private" {
- count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? 1 : 0
+locals {
+ create_elasticache_network_acl = local.create_elasticache_subnets && var.elasticache_dedicated_network_acl
+}
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.private.*.id
+resource "aws_network_acl" "elasticache" {
+ count = local.create_elasticache_network_acl ? 1 : 0
+
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.elasticache[*].id
tags = merge(
- {
- "Name" = format("%s-${var.private_subnet_suffix}", var.name)
- },
+ { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" },
var.tags,
- var.private_acl_tags,
+ var.elasticache_acl_tags,
)
}
-resource "aws_network_acl_rule" "private_inbound" {
- count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_inbound_acl_rules) : 0
+resource "aws_network_acl_rule" "elasticache_inbound" {
+ count = local.create_elasticache_network_acl ? length(var.elasticache_inbound_acl_rules) : 0
- network_acl_id = aws_network_acl.private[0].id
+ network_acl_id = aws_network_acl.elasticache[0].id
egress = false
- rule_number = var.private_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.private_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.private_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.private_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.private_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.private_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.private_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.private_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.private_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
-resource "aws_network_acl_rule" "private_outbound" {
- count = var.create_vpc && var.private_dedicated_network_acl && length(var.private_subnets) > 0 ? length(var.private_outbound_acl_rules) : 0
+resource "aws_network_acl_rule" "elasticache_outbound" {
+ count = local.create_elasticache_network_acl ? length(var.elasticache_outbound_acl_rules) : 0
- network_acl_id = aws_network_acl.private[0].id
+ network_acl_id = aws_network_acl.elasticache[0].id
egress = true
- rule_number = var.private_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.private_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.private_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.private_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.private_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.private_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.private_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.private_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.private_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
################################################################################
-# Outpost Network ACLs
+# Intra Subnets
################################################################################
-resource "aws_network_acl" "outpost" {
- count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? 1 : 0
+locals {
+ create_intra_subnets = local.create_vpc && local.len_intra_subnets > 0
+}
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.outpost.*.id
+resource "aws_subnet" "intra" {
+ count = local.create_intra_subnets ? local.len_intra_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.intra_subnet_ipv6_native ? true : var.intra_subnet_assign_ipv6_address_on_creation
+ availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
+ availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+ cidr_block = var.intra_subnet_ipv6_native ? null : element(concat(var.intra_subnets, [""]), count.index)
+ enable_dns64 = var.enable_ipv6 && var.intra_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.intra_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.intra_subnet_ipv6_native && var.intra_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.intra_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.intra_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.intra_subnet_ipv6_native
+ private_dns_hostname_type_on_launch = var.intra_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = format("%s-${var.outpost_subnet_suffix}", var.name)
+ Name = try(
+ var.intra_subnet_names[count.index],
+ format("${var.name}-${var.intra_subnet_suffix}-%s", element(var.azs, count.index))
+ )
},
var.tags,
- var.outpost_acl_tags,
+ var.intra_subnet_tags,
)
}
-resource "aws_network_acl_rule" "outpost_inbound" {
- count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_inbound_acl_rules) : 0
+resource "aws_route_table" "intra" {
+ count = local.create_intra_subnets ? 1 : 0
- network_acl_id = aws_network_acl.outpost[0].id
+ vpc_id = local.vpc_id
- egress = false
- rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.outpost_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ tags = merge(
+ { "Name" = "${var.name}-${var.intra_subnet_suffix}" },
+ var.tags,
+ var.intra_route_table_tags,
+ )
}
-resource "aws_network_acl_rule" "outpost_outbound" {
- count = var.create_vpc && var.outpost_dedicated_network_acl && length(var.outpost_subnets) > 0 ? length(var.outpost_outbound_acl_rules) : 0
-
- network_acl_id = aws_network_acl.outpost[0].id
+resource "aws_route_table_association" "intra" {
+ count = local.create_intra_subnets ? local.len_intra_subnets : 0
- egress = true
- rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.outpost_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ subnet_id = element(aws_subnet.intra[*].id, count.index)
+ route_table_id = element(aws_route_table.intra[*].id, 0)
}
################################################################################
# Intra Network ACLs
################################################################################
+locals {
+ create_intra_network_acl = local.create_intra_subnets && var.intra_dedicated_network_acl
+}
+
resource "aws_network_acl" "intra" {
- count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? 1 : 0
+ count = local.create_intra_network_acl ? 1 : 0
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.intra.*.id
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.intra[*].id
tags = merge(
- {
- "Name" = format("%s-${var.intra_subnet_suffix}", var.name)
- },
+ { "Name" = "${var.name}-${var.intra_subnet_suffix}" },
var.tags,
var.intra_acl_tags,
)
}
resource "aws_network_acl_rule" "intra_inbound" {
- count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_inbound_acl_rules) : 0
+ count = local.create_intra_network_acl ? length(var.intra_inbound_acl_rules) : 0
network_acl_id = aws_network_acl.intra[0].id
@@ -876,7 +874,7 @@ resource "aws_network_acl_rule" "intra_inbound" {
}
resource "aws_network_acl_rule" "intra_outbound" {
- count = var.create_vpc && var.intra_dedicated_network_acl && length(var.intra_subnets) > 0 ? length(var.intra_outbound_acl_rules) : 0
+ count = local.create_intra_network_acl ? length(var.intra_outbound_acl_rules) : 0
network_acl_id = aws_network_acl.intra[0].id
@@ -893,218 +891,187 @@ resource "aws_network_acl_rule" "intra_outbound" {
}
################################################################################
-# Database Network ACLs
+# Outpost Subnets
################################################################################
-resource "aws_network_acl" "database" {
- count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? 1 : 0
+locals {
+ create_outpost_subnets = local.create_vpc && local.len_outpost_subnets > 0
+}
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.database.*.id
+resource "aws_subnet" "outpost" {
+ count = local.create_outpost_subnets ? local.len_outpost_subnets : 0
+
+ assign_ipv6_address_on_creation = var.enable_ipv6 && var.outpost_subnet_ipv6_native ? true : var.outpost_subnet_assign_ipv6_address_on_creation
+ availability_zone = var.outpost_az
+ cidr_block = var.outpost_subnet_ipv6_native ? null : element(concat(var.outpost_subnets, [""]), count.index)
+ customer_owned_ipv4_pool = var.customer_owned_ipv4_pool
+ enable_dns64 = var.enable_ipv6 && var.outpost_subnet_enable_dns64
+ enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch
+ enable_resource_name_dns_a_record_on_launch = !var.outpost_subnet_ipv6_native && var.outpost_subnet_enable_resource_name_dns_a_record_on_launch
+ ipv6_cidr_block = var.enable_ipv6 && length(var.outpost_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.outpost_subnet_ipv6_prefixes[count.index]) : null
+ ipv6_native = var.enable_ipv6 && var.outpost_subnet_ipv6_native
+ map_customer_owned_ip_on_launch = var.map_customer_owned_ip_on_launch
+ outpost_arn = var.outpost_arn
+ private_dns_hostname_type_on_launch = var.outpost_subnet_private_dns_hostname_type_on_launch
+ vpc_id = local.vpc_id
tags = merge(
{
- "Name" = format("%s-${var.database_subnet_suffix}", var.name)
+ Name = try(
+ var.outpost_subnet_names[count.index],
+ format("${var.name}-${var.outpost_subnet_suffix}-%s", var.outpost_az)
+ )
},
var.tags,
- var.database_acl_tags,
+ var.outpost_subnet_tags,
)
}
-resource "aws_network_acl_rule" "database_inbound" {
- count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_inbound_acl_rules) : 0
-
- network_acl_id = aws_network_acl.database[0].id
-
- egress = false
- rule_number = var.database_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.database_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.database_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.database_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.database_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.database_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.database_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.database_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.database_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
-}
-
-resource "aws_network_acl_rule" "database_outbound" {
- count = var.create_vpc && var.database_dedicated_network_acl && length(var.database_subnets) > 0 ? length(var.database_outbound_acl_rules) : 0
-
- network_acl_id = aws_network_acl.database[0].id
+resource "aws_route_table_association" "outpost" {
+ count = local.create_outpost_subnets ? local.len_outpost_subnets : 0
- egress = true
- rule_number = var.database_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.database_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.database_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.database_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.database_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.database_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.database_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.database_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.database_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ subnet_id = element(aws_subnet.outpost[*].id, count.index)
+ route_table_id = element(
+ aws_route_table.private[*].id,
+ var.single_nat_gateway ? 0 : count.index,
+ )
}
################################################################################
-# Redshift Network ACLs
+# Outpost Network ACLs
################################################################################
-resource "aws_network_acl" "redshift" {
- count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? 1 : 0
+locals {
+ create_outpost_network_acl = local.create_outpost_subnets && var.outpost_dedicated_network_acl
+}
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.redshift.*.id
+resource "aws_network_acl" "outpost" {
+ count = local.create_outpost_network_acl ? 1 : 0
+
+ vpc_id = local.vpc_id
+ subnet_ids = aws_subnet.outpost[*].id
tags = merge(
- {
- "Name" = format("%s-${var.redshift_subnet_suffix}", var.name)
- },
+ { "Name" = "${var.name}-${var.outpost_subnet_suffix}" },
var.tags,
- var.redshift_acl_tags,
+ var.outpost_acl_tags,
)
}
-resource "aws_network_acl_rule" "redshift_inbound" {
- count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_inbound_acl_rules) : 0
+resource "aws_network_acl_rule" "outpost_inbound" {
+ count = local.create_outpost_network_acl ? length(var.outpost_inbound_acl_rules) : 0
- network_acl_id = aws_network_acl.redshift[0].id
+ network_acl_id = aws_network_acl.outpost[0].id
egress = false
- rule_number = var.redshift_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.redshift_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.redshift_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.redshift_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.redshift_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.redshift_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.redshift_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ rule_number = var.outpost_inbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.outpost_inbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.outpost_inbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.outpost_inbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.outpost_inbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.outpost_inbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.outpost_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
-resource "aws_network_acl_rule" "redshift_outbound" {
- count = var.create_vpc && var.redshift_dedicated_network_acl && length(var.redshift_subnets) > 0 ? length(var.redshift_outbound_acl_rules) : 0
+resource "aws_network_acl_rule" "outpost_outbound" {
+ count = local.create_outpost_network_acl ? length(var.outpost_outbound_acl_rules) : 0
- network_acl_id = aws_network_acl.redshift[0].id
+ network_acl_id = aws_network_acl.outpost[0].id
egress = true
- rule_number = var.redshift_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.redshift_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.redshift_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.redshift_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.redshift_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.redshift_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.redshift_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ rule_number = var.outpost_outbound_acl_rules[count.index]["rule_number"]
+ rule_action = var.outpost_outbound_acl_rules[count.index]["rule_action"]
+ from_port = lookup(var.outpost_outbound_acl_rules[count.index], "from_port", null)
+ to_port = lookup(var.outpost_outbound_acl_rules[count.index], "to_port", null)
+ icmp_code = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_code", null)
+ icmp_type = lookup(var.outpost_outbound_acl_rules[count.index], "icmp_type", null)
+ protocol = var.outpost_outbound_acl_rules[count.index]["protocol"]
+ cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "cidr_block", null)
+ ipv6_cidr_block = lookup(var.outpost_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
}
################################################################################
-# Elasticache Network ACLs
+# Internet Gateway
################################################################################
-resource "aws_network_acl" "elasticache" {
- count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? 1 : 0
+resource "aws_internet_gateway" "this" {
+ count = local.create_public_subnets && var.create_igw ? 1 : 0
- vpc_id = element(concat(aws_vpc.this.*.id, [""]), 0)
- subnet_ids = aws_subnet.elasticache.*.id
+ vpc_id = local.vpc_id
tags = merge(
- {
- "Name" = format("%s-${var.elasticache_subnet_suffix}", var.name)
- },
+ { "Name" = var.name },
var.tags,
- var.elasticache_acl_tags,
+ var.igw_tags,
)
}
-resource "aws_network_acl_rule" "elasticache_inbound" {
- count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_inbound_acl_rules) : 0
+resource "aws_egress_only_internet_gateway" "this" {
+ count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0
- network_acl_id = aws_network_acl.elasticache[0].id
+ vpc_id = local.vpc_id
- egress = false
- rule_number = var.elasticache_inbound_acl_rules[count.index]["rule_number"]
- rule_action = var.elasticache_inbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.elasticache_inbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.elasticache_inbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.elasticache_inbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.elasticache_inbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.elasticache_inbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ tags = merge(
+ { "Name" = var.name },
+ var.tags,
+ var.igw_tags,
+ )
}
-resource "aws_network_acl_rule" "elasticache_outbound" {
- count = var.create_vpc && var.elasticache_dedicated_network_acl && length(var.elasticache_subnets) > 0 ? length(var.elasticache_outbound_acl_rules) : 0
-
- network_acl_id = aws_network_acl.elasticache[0].id
+resource "aws_route" "private_ipv6_egress" {
+ count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? local.len_private_subnets : 0
- egress = true
- rule_number = var.elasticache_outbound_acl_rules[count.index]["rule_number"]
- rule_action = var.elasticache_outbound_acl_rules[count.index]["rule_action"]
- from_port = lookup(var.elasticache_outbound_acl_rules[count.index], "from_port", null)
- to_port = lookup(var.elasticache_outbound_acl_rules[count.index], "to_port", null)
- icmp_code = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_code", null)
- icmp_type = lookup(var.elasticache_outbound_acl_rules[count.index], "icmp_type", null)
- protocol = var.elasticache_outbound_acl_rules[count.index]["protocol"]
- cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "cidr_block", null)
- ipv6_cidr_block = lookup(var.elasticache_outbound_acl_rules[count.index], "ipv6_cidr_block", null)
+ route_table_id = element(aws_route_table.private[*].id, count.index)
+ destination_ipv6_cidr_block = "::/0"
+ egress_only_gateway_id = element(aws_egress_only_internet_gateway.this[*].id, 0)
}
################################################################################
# NAT Gateway
################################################################################
-# Workaround for interpolation not being able to "short-circuit" the evaluation of the conditional branch that doesn't end up being used
-# Source: https://github.com/hashicorp/terraform/issues/11566#issuecomment-289417805
-#
-# The logical expression would be
-#
-# nat_gateway_ips = var.reuse_nat_ips ? var.external_nat_ip_ids : aws_eip.nat.*.id
-#
-# but then when count of aws_eip.nat.*.id is zero, this would throw a resource not found error on aws_eip.nat.*.id.
