diff --git a/CHANGELOG.md b/CHANGELOG.md
index 353f4ac..6233f88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -329,3 +329,7 @@
* 2.9.3 -- 2023-07-05
- flowlogs-transit-gateway
- remove need for iam_role_arn (not needed for s3)
+
+* 2.9.4 -- 2023-07-06
+ - subnet_tags
+ - fix to use the right filter for the subnet label
diff --git a/common/version.tf b/common/version.tf
index 0622996..89f9e9c 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
locals {
- _module_version = "2.9.3"
+ _module_version = "2.9.4"
_module_names = {
"_main_" = "aws-vpc-setup"
diff --git a/subnet_tags/README.md b/subnet_tags/README.md
index ff2bb18..08e17aa 100644
--- a/subnet_tags/README.md
+++ b/subnet_tags/README.md
@@ -109,8 +109,8 @@ No modules.
| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
offset = optional(number, 0)
private = bool
tags = map(string)
enabled = optional(bool, true)
availability_zone = optional(string)
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
})) | `[]` | no |
-| [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
offset = optional(number, 0)
private = bool
tags = map(string)
enabled = optional(bool, true)
availability_zone = optional(string)
# subnets = list(string)
# labels = list(string)
# availability_zones = list(string)
})) | `[]` | no |
+| [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
offset = optional(number, 0)
private = bool
tags = map(string)
enabled = optional(bool, true)
availability_zone = optional(string)
availability_zones = optional(list(string), [])
# subnets = list(string)
# labels = list(string)
})) | `[]` | no |
+| [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | list(object({
base_cidr = string
label = string
bits = number
offset = optional(number, 0)
private = bool
tags = map(string)
enabled = optional(bool, true)
availability_zone = optional(string)
availability_zones = optional(list(string), [])
# subnets = list(string)
# labels = list(string)
})) | `[]` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
diff --git a/subnet_tags/main.tf b/subnet_tags/main.tf
index b76f8c9..7b9e147 100644
--- a/subnet_tags/main.tf
+++ b/subnet_tags/main.tf
@@ -96,8 +96,9 @@ locals {
tags = lookup(v, "tags", {})
} if v.enabled
}
- public_map = flatten([for k, v in local.public_subnets :
+ _public_map = flatten([for k, v in local.public_subnets :
[for i in local.az_count_list : merge(tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+ public_map = { for p in local._public_map : p.label => p }
}
@@ -111,14 +112,13 @@ data "aws_subnets" "public" {
}
filter {
name = "tag:Name"
- values = [format("*-%v-*", each.key)]
+ values = [format("*-%v", each.key)]
}
}
locals {
- public_ids = merge([for k, v in data.aws_subnets.public : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
- public_tag_keys = { for p in local.public_ids : p => keys(local.public_subnets[p.label].tags) }
- public_tags = merge([for p, v in local.public_ids : { for t in v : format("%v_%v", p, t) => { tag_label = format("%v_%v", p, t), id_label = p, subnet_id = local.public_ids[p].subnet_id, tag_key = t, tag_value = local.public_subnets[p].tags[t] } }]...)
+ public_ids = merge([for k, v in data.aws_subnets.public : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
+ public_tags = merge([for p, v in local.public_ids : { for tk, tv in local.public_map[v.label].tags : format("%v_%v", p, tk) => { tag_label = format("%v_%v", p, tk), id_label = p, subnet_id = v.subnet_id, tag_key = tk, tag_value = tv } }]...)
}
data "aws_subnet" "public" {
@@ -149,27 +149,27 @@ locals {
tags = lookup(v, "tags", {})
} if v.enabled
}
- private_map = flatten([for k, v in local.private_subnets :
- [for i in local.az_count_list : merge(tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+ _private_map = flatten([for k, v in local.private_subnets :
+ [for i in local.az_count_list : merge(tomap({ "base_label" = v.label, "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+ private_map = { for p in local._private_map : p.label => p }
}
# ignore attachment, as it is not shared
data "aws_subnets" "private" {
- for_each = { for subnet in local.private_map : subnet.label => subnet if subnet.label != "attachment" && length(subnet.tags) > 0 }
+ for_each = { for k, subnet in local.private_map : subnet.label => subnet if subnet.base_label != "attachment" && length(subnet.tags) > 0 }
filter {
name = "vpc-id"
values = [var.vpc_id]
}
filter {
name = "tag:Name"
- values = [format("*-%v-*", each.key)]
+ values = [format("*-%v", each.key)]
}
}
locals {
- private_ids = merge([for k, v in data.aws_subnets.private : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
- private_tag_keys = { for p in local.private_ids : p => keys(local.private_subnets[p.label].tags) }
- private_tags = merge([for p, v in local.private_ids : { for t in v : format("%v_%v", p, t) => { tag_label = format("%v_%v", p, t), id_label = p, subnet_id = local.private_ids[p].subnet_id, tag_key = t, tag_value = local.private_subnets[p].tags[t] } }]...)
+ private_ids = merge([for k, v in data.aws_subnets.private : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
+ private_tags = merge([for p, v in local.private_ids : { for tk, tv in local.private_map[v.label].tags : format("%v_%v", p, tk) => { tag_label = format("%v_%v", p, tk), id_label = p, subnet_id = v.subnet_id, tag_key = tk, tag_value = tv } }]...)
}
data "aws_subnet" "private" {
@@ -183,3 +183,15 @@ resource "aws_ec2_tag" "private" {
key = each.value.tag_key
value = each.value.tag_value
}
+
+## output "subnet_tags_debug" {
+## value = {
+## private_subnets = local.private_subnets
+## private_map = local.private_map
+## data_aws_subnets_private = data.aws_subnets.private
+## data_aws_subnet_private = data.aws_subnet.private
+## private_ids = local.private_ids
+## private_tags = local.private_tags
+## aws_ec2_tag = aws_ec2_tag.private
+## }
+## }