diff --git a/vpc-remove-defaults/README.md b/vpc-remove-defaults/README.md
index f1f77ab..761ee38 100644
--- a/vpc-remove-defaults/README.md
+++ b/vpc-remove-defaults/README.md
@@ -9,9 +9,7 @@ module "vpc_defaults" {
account_alias = "ma5-gov"
## optional
- # enable_delete = true
# enable_igw_check = true
-
# region = "us-gov-west-1"
# profile = "myprofile"
}
@@ -32,17 +30,29 @@ On a new account, a number of default things are set up:
These can be somewhat managed by Terraform, but destroying the resources does not remove them.
This module generates a script which uses the `aws` CLI to remove all the resources. It is in
-`setup/delete-defaults.sh`. Run it like this for dry-run:
+`setup/delete-defaults.sh`. It is run like so:
```console
% setup/delete-defaults.sh
```
- To execute it not in dry-run mode, pass any argument:
+To execute it not in dry-run mode, pass any argument:
```console
-% setup/delete-defaults.sh 1
+% setup/delete-defaults.sh true
+```
+
+To remove all the defaults, which is what we are required to do, you need a few steps:
+1. plan
+1. apply
+1. destroy
+1. run script
+
+```shell
+tf-plan -target=module.vpc_defaults
+tf-apply -target=module.vpc_defaults
+tf-destory -target=module.vpc_defaults
+setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log
```
-If the module is set with `enable_delete` set to true, this will be run automatically.
## Requirements
@@ -69,7 +79,6 @@ No modules.
| [aws_default_subnet.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_subnet) | resource |
| [aws_default_vpc.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | resource |
| [aws_default_vpc_dhcp_options.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc_dhcp_options) | resource |
-| [null_resource.execute_script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [null_resource.script](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
@@ -83,7 +92,6 @@ No modules.
|------|-------------|------|---------|:--------:|
| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
-| [enable\_delete](#input\_enable\_delete) | Execute delete-defaults.sh script at the end of apply | `bool` | `false` | no |
| [enable\_igw\_check](#input\_enable\_igw\_check) | Enable check of Internet Gateway (IGW) as part of default detection | `bool` | `true` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
| [profile](#input\_profile) | AWS Config profile (required for calling the aws cli; assumed to be {account\_id}-{account\_alias}) | `string` | `""` | no |
diff --git a/vpc-remove-defaults/main.tf b/vpc-remove-defaults/main.tf
index 5aafac7..265b54a 100644
--- a/vpc-remove-defaults/main.tf
+++ b/vpc-remove-defaults/main.tf
@@ -10,9 +10,7 @@
* account_alias = "ma5-gov"
*
* ## optional
-* # enable_delete = true
* # enable_igw_check = true
-*
* # region = "us-gov-west-1"
* # profile = "myprofile"
* }
@@ -33,17 +31,29 @@
*
* These can be somewhat managed by Terraform, but destroying the resources does not remove them.
* This module generates a script which uses the `aws` CLI to remove all the resources. It is in
-* `setup/delete-defaults.sh`. Run it like this for dry-run:
+* `setup/delete-defaults.sh`. It is run like so:
*
* ```console
* % setup/delete-defaults.sh
* ```
*
-* To execute it not in dry-run mode, pass any argument:
+* To execute it not in dry-run mode, pass any argument:
* ```console
-* % setup/delete-defaults.sh 1
+* % setup/delete-defaults.sh true
+* ```
+*
+* To remove all the defaults, which is what we are required to do, you need a few steps:
+* 1. plan
+* 1. apply
+* 1. destroy
+* 1. run script
+*
+* ```shell
+* tf-plan -target=module.vpc_defaults
+* tf-apply -target=module.vpc_defaults
+* tf-destory -target=module.vpc_defaults
+* setup/delete-defaults.sh true |& tee setup/delete-defaults.sh.log
* ```
-* If the module is set with `enable_delete` set to true, this will be run automatically.
*/
locals {
@@ -76,8 +86,7 @@ locals {
route_table = aws_default_route_table.default.id
vpc_dhcp_options = aws_default_vpc_dhcp_options.default.id
vpc = aws_default_vpc.default.id
- # igw = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : ""
- igw = join("", data.aws_internet_gateway.default[*].id)
+ igw = join("", data.aws_internet_gateway.default[*].id)
})
}
@@ -169,21 +178,6 @@ data "aws_internet_gateway" "default" {
}
}
-# import this, then remove it
-# resource "aws_internet_gateway" "default" {
-# vpc_id = local.vpc_id
-# }
-
-# resource "null_resource" "default_igw" {
-# count = local.enable_defaults
-# triggers = {
-# igw_id = data.aws_internet_gateway.default.id
-# }
-# # provisioner "local-exec" {
-# # command = "echo 'remove internet-gateway id ${data.aws_internet_gateway.default.id}'"
-# # }
-# }
-
resource "null_resource" "script" {
triggers = {}
@@ -198,15 +192,15 @@ resource "null_resource" "script" {
}
}
-resource "null_resource" "execute_script" {
- count = var.enable_delete ? 1 : 0
- triggers = {
- script_created = null_resource.script.id
- }
- provisioner "local-exec" {
- command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log"
- }
-}
+# resource "null_resource" "execute_script" {
+# count = var.enable_delete ? 1 : 0
+# triggers = {
+# script_created = null_resource.script.id
+# }
+# provisioner "local-exec" {
+# command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log"
+# }
+# }
output "defaults" {
description = "AWS VPC Defaults"
@@ -217,7 +211,6 @@ output "defaults" {
"route_table" = aws_default_route_table.default.id
"vpc_dhcp_options" = aws_default_vpc_dhcp_options.default.id
"vpc" = aws_default_vpc.default.id
- # "igw" = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list(""))[0] : ""
- "igw" = join("", data.aws_internet_gateway.default[*].id)
+ "igw" = join("", data.aws_internet_gateway.default[*].id)
}
}
diff --git a/vpc-remove-defaults/variables.tf b/vpc-remove-defaults/variables.tf
index 02bfe33..5250d03 100644
--- a/vpc-remove-defaults/variables.tf
+++ b/vpc-remove-defaults/variables.tf
@@ -1,8 +1,8 @@
-variable "enable_delete" {
- description = "Execute delete-defaults.sh script at the end of apply"
- type = bool
- default = false
-}
+# variable "enable_delete" {
+# description = "Execute delete-defaults.sh script at the end of apply"
+# type = bool
+# default = false
+# }
variable "enable_igw_check" {
description = "Enable check of Internet Gateway (IGW) as part of default detection"