locals {
- nat_gateway_ips = split(
- ",",
- var.reuse_nat_ips ? join(",", var.external_nat_ip_ids) : join(",", aws_eip.nat.*.id),
- )
+ nat_gateway_count = var.single_nat_gateway ? 1 : var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length
+ nat_gateway_ips = var.reuse_nat_ips ? var.external_nat_ip_ids : try(aws_eip.nat[*].id, [])
}
resource "aws_eip" "nat" {
- count = var.create_vpc && var.enable_nat_gateway && false == var.reuse_nat_ips ? local.nat_gateway_count : 0
+ count = local.create_vpc && var.enable_nat_gateway && !var.reuse_nat_ips ? local.nat_gateway_count : 0
- vpc = true
+ domain = "vpc"
tags = merge(
{
"Name" = format(
- "%s-%s",
- var.name,
+ "${var.name}-%s",
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
var.tags,
var.nat_eip_tags,
)
+
+ depends_on = [aws_internet_gateway.this]
}
resource "aws_nat_gateway" "this" {
- count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
+ count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
allocation_id = element(
local.nat_gateway_ips,
var.single_nat_gateway ? 0 : count.index,
)
subnet_id = element(
- aws_subnet.public.*.id,
+ aws_subnet.public[*].id,
var.single_nat_gateway ? 0 : count.index,
)
tags = merge(
{
"Name" = format(
- "%s-%s",
- var.name,
+ "${var.name}-%s",
element(var.azs, var.single_nat_gateway ? 0 : count.index),
)
},
@@ -1116,104 +1083,27 @@ resource "aws_nat_gateway" "this" {
}
resource "aws_route" "private_nat_gateway" {
- count = var.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
+ count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
- route_table_id = element(aws_route_table.private.*.id, count.index)
- destination_cidr_block = "0.0.0.0/0"
- nat_gateway_id = element(aws_nat_gateway.this.*.id, count.index)
+ route_table_id = element(aws_route_table.private[*].id, count.index)
+ destination_cidr_block = var.nat_gateway_destination_cidr_block
+ nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
timeouts {
create = "5m"
}
}
-resource "aws_route" "private_ipv6_egress" {
- count = var.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? length(var.private_subnets) : 0
-
- route_table_id = element(aws_route_table.private.*.id, count.index)
- destination_ipv6_cidr_block = "::/0"
- egress_only_gateway_id = element(aws_egress_only_internet_gateway.this.*.id, 0)
-}
-
-################################################################################
-# Route table association
-################################################################################
-
-resource "aws_route_table_association" "private" {
- count = var.create_vpc && length(var.private_subnets) > 0 ? length(var.private_subnets) : 0
-
- subnet_id = element(aws_subnet.private.*.id, count.index)
- route_table_id = element(
- aws_route_table.private.*.id,
- var.single_nat_gateway ? 0 : count.index,
- )
-}
-
-resource "aws_route_table_association" "outpost" {
- count = var.create_vpc && length(var.outpost_subnets) > 0 ? length(var.outpost_subnets) : 0
-
- subnet_id = element(aws_subnet.outpost.*.id, count.index)
- route_table_id = element(
- aws_route_table.private.*.id,
- var.single_nat_gateway ? 0 : count.index,
- )
-}
-
-resource "aws_route_table_association" "database" {
- count = var.create_vpc && length(var.database_subnets) > 0 ? length(var.database_subnets) : 0
-
- subnet_id = element(aws_subnet.database.*.id, count.index)
- route_table_id = element(
- coalescelist(aws_route_table.database.*.id, aws_route_table.private.*.id),
- var.create_database_subnet_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 0 : count.index : count.index,
- )
-}
-
-resource "aws_route_table_association" "redshift" {
- count = var.create_vpc && length(var.redshift_subnets) > 0 && false == var.enable_public_redshift ? length(var.redshift_subnets) : 0
-
- subnet_id = element(aws_subnet.redshift.*.id, count.index)
- route_table_id = element(
- coalescelist(aws_route_table.redshift.*.id, aws_route_table.private.*.id),
- var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
- )
-}
-
-resource "aws_route_table_association" "redshift_public" {
- count = var.create_vpc && length(var.redshift_subnets) > 0 && var.enable_public_redshift ? length(var.redshift_subnets) : 0
-
- subnet_id = element(aws_subnet.redshift.*.id, count.index)
- route_table_id = element(
- coalescelist(aws_route_table.redshift.*.id, aws_route_table.public.*.id),
- var.single_nat_gateway || var.create_redshift_subnet_route_table ? 0 : count.index,
- )
-}
-
-resource "aws_route_table_association" "elasticache" {
- count = var.create_vpc && length(var.elasticache_subnets) > 0 ? length(var.elasticache_subnets) : 0
-
- subnet_id = element(aws_subnet.elasticache.*.id, count.index)
- route_table_id = element(
- coalescelist(
- aws_route_table.elasticache.*.id,
- aws_route_table.private.*.id,
- ),
- var.single_nat_gateway || var.create_elasticache_subnet_route_table ? 0 : count.index,
- )
-}
-
-resource "aws_route_table_association" "intra" {
- count = var.create_vpc && length(var.intra_subnets) > 0 ? length(var.intra_subnets) : 0
+resource "aws_route" "private_dns64_nat_gateway" {
+ count = local.create_vpc && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0
- subnet_id = element(aws_subnet.intra.*.id, count.index)
- route_table_id = element(aws_route_table.intra.*.id, 0)
-}
-
-resource "aws_route_table_association" "public" {
- count = var.create_vpc && length(var.public_subnets) > 0 ? length(var.public_subnets) : 0
+ route_table_id = element(aws_route_table.private[*].id, count.index)
+ destination_ipv6_cidr_block = "64:ff9b::/96"
+ nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
- subnet_id = element(aws_subnet.public.*.id, count.index)
- route_table_id = aws_route_table.public[0].id
+ timeouts {
+ create = "5m"
+ }
}
################################################################################
@@ -1229,9 +1119,7 @@ resource "aws_customer_gateway" "this" {
type = "ipsec.1"
tags = merge(
- {
- Name = format("%s-%s", var.name, each.key)
- },
+ { Name = "${var.name}-${each.key}" },
var.tags,
var.customer_gateway_tags,
)
@@ -1242,16 +1130,14 @@ resource "aws_customer_gateway" "this" {
################################################################################
resource "aws_vpn_gateway" "this" {
- count = var.create_vpc && var.enable_vpn_gateway ? 1 : 0
+ count = local.create_vpc && var.enable_vpn_gateway ? 1 : 0
vpc_id = local.vpc_id
amazon_side_asn = var.amazon_side_asn
availability_zone = var.vpn_gateway_az
tags = merge(
- {
- "Name" = format("%s", var.name)
- },
+ { "Name" = var.name },
var.tags,
var.vpn_gateway_tags,
)
@@ -1265,46 +1151,46 @@ resource "aws_vpn_gateway_attachment" "this" {
}
resource "aws_vpn_gateway_route_propagation" "public" {
- count = var.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0
+ count = local.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0
- route_table_id = element(aws_route_table.public.*.id, count.index)
+ route_table_id = element(aws_route_table.public[*].id, count.index)
vpn_gateway_id = element(
concat(
- aws_vpn_gateway.this.*.id,
- aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
+ aws_vpn_gateway.this[*].id,
+ aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
),
count.index,
)
}
resource "aws_vpn_gateway_route_propagation" "private" {
- count = var.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.private_subnets) : 0
+ count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_private_subnets : 0
- route_table_id = element(aws_route_table.private.*.id, count.index)
+ route_table_id = element(aws_route_table.private[*].id, count.index)
vpn_gateway_id = element(
concat(
- aws_vpn_gateway.this.*.id,
- aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
+ aws_vpn_gateway.this[*].id,
+ aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
),
count.index,
)
}
resource "aws_vpn_gateway_route_propagation" "intra" {
- count = var.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? length(var.intra_subnets) : 0
+ count = local.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_intra_subnets : 0
- route_table_id = element(aws_route_table.intra.*.id, count.index)
+ route_table_id = element(aws_route_table.intra[*].id, count.index)
vpn_gateway_id = element(
concat(
- aws_vpn_gateway.this.*.id,
- aws_vpn_gateway_attachment.this.*.vpn_gateway_id,
+ aws_vpn_gateway.this[*].id,
+ aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
),
count.index,
)
}
################################################################################
-# Defaults
+# Default VPC
################################################################################
resource "aws_default_vpc" "this" {
@@ -1312,13 +1198,146 @@ resource "aws_default_vpc" "this" {
enable_dns_support = var.default_vpc_enable_dns_support
enable_dns_hostnames = var.default_vpc_enable_dns_hostnames
- enable_classiclink = var.default_vpc_enable_classiclink
tags = merge(
- {
- "Name" = format("%s", var.default_vpc_name)
- },
+ { "Name" = coalesce(var.default_vpc_name, "default") },
var.tags,
var.default_vpc_tags,
)
}
+
+resource "aws_default_security_group" "this" {
+ count = local.create_vpc && var.manage_default_security_group ? 1 : 0
+
+ vpc_id = aws_vpc.this[0].id
+
+ dynamic "ingress" {
+ for_each = var.default_security_group_ingress
+ content {
+ self = lookup(ingress.value, "self", null)
+ cidr_blocks = compact(split(",", lookup(ingress.value, "cidr_blocks", "")))
+ ipv6_cidr_blocks = compact(split(",", lookup(ingress.value, "ipv6_cidr_blocks", "")))
+ prefix_list_ids = compact(split(",", lookup(ingress.value, "prefix_list_ids", "")))
+ security_groups = compact(split(",", lookup(ingress.value, "security_groups", "")))
+ description = lookup(ingress.value, "description", null)
+ from_port = lookup(ingress.value, "from_port", 0)
+ to_port = lookup(ingress.value, "to_port", 0)
+ protocol = lookup(ingress.value, "protocol", "-1")
+ }
+ }
+
+ dynamic "egress" {
+ for_each = var.default_security_group_egress
+ content {
+ self = lookup(egress.value, "self", null)
+ cidr_blocks = compact(split(",", lookup(egress.value, "cidr_blocks", "")))
+ ipv6_cidr_blocks = compact(split(",", lookup(egress.value, "ipv6_cidr_blocks", "")))
+ prefix_list_ids = compact(split(",", lookup(egress.value, "prefix_list_ids", "")))
+ security_groups = compact(split(",", lookup(egress.value, "security_groups", "")))
+ description = lookup(egress.value, "description", null)
+ from_port = lookup(egress.value, "from_port", 0)
+ to_port = lookup(egress.value, "to_port", 0)
+ protocol = lookup(egress.value, "protocol", "-1")
+ }
+ }
+
+ tags = merge(
+ { "Name" = coalesce(var.default_security_group_name, "${var.name}-default") },
+ var.tags,
+ var.default_security_group_tags,
+ )
+}
+
+################################################################################
+# Default Network ACLs
+################################################################################
+
+resource "aws_default_network_acl" "this" {
+ count = local.create_vpc && var.manage_default_network_acl ? 1 : 0
+
+ default_network_acl_id = aws_vpc.this[0].default_network_acl_id
+
+ # subnet_ids is using lifecycle ignore_changes, so it is not necessary to list
+ # any explicitly. See https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/736
+ subnet_ids = null
+
+ dynamic "ingress" {
+ for_each = var.default_network_acl_ingress
+ content {
+ action = ingress.value.action
+ cidr_block = lookup(ingress.value, "cidr_block", null)
+ from_port = ingress.value.from_port
+ icmp_code = lookup(ingress.value, "icmp_code", null)
+ icmp_type = lookup(ingress.value, "icmp_type", null)
+ ipv6_cidr_block = lookup(ingress.value, "ipv6_cidr_block", null)
+ protocol = ingress.value.protocol
+ rule_no = ingress.value.rule_no
+ to_port = ingress.value.to_port
+ }
+ }
+ dynamic "egress" {
+ for_each = var.default_network_acl_egress
+ content {
+ action = egress.value.action
+ cidr_block = lookup(egress.value, "cidr_block", null)
+ from_port = egress.value.from_port
+ icmp_code = lookup(egress.value, "icmp_code", null)
+ icmp_type = lookup(egress.value, "icmp_type", null)
+ ipv6_cidr_block = lookup(egress.value, "ipv6_cidr_block", null)
+ protocol = egress.value.protocol
+ rule_no = egress.value.rule_no
+ to_port = egress.value.to_port
+ }
+ }
+
+ tags = merge(
+ { "Name" = coalesce(var.default_network_acl_name, "${var.name}-default") },
+ var.tags,
+ var.default_network_acl_tags,
+ )
+
+ lifecycle {
+ ignore_changes = [subnet_ids]
+ }
+}
+
+################################################################################
+# Default Route
+################################################################################
+
+resource "aws_default_route_table" "default" {
+ count = local.create_vpc && var.manage_default_route_table ? 1 : 0
+
+ default_route_table_id = aws_vpc.this[0].default_route_table_id
+ propagating_vgws = var.default_route_table_propagating_vgws
+
+ dynamic "route" {
+ for_each = var.default_route_table_routes
+ content {
+ # One of the following destinations must be provided
+ cidr_block = route.value.cidr_block
+ ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
+
+ # One of the following targets must be provided
+ egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
+ gateway_id = lookup(route.value, "gateway_id", null)
+ instance_id = lookup(route.value, "instance_id", null)
+ nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
+ network_interface_id = lookup(route.value, "network_interface_id", null)
+ transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
+ vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
+ vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
+ }
+ }
+
+ timeouts {
+ create = "5m"
+ update = "5m"
+ }
+
+ tags = merge(
+ { "Name" = coalesce(var.default_route_table_name, "${var.name}-default") },
+ var.tags,
+ var.default_route_table_tags,
+ )
+}
diff --git a/modules/vpc-endpoints/README.md b/modules/vpc-endpoints/README.md
index 13b15fbdd..a59292ae8 100644
--- a/modules/vpc-endpoints/README.md
+++ b/modules/vpc-endpoints/README.md
@@ -48,21 +48,21 @@ module "endpoints" {
## Examples
-- [Complete-VPC](../../examples/complete-vpc) with VPC Endpoints.
