diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md new file mode 100644 index 000000000..389f9114a --- /dev/null +++ b/.chglog/CHANGELOG.tpl.md @@ -0,0 +1,51 @@ +{{ if .Versions -}} + +## [Unreleased] +{{ if .Unreleased.CommitGroups -}} +{{ range .Unreleased.CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Unreleased.Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ end -}} + +{{ range .Versions }} + +## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }} +{{ if .CommitGroups -}} +{{ range .CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} + +{{- if .NoteGroups -}} +{{ range .NoteGroups -}} +### {{ .Title }} +{{ range .Notes }} +{{ .Body }} +{{ end }} +{{ end -}} +{{ end -}} +{{ end -}} + +{{- if .Versions }} +[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD +{{ range .Versions -}} +{{ if .Tag.Previous -}} +[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }} +{{ end -}} +{{ end -}} +{{ end -}} \ No newline at end of file diff --git a/.chglog/config.yml b/.chglog/config.yml new file mode 100644 index 000000000..5c3fa357c --- /dev/null +++ b/.chglog/config.yml @@ -0,0 +1,10 @@ +style: github +template: CHANGELOG.tpl.md +info: + title: CHANGELOG + repository_url: https://github.com/terraform-aws-modules/terraform-aws-vpc +options: + header: + pattern: "^(.*)$" + pattern_maps: + - Subject diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c8df55229..c8299b7a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.7.2 + rev: v1.8.1 hooks: - id: terraform_fmt - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v1.2.3 + rev: v2.1.0 hooks: - id: check-merge-conflict diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 000000000..40a4af6bd --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,532 @@ + +## [Unreleased] + + + + +## [v1.57.0] - 2019-02-21 + +- Added CHANGELOG.md ([#221](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/221)) + + + +## [v1.56.0] - 2019-02-21 + +- Added intra subnet suffix. ([#220](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/220)) + + + +## [v1.55.0] - 2019-02-14 + +- Fixed formatting after [#213](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/213) +- Merge pull request [#213](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/213) from michieldhadamus/ecr-endpoints +- Added subnet ids to ecr endpoints +- Added option to create ECR api and dkr endpoints + + + +## [v1.54.0] - 2019-02-14 + +- Fixed formatting after [#205](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/205) +- Merge pull request [#205](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/205) from tbugfinder/extend_endpoints +- switch to terraform-docs v0.6.0 +- add files updated by pre-commit +- add additional endpoints to examples +- fix typo +- add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm. +- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1) from terraform-aws-modules/master + + + +## [v1.53.0] - 2019-01-18 + +- Reordered vars in count for database_nat_gateway route +- Merge pull request [#201](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/201) from ebarault/feat/database-route-to-natgw +- adding option to create a route to nat gateway in database subnets + + + +## [v1.52.0] - 2019-01-17 + +- Merge pull request [#202](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/202) from terraform-aws-modules/ssm_and_ec2_vpc_endpoints +- Added SSM and EC2 VPC endpoints (fixes [#195](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/195), [#194](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/194)) + + + +## [v1.51.0] - 2019-01-10 + +- Merge pull request [#199](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/199) from terraform-aws-modules/elasticache_subnet_group +- Added possibility to control creation of elasticache and redshift subnet groups + + + +## [v1.50.0] - 2018-12-27 + +- Added azs to outputs which is an argument + + + +## [v1.49.0] - 2018-12-12 + +- Merge pull request [#191](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/191) from terraform-aws-modules/feature-db-igw-public-access +- Reverted complete-example +- Added IGW route for DB subnets (based on [#179](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/179)) + + + +## [v1.48.0] - 2018-12-11 + +- Updated pre-commit version with new terraform-docs script + + + +## [v1.47.0] - 2018-12-11 + +- Merge pull request [#181](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/181) from Miyurz/fix/redshift-name-issue +- Fix for the error: module.vpc.aws_redshift_subnet_group.redshift: only lowercase alphanumeric characters and hyphens allowed in name + + + +## [v1.46.0] - 2018-10-06 + +- Fixed [#177](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/177) - public_subnets should not always be validated + + + +## [v1.45.0] - 2018-10-01 + +- Updated README.md after merge +- Added amazon_side_asn to vpn_gateway ([#159](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/159)) + + + +## [v1.44.0] - 2018-09-18 + +- Reordering tag merging ([#148](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/148)) + + + +## [v1.43.2] - 2018-09-17 + +- Updated link to cloudcraft + + + +## [v1.43.1] - 2018-09-17 + +- Updated link to cloudcraft + + + +## [v1.43.0] - 2018-09-16 + +- Removed comments starting from # to fix README +- Added cloudcraft.co as a sponsor for this module +- Added cloudcraft.co as a sponsor for this module + + + +## [v1.42.0] - 2018-09-14 + +- add vars for custom subnet and route table names ([#168](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/168)) + + + +## [v1.41.0] - 2018-09-04 + +- Add secondary CIDR block support ([#163](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/163)) + + + +## [v1.40.0] - 2018-08-19 + +- Removed IPv6 from outputs (fixed [#157](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/157)) ([#158](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/158)) + + + +## [v1.39.0] - 2018-08-19 + +- Add minimum support for IPv6 to VPC ([#156](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/156)) + + + +## [v1.38.0] - 2018-08-18 + +- Provide separate route tables for db/elasticache/redshift ([#155](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/155)) +- Fixing typo overriden -> overridden ([#150](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/150)) + + + +## [v1.37.0] - 2018-06-22 + +- Removed obsolete default_route_table_tags (fixed [#146](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/146)) + + + +## [v1.36.0] - 2018-06-20 + +- Allow tags override for all resources (fix for [#138](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/138)) ([#145](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/145)) + + + +## [v1.35.0] - 2018-06-20 + +- Updated README after [#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141) +- Add `nat_gateway_tags` input ([#141](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/141)) + + + +## [v1.34.0] - 2018-06-05 + +- Fixed creation of aws_vpc_endpoint_route_table_association when intra_subnets are not set (fixes 137) + + + +## [v1.33.0] - 2018-06-04 + +- Added missing route_table for intra_subnets, and prepare the release +- Adding "intra subnets" as a class ([#135](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/135)) + + + +## [v1.32.0] - 2018-05-24 + +- Prepared release, updated README a bit +- Fix [#117](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/117) - Add `one_nat_gateway_per_az` functionality ([#129](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/129)) + + + +## [v1.31.0] - 2018-05-16 + +- Added pre-commit hook to autogenerate terraform-docs ([#127](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/127)) + + + +## [v1.30.0] - 2018-04-09 + +- Fixed formatting +- Added longer timeouts for aws_route create ([#113](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/113)) + + + +## [v1.29.0] - 2018-04-05 + +- Creates a single private route table when single_nat_gateway is true ([#83](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/83)) + + + +## [v1.28.0] - 2018-04-05 + +- Ensures the correct number of S3 and DDB VPC Endpoint associations ([#90](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/90)) + + + +## [v1.27.0] - 2018-04-05 + +- Removed aws_default_route_table and aws_main_route_table_association, added potentially failed example ([#111](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/111)) + + + +## [v1.26.0] - 2018-03-06 + +- Added default CIDR block as 0.0.0.0/0 ([#93](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/93)) + + + +## [v1.25.0] - 2018-03-02 + +- Fixed complete example +- Make terraform recognize lists when uring variables ([#92](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/92)) + + + +## [v1.24.0-pre] - 2018-03-01 + +- Fixed description +- Fixed aws_vpn_gateway_route_propagation for default route table + + + +## [v1.23.0] - 2018-02-10 + +- Extended aws_vpn_gateway use case. ([#67](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/67)) + + + +## [v1.22.1] - 2018-02-10 + +- Removed classiclink from outputs because it is not present in recent regions ([#78](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/78)) + + + +## [v1.22.0] - 2018-02-09 + +- Added support for default VPC resource ([#75](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/75)) + + + +## [v1.21.0] - 2018-02-09 + +- Added possibility to create VPC conditionally ([#74](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/74)) + + + +## [v1.20.0] - 2018-02-09 + +- Manage Default Route Table under Terraform ([#69](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/69)) + + + +## [v1.19.0] - 2018-02-09 + +- Only create one public route association for s3 endpoint ([#73](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/73)) + + + +## [v1.18.0] - 2018-02-05 + +- Adding tests for vpc, subnets, and route tables ([#31](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/31)) +- Improve documentation about the usage of external NAT gateway IPs ([#66](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/66)) + + + +## [v1.17.0] - 2018-01-21 + +- Issue [#58](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/58): Add ElastiCache subnet group name output. ([#60](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/60)) + + + +## [v1.16.0] - 2018-01-21 + +- Terraform fmt +- Issue [#56](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/56): Added tags for elastic ips ([#61](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/61)) + + + +## [v1.15.0] - 2018-01-19 + +- Lowercase database subnet group name ([#57](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/57)) + + + +## [v1.14.0] - 2018-01-11 + +- Add Redshift subnets ([#54](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/54)) +- [ci skip] Get more Open Source Helpers ([#51](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/51)) + + + +## [v1.13.0] - 2018-01-03 + +- Ignore changes to propagating_vgws of private routing table ([#50](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/50)) + + + +## [v1.12.0] - 2017-12-12 + +- Downgraded require_version from 0.10.13 to 0.10.3 ([#48](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/48)) + + + +## [v1.11.0] - 2017-12-11 + +- Added fix for issue when no private subnets are defined ([#47](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/47)) + + + +## [v1.10.0] - 2017-12-11 + +- Fixing edge case when VPC is not symmetrical with few private subnets ([#45](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/45)) + + + +## [v1.9.1] - 2017-12-07 + +- Minor fix in README + + + +## [v1.9.0] - 2017-12-07 + +- Allow passing in EIPs for the NAT Gateways ([#38](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/38)) + + + +## [v1.8.0] - 2017-12-06 + +- change conditional private routes ([#36](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/36)) + + + +## [v1.7.0] - 2017-12-06 + +- Add extra tags for DHCP option set ([#42](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/42)) +- Add "default_route_table_id" to outputs ([#41](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/41)) + + + +## [v1.6.0] - 2017-12-06 + +- Add support for additional tags on VPC ([#43](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/43)) +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) +- Set enable_dns_support=true by default + + + +## [v1.4.1] - 2017-11-23 + +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) + + + +## [v1.5.0] - 2017-11-23 + + + + +## [v1.5.1] - 2017-11-23 + +- Reverted bad merge, fixed [#33](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/33) +- Set enable_dns_support=true by default +- Updated descriptions for DNS variables (closes [#14](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/14)) + + + +## [v1.4.0] - 2017-11-22 + +- Add version requirements in README.md (fixes [#32](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/32)) +- Add version requirements in README.md + + + +## [v1.3.0] - 2017-11-16 + +- make sure outputs are always valid ([#29](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/29)) +- Add tags to the aws_vpc_dhcp_options resource ([#30](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/30)) + + + +## [v1.2.0] - 2017-11-11 + +- Add support for DHCP options set ([#20](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/20)) + + + +## [v1.1.0] - 2017-11-11 + +- [#22](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/22) add vpn gateway feature ([#24](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/24)) +- Add cidr_block outputs to public and private subnets ([#19](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/19)) +- Merge pull request [#13](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/13) from felixb/nat-gateway-tags +- Add AZ to natgateway name + + + +## [v1.0.4] - 2017-10-20 + +- Merge pull request [#12](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/12) from michalschott/master +- NAT gateway should be tagged too. + + + +## [v1.0.3] - 2017-10-12 + +- Make aws_vpc_endpoint_service conditional +- Merge pull request [#7](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/7) from eheydrick/variable-descriptions +- Improve variable descriptions + + + +## [v1.0.2] - 2017-09-27 + +- Merge pull request [#6](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/6) from mgresko/fix_govcloud +- disable dynamodb data source when not needed + + + +## [v1.0.1] - 2017-09-26 + +- Updated link in README +- Merge pull request [#3](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/3) from gas-buddy/gasbuddy/eherot/custom_route_tags +- Allow the user to define custom tags for route tables + + + +## v1.0.0 - 2017-09-12 + +- Updated README +- Updated README +- Aded examples and updated names +- Added descriptions, applied fmt +- Removed parts of readme +- Initial commit +- Initial commit + + +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.57.0...HEAD +[v1.57.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.56.0...v1.57.0 +[v1.56.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.55.0...v1.56.0 +[v1.55.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.54.0...v1.55.0 +[v1.54.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.53.0...v1.54.0 +[v1.53.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.52.0...v1.53.0 +[v1.52.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.51.0...v1.52.0 +[v1.51.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.50.0...v1.51.0 +[v1.50.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.49.0...v1.50.0 +[v1.49.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.48.0...v1.49.0 +[v1.48.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.47.0...v1.48.0 +[v1.47.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.46.0...v1.47.0 +[v1.46.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.45.0...v1.46.0 +[v1.45.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.44.0...v1.45.0 +[v1.44.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.2...v1.44.0 +[v1.43.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.1...v1.43.2 +[v1.43.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.43.0...v1.43.1 +[v1.43.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.42.0...v1.43.0 +[v1.42.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.41.0...v1.42.0 +[v1.41.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.40.0...v1.41.0 +[v1.40.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.39.0...v1.40.0 +[v1.39.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.38.0...v1.39.0 +[v1.38.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.37.0...v1.38.0 +[v1.37.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.36.0...v1.37.0 +[v1.36.