fix subnet variables

terraform-modules · May 10, 2021 · b4ce669 · b4ce669
1 parent f51069c
commit b4ce669
Show file tree

Hide file tree

Showing 7 changed files with 111 additions and 14 deletions.
diff --git a/common/variables.common.subnet_ids.tf b/common/variables.common.subnet_ids.tf
@@ -0,0 +1,21 @@
+variable "public_subnets_ids" {
+  description = "List of public subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
+
+variable "private_subnets_ids" {
+  description = "List of private subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
diff --git a/common/variables.common.subnets.tf b/common/variables.common.subnets.tf
@@ -1,21 +1,27 @@
-variable "public_subnets_ids" {
-  description = "List of public subnet objects including: subnet, label, availability_zone, id"
+variable "public_subnets" {
+  description = "List of objects with public subnet information to be created"
   type = list(object({
-    subnet            = string
-    label             = string
-    availability_zone = string
-    id                = string
+    base_cidr = string
+    label     = string
+    bits      = number
+    private   = bool
+    #      subnets     = list(string)
+    #      labels      = list(string)
+    #      availability_zones = list(string)
   }))
   default = []
 }
 
-variable "private_subnets_ids" {
-  description = "List of private subnet objects including: subnet, label, availability_zone, id"
+variable "private_subnets" {
+  description = "List of objects with private subnet information to be created"
   type = list(object({
-    subnet            = string
-    label             = string
-    availability_zone = string
-    id                = string
+    base_cidr = string
+    label     = string
+    bits      = number
+    private   = bool
+    #      subnets     = list(string)
+    #      labels      = list(string)
+    #      availability_zones = list(string)
   }))
   default = []
 }
diff --git a/nacls/README.md b/nacls/README.md
@@ -0,0 +1,70 @@
+# About aws-vpc-setup :: nacls
+
+This submodule creates network access control lists (nacls).  The submodule nacl-rules sets up the rules for
+each specific nacl. This creates both a public and a private NACL.
+
+# Usage
+
+```hcl
+module "nacls" {
+  source               = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacls"
+  vpc_id               = var.vpc_id
+  public_subnets_ids   = [ for s in module.subnets.public_subnets_ids : s.id ]
+  private_subnets_ids   = [ for s in module.subnets.private_subnets_ids : s.id ]
+  vpc_full_name        = var.vpc_full_name
+
+  # optional
+  vpc_name             = var.vpc_name
+  vpc_short_name       = var.vpc_short_name
+
+  tags = {}
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_public_subnets_ids"></a> [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_private_network_acl_id"></a> [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | private network ACL ID |
+| <a name="output_public_network_acl_id"></a> [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | public network ACL ID |
diff --git a/nacls/variables.common.subnet_ids.tf b/nacls/variables.common.subnet_ids.tf
@@ -0,0 +1 @@
+../common/variables.common.subnet_ids.tf
diff --git a/nacls/variables.common.subnets.tf b/nacls/variables.common.subnets.tf
diff --git a/routing/variables.common.subnet_ids.tf b/routing/variables.common.subnet_ids.tf
@@ -0,0 +1 @@
+../common/variables.common.subnet_ids.tf
diff --git a/routing/variables.common.subnets.tf b/routing/variables.common.subnets.tf