+- [Complete-VPC](../../examples/complete) with VPC Endpoints.
## Requirements
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.12.31 |
-| [aws](#requirement\_aws) | >= 3.28 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.28 |
+| [aws](#provider\_aws) | >= 5.0 |
## Modules
@@ -72,6 +72,8 @@ No modules.
| Name | Type |
|------|------|
+| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
| [aws_vpc_endpoint_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | data source |
@@ -80,8 +82,14 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no |
+| [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `false` | no |
| [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no |
+| [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
+| [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created. Conflicts with `security_group_name_prefix` | `string` | `null` | no |
+| [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | Name prefix to use on security group created. Conflicts with `security_group_name` | `string` | `null` | no |
+| [security\_group\_rules](#input\_security\_group\_rules) | Security group rules to add to the security group created | `any` | `{}` | no |
+| [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no |
| [subnet\_ids](#input\_subnet\_ids) | Default subnets IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
| [tags](#input\_tags) | A map of tags to use on all resources | `map(string)` | `{}` | no |
| [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting VPC endpoint resources | `map(string)` | `{}` | no |
@@ -92,4 +100,6 @@ No modules.
| Name | Description |
|------|-------------|
| [endpoints](#output\_endpoints) | Array containing the full resource object and attributes for all endpoints created |
+| [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group |
+| [security\_group\_id](#output\_security\_group\_id) | ID of the security group |
diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf
index 58b3270ee..8c4b09c38 100644
--- a/modules/vpc-endpoints/main.tf
+++ b/modules/vpc-endpoints/main.tf
@@ -1,20 +1,22 @@
-locals {
- endpoints = var.create ? var.endpoints : tomap({})
-}
-
################################################################################
# Endpoint(s)
################################################################################
+locals {
+ endpoints = { for k, v in var.endpoints : k => v if var.create && try(v.create, true) }
+
+ security_group_ids = var.create && var.create_security_group ? concat(var.security_group_ids, [aws_security_group.this[0].id]) : var.security_group_ids
+}
+
data "aws_vpc_endpoint_service" "this" {
for_each = local.endpoints
- service = lookup(each.value, "service", null)
- service_name = lookup(each.value, "service_name", null)
+ service = try(each.value.service, null)
+ service_name = try(each.value.service_name, null)
filter {
name = "service-type"
- values = [lookup(each.value, "service_type", "Interface")]
+ values = [try(each.value.service_type, "Interface")]
}
}
@@ -23,20 +25,62 @@ resource "aws_vpc_endpoint" "this" {
vpc_id = var.vpc_id
service_name = data.aws_vpc_endpoint_service.this[each.key].service_name
- vpc_endpoint_type = lookup(each.value, "service_type", "Interface")
- auto_accept = lookup(each.value, "auto_accept", null)
+ vpc_endpoint_type = try(each.value.service_type, "Interface")
+ auto_accept = try(each.value.auto_accept, null)
- security_group_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.security_group_ids, lookup(each.value, "security_group_ids", []))) : null
- subnet_ids = lookup(each.value, "service_type", "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null
- route_table_ids = lookup(each.value, "service_type", "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null
- policy = lookup(each.value, "policy", null)
- private_dns_enabled = lookup(each.value, "service_type", "Interface") == "Interface" ? lookup(each.value, "private_dns_enabled", null) : null
+ security_group_ids = try(each.value.service_type, "Interface") == "Interface" ? length(distinct(concat(local.security_group_ids, lookup(each.value, "security_group_ids", [])))) > 0 ? distinct(concat(local.security_group_ids, lookup(each.value, "security_group_ids", []))) : null : null
+ subnet_ids = try(each.value.service_type, "Interface") == "Interface" ? distinct(concat(var.subnet_ids, lookup(each.value, "subnet_ids", []))) : null
+ route_table_ids = try(each.value.service_type, "Interface") == "Gateway" ? lookup(each.value, "route_table_ids", null) : null
+ policy = try(each.value.policy, null)
+ private_dns_enabled = try(each.value.service_type, "Interface") == "Interface" ? try(each.value.private_dns_enabled, null) : null
- tags = merge(var.tags, lookup(each.value, "tags", {}))
+ tags = merge(var.tags, try(each.value.tags, {}))
timeouts {
- create = lookup(var.timeouts, "create", "10m")
- update = lookup(var.timeouts, "update", "10m")
- delete = lookup(var.timeouts, "delete", "10m")
+ create = try(var.timeouts.create, "10m")
+ update = try(var.timeouts.update, "10m")
+ delete = try(var.timeouts.delete, "10m")
+ }
+}
+
+################################################################################
+# Security Group
+################################################################################
+
+resource "aws_security_group" "this" {
+ count = var.create && var.create_security_group ? 1 : 0
+
+ name = var.security_group_name
+ name_prefix = var.security_group_name_prefix
+ description = var.security_group_description
+ vpc_id = var.vpc_id
+
+ tags = merge(
+ var.tags,
+ var.security_group_tags,
+ { "Name" = try(coalesce(var.security_group_name, var.security_group_name_prefix), "") },
+ )
+
+ lifecycle {
+ create_before_destroy = true
}
}
+
+resource "aws_security_group_rule" "this" {
+ for_each = { for k, v in var.security_group_rules : k => v if var.create && var.create_security_group }
+
+ # Required
+ security_group_id = aws_security_group.this[0].id
+ protocol = try(each.value.protocol, "tcp")
+ from_port = try(each.value.from_port, 443)
+ to_port = try(each.value.to_port, 443)
+ type = try(each.value.type, "ingress")
+
+ # Optional
+ description = try(each.value.description, null)
+ cidr_blocks = lookup(each.value, "cidr_blocks", null)
+ ipv6_cidr_blocks = lookup(each.value, "ipv6_cidr_blocks", null)
+ prefix_list_ids = lookup(each.value, "prefix_list_ids", null)
+ self = try(each.value.self, null)
+ source_security_group_id = lookup(each.value, "source_security_group_id", null)
+}
diff --git a/modules/vpc-endpoints/outputs.tf b/modules/vpc-endpoints/outputs.tf
index 88aa989fa..a9df78d06 100644
--- a/modules/vpc-endpoints/outputs.tf
+++ b/modules/vpc-endpoints/outputs.tf
@@ -2,3 +2,17 @@ output "endpoints" {
description = "Array containing the full resource object and attributes for all endpoints created"
value = aws_vpc_endpoint.this
}
+
+################################################################################
+# Security Group
+################################################################################
+
+output "security_group_arn" {
+ description = "Amazon Resource Name (ARN) of the security group"
+ value = try(aws_security_group.this[0].arn, null)
+}
+
+output "security_group_id" {
+ description = "ID of the security group"
+ value = try(aws_security_group.this[0].id, null)
+}
diff --git a/modules/vpc-endpoints/variables.tf b/modules/vpc-endpoints/variables.tf
index afcebc3d0..30a747abd 100644
--- a/modules/vpc-endpoints/variables.tf
+++ b/modules/vpc-endpoints/variables.tf
@@ -39,3 +39,43 @@ variable "timeouts" {
type = map(string)
default = {}
}
+
+################################################################################
+# Security Group
+################################################################################
+
+variable "create_security_group" {
+ description = "Determines if a security group is created"
+ type = bool
+ default = false
+}
+
+variable "security_group_name" {
+ description = "Name to use on security group created. Conflicts with `security_group_name_prefix`"
+ type = string
+ default = null
+}
+
+variable "security_group_name_prefix" {
+ description = "Name prefix to use on security group created. Conflicts with `security_group_name`"
+ type = string
+ default = null
+}
+
+variable "security_group_description" {
+ description = "Description of the security group created"
+ type = string
+ default = null
+}
+
+variable "security_group_rules" {
+ description = "Security group rules to add to the security group created"
+ type = any
+ default = {}
+}
+
+variable "security_group_tags" {
+ description = "A map of additional tags to add to the security group created"
+ type = map(string)
+ default = {}
+}
diff --git a/modules/vpc-endpoints/versions.tf b/modules/vpc-endpoints/versions.tf
index 7045f6d16..ddfcb0e05 100644
--- a/modules/vpc-endpoints/versions.tf
+++ b/modules/vpc-endpoints/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.28"
+ version = ">= 5.0"
}
}
}
diff --git a/outputs.tf b/outputs.tf
index 064be15fb..d4e3e4079 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,373 +1,502 @@
+locals {
+ redshift_route_table_ids = aws_route_table.redshift[*].id
+ public_route_table_ids = aws_route_table.public[*].id
+ private_route_table_ids = aws_route_table.private[*].id
+}
+
+################################################################################
+# VPC
+################################################################################
+
output "vpc_id" {
description = "The ID of the VPC"
- value = concat(aws_vpc.this.*.id, [""])[0]
+ value = try(aws_vpc.this[0].id, null)
}
output "vpc_arn" {
description = "The ARN of the VPC"
- value = concat(aws_vpc.this.*.arn, [""])[0]
+ value = try(aws_vpc.this[0].arn, null)
}
output "vpc_cidr_block" {
description = "The CIDR block of the VPC"
- value = concat(aws_vpc.this.*.cidr_block, [""])[0]
+ value = try(aws_vpc.this[0].cidr_block, null)
}
output "default_security_group_id" {
description = "The ID of the security group created by default on VPC creation"
- value = concat(aws_vpc.this.*.default_security_group_id, [""])[0]
+ value = try(aws_vpc.this[0].default_security_group_id, null)
}
output "default_network_acl_id" {
description = "The ID of the default network ACL"
- value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0]
+ value = try(aws_vpc.this[0].default_network_acl_id, null)
}
output "default_route_table_id" {
description = "The ID of the default route table"
- value = concat(aws_vpc.this.*.default_route_table_id, [""])[0]
+ value = try(aws_vpc.this[0].default_route_table_id, null)
}
output "vpc_instance_tenancy" {
description = "Tenancy of instances spin up within VPC"
- value = concat(aws_vpc.this.*.instance_tenancy, [""])[0]
+ value = try(aws_vpc.this[0].instance_tenancy, null)
}
output "vpc_enable_dns_support" {
description = "Whether or not the VPC has DNS support"
- value = concat(aws_vpc.this.*.enable_dns_support, [""])[0]
+ value = try(aws_vpc.this[0].enable_dns_support, null)
}
output "vpc_enable_dns_hostnames" {
description = "Whether or not the VPC has DNS hostname support"
- value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0]
+ value = try(aws_vpc.this[0].enable_dns_hostnames, null)
}
output "vpc_main_route_table_id" {
description = "The ID of the main route table associated with this VPC"
- value = concat(aws_vpc.this.*.main_route_table_id, [""])[0]
+ value = try(aws_vpc.this[0].main_route_table_id, null)
}
output "vpc_ipv6_association_id" {
description = "The association ID for the IPv6 CIDR block"
- value = concat(aws_vpc.this.*.ipv6_association_id, [""])[0]
+ value = try(aws_vpc.this[0].ipv6_association_id, null)
}
output "vpc_ipv6_cidr_block" {
description = "The IPv6 CIDR block"
- value = concat(aws_vpc.this.*.ipv6_cidr_block, [""])[0]
+ value = try(aws_vpc.this[0].ipv6_cidr_block, null)
}
output "vpc_secondary_cidr_blocks" {
description = "List of secondary CIDR blocks of the VPC"
- value = aws_vpc_ipv4_cidr_block_association.this.*.cidr_block
+ value = compact(aws_vpc_ipv4_cidr_block_association.this[*].cidr_block)
}
output "vpc_owner_id" {
description = "The ID of the AWS account that owns the VPC"
- value = concat(aws_vpc.this.*.owner_id, [""])[0]
+ value = try(aws_vpc.this[0].owner_id, null)
+}
+
+################################################################################
+# DHCP Options Set
+################################################################################
+
+output "dhcp_options_id" {
+ description = "The ID of the DHCP options"
+ value = try(aws_vpc_dhcp_options.this[0].id, null)
+}
+
+################################################################################
+# Internet Gateway
+################################################################################
+
+output "igw_id" {
+ description = "The ID of the Internet Gateway"
+ value = try(aws_internet_gateway.this[0].id, null)
+}
+
+output "igw_arn" {
+ description = "The ARN of the Internet Gateway"
+ value = try(aws_internet_gateway.this[0].arn, null)
+}
+
+################################################################################
+# Publiс Subnets
+################################################################################
+
+output "public_subnets" {
+ description = "List of IDs of public subnets"
+ value = aws_subnet.public[*].id
+}
+
+output "public_subnet_arns" {
+ description = "List of ARNs of public subnets"