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.35.0...v1.36.0 +[v1.35.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.34.0...v1.35.0 +[v1.34.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.33.0...v1.34.0 +[v1.33.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.32.0...v1.33.0 +[v1.32.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.31.0...v1.32.0 +[v1.31.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.30.0...v1.31.0 +[v1.30.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.29.0...v1.30.0 +[v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.28.0...v1.29.0 +[v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.27.0...v1.28.0 +[v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.26.0...v1.27.0 +[v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.25.0...v1.26.0 +[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.24.0-pre...v1.25.0 +[v1.24.0-pre]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.23.0...v1.24.0-pre +[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.1...v1.23.0 +[v1.22.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.22.0...v1.22.1 +[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.21.0...v1.22.0 +[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.20.0...v1.21.0 +[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.19.0...v1.20.0 +[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.18.0...v1.19.0 +[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.17.0...v1.18.0 +[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.16.0...v1.17.0 +[v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.15.0...v1.16.0 +[v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.14.0...v1.15.0 +[v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.13.0...v1.14.0 +[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.12.0...v1.13.0 +[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.11.0...v1.12.0 +[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.10.0...v1.11.0 +[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.1...v1.10.0 +[v1.9.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.9.0...v1.9.1 +[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.8.0...v1.9.0 +[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.7.0...v1.8.0 +[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.6.0...v1.7.0 +[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.1...v1.6.0 +[v1.4.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.0...v1.4.1 +[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.5.1...v1.5.0 +[v1.5.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.4.0...v1.5.1 +[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.3.0...v1.4.0 +[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.2.0...v1.3.0 +[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.1.0...v1.2.0 +[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.4...v1.1.0 +[v1.0.4]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.3...v1.0.4 +[v1.0.3]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.2...v1.0.3 +[v1.0.2]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.1...v1.0.2 +[v1.0.1]: https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v1.0.0...v1.0.1 diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..558dac5a6 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: changelog release + +changelog: + git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` + +release: + semtag final -s minor diff --git a/README.md b/README.md index 3c0a237af..d50399d2f 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,9 @@ These types of resources are supported: * [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) * [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html) * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) -* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (S3 and DynamoDB) +* [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html): + * Gateway: S3, DynamoDB + * Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) @@ -150,6 +152,19 @@ module "vpc" { } ``` +## Public access to RDS instances + +Sometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments: + +```hcl + create_database_subnet_group = true + create_database_subnet_route_table = true + create_database_internet_gateway_route = true + + enable_dns_hostnames = true + enable_dns_support = true +``` + ## Terraform version Terraform version 0.10.3 or newer is required for this module to work. @@ -162,136 +177,176 @@ Terraform version 0.10.3 or newer is required for this module to work. * Few tests and edge cases examples: [#46](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-46-no-private-subnets), [#44](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-44-asymmetric-private-subnets), [#108](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/issue-108-route-already-exists) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `64512` | no | -| assign_generated_ipv6_cidr_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no | -| azs | A list of availability zones in the region | string | `` | no | -| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no | -| create_database_subnet_group | Controls if database subnet group should be created | string | `true` | no | -| create_database_subnet_route_table | Controls if separate route table for database should be created | string | `false` | no | -| create_elasticache_subnet_route_table | Controls if separate route table for elasticache should be created | string | `false` | no | -| create_redshift_subnet_route_table | Controls if separate route table for redshift should be created | string | `false` | no | -| create_vpc | Controls if VPC should be created (it affects almost all resources) | string | `true` | no | -| database_route_table_tags | Additional tags for the database route tables | string | `` | no | -| database_subnet_group_tags | Additional tags for the database subnet group | string | `` | no | -| database_subnet_suffix | Suffix to append to database subnets name | string | `db` | no | -| database_subnet_tags | Additional tags for the database subnets | string | `` | no | -| database_subnets | A list of database subnets | list | `` | no | -| default_vpc_enable_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `false` | no | -| default_vpc_enable_dns_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `false` | no | -| default_vpc_enable_dns_support | Should be true to enable DNS support in the Default VPC | string | `true` | no | -| default_vpc_name | Name to be used on the Default VPC | string | `` | no | -| default_vpc_tags | Additional tags for the Default VPC | string | `` | no | -| dhcp_options_domain_name | Specifies DNS name for DHCP options set | string | `` | no | -| dhcp_options_domain_name_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `` | no | -| dhcp_options_netbios_name_servers | Specify a list of netbios servers for DHCP options set | list | `` | no | -| dhcp_options_netbios_node_type | Specify netbios node_type for DHCP options set | string | `` | no | -| dhcp_options_ntp_servers | Specify a list of NTP servers for DHCP options set | list | `` | no | -| dhcp_options_tags | Additional tags for the DHCP option set | string | `` | no | -| elasticache_route_table_tags | Additional tags for the elasticache route tables | string | `` | no | -| elasticache_subnet_suffix | Suffix to append to elasticache subnets name | string | `elasticache` | no | -| elasticache_subnet_tags | Additional tags for the elasticache subnets | string | `` | no | -| elasticache_subnets | A list of elasticache subnets | list | `` | no | -| enable_dhcp_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `false` | no | -| enable_dns_hostnames | Should be true to enable DNS hostnames in the VPC | string | `false` | no | -| enable_dns_support | Should be true to enable DNS support in the VPC | string | `true` | no | -| enable_dynamodb_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `false` | no | -| enable_nat_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `false` | no | -| enable_s3_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `false` | no | -| enable_vpn_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `false` | no | -| external_nat_ip_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `` | no | -| igw_tags | Additional tags for the internet gateway | string | `` | no | -| instance_tenancy | A tenancy option for instances launched into the VPC | string | `default` | no | -| intra_route_table_tags | Additional tags for the intra route tables | string | `` | no | -| intra_subnet_tags | Additional tags for the intra subnets | string | `` | no | -| intra_subnets | A list of intra subnets | list | `` | no | -| manage_default_vpc | Should be true to adopt and manage Default VPC | string | `false` | no | -| map_public_ip_on_launch | Should be false if you do not want to auto-assign public IP on launch | string | `true` | no | -| name | Name to be used on all the resources as identifier | string | `` | no | -| nat_eip_tags | Additional tags for the NAT EIP | string | `` | no | -| nat_gateway_tags | Additional tags for the NAT gateways | string | `` | no | -| one_nat_gateway_per_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `false` | no | -| private_route_table_tags | Additional tags for the private route tables | string | `` | no | -| private_subnet_suffix | Suffix to append to private subnets name | string | `private` | no | -| private_subnet_tags | Additional tags for the private subnets | string | `` | no | -| private_subnets | A list of private subnets inside the VPC | string | `` | no | -| propagate_private_route_tables_vgw | Should be true if you want route table propagation | string | `false` | no | -| propagate_public_route_tables_vgw | Should be true if you want route table propagation | string | `false` | no | -| public_route_table_tags | Additional tags for the public route tables | string | `` | no | -| public_subnet_suffix | Suffix to append to public subnets name | string | `public` | no | -| public_subnet_tags | Additional tags for the public subnets | string | `` | no | -| public_subnets | A list of public subnets inside the VPC | string | `` | no | -| redshift_route_table_tags | Additional tags for the redshift route tables | string | `` | no | -| redshift_subnet_group_tags | Additional tags for the redshift subnet group | string | `` | no | -| redshift_subnet_suffix | Suffix to append to redshift subnets name | string | `redshift` | no | -| redshift_subnet_tags | Additional tags for the redshift subnets | string | `` | no | -| redshift_subnets | A list of redshift subnets | list | `` | no | -| reuse_nat_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `false` | no | -| secondary_cidr_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | string | `` | no | -| single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `false` | no | -| tags | A map of tags to add to all resources | string | `` | no | -| vpc_tags | Additional tags for the VPC | string | `` | no | -| vpn_gateway_id | ID of VPN Gateway to attach to the VPC | string | `` | no | -| vpn_gateway_tags | Additional tags for the VPN gateway | string | `` | no | +| amazon\_side\_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN. | string | `"64512"` | no | +| assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `"false"` | no | +| azs | A list of availability zones in the region | list | `[]` | no | +| cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `"0.0.0.0/0"` | no | +| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `"false"` | no | +| create\_database\_nat\_gateway\_route | Controls if a nat gateway route should be created to give internet access to the database subnets | string | `"false"` | no | +| create\_database\_subnet\_group | Controls if database subnet group should be created | string | `"true"` | no | +| create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `"false"` | no | +| create\_elasticache\_subnet\_group | Controls if elasticache subnet group should be created | string | `"true"` | no | +| create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `"false"` | no | +| create\_redshift\_subnet\_group | Controls if redshift subnet group should be created | string | `"true"` | no | +| create\_redshift\_subnet\_route\_table | Controls if separate route table for redshift should be created | string | `"false"` | no | +| create\_vpc | Controls if VPC should be created (it affects almost all resources) | string | `"true"` | no | +| database\_route\_table\_tags | Additional tags for the database route tables | map | `{}` | no | +| database\_subnet\_group\_tags | Additional tags for the database subnet group | map | `{}` | no | +| database\_subnet\_suffix | Suffix to append to database subnets name | string | `"db"` | no | +| database\_subnet\_tags | Additional tags for the database subnets | map | `{}` | no | +| database\_subnets | A list of database subnets | list | `[]` | no | +| default\_vpc\_enable\_classiclink | Should be true to enable ClassicLink in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_hostnames | Should be true to enable DNS hostnames in the Default VPC | string | `"false"` | no | +| default\_vpc\_enable\_dns\_support | Should be true to enable DNS support in the Default VPC | string | `"true"` | no | +| default\_vpc\_name | Name to be used on the Default VPC | string | `""` | no | +| default\_vpc\_tags | Additional tags for the Default VPC | map | `{}` | no | +| dhcp\_options\_domain\_name | Specifies DNS name for DHCP options set | string | `""` | no | +| dhcp\_options\_domain\_name\_servers | Specify a list of DNS server addresses for DHCP options set, default to AWS provided | list | `[ "AmazonProvidedDNS" ]` | no | +| dhcp\_options\_netbios\_name\_servers | Specify a list of netbios servers for DHCP options set | list | `[]` | no | +| dhcp\_options\_netbios\_node\_type | Specify netbios node_type for DHCP options set | string | `""` | no | +| dhcp\_options\_ntp\_servers | Specify a list of NTP servers for DHCP options set | list | `[]` | no | +| dhcp\_options\_tags | Additional tags for the DHCP option set | map | `{}` | no | +| ec2\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint | string | `"false"` | no | +| ec2\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2 endpoint | list | `[]` | no | +| ec2\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ec2messages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint | string | `"false"` | no | +| ec2messages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint | list | `[]` | no | +| ec2messages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ecr\_api\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint | string | `"false"` | no | +| ecr\_api\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR API endpoint | list | `[]` | no | +| ecr\_api\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used. | list | `[]` | no | +| ecr\_dkr\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint | string | `"false"` | no | +| ecr\_dkr\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR DKR endpoint | list | `[]` | no | +| ecr\_dkr\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used. | list | `[]` | no | +| elasticache\_route\_table\_tags | Additional tags for the elasticache route tables | map | `{}` | no | +| elasticache\_subnet\_suffix | Suffix to append to elasticache subnets name | string | `"elasticache"` | no | +| elasticache\_subnet\_tags | Additional tags for the elasticache subnets | map | `{}` | no | +| elasticache\_subnets | A list of elasticache subnets | list | `[]` | no | +| enable\_dhcp\_options | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | string | `"false"` | no | +| enable\_dns\_hostnames | Should be true to enable DNS hostnames in the VPC | string | `"false"` | no | +| enable\_dns\_support | Should be true to enable DNS support in the VPC | string | `"true"` | no | +| enable\_dynamodb\_endpoint | Should be true if you want to provision a DynamoDB endpoint to the VPC | string | `"false"` | no | +| enable\_ec2\_endpoint | Should be true if you want to provision an EC2 endpoint to the VPC | string | `"false"` | no | +| enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `"false"` | no | +| enable\_ecr\_api\_endpoint | Should be true if you want to provision an ecr api endpoint to the VPC | string | `"false"` | no | +| enable\_ecr\_dkr\_endpoint | Should be true if you want to provision an ecr dkr endpoint to the VPC | string | `"false"` | no | +| enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | +| enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | +| enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | +| enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no | +| enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | +| external\_nat\_ip\_ids | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) | list | `[]` | no | +| igw\_tags | Additional tags for the internet gateway | map | `{}` | no | +| instance\_tenancy | A tenancy option for instances launched into the VPC | string | `"default"` | no | +| intra\_route\_table\_tags | Additional tags for the intra route tables | map | `{}` | no | +| intra\_subnet\_tags | Additional tags for the intra subnets | map | `{}` | no | +| intra\_subnets | A list of intra subnets | list | `[]` | no | +| manage\_default\_vpc | Should be true to adopt and manage Default VPC | string | `"false"` | no | +| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | string | `"true"` | no | +| name | Name to be used on all the resources as identifier | string | `""` | no | +| nat\_eip\_tags | Additional tags for the NAT EIP | map | `{}` | no | +| nat\_gateway\_tags | Additional tags for the NAT gateways | map | `{}` | no | +| one\_nat\_gateway\_per\_az | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`. | string | `"false"` | no | +| private\_route\_table\_tags | Additional tags for the private route tables | map | `{}` | no | +| private\_subnet\_suffix | Suffix to append to private subnets name | string | `"private"` | no | +| private\_subnet\_tags | Additional tags for the private subnets | map | `{}` | no | +| private\_subnets | A list of private subnets inside the VPC | list | `[]` | no | +| propagate\_private\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | +| propagate\_public\_route\_tables\_vgw | Should be true if you want route table propagation | string | `"false"` | no | +| public\_route\_table\_tags | Additional tags for the public route tables | map | `{}` | no | +| public\_subnet\_suffix | Suffix to append to public subnets name | string | `"public"` | no | +| public\_subnet\_tags | Additional tags for the public subnets | map | `{}` | no | +| public\_subnets | A list of public subnets inside the VPC | list | `[]` | no | +| redshift\_route\_table\_tags | Additional tags for the redshift route tables | map | `{}` | no | +| redshift\_subnet\_group\_tags | Additional tags for the redshift subnet group | map | `{}` | no | +| redshift\_subnet\_suffix | Suffix to append to redshift subnets name | string | `"redshift"` | no | +| redshift\_subnet\_tags | Additional tags for the redshift subnets | map | `{}` | no | +| redshift\_subnets | A list of redshift subnets | list | `[]` | no | +| reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no | +| secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | +| single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | +| ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | +| ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | +| ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ssmmessages\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint | string | `"false"` | no | +| ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no | +| ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| tags | A map of tags to add to all resources | map | `{}` | no | +| vpc\_tags | Additional tags for the VPC | map | `{}` | no | +| vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no | +| vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| database_route_table_ids | List of IDs of database route tables | -| database_subnet_group | ID of database subnet group | -| database_subnets | List of IDs of database subnets | -| database_subnets_cidr_blocks | List of cidr_blocks of database subnets | -| default_network_acl_id | The ID of the default network ACL | -| default_route_table_id | The ID of the default route table | -| default_security_group_id | The ID of the security group created by default on VPC creation | -| default_vpc_cidr_block | The CIDR block of the VPC | -| default_vpc_default_network_acl_id | The ID of the default network ACL | -| default_vpc_default_route_table_id | The ID of the default route table | -| default_vpc_default_security_group_id | The ID of the security group created by default on VPC creation | -| default_vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support | -| default_vpc_enable_dns_support | Whether or not the VPC has DNS support | -| default_vpc_id | The ID of the VPC | -| default_vpc_instance_tenancy | Tenancy of instances spin up within VPC | -| default_vpc_main_route_table_id | The ID of the main route table associated with this VPC | -| elasticache_route_table_ids | List of IDs of elasticache route tables | -| elasticache_subnet_group | ID of elasticache subnet group | -| elasticache_subnet_group_name | Name of elasticache subnet group | -| elasticache_subnets | List of IDs of elasticache subnets | -| elasticache_subnets_cidr_blocks | List of cidr_blocks of elasticache subnets | -| igw_id | The ID of the Internet Gateway | -| intra_route_table_ids | List of IDs of intra route tables | -| intra_subnets | List of IDs of intra subnets | -| intra_subnets_cidr_blocks | List of cidr_blocks of intra subnets | -| nat_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway | -| nat_public_ips | List of public Elastic IPs created for AWS NAT Gateway | -| natgw_ids | List of NAT Gateway IDs | -| private_route_table_ids | List of IDs of private route tables | -| private_subnets | List of IDs of private subnets | -| private_subnets_cidr_blocks | List of cidr_blocks of private subnets | -| public_route_table_ids | List of IDs of public route tables | -| public_subnets | List of IDs of public subnets | -| public_subnets_cidr_blocks | List of cidr_blocks of public subnets | -| redshift_route_table_ids | List of IDs of redshift route tables | -| redshift_subnet_group | ID of redshift subnet group | -| redshift_subnets | List of IDs of redshift subnets | -| redshift_subnets_cidr_blocks | List of cidr_blocks of redshift subnets | -| vgw_id | The ID of the VPN Gateway | -| vpc_cidr_block | The CIDR block of the VPC | -| vpc_enable_dns_hostnames | Whether or not the VPC has DNS hostname support | -| vpc_enable_dns_support | Whether or not the VPC has DNS support | -| vpc_endpoint_dynamodb_id | The ID of VPC endpoint for DynamoDB | -| vpc_endpoint_dynamodb_pl_id | The prefix list for the DynamoDB VPC endpoint. | -| vpc_endpoint_s3_id | The ID of VPC endpoint for S3 | -| vpc_endpoint_s3_pl_id | The prefix list for the S3 VPC endpoint. | -| vpc_id | The ID of the VPC | -| vpc_instance_tenancy | Tenancy of instances spin up within VPC | -| vpc_main_route_table_id | The ID of the main route table associated with this VPC | -| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC | +| azs | A list of availability zones specified as argument to this module | +| database\_route\_table\_ids | List of IDs of database route tables | +| database\_subnet\_group | ID of database subnet group | +| database\_subnets | List of IDs of database subnets | +| database\_subnets\_cidr\_blocks | List of cidr_blocks of database subnets | +| default\_network\_acl\_id | The ID of the default network ACL | +| default\_route\_table\_id | The ID of the default route table | +| default\_security\_group\_id | The ID of the security group created by default on VPC creation | +| default\_vpc\_cidr\_block | The CIDR block of the VPC | +| default\_vpc\_default\_network\_acl\_id | The ID of the default network ACL | +| default\_vpc\_default\_route\_table\_id | The ID of the default route table | +| default\_vpc\_default\_security\_group\_id | The ID of the security group created by default on VPC creation | +| default\_vpc\_enable\_dns\_hostnames | Whether or not the VPC has DNS hostname support | +| default\_vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | +| default\_vpc\_id | The ID of the VPC | +| default\_vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | +| default\_vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | +| elasticache\_route\_table\_ids | List of IDs of elasticache route tables | +| elasticache\_subnet\_group | ID of elasticache subnet group | +| elasticache\_subnet\_group\_name | Name of elasticache subnet group | +| elasticache\_subnets | List of IDs of elasticache subnets | +| elasticache\_subnets\_cidr\_blocks | List of cidr_blocks of elasticache subnets | +| igw\_id | The ID of the Internet Gateway | +| intra\_route\_table\_ids | List of IDs of intra route tables | +| intra\_subnets | List of IDs of intra subnets | +| intra\_subnets\_cidr\_blocks | List of cidr_blocks of intra subnets | +| nat\_ids | List of allocation ID of Elastic IPs created for AWS NAT Gateway | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| natgw\_ids | List of NAT Gateway IDs | +| private\_route\_table\_ids | List of IDs of private route tables | +| private\_subnets | List of IDs of private subnets | +| private\_subnets\_cidr\_blocks | List of cidr_blocks of private subnets | +| public\_route\_table\_ids | List of IDs of public route tables | +| public\_subnets | List of IDs of public subnets | +| public\_subnets\_cidr\_blocks | List of cidr_blocks of public subnets | +| redshift\_route\_table\_ids | List of IDs of redshift route tables | +| redshift\_subnet\_group | ID of redshift subnet group | +| redshift\_subnets | List of IDs of redshift subnets | +| redshift\_subnets\_cidr\_blocks | List of cidr_blocks of redshift subnets | +| vgw\_id | The ID of the VPN Gateway | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_enable\_dns\_hostnames | Whether or not the VPC has DNS hostname support | +| vpc\_enable\_dns\_support | Whether or not the VPC has DNS support | +| vpc\_endpoint\_dynamodb\_id | The ID of VPC endpoint for DynamoDB | +| vpc\_endpoint\_dynamodb\_pl\_id | The prefix list for the DynamoDB VPC endpoint. | +| vpc\_endpoint\_ec2\_dns\_entry | The DNS entries for the VPC Endpoint for EC2. | +| vpc\_endpoint\_ec2\_id | The ID of VPC endpoint for EC2 | +| vpc\_endpoint\_ec2\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2 | +| vpc\_endpoint\_ec2messages\_dns\_entry | The DNS entries for the VPC Endpoint for EC2MESSAGES. | +| vpc\_endpoint\_ec2messages\_id | The ID of VPC endpoint for EC2MESSAGES | +| vpc\_endpoint\_ec2messages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for EC2MESSAGES | +| vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | +| vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | +| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | +| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssmmessages\_dns\_entry | The DNS entries for the VPC Endpoint for SSMMESSAGES. | +| vpc\_endpoint\_ssmmessages\_id | The ID of VPC endpoint for SSMMESSAGES | +| vpc\_endpoint\_ssmmessages\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSMMESSAGES. | +| vpc\_id | The ID of the VPC | +| vpc\_instance\_tenancy | Tenancy of instances spin up within VPC | +| vpc\_main\_route\_table\_id | The ID of the main route table associated with this VPC | +| vpc\_secondary\_cidr\_blocks | List of secondary CIDR blocks of the VPC | diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index c8d26a451..7a0a4a96d 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -17,18 +17,20 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| intra_subnets | List of IDs of intra subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| redshift_subnets | List of IDs of redshift subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| intra\_subnets | List of IDs of intra subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| redshift\_subnets | List of IDs of redshift subnets | +| vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | +| vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | +| vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | +| vpc\_id | The ID of the VPC | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 67e3d2bc0..0f38fda90 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -2,6 +2,11 @@ provider "aws" { region = "eu-west-1" } +data "aws_security_group" "default" { + name = "default" + vpc_id = "${module.vpc.vpc_id}" +} + module "vpc" { source = "../../" @@ -19,18 +24,54 @@ module "vpc" { create_database_subnet_group = false + enable_dns_hostnames = true + enable_dns_support = true + enable_nat_gateway = true single_nat_gateway = true enable_vpn_gateway = true - enable_s3_endpoint = true - enable_dynamodb_endpoint = true - enable_dhcp_options = true dhcp_options_domain_name = "service.consul" dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"] + # VPC endpoint for S3 + enable_s3_endpoint = true + + # VPC endpoint for DynamoDB + enable_dynamodb_endpoint = true + + # VPC endpoint for SSM + enable_ssm_endpoint = true + ssm_endpoint_private_dns_enabled = true + ssm_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] # ssm_endpoint_subnet_ids = ["..."] + + # VPC endpoint for SSMMESSAGES + enable_ssmmessages_endpoint = true + ssmmessages_endpoint_private_dns_enabled = true + ssmmessages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for EC2 + enable_ec2_endpoint = true + ec2_endpoint_private_dns_enabled = true + ec2_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for EC2MESSAGES + enable_ec2messages_endpoint = true + ec2messages_endpoint_private_dns_enabled = true + ec2messages_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for ECR API + enable_ecr_api_endpoint = true + ecr_api_endpoint_private_dns_enabled = true + ecr_api_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + + # VPC Endpoint for ECR DKR + enable_ecr_dkr_endpoint = true + ecr_dkr_endpoint_private_dns_enabled = true + ecr_dkr_endpoint_security_group_ids = ["${data.aws_security_group.default.id}"] + tags = { Owner = "user" Environment = "staging" diff --git a/examples/complete-vpc/outputs.tf b/examples/complete-vpc/outputs.tf index 3cbd012be..871359d39 100644 --- a/examples/complete-vpc/outputs.tf +++ b/examples/complete-vpc/outputs.tf @@ -40,3 +40,37 @@ output "nat_public_ips" { description = "List of public Elastic IPs created for AWS NAT Gateway" value = ["${module.vpc.nat_public_ips}"] } + +# VPC endpoints +output "vpc_endpoint_ssm_id" { + description = "The ID of VPC endpoint for SSM" + value = "${module.vpc.vpc_endpoint_ssm_id}" +} + +output "vpc_endpoint_ssm_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSM." + value = ["${module.vpc.vpc_endpoint_ssm_network_interface_ids}"] +} + +output "vpc_endpoint_ssm_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSM." + value = ["${module.vpc.vpc_endpoint_ssm_dns_entry}"] +} + +// +//# VPC endpoints +//output "vpc_endpoint_ec2_id" { +// description = "The ID of VPC endpoint for EC2" +// value = "${module.vpc.vpc_endpoint_ec2_id}" +//} +// +//output "vpc_endpoint_ec2_network_interface_ids" { +// description = "One or more network interfaces for the VPC Endpoint for EC2." +// value = ["${module.vpc.vpc_endpoint_ec2_network_interface_ids}"] +//} +// +//output "vpc_endpoint_ec2_dns_entry" { +// description = "The DNS entries for the VPC Endpoint for EC2." +// value = ["${module.vpc.vpc_endpoint_ec2_dns_entry}"] +//} + diff --git a/examples/issue-108-route-already-exists/README.md b/examples/issue-108-route-already-exists/README.md index bd2c57560..7aa22941a 100644 --- a/examples/issue-108-route-already-exists/README.md +++ b/examples/issue-108-route-already-exists/README.md @@ -19,16 +19,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/issue-44-asymmetric-private-subnets/README.md b/examples/issue-44-asymmetric-private-subnets/README.md index 24c4db444..2484554d2 100644 --- a/examples/issue-44-asymmetric-private-subnets/README.md +++ b/examples/issue-44-asymmetric-private-subnets/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/issue-46-no-private-subnets/README.md b/examples/issue-46-no-private-subnets/README.md index 958b13289..b87e05e37 100644 --- a/examples/issue-46-no-private-subnets/README.md +++ b/examples/issue-46-no-private-subnets/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_id | The ID of the VPC | diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index 6c509e6ea..3adff908b 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -17,12 +17,11 @@ $ terraform apply Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| default_vpc_cidr_block | The CIDR block of the VPC | -| default_vpc_id | Default VPC | +| default\_vpc\_cidr\_block | The CIDR block of the VPC | +| default\_vpc\_id | The ID of the Default VPC | diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 6d7cade4d..feb462fe3 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -17,16 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_cidr_block | CIDR blocks | -| vpc_id | VPC | -| vpc_secondary_cidr_blocks | List of secondary CIDR blocks of the VPC | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | +| vpc\_secondary\_cidr\_blocks | List of secondary CIDR blocks of the VPC | diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index ff94ad03c..ccb7ccecd 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -17,15 +17,15 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| vpc_cidr_block | CIDR blocks | -| vpc_id | VPC | +| azs | A list of availability zones spefified as argument to this module | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| vpc\_cidr\_block | The CIDR block of the VPC | +| vpc\_id | The ID of the VPC | diff --git a/examples/simple-vpc/outputs.tf b/examples/simple-vpc/outputs.tf index 35eb73359..7ab197f4a 100644 --- a/examples/simple-vpc/outputs.tf +++ b/examples/simple-vpc/outputs.tf @@ -31,3 +31,9 @@ output "nat_public_ips" { description = "List of public Elastic IPs created for AWS NAT Gateway" value = ["${module.vpc.nat_public_ips}"] } + +# AZs +output "azs" { + description = "A list of availability zones spefified as argument to this module" + value = ["${module.vpc.azs}"] +} diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index fc2ab69bd..2fec823b1 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -21,12 +21,11 @@ Finished in 4.25 seconds (files took 2.75 seconds to load) This will destroy any existing test resources, create the resources afresh, run the tests, report back, and destroy the resources. - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| region | | string | `eu-west-1` | no | +| region | | string | `"eu-west-1"` | no | ## Outputs diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md index 332c12a25..0688e3a2c 100644 --- a/examples/vpc-separate-private-route-tables/README.md +++ b/examples/vpc-separate-private-route-tables/README.md @@ -17,17 +17,16 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. - ## Outputs | Name | Description | |------|-------------| -| database_subnets | List of IDs of database subnets | -| elasticache_subnets | List of IDs of elasticache subnets | -| nat_public_ips | NAT gateways | -| private_subnets | Subnets | -| public_subnets | List of IDs of public subnets | -| redshift_subnets | List of IDs of elasticache subnets | -| vpc_id | VPC | +| database\_subnets | List of IDs of database subnets | +| elasticache\_subnets | List of IDs of elasticache subnets | +| nat\_public\_ips | List of public Elastic IPs created for AWS NAT Gateway | +| private\_subnets | List of IDs of private subnets | +| public\_subnets | List of IDs of public subnets | +| redshift\_subnets | List of IDs of elasticache subnets | +| vpc\_id | The ID of the VPC | diff --git a/main.tf b/main.tf index f09a07e30..fce2925fa 100644 --- a/main.tf +++ b/main.tf @@ -121,6 +121,29 @@ resource "aws_route_table" "database" { tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}" } +resource "aws_route" "database_internet_gateway" { + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0}" + + route_table_id = "${aws_route_table.database.id}" + destination_cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.this.id}" + + timeouts { + create = "5m" + } +} + +resource "aws_route" "database_nat_gateway" { + count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? local.nat_gateway_count : 0}" + route_table_id = "${element(aws_route_table.private.*.id, count.index)}" + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = "${element(aws_nat_gateway.this.*.id, count.index)}" + + timeouts { + create = "5m" + } +} + ################# # Redshift routes ################# @@ -151,7 +174,7 @@ resource "aws_route_table" "intra" { vpc_id = "${local.vpc_id}" - tags = "${merge(map("Name", "${var.name}-intra"), var.tags, var.intra_route_table_tags)}" + tags = "${merge(map("Name", "${var.name}-${var.intra_subnet_suffix}"), var.tags, var.intra_route_table_tags)}" } ################ @@ -218,9 +241,9 @@ resource "aws_subnet" "redshift" { } resource "aws_redshift_subnet_group" "redshift" { - count = "${var.create_vpc && length(var.redshift_subnets) > 0 ? 1 : 0}" + count = "${var.create_vpc && length(var.redshift_subnets) > 0 && var.create_redshift_subnet_group ? 1 : 0}" - name = "${var.name}" + name = "${lower(var.name)}" description = "Redshift subnet group for ${var.name}" subnet_ids = ["${aws_subnet.redshift.*.id}"] @@ -241,7 +264,7 @@ resource "aws_subnet" "elasticache" { } resource "aws_elasticache_subnet_group" "elasticache" { - count = "${var.create_vpc && length(var.elasticache_subnets) > 0 ? 1 : 0}" + count = "${var.create_vpc && length(var.elasticache_subnets) > 0 && var.create_elasticache_subnet_group ? 1 : 0}" name = "${var.name}" description = "ElastiCache subnet group for ${var.name}" @@ -258,7 +281,7 @@ resource "aws_subnet" "intra" { cidr_block = "${var.intra_subnets[count.index]}" availability_zone = "${element(var.azs, count.index)}" - tags = "${merge(map("Name", format("%s-intra-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}" + tags = "${merge(map("Name", format("%s-${var.intra_subnet_suffix}-%s", var.name, element(var.azs, count.index))), var.tags, var.intra_subnet_tags)}" } ############## @@ -381,6 +404,132 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { route_table_id = "${aws_route_table.public.id}" } +####################### +# VPC Endpoint for SSM +####################### +data "aws_vpc_endpoint_service" "ssm" { + count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" + + service = "ssm" +} + +resource "aws_vpc_endpoint" "ssm" { + count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ssm.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ssm_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" +} + +############################### +# VPC Endpoint for SSMMESSAGES +############################### +data "aws_vpc_endpoint_service" "ssmmessages" { + count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" + + service = "ssmmessages" +} + +resource "aws_vpc_endpoint" "ssmmessages" { + count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ssmmessages_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}" +} + +####################### +# VPC Endpoint for EC2 +####################### +data "aws_vpc_endpoint_service" "ec2" { + count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" + + service = "ec2" +} + +resource "aws_vpc_endpoint" "ec2" { + count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ec2.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ec2_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" +} + +############################### +# VPC Endpoint for EC2MESSAGES +############################### +data "aws_vpc_endpoint_service" "ec2messages" { + count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" + + service = "ec2messages" +} + +resource "aws_vpc_endpoint" "ec2messages" { + count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ec2messages.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ec2messages_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" +} + +########################### +# VPC Endpoint for ECR API +########################### +data "aws_vpc_endpoint_service" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + service = "ecr.api" +} + +resource "aws_vpc_endpoint" "ecr_api" { + count = "${var.create_vpc && var.enable_ecr_api_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ecr_api.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" +} + +########################### +# VPC Endpoint for ECR DKR +########################### +data "aws_vpc_endpoint_service" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + service = "ecr.dkr" +} + +resource "aws_vpc_endpoint" "ecr_dkr" { + count = "${var.create_vpc && var.enable_ecr_dkr_endpoint ? 1 : 0}" + + vpc_id = "${local.vpc_id}" + service_name = "${data.aws_vpc_endpoint_service.ecr_dkr.service_name}" + vpc_endpoint_type = "Interface" + + security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] + subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] + private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" +} + ########################## # Route table association ########################## diff --git a/outputs.tf b/outputs.tf index c19aba155..277706622 100644 --- a/outputs.tf +++ b/outputs.tf @@ -193,31 +193,11 @@ output "igw_id" { value = "${element(concat(aws_internet_gateway.this.