diff --git a/CHANGELOG.md b/CHANGELOG.md
index 604df09..87b6813 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,3 +38,7 @@
* v1.1.2 -- 20210702
- routing
- export vpc s3 and dynamodb cidr blocks too, change the way the structure is constructed
+
+* v1.1.3 -- 20210708
+ - subnets
+ - add per-subnet tags
diff --git a/common/variables.common.subnets.tf b/common/variables.common.subnets.tf
index 5aae931..a4c5cfe 100644
--- a/common/variables.common.subnets.tf
+++ b/common/variables.common.subnets.tf
@@ -8,6 +8,7 @@ variable "public_subnets" {
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
+ tags = map(string)
}))
default = []
}
@@ -22,6 +23,7 @@ variable "private_subnets" {
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
+ tags = map(string)
}))
default = []
}
diff --git a/common/version.tf b/common/version.tf
index 1cc6d9a..7d60583 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.1.2"
+ _module_version = "1.1.3"
}
diff --git a/subnets/README.md b/subnets/README.md
index e237632..ff2eb35 100644
--- a/subnets/README.md
+++ b/subnets/README.md
@@ -21,6 +21,31 @@ module "subnets" {
tags = {}
}
+
+# Subnet structure
+Both `private_subnets` and `public_subnets` have the same structure. They are a list of subnet
+information _objects_:
+
+```hcl
+ type = list(object({
+ base\_cidr = string
+ label = string
+ bits = number
+ private = bool
+ tags = map(string)
+ }))
+```
+
+* base_cidr: CIDR block for the subnet "collection". This is an aggrated block of smaller subnets, one
+per availability zone deployed. Note that this module doesn't stop you from using the wrong blocking. If you
+specify a /24 split into /26s (2 bits of extra mask) but have 5 availability zones, you'll overrun into the next
+block. You'll get errors.
+* label: a text label to be applied to each subnet, which will be formatted aws {vpc_full_name}-{label}-{availability_zone}
+* bits: number of additional bits to add to the mask. Generally, for four availability zones, you'll want to use
+2 here (2^2 = 4). For two AZs, you can use 1 (2^1 = 2).
+* private: boolean flag indicating whether the subnet is for public use (like with an EIB and NAT gateway or ALB), or private. Most will
+be private.
+* tags: map of key/value pairs for per-subnet block tags. This was introduced to support EKS subnet tagging.
```
## Requirements
@@ -57,8 +82,8 @@ No modules.
| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
private = bool
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
})) | `[]` | no |
-| [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
private = bool
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
})) | `[]` | no |
+| [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
private = bool
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
tags = map(string)
})) | `[]` | no |
+| [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
private = bool
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
tags = map(string)
})) | `[]` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
diff --git a/subnets/main.tf b/subnets/main.tf
index 7e88406..9cd6d9b 100644
--- a/subnets/main.tf
+++ b/subnets/main.tf
@@ -22,6 +22,32 @@
*
* tags = {}
* }
+*
+* # Subnet structure
+* Both `private_subnets` and `public_subnets` have the same structure. They are a list of subnet
+* information _objects_:
+*
+* ```hcl
+* type = list(object({
+* base_cidr = string
+* label = string
+* bits = number
+* private = bool
+* tags = map(string)
+* }))
+* ```
+*
+* * base_cidr: CIDR block for the subnet "collection". This is an aggrated block of smaller subnets, one
+* per availability zone deployed. Note that this module doesn't stop you from using the wrong blocking. If you
+* specify a /24 split into /26s (2 bits of extra mask) but have 5 availability zones, you'll overrun into the next
+* block. You'll get errors.
+* * label: a text label to be applied to each subnet, which will be formatted aws {vpc_full_name}-{label}-{availability_zone}
+* * bits: number of additional bits to add to the mask. Generally, for four availability zones, you'll want to use
+* 2 here (2^2 = 4). For two AZs, you can use 1 (2^1 = 2).
+* * private: boolean flag indicating whether the subnet is for public use (like with an EIB and NAT gateway or ALB), or private. Most will
+* be private.
+* * tags: map of key/value pairs for per-subnet block tags. This was introduced to support EKS subnet tagging.
+*
*/
locals {
@@ -53,10 +79,11 @@ locals {
subnets = [for i in local.az_count_list : cidrsubnet(v.base_cidr, v.bits, i)]
labels = [for az in local.availability_zones : format("%s-%s", v.label, az)]
availability_zones = local.availability_zones
+ tags = lookup(v, "tags", {})
}
}
public_map = flatten([for k, v in local.public_subnets :
- [for i in local.az_count_list : tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] })]])
+ [for i in local.az_count_list : tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i], "tags" = v.tags })]])
}
@@ -69,6 +96,7 @@ resource "aws_subnet" "public" {
tags = merge(
local.base_tags,
var.tags,
+ each.value.tags,
map("Name", format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label))
)
}
@@ -87,10 +115,11 @@ locals {
subnets = [for i in local.az_count_list : cidrsubnet(v.base_cidr, v.bits, i)]
labels = [for az in local.availability_zones : format("%s-%s", v.label, az)]
availability_zones = local.availability_zones
+ tags = lookup(v, "tags", {})
}
}
private_map = flatten([for k, v in local.private_subnets :
- [for i in local.az_count_list : tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] })]])
+ [for i in local.az_count_list : tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i], "tags" = v.tags })]])
}
resource "aws_subnet" "private" {
@@ -102,6 +131,7 @@ resource "aws_subnet" "private" {
tags = merge(
local.base_tags,
var.tags,
+ each.value.tags,
map("Name", format("%v%v-%v", local._prefixes["subnet"], var.vpc_full_name, each.value.label))
)
}