+ value = aws_subnet.public[*].arn
+}
+
+output "public_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of public subnets"
+ value = compact(aws_subnet.public[*].cidr_block)
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+ value = compact(aws_subnet.public[*].ipv6_cidr_block)
+}
+
+output "public_route_table_ids" {
+ description = "List of IDs of public route tables"
+ value = local.public_route_table_ids
+}
+
+output "public_internet_gateway_route_id" {
+ description = "ID of the internet gateway route"
+ value = try(aws_route.public_internet_gateway[0].id, null)
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+ description = "ID of the IPv6 internet gateway route"
+ value = try(aws_route.public_internet_gateway_ipv6[0].id, null)
+}
+
+output "public_route_table_association_ids" {
+ description = "List of IDs of the public route table association"
+ value = aws_route_table_association.public[*].id
+}
+
+output "public_network_acl_id" {
+ description = "ID of the public network ACL"
+ value = try(aws_network_acl.public[0].id, null)
+}
+
+output "public_network_acl_arn" {
+ description = "ARN of the public network ACL"
+ value = try(aws_network_acl.public[0].arn, null)
}
+################################################################################
+# Private Subnets
+################################################################################
+
output "private_subnets" {
description = "List of IDs of private subnets"
- value = aws_subnet.private.*.id
+ value = aws_subnet.private[*].id
}
output "private_subnet_arns" {
description = "List of ARNs of private subnets"
- value = aws_subnet.private.*.arn
+ value = aws_subnet.private[*].arn
}
output "private_subnets_cidr_blocks" {
description = "List of cidr_blocks of private subnets"
- value = aws_subnet.private.*.cidr_block
+ value = compact(aws_subnet.private[*].cidr_block)
}
output "private_subnets_ipv6_cidr_blocks" {
description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
- value = aws_subnet.private.*.ipv6_cidr_block
+ value = compact(aws_subnet.private[*].ipv6_cidr_block)
}
-output "public_subnets" {
- description = "List of IDs of public subnets"
- value = aws_subnet.public.*.id
+output "private_route_table_ids" {
+ description = "List of IDs of private route tables"
+ value = local.private_route_table_ids
}
-output "public_subnet_arns" {
- description = "List of ARNs of public subnets"
- value = aws_subnet.public.*.arn
+output "private_nat_gateway_route_ids" {
+ description = "List of IDs of the private nat gateway route"
+ value = aws_route.private_nat_gateway[*].id
}
-output "public_subnets_cidr_blocks" {
- description = "List of cidr_blocks of public subnets"
- value = aws_subnet.public.*.cidr_block
+output "private_ipv6_egress_route_ids" {
+ description = "List of IDs of the ipv6 egress route"
+ value = aws_route.private_ipv6_egress[*].id
}
-output "public_subnets_ipv6_cidr_blocks" {
- description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
- value = aws_subnet.public.*.ipv6_cidr_block
+output "private_route_table_association_ids" {
+ description = "List of IDs of the private route table association"
+ value = aws_route_table_association.private[*].id
}
+output "private_network_acl_id" {
+ description = "ID of the private network ACL"
+ value = try(aws_network_acl.private[0].id, null)
+}
+
+output "private_network_acl_arn" {
+ description = "ARN of the private network ACL"
+ value = try(aws_network_acl.private[0].arn, null)
+}
+
+################################################################################
+# Outpost Subnets
+################################################################################
+
output "outpost_subnets" {
description = "List of IDs of outpost subnets"
- value = aws_subnet.outpost.*.id
+ value = aws_subnet.outpost[*].id
}
output "outpost_subnet_arns" {
description = "List of ARNs of outpost subnets"
- value = aws_subnet.outpost.*.arn
+ value = aws_subnet.outpost[*].arn
}
output "outpost_subnets_cidr_blocks" {
description = "List of cidr_blocks of outpost subnets"
- value = aws_subnet.outpost.*.cidr_block
+ value = compact(aws_subnet.outpost[*].cidr_block)
}
output "outpost_subnets_ipv6_cidr_blocks" {
description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
- value = aws_subnet.outpost.*.ipv6_cidr_block
+ value = compact(aws_subnet.outpost[*].ipv6_cidr_block)
+}
+
+output "outpost_network_acl_id" {
+ description = "ID of the outpost network ACL"
+ value = try(aws_network_acl.outpost[0].id, null)
}
+output "outpost_network_acl_arn" {
+ description = "ARN of the outpost network ACL"
+ value = try(aws_network_acl.outpost[0].arn, null)
+}
+
+################################################################################
+# Database Subnets
+################################################################################
+
output "database_subnets" {
description = "List of IDs of database subnets"
- value = aws_subnet.database.*.id
+ value = aws_subnet.database[*].id
}
output "database_subnet_arns" {
description = "List of ARNs of database subnets"
- value = aws_subnet.database.*.arn
+ value = aws_subnet.database[*].arn
}
output "database_subnets_cidr_blocks" {
description = "List of cidr_blocks of database subnets"
- value = aws_subnet.database.*.cidr_block
+ value = compact(aws_subnet.database[*].cidr_block)
}
output "database_subnets_ipv6_cidr_blocks" {
description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
- value = aws_subnet.database.*.ipv6_cidr_block
+ value = compact(aws_subnet.database[*].ipv6_cidr_block)
}
output "database_subnet_group" {
description = "ID of database subnet group"
- value = concat(aws_db_subnet_group.database.*.id, [""])[0]
+ value = try(aws_db_subnet_group.database[0].id, null)
}
output "database_subnet_group_name" {
description = "Name of database subnet group"
- value = concat(aws_db_subnet_group.database.*.name, [""])[0]
+ value = try(aws_db_subnet_group.database[0].name, null)
}
-output "redshift_subnets" {
- description = "List of IDs of redshift subnets"
- value = aws_subnet.redshift.*.id
+output "database_route_table_ids" {
+ description = "List of IDs of database route tables"
+ # Refer to https://github.com/terraform-aws-modules/terraform-aws-vpc/pull/926 before changing logic
+ value = length(aws_route_table.database[*].id) > 0 ? aws_route_table.database[*].id : aws_route_table.private[*].id
}
-output "redshift_subnet_arns" {
- description = "List of ARNs of redshift subnets"
- value = aws_subnet.redshift.*.arn
+output "database_internet_gateway_route_id" {
+ description = "ID of the database internet gateway route"
+ value = try(aws_route.database_internet_gateway[0].id, null)
}
-output "redshift_subnets_cidr_blocks" {
- description = "List of cidr_blocks of redshift subnets"
- value = aws_subnet.redshift.*.cidr_block
+output "database_nat_gateway_route_ids" {
+ description = "List of IDs of the database nat gateway route"
+ value = aws_route.database_nat_gateway[*].id
}
-output "redshift_subnets_ipv6_cidr_blocks" {
- description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
- value = aws_subnet.redshift.*.ipv6_cidr_block
+output "database_ipv6_egress_route_id" {
+ description = "ID of the database IPv6 egress route"
+ value = try(aws_route.database_ipv6_egress[0].id, null)
}
-output "redshift_subnet_group" {
- description = "ID of redshift subnet group"
- value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0]
+output "database_route_table_association_ids" {
+ description = "List of IDs of the database route table association"
+ value = aws_route_table_association.database[*].id
}
-output "elasticache_subnets" {
- description = "List of IDs of elasticache subnets"
- value = aws_subnet.elasticache.*.id
+output "database_network_acl_id" {
+ description = "ID of the database network ACL"
+ value = try(aws_network_acl.database[0].id, null)
}
-output "elasticache_subnet_arns" {
- description = "List of ARNs of elasticache subnets"
- value = aws_subnet.elasticache.*.arn
+output "database_network_acl_arn" {
+ description = "ARN of the database network ACL"
+ value = try(aws_network_acl.database[0].arn, null)
}
-output "elasticache_subnets_cidr_blocks" {
- description = "List of cidr_blocks of elasticache subnets"
- value = aws_subnet.elasticache.*.cidr_block
-}
+################################################################################
+# Redshift Subnets
+################################################################################
-output "elasticache_subnets_ipv6_cidr_blocks" {
- description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
- value = aws_subnet.elasticache.*.ipv6_cidr_block
+output "redshift_subnets" {
+ description = "List of IDs of redshift subnets"
+ value = aws_subnet.redshift[*].id
}
-output "intra_subnets" {
- description = "List of IDs of intra subnets"
- value = aws_subnet.intra.*.id
+output "redshift_subnet_arns" {
+ description = "List of ARNs of redshift subnets"
+ value = aws_subnet.redshift[*].arn
}
-output "intra_subnet_arns" {
- description = "List of ARNs of intra subnets"
- value = aws_subnet.intra.*.arn
+output "redshift_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of redshift subnets"
+ value = compact(aws_subnet.redshift[*].cidr_block)
}
-output "intra_subnets_cidr_blocks" {
- description = "List of cidr_blocks of intra subnets"
- value = aws_subnet.intra.*.cidr_block
+output "redshift_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+ value = compact(aws_subnet.redshift[*].ipv6_cidr_block)
}
-output "intra_subnets_ipv6_cidr_blocks" {
- description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
- value = aws_subnet.intra.*.ipv6_cidr_block
+output "redshift_subnet_group" {
+ description = "ID of redshift subnet group"
+ value = try(aws_redshift_subnet_group.redshift[0].id, null)
}
-output "elasticache_subnet_group" {
- description = "ID of elasticache subnet group"
- value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0]
+output "redshift_route_table_ids" {
+ description = "List of IDs of redshift route tables"
+ value = length(local.redshift_route_table_ids) > 0 ? local.redshift_route_table_ids : (var.enable_public_redshift ? local.public_route_table_ids : local.private_route_table_ids)
}
-output "elasticache_subnet_group_name" {
- description = "Name of elasticache subnet group"
- value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0]
+output "redshift_route_table_association_ids" {
+ description = "List of IDs of the redshift route table association"
+ value = aws_route_table_association.redshift[*].id
}
-output "public_route_table_ids" {
- description = "List of IDs of public route tables"
- value = aws_route_table.public.*.id
+output "redshift_public_route_table_association_ids" {
+ description = "List of IDs of the public redshift route table association"
+ value = aws_route_table_association.redshift_public[*].id
}
-output "private_route_table_ids" {
- description = "List of IDs of private route tables"
- value = aws_route_table.private.*.id
+output "redshift_network_acl_id" {
+ description = "ID of the redshift network ACL"
+ value = try(aws_network_acl.redshift[0].id, null)
}
-output "database_route_table_ids" {
- description = "List of IDs of database route tables"
- value = length(aws_route_table.database.*.id) > 0 ? aws_route_table.database.*.id : aws_route_table.private.*.id
+output "redshift_network_acl_arn" {
+ description = "ARN of the redshift network ACL"
+ value = try(aws_network_acl.redshift[0].arn, null)
}
-output "redshift_route_table_ids" {
- description = "List of IDs of redshift route tables"
- value = length(aws_route_table.redshift.*.id) > 0 ? aws_route_table.redshift.*.id : (var.enable_public_redshift ? aws_route_table.public.*.id : aws_route_table.private.*.id)
+################################################################################
+# Elasticache Subnets
+################################################################################
+
+output "elasticache_subnets" {
+ description = "List of IDs of elasticache subnets"
+ value = aws_subnet.elasticache[*].id
}
-output "elasticache_route_table_ids" {
- description = "List of IDs of elasticache route tables"
- value = length(aws_route_table.elasticache.*.id) > 0 ? aws_route_table.elasticache.*.id : aws_route_table.private.*.id
+output "elasticache_subnet_arns" {
+ description = "List of ARNs of elasticache subnets"
+ value = aws_subnet.elasticache[*].arn
}
-output "intra_route_table_ids" {
- description = "List of IDs of intra route tables"
- value = aws_route_table.intra.*.id
+output "elasticache_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of elasticache subnets"
+ value = compact(aws_subnet.elasticache[*].cidr_block)
}
-output "public_internet_gateway_route_id" {
- description = "ID of the internet gateway route."
- value = concat(aws_route.public_internet_gateway.*.id, [""])[0]
+output "elasticache_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+ value = compact(aws_subnet.elasticache[*].ipv6_cidr_block)
}
-output "public_internet_gateway_ipv6_route_id" {
- description = "ID of the IPv6 internet gateway route."
- value = concat(aws_route.public_internet_gateway_ipv6.*.id, [""])[0]
+output "elasticache_subnet_group" {
+ description = "ID of elasticache subnet group"
+ value = try(aws_elasticache_subnet_group.elasticache[0].id, null)
}
-output "database_internet_gateway_route_id" {
- description = "ID of the database internet gateway route."