*.id, list("")), 0)}" } -output "vpc_endpoint_s3_id" { - description = "The ID of VPC endpoint for S3" - value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}" -} - -output "vpc_endpoint_s3_pl_id" { - description = "The prefix list for the S3 VPC endpoint." - value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}" -} - -output "vpc_endpoint_dynamodb_id" { - description = "The ID of VPC endpoint for DynamoDB" - value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}" -} - output "vgw_id" { description = "The ID of the VPN Gateway" value = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id, list("")), 0)}" } -output "vpc_endpoint_dynamodb_pl_id" { - description = "The prefix list for the DynamoDB VPC endpoint." - value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}" -} - output "default_vpc_id" { description = "The ID of the VPC" value = "${element(concat(aws_default_vpc.this.*.id, list("")), 0)}" @@ -278,3 +258,89 @@ output "default_vpc_main_route_table_id" { // value = "${element(concat(aws_default_vpc.this.*.ipv6_cidr_block, list("")), 0)}" //} +# VPC Endpoints +output "vpc_endpoint_s3_id" { + description = "The ID of VPC endpoint for S3" + value = "${element(concat(aws_vpc_endpoint.s3.*.id, list("")), 0)}" +} + +output "vpc_endpoint_s3_pl_id" { + description = "The prefix list for the S3 VPC endpoint." + value = "${element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, list("")), 0)}" +} + +output "vpc_endpoint_dynamodb_id" { + description = "The ID of VPC endpoint for DynamoDB" + value = "${element(concat(aws_vpc_endpoint.dynamodb.*.id, list("")), 0)}" +} + +output "vpc_endpoint_dynamodb_pl_id" { + description = "The prefix list for the DynamoDB VPC endpoint." + value = "${element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, list("")), 0)}" +} + +output "vpc_endpoint_ssm_id" { + description = "The ID of VPC endpoint for SSM" + value = "${element(concat(aws_vpc_endpoint.ssm.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ssm_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSM." + value = "${flatten(aws_vpc_endpoint.ssm.*.network_interface_ids)}" +} + +output "vpc_endpoint_ssm_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSM." + value = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}" +} + +output "vpc_endpoint_ssmmessages_id" { + description = "The ID of VPC endpoint for SSMMESSAGES" + value = "${element(concat(aws_vpc_endpoint.ssmmessages.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ssmmessages_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGES." + value = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}" +} + +output "vpc_endpoint_ssmmessages_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SSMMESSAGES." + value = "${flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)}" +} + +output "vpc_endpoint_ec2_id" { + description = "The ID of VPC endpoint for EC2" + value = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ec2_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EC2" + value = "${flatten(aws_vpc_endpoint.ec2.*.network_interface_ids)}" +} + +output "vpc_endpoint_ec2_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EC2." + value = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}" +} + +output "vpc_endpoint_ec2messages_id" { + description = "The ID of VPC endpoint for EC2MESSAGES" + value = "${element(concat(aws_vpc_endpoint.ec2messages.*.id, list("")), 0)}" +} + +output "vpc_endpoint_ec2messages_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES" + value = "${flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)}" +} + +output "vpc_endpoint_ec2messages_dns_entry" { + description = "The DNS entries for the VPC Endpoint for EC2MESSAGES." + value = "${flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)}" +} + +# Static values (arguments) +output "azs" { + description = "A list of availability zones specified as argument to this module" + value = "${var.azs}" +} diff --git a/variables.tf b/variables.tf index 13af9383f..b052c6448 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,11 @@ variable "private_subnet_suffix" { default = "private" } +variable "intra_subnet_suffix" { + description = "Suffix to append to intra subnets name" + default = "intra" +} + variable "database_subnet_suffix" { description = "Suffix to append to database subnets name" default = "db" @@ -81,6 +86,12 @@ variable "elasticache_subnets" { default = [] } +variable "intra_subnets" { + type = "list" + description = "A list of intra subnets" + default = [] +} + variable "create_database_subnet_route_table" { description = "Controls if separate route table for database should be created" default = false @@ -96,17 +107,31 @@ variable "create_elasticache_subnet_route_table" { default = false } -variable "intra_subnets" { - type = "list" - description = "A list of intra subnets" - default = [] -} - variable "create_database_subnet_group" { description = "Controls if database subnet group should be created" default = true } +variable "create_elasticache_subnet_group" { + description = "Controls if elasticache subnet group should be created" + default = true +} + +variable "create_redshift_subnet_group" { + description = "Controls if redshift subnet group should be created" + default = true +} + +variable "create_database_internet_gateway_route" { + description = "Controls if an internet gateway route for public database access should be created" + default = false +} + +variable "create_database_nat_gateway_route" { + description = "Controls if a nat gateway route should be created to give internet access to the database subnets" + default = false +} + variable "azs" { description = "A list of availability zones in the region" default = [] @@ -158,6 +183,126 @@ variable "enable_s3_endpoint" { default = false } +variable "enable_ssm_endpoint" { + description = "Should be true if you want to provision an SSM endpoint to the VPC" + default = false +} + +variable "ssm_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SSM endpoint" + default = [] +} + +variable "ssm_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "ssm_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint" + default = false +} + +variable "enable_ssmmessages_endpoint" { + description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC" + default = false +} + +variable "ssmmessages_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint" + default = [] +} + +variable "ssmmessages_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "ssmmessages_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint" + default = false +} + +variable "enable_ec2_endpoint" { + description = "Should be true if you want to provision an EC2 endpoint to the VPC" + default = false +} + +variable "ec2_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint" + default = [] +} + +variable "ec2_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint" + default = false +} + +variable "ec2_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "enable_ec2messages_endpoint" { + description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC" + default = false +} + +variable "ec2messages_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint" + default = [] +} + +variable "ec2messages_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint" + default = false +} + +variable "ec2messages_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "enable_ecr_api_endpoint" { + description = "Should be true if you want to provision an ecr api endpoint to the VPC" + default = false +} + +variable "ecr_api_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used." + default = [] +} + +variable "ecr_api_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint" + default = false +} + +variable "ecr_api_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint" + default = [] +} + +variable "enable_ecr_dkr_endpoint" { + description = "Should be true if you want to provision an ecr dkr endpoint to the VPC" + default = false +} + +variable "ecr_dkr_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used." + default = [] +} + +variable "ecr_dkr_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint" + default = false +} + +variable "ecr_dkr_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint" + default = [] +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" default = true