update docs

terraform-modules · Apr 8, 2021 · c1aeee9 · c1aeee9
1 parent d3d5759
commit c1aeee9
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 47 deletions.
diff --git a/vpc-remove-defaults/README.md b/vpc-remove-defaults/README.md
@@ -9,9 +9,7 @@ module "vpc_defaults" {
   account_alias         = "ma5-gov"
 
   ## optional
-  # enable_delete       = true
   # enable_igw_check    = true
-
   # region              = "us-gov-west-1"
   # profile             = "myprofile"
 }
@@ -32,17 +30,29 @@ On a new account, a number of default things are set up:
 
 These can be somewhat managed by Terraform, but destroying the resources does not remove them.
 This module generates a script which uses the `aws` CLI to remove all the resources.  It is in
-`setup/delete-defaults.sh`.  Run it like this for dry-run:
+`setup/delete-defaults.sh`.  It is run like so:
 
 ```console
 % setup/delete-defaults.sh
 ```
 
- To execute it not in dry-run mode, pass any argument:
+To execute it not in dry-run mode, pass any argument:
 ```console
-% setup/delete-defaults.sh 1
+% setup/delete-defaults.sh true
+```
+
+To remove all the defaults, which is what we are required to do, you need a few steps:
+1. plan
+1. apply
+1. destroy
+1. run script
+
+```shell
+tf-plan -target=module.vpc_defaults
+tf-apply -target=module.vpc_defaults
+tf-destory -target=module.vpc_defaults
+setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log
 ```
-If the module is set with `enable_delete` set to true, this will be run automatically.
 
 ## Requirements
 
@@ -69,7 +79,6 @@ No modules.
 | [aws_default_subnet.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_subnet) | resource |
 | [aws_default_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource |
 | [aws_default_vpc_dhcp_options.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc_dhcp_options) | resource |
-| [null_resource.execute_script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
@@ -83,7 +92,6 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
-| <a name="input_enable_delete"></a> [enable\_delete](#input\_enable\_delete) | Execute delete-defaults.sh script at the end of apply | `bool` | `false` | no |
 | <a name="input_enable_igw_check"></a> [enable\_igw\_check](#input\_enable\_igw\_check) | Enable check of Internet Gateway (IGW) as part of default detection | `bool` | `true` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS Config profile (required for calling the aws cli; assumed to be {account\_id}-{account\_alias}) | `string` | `""` | no |

diff --git a/vpc-remove-defaults/main.tf b/vpc-remove-defaults/main.tf
@@ -10,9 +10,7 @@
 *   account_alias         = "ma5-gov"
 *
 *   ## optional
-*   # enable_delete       = true
 *   # enable_igw_check    = true
-*
 *   # region              = "us-gov-west-1"
 *   # profile             = "myprofile"
 * }
@@ -33,17 +31,29 @@
 *
 * These can be somewhat managed by Terraform, but destroying the resources does not remove them.
 * This module generates a script which uses the `aws` CLI to remove all the resources.  It is in
-* `setup/delete-defaults.sh`.  Run it like this for dry-run:
+* `setup/delete-defaults.sh`.  It is run like so:
 *
 * ```console
 * % setup/delete-defaults.sh
 * ```
 *
-*  To execute it not in dry-run mode, pass any argument:
+* To execute it not in dry-run mode, pass any argument:
 * ```console
-* % setup/delete-defaults.sh 1
+* % setup/delete-defaults.sh true
+* ```
+*
+* To remove all the defaults, which is what we are required to do, you need a few steps:
+* 1. plan
+* 1. apply
+* 1. destroy
+* 1. run script
+*
+* ```shell
+* tf-plan -target=module.vpc_defaults
+* tf-apply -target=module.vpc_defaults
+* tf-destory -target=module.vpc_defaults
+* setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log
 * ```
-* If the module is set with `enable_delete` set to true, this will be run automatically.
 */
 
 locals {
@@ -76,8 +86,7 @@ locals {
       route_table      = aws_default_route_table.default.id
       vpc_dhcp_options = aws_default_vpc_dhcp_options.default.id
       vpc              = aws_default_vpc.default.id
-      #      igw              = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : ""
-      igw = join("", data.aws_internet_gateway.default[*].id)
+      igw              = join("", data.aws_internet_gateway.default[*].id)
   })
 }
 
@@ -169,21 +178,6 @@ data "aws_internet_gateway" "default" {
   }
 }
 
-# import this, then remove it
-# resource "aws_internet_gateway" "default" {
-#   vpc_id = local.vpc_id
-# }
-
-# resource "null_resource" "default_igw" {
-#   count = local.enable_defaults
-#   triggers = {
-#     igw_id = data.aws_internet_gateway.default.id
-#   }
-#   #  provisioner "local-exec" {
-#   #    command = "echo 'remove internet-gateway id ${data.aws_internet_gateway.default.id}'"
-#   #  }
-# }
-
 resource "null_resource" "script" {
   triggers = {}
 
@@ -198,15 +192,15 @@ resource "null_resource" "script" {
   }
 }
 
-resource "null_resource" "execute_script" {
-  count = var.enable_delete ? 1 : 0
-  triggers = {
-    script_created = null_resource.script.id
-  }
-  provisioner "local-exec" {
-    command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log"
-  }
-}
+# resource "null_resource" "execute_script" {
+#   count = var.enable_delete ? 1 : 0
+#   triggers = {
+#     script_created = null_resource.script.id
+#   }
+#   provisioner "local-exec" {
+#     command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log"
+#   }
+# }
 
 output "defaults" {
   description = "AWS VPC Defaults"
@@ -217,7 +211,6 @@ output "defaults" {
     "route_table"      = aws_default_route_table.default.id
     "vpc_dhcp_options" = aws_default_vpc_dhcp_options.default.id
     "vpc"              = aws_default_vpc.default.id
-    #    "igw"              = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : ""
-    "igw" = join("", data.aws_internet_gateway.default[*].id)
+    "igw"              = join("", data.aws_internet_gateway.default[*].id)
   }
 }
diff --git a/vpc-remove-defaults/variables.tf b/vpc-remove-defaults/variables.tf
@@ -1,8 +1,8 @@
-variable "enable_delete" {
-  description = "Execute delete-defaults.sh script at the end of apply"
-  type        = bool
-  default     = false
-}
+# variable "enable_delete" {
+#   description = "Execute delete-defaults.sh script at the end of apply"
+#   type        = bool
+#   default     = false
+# }
 
 variable "enable_igw_check" {
   description = "Enable check of Internet Gateway (IGW) as part of default detection"