- value = concat(aws_route.database_internet_gateway.*.id, [""])[0]
+output "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ value = try(aws_elasticache_subnet_group.elasticache[0].name, null)
}
-output "database_nat_gateway_route_ids" {
- description = "List of IDs of the database nat gateway route."
- value = aws_route.database_nat_gateway.*.id
+output "elasticache_route_table_ids" {
+ description = "List of IDs of elasticache route tables"
+ value = try(coalescelist(aws_route_table.elasticache[*].id, local.private_route_table_ids), [])
}
-output "database_ipv6_egress_route_id" {
- description = "ID of the database IPv6 egress route."
- value = concat(aws_route.database_ipv6_egress.*.id, [""])[0]
+output "elasticache_route_table_association_ids" {
+ description = "List of IDs of the elasticache route table association"
+ value = aws_route_table_association.elasticache[*].id
}
-output "private_nat_gateway_route_ids" {
- description = "List of IDs of the private nat gateway route."
- value = aws_route.private_nat_gateway.*.id
+output "elasticache_network_acl_id" {
+ description = "ID of the elasticache network ACL"
+ value = try(aws_network_acl.elasticache[0].id, null)
}
-output "private_ipv6_egress_route_ids" {
- description = "List of IDs of the ipv6 egress route."
- value = aws_route.private_ipv6_egress.*.id
+output "elasticache_network_acl_arn" {
+ description = "ARN of the elasticache network ACL"
+ value = try(aws_network_acl.elasticache[0].arn, null)
}
-output "private_route_table_association_ids" {
- description = "List of IDs of the private route table association"
- value = aws_route_table_association.private.*.id
+################################################################################
+# Intra Subnets
+################################################################################
+
+output "intra_subnets" {
+ description = "List of IDs of intra subnets"
+ value = aws_subnet.intra[*].id
}
-output "database_route_table_association_ids" {
- description = "List of IDs of the database route table association"
- value = aws_route_table_association.database.*.id
+output "intra_subnet_arns" {
+ description = "List of ARNs of intra subnets"
+ value = aws_subnet.intra[*].arn
}
-output "redshift_route_table_association_ids" {
- description = "List of IDs of the redshift route table association"
- value = aws_route_table_association.redshift.*.id
+output "intra_subnets_cidr_blocks" {
+ description = "List of cidr_blocks of intra subnets"
+ value = compact(aws_subnet.intra[*].cidr_block)
}
-output "redshift_public_route_table_association_ids" {
- description = "List of IDs of the public redshidt route table association"
- value = aws_route_table_association.redshift_public.*.id
+output "intra_subnets_ipv6_cidr_blocks" {
+ description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+ value = compact(aws_subnet.intra[*].ipv6_cidr_block)
}
-output "elasticache_route_table_association_ids" {
- description = "List of IDs of the elasticache route table association"
- value = aws_route_table_association.elasticache.*.id
+output "intra_route_table_ids" {
+ description = "List of IDs of intra route tables"
+ value = aws_route_table.intra[*].id
}
output "intra_route_table_association_ids" {
description = "List of IDs of the intra route table association"
- value = aws_route_table_association.intra.*.id
+ value = aws_route_table_association.intra[*].id
}
-output "public_route_table_association_ids" {
- description = "List of IDs of the public route table association"
- value = aws_route_table_association.public.*.id
+output "intra_network_acl_id" {
+ description = "ID of the intra network ACL"
+ value = try(aws_network_acl.intra[0].id, null)
}
-output "dhcp_options_id" {
- description = "The ID of the DHCP options"
- value = concat(aws_vpc_dhcp_options.this.*.id, [""])[0]
+output "intra_network_acl_arn" {
+ description = "ARN of the intra network ACL"
+ value = try(aws_network_acl.intra[0].arn, null)
}
+################################################################################
+# NAT Gateway
+################################################################################
+
output "nat_ids" {
description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
- value = aws_eip.nat.*.id
+ value = aws_eip.nat[*].id
}
output "nat_public_ips" {
description = "List of public Elastic IPs created for AWS NAT Gateway"
- value = var.reuse_nat_ips ? var.external_nat_ips : aws_eip.nat.*.public_ip
+ value = var.reuse_nat_ips ? var.external_nat_ips : aws_eip.nat[*].public_ip
}
output "natgw_ids" {
description = "List of NAT Gateway IDs"
- value = aws_nat_gateway.this.*.id
-}
-
-output "igw_id" {
- description = "The ID of the Internet Gateway"
- value = concat(aws_internet_gateway.this.*.id, [""])[0]
+ value = aws_nat_gateway.this[*].id
}
-output "igw_arn" {
- description = "The ARN of the Internet Gateway"
- value = concat(aws_internet_gateway.this.*.arn, [""])[0]
-}
+################################################################################
+# Egress Only Gateway
+################################################################################
output "egress_only_internet_gateway_id" {
description = "The ID of the egress only Internet Gateway"
- value = concat(aws_egress_only_internet_gateway.this.*.id, [""])[0]
+ value = try(aws_egress_only_internet_gateway.this[0].id, null)
}
+################################################################################
+# Customer Gateway
+################################################################################
+
output "cgw_ids" {
description = "List of IDs of Customer Gateway"
value = [for k, v in aws_customer_gateway.this : v.id]
@@ -383,140 +512,81 @@ output "this_customer_gateway" {
value = aws_customer_gateway.this
}
+################################################################################
+# VPN Gateway
+################################################################################
+
output "vgw_id" {
description = "The ID of the VPN Gateway"
- value = concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, [""])[0]
+ value = try(aws_vpn_gateway.this[0].id, aws_vpn_gateway_attachment.this[0].vpn_gateway_id, null)
}
output "vgw_arn" {
description = "The ARN of the VPN Gateway"
- value = concat(aws_vpn_gateway.this.*.arn, [""])[0]
+ value = try(aws_vpn_gateway.this[0].arn, null)
}
+################################################################################
+# Default VPC
+################################################################################
+
output "default_vpc_id" {
description = "The ID of the Default VPC"
- value = concat(aws_default_vpc.this.*.id, [""])[0]
+ value = try(aws_default_vpc.this[0].id, null)
}
output "default_vpc_arn" {
description = "The ARN of the Default VPC"
- value = concat(aws_default_vpc.this.*.arn, [""])[0]
+ value = try(aws_default_vpc.this[0].arn, null)
}
output "default_vpc_cidr_block" {
description = "The CIDR block of the Default VPC"
- value = concat(aws_default_vpc.this.*.cidr_block, [""])[0]
+ value = try(aws_default_vpc.this[0].cidr_block, null)
}
output "default_vpc_default_security_group_id" {
description = "The ID of the security group created by default on Default VPC creation"
- value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0]
+ value = try(aws_default_vpc.this[0].default_security_group_id, null)
}
output "default_vpc_default_network_acl_id" {
description = "The ID of the default network ACL of the Default VPC"
- value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0]
+ value = try(aws_default_vpc.this[0].default_network_acl_id, null)
}
output "default_vpc_default_route_table_id" {
description = "The ID of the default route table of the Default VPC"
- value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0]
+ value = try(aws_default_vpc.this[0].default_route_table_id, null)
}
output "default_vpc_instance_tenancy" {
description = "Tenancy of instances spin up within Default VPC"
- value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0]
+ value = try(aws_default_vpc.this[0].instance_tenancy, null)
}
output "default_vpc_enable_dns_support" {
description = "Whether or not the Default VPC has DNS support"
- value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0]
+ value = try(aws_default_vpc.this[0].enable_dns_support, null)
}
output "default_vpc_enable_dns_hostnames" {
description = "Whether or not the Default VPC has DNS hostname support"
- value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0]
+ value = try(aws_default_vpc.this[0].enable_dns_hostnames, null)
}
output "default_vpc_main_route_table_id" {
description = "The ID of the main route table associated with the Default VPC"
- value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0]
-}
-
-output "public_network_acl_id" {
- description = "ID of the public network ACL"
- value = concat(aws_network_acl.public.*.id, [""])[0]
-}
-
-output "public_network_acl_arn" {
- description = "ARN of the public network ACL"
- value = concat(aws_network_acl.public.*.arn, [""])[0]
-}
-
-output "private_network_acl_id" {
- description = "ID of the private network ACL"
- value = concat(aws_network_acl.private.*.id, [""])[0]
+ value = try(aws_default_vpc.this[0].main_route_table_id, null)
}
-output "private_network_acl_arn" {
- description = "ARN of the private network ACL"
- value = concat(aws_network_acl.private.*.arn, [""])[0]
-}
+################################################################################
+# VPC Flow Log
+################################################################################
-output "outpost_network_acl_id" {
- description = "ID of the outpost network ACL"
- value = concat(aws_network_acl.outpost.*.id, [""])[0]
-}
-
-output "outpost_network_acl_arn" {
- description = "ARN of the outpost network ACL"
- value = concat(aws_network_acl.outpost.*.arn, [""])[0]
-}
-
-output "intra_network_acl_id" {
- description = "ID of the intra network ACL"
- value = concat(aws_network_acl.intra.*.id, [""])[0]
-}
-
-output "intra_network_acl_arn" {
- description = "ARN of the intra network ACL"
- value = concat(aws_network_acl.intra.*.arn, [""])[0]
-}
-
-output "database_network_acl_id" {
- description = "ID of the database network ACL"
- value = concat(aws_network_acl.database.*.id, [""])[0]
-}
-
-output "database_network_acl_arn" {
- description = "ARN of the database network ACL"
- value = concat(aws_network_acl.database.*.arn, [""])[0]
-}
-
-output "redshift_network_acl_id" {
- description = "ID of the redshift network ACL"
- value = concat(aws_network_acl.redshift.*.id, [""])[0]
-}
-
-output "redshift_network_acl_arn" {
- description = "ARN of the redshift network ACL"
- value = concat(aws_network_acl.redshift.*.arn, [""])[0]
-}
-
-output "elasticache_network_acl_id" {
- description = "ID of the elasticache network ACL"
- value = concat(aws_network_acl.elasticache.*.id, [""])[0]
-}
-
-output "elasticache_network_acl_arn" {
- description = "ARN of the elasticache network ACL"
- value = concat(aws_network_acl.elasticache.*.arn, [""])[0]
-}
-
-# VPC flow log
output "vpc_flow_log_id" {
description = "The ID of the Flow Log resource"
- value = concat(aws_flow_log.this.*.id, [""])[0]
+ value = try(aws_flow_log.this[0].id, null)
}
output "vpc_flow_log_destination_arn" {
@@ -534,7 +604,10 @@ output "vpc_flow_log_cloudwatch_iam_role_arn" {
value = local.flow_log_iam_role_arn
}
+################################################################################
# Static values (arguments)
+################################################################################
+
output "azs" {
description = "A list of availability zones specified as argument to this module"
value = var.azs
diff --git a/variables.tf b/variables.tf
index ddd592534..148ce3f19 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,7 @@
+################################################################################
+# VPC
+################################################################################
+
variable "create_vpc" {
description = "Controls if VPC should be created (it affects almost all resources)"
type = bool
@@ -11,801 +15,838 @@ variable "name" {
}
variable "cidr" {
- description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
+ description = "(Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id`"
type = string
- default = "0.0.0.0/0"
-}
-
-variable "enable_ipv6" {
- description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
- type = bool
- default = false
-}
-
-variable "private_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
- type = list(string)
- default = []
-}
-
-variable "public_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
- type = list(string)
- default = []
-}
-
-variable "outpost_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
- type = list(string)
- default = []
-}
-
-variable "database_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
- type = list(string)
- default = []
+ default = "10.0.0.0/16"
}
-variable "redshift_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+variable "secondary_cidr_blocks" {
+ description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
type = list(string)
default = []
}
-variable "elasticache_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
- type = list(string)
- default = []
+variable "instance_tenancy" {
+ description = "A tenancy option for instances launched into the VPC"
+ type = string
+ default = "default"
}
-variable "intra_subnet_ipv6_prefixes" {
- description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+variable "azs" {
+ description = "A list of availability zones names or ids in the region"
type = list(string)
default = []
}
-variable "assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+variable "enable_dns_hostnames" {
+ description = "Should be true to enable DNS hostnames in the VPC"
type = bool
- default = false
+ default = true
}
-variable "private_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+variable "enable_dns_support" {
+ description = "Should be true to enable DNS support in the VPC"
type = bool
- default = null
+ default = true
}
-variable "public_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+variable "enable_network_address_usage_metrics" {
+ description = "Determines whether network address usage metrics are enabled for the VPC"
type = bool
default = null
}
-variable "outpost_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+variable "use_ipam_pool" {
+ description = "Determines whether IPAM pool is used for CIDR allocation"
type = bool
- default = null
+ default = false
}
-variable "database_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
- type = bool
+variable "ipv4_ipam_pool_id" {
+ description = "(Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR"
+ type = string
default = null
}
-variable "redshift_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
- type = bool
+variable "ipv4_netmask_length" {
+ description = "(Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id"
+ type = number
default = null
}
-variable "elasticache_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
+variable "enable_ipv6" {
+ description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block"
type = bool
- default = null
+ default = false
}
-variable "intra_subnet_assign_ipv6_address_on_creation" {
- description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
- type = bool
+variable "ipv6_cidr" {
+ description = "(Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`"
+ type = string
default = null
}
-variable "secondary_cidr_blocks" {
- description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
- type = list(string)
- default = []
-}
-
-variable "instance_tenancy" {
- description = "A tenancy option for instances launched into the VPC"
+variable "ipv6_ipam_pool_id" {
+ description = "(Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`"
type = string
- default = "default"
+ default = null
}
-variable "public_subnet_suffix" {
- description = "Suffix to append to public subnets name"
- type = string
- default = "public"
+variable "ipv6_netmask_length" {
+ description = "(Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`"
+ type = number
+ default = null
}
-variable "private_subnet_suffix" {
- description = "Suffix to append to private subnets name"
+variable "ipv6_cidr_block_network_border_group" {
+ description = "By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones"
type = string
- default = "private"
+ default = null
}
-variable "outpost_subnet_suffix" {
- description = "Suffix to append to outpost subnets name"
- type = string
- default = "outpost"
+variable "vpc_tags" {
+ description = "Additional tags for the VPC"
+ type = map(string)
+ default = {}
}
-variable "intra_subnet_suffix" {
- description = "Suffix to append to intra subnets name"
- type = string
- default = "intra"
+variable "tags" {
+ description = "A map of tags to add to all resources"
+ type = map(string)
+ default = {}
}
-variable "database_subnet_suffix" {
- description = "Suffix to append to database subnets name"
- type = string
- default = "db"
-}
+################################################################################
+# DHCP Options Set
+################################################################################
-variable "redshift_subnet_suffix" {
- description = "Suffix to append to redshift subnets name"
- type = string
- default = "redshift"
+variable "enable_dhcp_options" {
+ description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
+ type = bool
+ default = false
}
-variable "elasticache_subnet_suffix" {
- description = "Suffix to append to elasticache subnets name"
+variable "dhcp_options_domain_name" {
+ description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
type = string
- default = "elasticache"
+ default = ""
}
-variable "public_subnets" {
- description = "A list of public subnets inside the VPC"
+variable "dhcp_options_domain_name_servers" {
+ description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
type = list(string)
- default = []
+ default = ["AmazonProvidedDNS"]
}
-variable "private_subnets" {
- description = "A list of private subnets inside the VPC"
+variable "dhcp_options_ntp_servers" {
+ description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = []
}
-variable "outpost_subnets" {
- description = "A list of outpost subnets inside the VPC"
+variable "dhcp_options_netbios_name_servers" {
+ description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
type = list(string)
default = []
}
-variable "database_subnets" {
- description = "A list of database subnets"
- type = list(string)
- default = []
+variable "dhcp_options_netbios_node_type" {
+ description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
+ type = string
+ default = ""
}
-variable "redshift_subnets" {
- description = "A list of redshift subnets"
- type = list(string)
- default = []
+variable "dhcp_options_tags" {
+ description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
+ type = map(string)
+ default = {}
}
-variable "elasticache_subnets" {
- description = "A list of elasticache subnets"
- type = list(string)
- default = []
-}
+################################################################################
+# Publiс Subnets
+################################################################################
-variable "intra_subnets" {
- description = "A list of intra subnets"
+variable "public_subnets" {
+ description = "A list of public subnets inside the VPC"
type = list(string)
default = []
}
-variable "create_database_subnet_route_table" {
- description = "Controls if separate route table for database should be created"
+variable "public_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
type = bool
default = false
}
-variable "create_redshift_subnet_route_table" {
- description = "Controls if separate route table for redshift should be created"
+variable "public_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
type = bool
- default = false
+ default = true
}
-variable "enable_public_redshift" {
- description = "Controls if redshift should have public routing table"
+variable "public_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
type = bool
- default = false
+ default = true
}
-variable "create_elasticache_subnet_route_table" {
- description = "Controls if separate route table for elasticache should be created"
+variable "public_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
type = bool
default = false
}
-variable "create_database_subnet_group" {
- description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
- type = bool
- default = true
-}
-
-variable "create_elasticache_subnet_group" {
- description = "Controls if elasticache subnet group should be created"
- type = bool
- default = true
+variable "public_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
}
-variable "create_redshift_subnet_group" {
- description = "Controls if redshift subnet group should be created"
+variable "public_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
type = bool
- default = true
+ default = false
}
-variable "create_database_internet_gateway_route" {
- description = "Controls if an internet gateway route for public database access should be created"
+variable "map_public_ip_on_launch" {
+ description = "Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false`"
type = bool
default = false
}
-variable "create_database_nat_gateway_route" {
- description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
- type = bool
- default = false
+variable "public_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
}
-variable "azs" {
- description = "A list of availability zones names or ids in the region"
+variable "public_subnet_names" {
+ description = "Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated"
type = list(string)
default = []
}
-variable "enable_dns_hostnames" {
- description = "Should be true to enable DNS hostnames in the VPC"
- type = bool
- default = false
+variable "public_subnet_suffix" {
+ description = "Suffix to append to public subnets name"
+ type = string
+ default = "public"
}
-variable "enable_dns_support" {
- description = "Should be true to enable DNS support in the VPC"
- type = bool
- default = true
+variable "public_subnet_tags" {
+ description = "Additional tags for the public subnets"
+ type = map(string)
+ default = {}
}
-variable "enable_classiclink" {
- description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic."
- type = bool
- default = null
+variable "public_subnet_tags_per_az" {
+ description = "Additional tags for the public subnets where the primary key is the AZ"
+ type = map(map(string))
+ default = {}
}
-variable "enable_classiclink_dns_support" {
- description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic."
- type = bool
- default = null
+variable "public_route_table_tags" {
+ description = "Additional tags for the public route tables"
+ type = map(string)
+ default = {}
}
-variable "enable_nat_gateway" {
- description = "Should be true if you want to provision NAT Gateways for each of your private networks"
- type = bool
- default = false
-}
+################################################################################
+# Public Network ACLs
+################################################################################
-variable "single_nat_gateway" {
- description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
+variable "public_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
type = bool
default = false
}
-variable "one_nat_gateway_per_az" {
- description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
- type = bool
- default = false
+variable "public_inbound_acl_rules" {
+ description = "Public subnets inbound network ACLs"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "reuse_nat_ips" {
- description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
- type = bool
- default = false
+variable "public_outbound_acl_rules" {
+ description = "Public subnets outbound network ACLs"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "external_nat_ip_ids" {
- description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
- type = list(string)
- default = []
+variable "public_acl_tags" {
+ description = "Additional tags for the public subnets network ACL"
+ type = map(string)
+ default = {}
}
-variable "external_nat_ips" {
- description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
+################################################################################
+# Private Subnets
+################################################################################
+
+variable "private_subnets" {
+ description = "A list of private subnets inside the VPC"
type = list(string)
default = []
}
-variable "map_public_ip_on_launch" {
- description = "Should be false if you do not want to auto-assign public IP on launch"
- type = bool
- default = true
-}
-
-variable "customer_gateways" {
- description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
- type = map(map(any))
- default = {}
-}
-
-variable "enable_vpn_gateway" {
- description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
+variable "private_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
type = bool
default = false
}
-variable "vpn_gateway_id" {
- description = "ID of VPN Gateway to attach to the VPC"
- type = string
- default = ""
-}
-
-variable "amazon_side_asn" {
- description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
- type = string
- default = "64512"
-}
-
-variable "vpn_gateway_az" {
- description = "The Availability Zone for the VPN Gateway"
- type = string
- default = null
+variable "private_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ type = bool
+ default = true
}
-variable "propagate_intra_route_tables_vgw" {
- description = "Should be true if you want route table propagation"
+variable "private_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
type = bool
- default = false
+ default = true
}
-variable "propagate_private_route_tables_vgw" {
- description = "Should be true if you want route table propagation"
+variable "private_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
type = bool
default = false
}
-variable "propagate_public_route_tables_vgw" {
- description = "Should be true if you want route table propagation"
- type = bool
- default = false
+variable "private_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
}
-variable "manage_default_route_table" {
- description = "Should be true to manage default route table"
+variable "private_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
type = bool
default = false
}
-variable "default_route_table_propagating_vgws" {
- description = "List of virtual gateways for propagation"
- type = list(string)
- default = []
+variable "private_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
}
-variable "default_route_table_routes" {
- description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
- type = list(map(string))
+variable "private_subnet_names" {
+ description = "Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated"
+ type = list(string)
default = []
}
-variable "default_route_table_tags" {
- description = "Additional tags for the default route table"
- type = map(string)
- default = {}
+variable "private_subnet_suffix" {
+ description = "Suffix to append to private subnets name"
+ type = string
+ default = "private"
}
-variable "tags" {
- description = "A map of tags to add to all resources"
+variable "private_subnet_tags" {
+ description = "Additional tags for the private subnets"
type = map(string)
default = {}
}
-variable "vpc_tags" {
- description = "Additional tags for the VPC"
- type = map(string)
+variable "private_subnet_tags_per_az" {
+ description = "Additional tags for the private subnets where the primary key is the AZ"
+ type = map(map(string))
default = {}
}
-variable "igw_tags" {
- description = "Additional tags for the internet gateway"
+variable "private_route_table_tags" {
+ description = "Additional tags for the private route tables"
type = map(string)
default = {}
}
-variable "public_subnet_tags" {
- description = "Additional tags for the public subnets"
- type = map(string)
- default = {}
-}
+################################################################################
+# Private Network ACLs
+################################################################################
-variable "private_subnet_tags" {
- description = "Additional tags for the private subnets"
- type = map(string)
- default = {}
+variable "private_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
+ type = bool
+ default = false
}
-variable "outpost_subnet_tags" {
- description = "Additional tags for the outpost subnets"
- type = map(string)
- default = {}
+variable "private_inbound_acl_rules" {
+ description = "Private subnets inbound network ACLs"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "public_route_table_tags" {
- description = "Additional tags for the public route tables"
- type = map(string)
- default = {}
+variable "private_outbound_acl_rules" {
+ description = "Private subnets outbound network ACLs"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "private_route_table_tags" {
- description = "Additional tags for the private route tables"
+variable "private_acl_tags" {
+ description = "Additional tags for the private subnets network ACL"
type = map(string)
default = {}
}
-variable "database_route_table_tags" {
- description = "Additional tags for the database route tables"
- type = map(string)
- default = {}
-}
+################################################################################
+# Database Subnets
+################################################################################
-variable "redshift_route_table_tags" {
- description = "Additional tags for the redshift route tables"
- type = map(string)
- default = {}
+variable "database_subnets" {
+ description = "A list of database subnets inside the VPC"
+ type = list(string)
+ default = []
}
-variable "elasticache_route_table_tags" {
- description = "Additional tags for the elasticache route tables"
- type = map(string)
- default = {}
+variable "database_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ type = bool
+ default = false
}
-variable "intra_route_table_tags" {
- description = "Additional tags for the intra route tables"
- type = map(string)
- default = {}
+variable "database_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ type = bool
+ default = true
}
-variable "database_subnet_group_name" {
- description = "Name of database subnet group"
- type = string
- default = null
+variable "database_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ type = bool
+ default = true
}
-variable "database_subnet_tags" {
- description = "Additional tags for the database subnets"
- type = map(string)
- default = {}
+variable "database_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ type = bool
+ default = false
}
-variable "database_subnet_group_tags" {
- description = "Additional tags for the database subnet group"
- type = map(string)
- default = {}
+variable "database_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
}
-variable "redshift_subnet_tags" {
- description = "Additional tags for the redshift subnets"
- type = map(string)
- default = {}
+variable "database_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ type = bool
+ default = false
}
-variable "redshift_subnet_group_name" {
- description = "Name of redshift subnet group"
+variable "database_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
type = string
default = null
}
-variable "redshift_subnet_group_tags" {
- description = "Additional tags for the redshift subnet group"
- type = map(string)
- default = {}
+variable "database_subnet_names" {
+ description = "Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated"
+ type = list(string)
+ default = []
}
-variable "elasticache_subnet_group_name" {
- description = "Name of elasticache subnet group"
+variable "database_subnet_suffix" {
+ description = "Suffix to append to database subnets name"
type = string
- default = null
+ default = "db"
}
-variable "elasticache_subnet_group_tags" {
- description = "Additional tags for the elasticache subnet group"
- type = map(string)
- default = {}
+variable "create_database_subnet_route_table" {
+ description = "Controls if separate route table for database should be created"
+ type = bool
+ default = false
}
-variable "elasticache_subnet_tags" {
- description = "Additional tags for the elasticache subnets"
- type = map(string)
- default = {}
+variable "create_database_internet_gateway_route" {
+ description = "Controls if an internet gateway route for public database access should be created"
+ type = bool
+ default = false
}
-variable "intra_subnet_tags" {
- description = "Additional tags for the intra subnets"
- type = map(string)
- default = {}
+variable "create_database_nat_gateway_route" {
+ description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
+ type = bool
+ default = false
}
-variable "public_acl_tags" {
- description = "Additional tags for the public subnets network ACL"
+variable "database_route_table_tags" {
+ description = "Additional tags for the database route tables"
type = map(string)
default = {}
}
-variable "private_acl_tags" {
- description = "Additional tags for the private subnets network ACL"
+variable "database_subnet_tags" {
+ description = "Additional tags for the database subnets"
type = map(string)
default = {}
}
-variable "outpost_acl_tags" {
- description = "Additional tags for the outpost subnets network ACL"
- type = map(string)
- default = {}
+variable "create_database_subnet_group" {
+ description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
+ type = bool
+ default = true
}
-variable "intra_acl_tags" {
- description = "Additional tags for the intra subnets network ACL"
- type = map(string)
- default = {}
+variable "database_subnet_group_name" {
+ description = "Name of database subnet group"
+ type = string
+ default = null
}
-variable "database_acl_tags" {
- description = "Additional tags for the database subnets network ACL"
+variable "database_subnet_group_tags" {
+ description = "Additional tags for the database subnet group"
type = map(string)
default = {}
}
-variable "redshift_acl_tags" {
- description = "Additional tags for the redshift subnets network ACL"
- type = map(string)
- default = {}
-}
+################################################################################
+# Database Network ACLs
+################################################################################
-variable "elasticache_acl_tags" {
- description = "Additional tags for the elasticache subnets network ACL"
- type = map(string)
- default = {}
+variable "database_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
+ type = bool
+ default = false
}
-variable "dhcp_options_tags" {
- description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
- type = map(string)
- default = {}
+variable "database_inbound_acl_rules" {
+ description = "Database subnets inbound network ACL rules"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "nat_gateway_tags" {
- description = "Additional tags for the NAT gateways"
- type = map(string)
- default = {}
+variable "database_outbound_acl_rules" {
+ description = "Database subnets outbound network ACL rules"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "nat_eip_tags" {
- description = "Additional tags for the NAT EIP"
+variable "database_acl_tags" {
+ description = "Additional tags for the database subnets network ACL"
type = map(string)
default = {}
}
-variable "customer_gateway_tags" {
- description = "Additional tags for the Customer Gateway"
- type = map(string)
- default = {}
+################################################################################
+# Redshift Subnets
+################################################################################
+
+variable "redshift_subnets" {
+ description = "A list of redshift subnets inside the VPC"
+ type = list(string)
+ default = []
}
-variable "vpn_gateway_tags" {
- description = "Additional tags for the VPN gateway"
- type = map(string)
- default = {}
+variable "redshift_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ type = bool
+ default = false
}
-variable "vpc_flow_log_tags" {
- description = "Additional tags for the VPC Flow Logs"
- type = map(string)
- default = {}
+variable "redshift_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ type = bool
+ default = true
}
-variable "vpc_flow_log_permissions_boundary" {
- description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
- type = string
- default = null
+variable "redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ type = bool
+ default = true
}
-variable "enable_dhcp_options" {
- description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
+variable "redshift_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
type = bool
default = false
}
-variable "dhcp_options_domain_name" {
- description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
- type = string
- default = ""
+variable "redshift_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
}
-variable "dhcp_options_domain_name_servers" {
- description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
- type = list(string)
- default = ["AmazonProvidedDNS"]
+variable "redshift_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ type = bool
+ default = false
}
-variable "dhcp_options_ntp_servers" {
- description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
- type = list(string)
- default = []
+variable "redshift_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
}
-variable "dhcp_options_netbios_name_servers" {
- description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
+variable "redshift_subnet_names" {
+ description = "Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated"
type = list(string)
default = []
}
-variable "dhcp_options_netbios_node_type" {
- description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
+variable "redshift_subnet_suffix" {
+ description = "Suffix to append to redshift subnets name"
type = string
- default = ""
+ default = "redshift"
}
-variable "manage_default_vpc" {
- description = "Should be true to adopt and manage Default VPC"
+variable "enable_public_redshift" {
+ description = "Controls if redshift should have public routing table"
type = bool
default = false
}
-variable "default_vpc_name" {
- description = "Name to be used on the Default VPC"
- type = string
- default = ""
+variable "create_redshift_subnet_route_table" {
+ description = "Controls if separate route table for redshift should be created"
+ type = bool
+ default = false
}
-variable "default_vpc_enable_dns_support" {
- description = "Should be true to enable DNS support in the Default VPC"
- type = bool
- default = true
+variable "redshift_route_table_tags" {
+ description = "Additional tags for the redshift route tables"
+ type = map(string)
+ default = {}
}
-variable "default_vpc_enable_dns_hostnames" {
- description = "Should be true to enable DNS hostnames in the Default VPC"
- type = bool
- default = false
+variable "redshift_subnet_tags" {
+ description = "Additional tags for the redshift subnets"
+ type = map(string)
+ default = {}
}
-variable "default_vpc_enable_classiclink" {
- description = "Should be true to enable ClassicLink in the Default VPC"
+variable "create_redshift_subnet_group" {
+ description = "Controls if redshift subnet group should be created"
type = bool
- default = false
+ default = true
}
-variable "default_vpc_tags" {
- description = "Additional tags for the Default VPC"
+variable "redshift_subnet_group_name" {
+ description = "Name of redshift subnet group"
+ type = string
+ default = null
+}
+
+variable "redshift_subnet_group_tags" {
+ description = "Additional tags for the redshift subnet group"
type = map(string)
default = {}
}
-variable "manage_default_network_acl" {
- description = "Should be true to adopt and manage Default Network ACL"
+################################################################################
+# Redshift Network ACLs
+################################################################################
+
+variable "redshift_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
type = bool
default = false
}
-variable "default_network_acl_name" {
- description = "Name to be used on the Default Network ACL"
- type = string
- default = ""
+variable "redshift_inbound_acl_rules" {
+ description = "Redshift subnets inbound network ACL rules"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
}
-variable "default_network_acl_tags" {
- description = "Additional tags for the Default Network ACL"
+variable "redshift_outbound_acl_rules" {
+ description = "Redshift subnets outbound network ACL rules"
+ type = list(map(string))
+ default = [
+ {
+ rule_number = 100
+ rule_action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ ]
+}
+
+variable "redshift_acl_tags" {
+ description = "Additional tags for the redshift subnets network ACL"
type = map(string)
default = {}
}
-variable "public_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
- type = bool
- default = false
+################################################################################
+# Elasticache Subnets
+################################################################################
+
+variable "elasticache_subnets" {
+ description = "A list of elasticache subnets inside the VPC"
+ type = list(string)
+ default = []
}
-variable "private_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
+variable "elasticache_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
type = bool
default = false
}
-variable "outpost_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets"
+variable "elasticache_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
type = bool
- default = false
+ default = true
}
-variable "intra_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
+variable "elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
type = bool
- default = false
+ default = true
}
-variable "database_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
+variable "elasticache_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
type = bool
default = false
}
-variable "redshift_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
- type = bool
- default = false
+variable "elasticache_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
}
-variable "elasticache_dedicated_network_acl" {
- description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
+variable "elasticache_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
type = bool
default = false
}
-variable "default_network_acl_ingress" {
- description = "List of maps of ingress rules to set on the Default Network ACL"
- type = list(map(string))
+variable "elasticache_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
+}
- default = [
- {
- rule_no = 100
- action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- {
- rule_no = 101
- action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- ipv6_cidr_block = "::/0"
- },
- ]
+variable "elasticache_subnet_names" {
+ description = "Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated"
+ type = list(string)
+ default = []
}
-variable "default_network_acl_egress" {
- description = "List of maps of egress rules to set on the Default Network ACL"
- type = list(map(string))
+variable "elasticache_subnet_suffix" {
+ description = "Suffix to append to elasticache subnets name"
+ type = string
+ default = "elasticache"
+}
- default = [
- {
- rule_no = 100
- action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- {
- rule_no = 101
- action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- ipv6_cidr_block = "::/0"
- },
- ]
+variable "elasticache_subnet_tags" {
+ description = "Additional tags for the elasticache subnets"
+ type = map(string)
+ default = {}
}
-variable "public_inbound_acl_rules" {
- description = "Public subnets inbound network ACLs"
- type = list(map(string))
+variable "create_elasticache_subnet_route_table" {
+ description = "Controls if separate route table for elasticache should be created"
+ type = bool
+ default = false
+}
+
+variable "elasticache_route_table_tags" {
+ description = "Additional tags for the elasticache route tables"
+ type = map(string)
+ default = {}
+}
+
+variable "create_elasticache_subnet_group" {
+ description = "Controls if elasticache subnet group should be created"
+ type = bool
+ default = true
+}
+
+variable "elasticache_subnet_group_name" {
+ description = "Name of elasticache subnet group"
+ type = string
+ default = null
+}
+variable "elasticache_subnet_group_tags" {
+ description = "Additional tags for the elasticache subnet group"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Elasticache Network ACLs
+################################################################################
+
+variable "elasticache_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
+ type = bool
+ default = false
+}
+
+variable "elasticache_inbound_acl_rules" {
+ description = "Elasticache subnets inbound network ACL rules"
+ type = list(map(string))
default = [
{
rule_number = 100
@@ -818,10 +859,9 @@ variable "public_inbound_acl_rules" {
]
}
-variable "public_outbound_acl_rules" {
- description = "Public subnets outbound network ACLs"
+variable "elasticache_outbound_acl_rules" {
+ description = "Elasticache subnets outbound network ACL rules"
type = list(map(string))
-
default = [
{
rule_number = 100
@@ -834,10 +874,101 @@ variable "public_outbound_acl_rules" {
]
}
-variable "private_inbound_acl_rules" {
- description = "Private subnets inbound network ACLs"
- type = list(map(string))
+variable "elasticache_acl_tags" {
+ description = "Additional tags for the elasticache subnets network ACL"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Intra Subnets
+################################################################################
+
+variable "intra_subnets" {
+ description = "A list of intra subnets inside the VPC"
+ type = list(string)
+ default = []
+}
+
+variable "intra_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ type = bool
+ default = false
+}
+
+variable "intra_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ type = bool
+ default = true
+}
+
+variable "intra_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ type = bool
+ default = true
+}
+
+variable "intra_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ type = bool
+ default = false
+}
+
+variable "intra_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
+}
+
+variable "intra_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ type = bool
+ default = false
+}
+
+variable "intra_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
+}
+
+variable "intra_subnet_names" {
+ description = "Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated"
+ type = list(string)
+ default = []
+}
+variable "intra_subnet_suffix" {
+ description = "Suffix to append to intra subnets name"
+ type = string
+ default = "intra"
+}
+
+variable "intra_subnet_tags" {
+ description = "Additional tags for the intra subnets"
+ type = map(string)
+ default = {}
+}
+
+variable "intra_route_table_tags" {
+ description = "Additional tags for the intra route tables"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Intra Network ACLs
+################################################################################
+
+variable "intra_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
+ type = bool
+ default = false
+}
+
+variable "intra_inbound_acl_rules" {
+ description = "Intra subnets inbound network ACLs"
+ type = list(map(string))
default = [
{
rule_number = 100
@@ -850,10 +981,9 @@ variable "private_inbound_acl_rules" {
]
}
-variable "private_outbound_acl_rules" {
- description = "Private subnets outbound network ACLs"
+variable "intra_outbound_acl_rules" {
+ description = "Intra subnets outbound network ACLs"
type = list(map(string))
-
default = [
{
rule_number = 100
@@ -866,10 +996,119 @@ variable "private_outbound_acl_rules" {
]
}
+variable "intra_acl_tags" {
+ description = "Additional tags for the intra subnets network ACL"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Outpost Subnets
+################################################################################
+
+variable "outpost_subnets" {
+ description = "A list of outpost subnets inside the VPC"
+ type = list(string)
+ default = []
+}
+
+variable "outpost_subnet_assign_ipv6_address_on_creation" {
+ description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`"
+ type = bool
+ default = false
+}
+
+variable "outpost_az" {
+ description = "AZ where Outpost is anchored"
+ type = string
+ default = null
+}
+
+variable "customer_owned_ipv4_pool" {
+ description = "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured"
+ type = string
+ default = null
+}
+
+variable "outpost_subnet_enable_dns64" {
+ description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`"
+ type = bool
+ default = true
+}
+
+variable "outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`"
+ type = bool
+ default = true
+}
+
+variable "outpost_subnet_enable_resource_name_dns_a_record_on_launch" {
+ description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`"
+ type = bool
+ default = false
+}
+
+variable "outpost_subnet_ipv6_prefixes" {
+ description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
+ type = list(string)
+ default = []
+}
+
+variable "outpost_subnet_ipv6_native" {
+ description = "Indicates whether to create an IPv6-only subnet. Default: `false`"
+ type = bool
+ default = false
+}
+
+variable "map_customer_owned_ip_on_launch" {
+ description = "Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`"
+ type = bool
+ default = false
+}
+
+variable "outpost_arn" {
+ description = "ARN of Outpost you want to create a subnet in"
+ type = string
+ default = null
+}
+
+variable "outpost_subnet_private_dns_hostname_type_on_launch" {
+ description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`"
+ type = string
+ default = null
+}
+
+variable "outpost_subnet_names" {
+ description = "Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated"
+ type = list(string)
+ default = []
+}
+
+variable "outpost_subnet_suffix" {
+ description = "Suffix to append to outpost subnets name"
+ type = string
+ default = "outpost"
+}
+
+variable "outpost_subnet_tags" {
+ description = "Additional tags for the outpost subnets"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Outpost Network ACLs
+################################################################################
+
+variable "outpost_dedicated_network_acl" {
+ description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets"
+ type = bool
+ default = false
+}
+
variable "outpost_inbound_acl_rules" {
description = "Outpost subnets inbound network ACLs"
type = list(map(string))
-
default = [
{
rule_number = 100
@@ -885,7 +1124,6 @@ variable "outpost_inbound_acl_rules" {
variable "outpost_outbound_acl_rules" {
description = "Outpost subnets outbound network ACLs"
type = list(map(string))
-
default = [
{
rule_number = 100
@@ -898,256 +1136,444 @@ variable "outpost_outbound_acl_rules" {
]
}
-variable "intra_inbound_acl_rules" {
- description = "Intra subnets inbound network ACLs"
- type = list(map(string))
+variable "outpost_acl_tags" {
+ description = "Additional tags for the outpost subnets network ACL"
+ type = map(string)
+ default = {}
+}
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+################################################################################
+# Internet Gateway
+################################################################################
+
+variable "create_igw" {
+ description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them"
+ type = bool
+ default = true
+}
+
+variable "create_egress_only_igw" {
+ description = "Controls if an Egress Only Internet Gateway is created and its related routes"
+ type = bool
+ default = true
+}
+
+variable "igw_tags" {
+ description = "Additional tags for the internet gateway"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# NAT Gateway
+################################################################################
+
+variable "enable_nat_gateway" {
+ description = "Should be true if you want to provision NAT Gateways for each of your private networks"
+ type = bool
+ default = false
+}
+
+variable "nat_gateway_destination_cidr_block" {
+ description = "Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route"
+ type = string
+ default = "0.0.0.0/0"
+}
+
+variable "single_nat_gateway" {
+ description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
+ type = bool
+ default = false
+}
+
+variable "one_nat_gateway_per_az" {
+ description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`"
+ type = bool
+ default = false
+}
+
+variable "reuse_nat_ips" {
+ description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
+ type = bool
+ default = false
+}
+
+variable "external_nat_ip_ids" {
+ description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
+ type = list(string)
+ default = []
+}
+
+variable "external_nat_ips" {
+ description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
+ type = list(string)
+ default = []
+}
+
+variable "nat_gateway_tags" {
+ description = "Additional tags for the NAT gateways"
+ type = map(string)
+ default = {}
+}
+
+variable "nat_eip_tags" {
+ description = "Additional tags for the NAT EIP"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Customer Gateways
+################################################################################
+
+variable "customer_gateways" {
+ description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
+ type = map(map(any))
+ default = {}
+}
+
+variable "customer_gateway_tags" {
+ description = "Additional tags for the Customer Gateway"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# VPN Gateway
+################################################################################
+
+variable "enable_vpn_gateway" {
+ description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
+ type = bool
+ default = false
+}
+
+variable "vpn_gateway_id" {
+ description = "ID of VPN Gateway to attach to the VPC"
+ type = string
+ default = ""
+}
+
+variable "amazon_side_asn" {
+ description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN"
+ type = string
+ default = "64512"
+}
+
+variable "vpn_gateway_az" {
+ description = "The Availability Zone for the VPN Gateway"
+ type = string
+ default = null
+}
+
+variable "propagate_intra_route_tables_vgw" {
+ description = "Should be true if you want route table propagation"
+ type = bool
+ default = false
+}
+
+variable "propagate_private_route_tables_vgw" {
+ description = "Should be true if you want route table propagation"
+ type = bool
+ default = false
+}
+
+variable "propagate_public_route_tables_vgw" {
+ description = "Should be true if you want route table propagation"
+ type = bool
+ default = false
+}
+
+variable "vpn_gateway_tags" {
+ description = "Additional tags for the VPN gateway"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Default VPC
+################################################################################
+
+variable "manage_default_vpc" {
+ description = "Should be true to adopt and manage Default VPC"
+ type = bool
+ default = false
+}
+
+variable "default_vpc_name" {
+ description = "Name to be used on the Default VPC"
+ type = string
+ default = null
+}
+
+variable "default_vpc_enable_dns_support" {
+ description = "Should be true to enable DNS support in the Default VPC"
+ type = bool
+ default = true
+}
+
+variable "default_vpc_enable_dns_hostnames" {
+ description = "Should be true to enable DNS hostnames in the Default VPC"
+ type = bool
+ default = true
+}
+
+variable "default_vpc_tags" {
+ description = "Additional tags for the Default VPC"
+ type = map(string)
+ default = {}
}
-variable "intra_outbound_acl_rules" {
- description = "Intra subnets outbound network ACLs"
- type = list(map(string))
+variable "manage_default_security_group" {
+ description = "Should be true to adopt and manage default security group"
+ type = bool
+ default = true
+}
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+variable "default_security_group_name" {
+ description = "Name to be used on the default security group"
+ type = string
+ default = null
}
-variable "database_inbound_acl_rules" {
- description = "Database subnets inbound network ACL rules"
+variable "default_security_group_ingress" {
+ description = "List of maps of ingress rules to set on the default security group"
type = list(map(string))
-
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+ default = []
}
-variable "database_outbound_acl_rules" {
- description = "Database subnets outbound network ACL rules"
+variable "default_security_group_egress" {
+ description = "List of maps of egress rules to set on the default security group"
type = list(map(string))
+ default = []
+}
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+variable "default_security_group_tags" {
+ description = "Additional tags for the default security group"
+ type = map(string)
+ default = {}
}
-variable "redshift_inbound_acl_rules" {
- description = "Redshift subnets inbound network ACL rules"
- type = list(map(string))
+################################################################################
+# Default Network ACLs
+################################################################################
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+variable "manage_default_network_acl" {
+ description = "Should be true to adopt and manage Default Network ACL"
+ type = bool
+ default = true
}
-variable "redshift_outbound_acl_rules" {
- description = "Redshift subnets outbound network ACL rules"
- type = list(map(string))
-
- default = [
- {
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
- },
- ]
+variable "default_network_acl_name" {
+ description = "Name to be used on the Default Network ACL"
+ type = string
+ default = null
}
-variable "elasticache_inbound_acl_rules" {
- description = "Elasticache subnets inbound network ACL rules"
+variable "default_network_acl_ingress" {
+ description = "List of maps of ingress rules to set on the Default Network ACL"
type = list(map(string))
-
default = [
{
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
+ rule_no = 100
+ action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ {
+ rule_no = 101
+ action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ ipv6_cidr_block = "::/0"
},
]
}
-variable "elasticache_outbound_acl_rules" {
- description = "Elasticache subnets outbound network ACL rules"
+variable "default_network_acl_egress" {
+ description = "List of maps of egress rules to set on the Default Network ACL"
type = list(map(string))
-
default = [
{
- rule_number = 100
- rule_action = "allow"
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_block = "0.0.0.0/0"
+ rule_no = 100
+ action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_block = "0.0.0.0/0"
+ },
+ {
+ rule_no = 101
+ action = "allow"
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ ipv6_cidr_block = "::/0"
},
]
}
-variable "manage_default_security_group" {
- description = "Should be true to adopt and manage default security group"
- type = bool
- default = false
+variable "default_network_acl_tags" {
+ description = "Additional tags for the Default Network ACL"
+ type = map(string)
+ default = {}
}
-variable "default_security_group_name" {
- description = "Name to be used on the default security group"
- type = string
- default = "default"
+################################################################################
+# Default Route
+################################################################################
+
+variable "manage_default_route_table" {
+ description = "Should be true to manage default route table"
+ type = bool
+ default = true
}
-variable "default_security_group_ingress" {
- description = "List of maps of ingress rules to set on the default security group"
- type = list(map(string))
+variable "default_route_table_name" {
+ description = "Name to be used on the default route table"
+ type = string
default = null
}
-variable "enable_flow_log" {
- description = "Whether or not to enable VPC Flow Logs"
- type = bool
- default = false
+variable "default_route_table_propagating_vgws" {
+ description = "List of virtual gateways for propagation"
+ type = list(string)
+ default = []
}
-variable "default_security_group_egress" {
- description = "List of maps of egress rules to set on the default security group"
+variable "default_route_table_routes" {
+ description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
type = list(map(string))
- default = null
+ default = []
}
-variable "default_security_group_tags" {
- description = "Additional tags for the default security group"
+variable "default_route_table_tags" {
+ description = "Additional tags for the default route table"
type = map(string)
default = {}
}
-variable "create_flow_log_cloudwatch_log_group" {
- description = "Whether to create CloudWatch log group for VPC Flow Logs"
+################################################################################
+# Flow Log
+################################################################################
+
+variable "enable_flow_log" {
+ description = "Whether or not to enable VPC Flow Logs"
type = bool
default = false
}
-variable "create_flow_log_cloudwatch_iam_role" {
- description = "Whether to create IAM role for VPC Flow Logs"
- type = bool
- default = false
+variable "vpc_flow_log_permissions_boundary" {
+ description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
+ type = string
+ default = null
+}
+
+variable "flow_log_max_aggregation_interval" {
+ description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds"
+ type = number
+ default = 600
}
variable "flow_log_traffic_type" {
- description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
+ description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL"
type = string
default = "ALL"
}
variable "flow_log_destination_type" {
- description = "Type of flow log destination. Can be s3 or cloud-watch-logs."
+ description = "Type of flow log destination. Can be s3 or cloud-watch-logs"
type = string
default = "cloud-watch-logs"
}
variable "flow_log_log_format" {
- description = "The fields to include in the flow log record, in the order in which they should appear."
+ description = "The fields to include in the flow log record, in the order in which they should appear"
type = string
default = null
}
variable "flow_log_destination_arn" {
- description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
+ description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided"
type = string
default = ""
}
-variable "flow_log_cloudwatch_iam_role_arn" {
- description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
+variable "flow_log_file_format" {
+ description = "(Optional) The format for the flow log. Valid values: `plain-text`, `parquet`"
type = string
- default = ""
+ default = null
}
-variable "flow_log_cloudwatch_log_group_name_prefix" {
- description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
- type = string
- default = "/aws/vpc-flow-log/"
+variable "flow_log_hive_compatible_partitions" {
+ description = "(Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3"
+ type = bool
+ default = false
}
-variable "flow_log_cloudwatch_log_group_retention_in_days" {
- description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
- type = number
- default = null
+variable "flow_log_per_hour_partition" {
+ description = "(Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries"
+ type = bool
+ default = false
}
-variable "flow_log_cloudwatch_log_group_kms_key_id" {
- description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs."
- type = string
- default = null
+variable "vpc_flow_log_tags" {
+ description = "Additional tags for the VPC Flow Logs"
+ type = map(string)
+ default = {}
}
-variable "flow_log_max_aggregation_interval" {
- description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
- type = number
- default = 600
-}
+################################################################################
+# Flow Log CloudWatch
+################################################################################
-variable "create_igw" {
- description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them."
+variable "create_flow_log_cloudwatch_log_group" {
+ description = "Whether to create CloudWatch log group for VPC Flow Logs"
type = bool
- default = true
+ default = false
}
-variable "create_egress_only_igw" {
- description = "Controls if an Egress Only Internet Gateway is created and its related routes."
+variable "create_flow_log_cloudwatch_iam_role" {
+ description = "Whether to create IAM role for VPC Flow Logs"
type = bool
- default = true
+ default = false
}
-variable "outpost_arn" {
- description = "ARN of Outpost you want to create a subnet in."
+variable "flow_log_cloudwatch_iam_role_arn" {
+ description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided"
+ type = string
+ default = ""
+}
+
+variable "flow_log_cloudwatch_log_group_name_prefix" {
+ description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs"
+ type = string
+ default = "/aws/vpc-flow-log/"
+}
+
+variable "flow_log_cloudwatch_log_group_name_suffix" {
+ description = "Specifies the name suffix of CloudWatch Log Group for VPC flow logs"
type = string
+ default = ""
+}
+
+variable "flow_log_cloudwatch_log_group_retention_in_days" {
+ description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs"
+ type = number
default = null
}
-variable "outpost_az" {
- description = "AZ where Outpost is anchored."
+variable "flow_log_cloudwatch_log_group_kms_key_id" {
+ description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs"
type = string
default = null
}
+
+variable "putin_khuylo" {
+ description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ type = bool
+ default = true
+}
diff --git a/versions.tf b/versions.tf
index 506304126..ddfcb0e05 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.12.31"
+ required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.38"
+ version = ">= 5.0"
}
}
}
diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index c765be0fc..ac9f25758 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -5,8 +5,9 @@ locals {
create_flow_log_cloudwatch_iam_role = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role
create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group
- flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? aws_cloudwatch_log_group.flow_log[0].arn : var.flow_log_destination_arn
- flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn
+ flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
+ flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
+ flow_log_cloudwatch_log_group_name_suffix = var.flow_log_cloudwatch_log_group_name_suffix == "" ? local.vpc_id : var.flow_log_cloudwatch_log_group_name_suffix
}
################################################################################
@@ -24,6 +25,16 @@ resource "aws_flow_log" "this" {
vpc_id = local.vpc_id
max_aggregation_interval = var.flow_log_max_aggregation_interval
+ dynamic "destination_options" {
+ for_each = var.flow_log_destination_type == "s3" ? [true] : []
+
+ content {
+ file_format = var.flow_log_file_format
+ hive_compatible_partitions = var.flow_log_hive_compatible_partitions
+ per_hour_partition = var.flow_log_per_hour_partition
+ }
+ }
+
tags = merge(var.tags, var.vpc_flow_log_tags)
}
@@ -34,7 +45,7 @@ resource "aws_flow_log" "this" {
resource "aws_cloudwatch_log_group" "flow_log" {
count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
- name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.vpc_id}"
+ name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}"
retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id
@@ -80,6 +91,7 @@ resource "aws_iam_policy" "vpc_flow_log_cloudwatch" {
name_prefix = "vpc-flow-log-to-cloudwatch-"
policy = data.aws_iam_policy_document.vpc_flow_log_cloudwatch[0].json
+ tags = merge(var.tags, var.vpc_flow_log_tags)
}
data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" {