From b4ce669de3d31d250d6527fa454107a31d46e65a Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 10 May 2021 12:38:31 -0400 Subject: [PATCH] fix subnet variables --- common/variables.common.subnet_ids.tf | 21 ++++++++ common/variables.common.subnets.tf | 30 ++++++----- nacls/README.md | 70 ++++++++++++++++++++++++++ nacls/variables.common.subnet_ids.tf | 1 + nacls/variables.common.subnets.tf | 1 - routing/variables.common.subnet_ids.tf | 1 + routing/variables.common.subnets.tf | 1 - 7 files changed, 111 insertions(+), 14 deletions(-) create mode 100644 common/variables.common.subnet_ids.tf create mode 100644 nacls/README.md create mode 120000 nacls/variables.common.subnet_ids.tf delete mode 120000 nacls/variables.common.subnets.tf create mode 120000 routing/variables.common.subnet_ids.tf delete mode 120000 routing/variables.common.subnets.tf diff --git a/common/variables.common.subnet_ids.tf b/common/variables.common.subnet_ids.tf new file mode 100644 index 0000000..ab8544e --- /dev/null +++ b/common/variables.common.subnet_ids.tf @@ -0,0 +1,21 @@ +variable "public_subnets_ids" { + description = "List of public subnet objects including: subnet, label, availability_zone, id" + type = list(object({ + subnet = string + label = string + availability_zone = string + id = string + })) + default = [] +} + +variable "private_subnets_ids" { + description = "List of private subnet objects including: subnet, label, availability_zone, id" + type = list(object({ + subnet = string + label = string + availability_zone = string + id = string + })) + default = [] +} diff --git a/common/variables.common.subnets.tf b/common/variables.common.subnets.tf index ab8544e..5aae931 100644 --- a/common/variables.common.subnets.tf +++ b/common/variables.common.subnets.tf @@ -1,21 +1,27 @@ -variable "public_subnets_ids" { - description = "List of public subnet objects including: subnet, label, availability_zone, id" +variable "public_subnets" { + description = "List of objects with public subnet information to be created" type = list(object({ - subnet = string - label = string - availability_zone = string - id = string + base_cidr = string + label = string + bits = number + private = bool + # subnets = list(string) + # labels = list(string) + # availability_zones = list(string) })) default = [] } -variable "private_subnets_ids" { - description = "List of private subnet objects including: subnet, label, availability_zone, id" +variable "private_subnets" { + description = "List of objects with private subnet information to be created" type = list(object({ - subnet = string - label = string - availability_zone = string - id = string + base_cidr = string + label = string + bits = number + private = bool + # subnets = list(string) + # labels = list(string) + # availability_zones = list(string) })) default = [] } diff --git a/nacls/README.md b/nacls/README.md new file mode 100644 index 0000000..e3697f5 --- /dev/null +++ b/nacls/README.md @@ -0,0 +1,70 @@ +# About aws-vpc-setup :: nacls + +This submodule creates network access control lists (nacls). The submodule nacl-rules sets up the rules for +each specific nacl. This creates both a public and a private NACL. + +# Usage + +```hcl +module "nacls" { + source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//nacls" + vpc_id = var.vpc_id + public_subnets_ids = [ for s in module.subnets.public_subnets_ids : s.id ] + private_subnets_ids = [ for s in module.subnets.private_subnets_ids : s.id ] + vpc_full_name = var.vpc_full_name + + # optional + vpc_name = var.vpc_name + vpc_short_name = var.vpc_short_name + + tags = {} +} +``` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_network_acl.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | +| [aws_network_acl.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no | +| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no | +| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | +| [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | 
list(object({
    subnet            = string
    label             = string
    availability_zone = string
    id                = string
  }))
| `[]` | no | +| [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | 
list(object({
    subnet            = string
    label             = string
    availability_zone = string
    id                = string
  }))
| `[]` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | +| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no | +| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes | +| [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no | +| [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no | +| [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [private\_network\_acl\_id](#output\_private\_network\_acl\_id) | private network ACL ID | +| [public\_network\_acl\_id](#output\_public\_network\_acl\_id) | public network ACL ID | diff --git a/nacls/variables.common.subnet_ids.tf b/nacls/variables.common.subnet_ids.tf new file mode 120000 index 0000000..3d70185 --- /dev/null +++ b/nacls/variables.common.subnet_ids.tf @@ -0,0 +1 @@ +../common/variables.common.subnet_ids.tf \ No newline at end of file diff --git a/nacls/variables.common.subnets.tf b/nacls/variables.common.subnets.tf deleted file mode 120000 index ad715ca..0000000 --- a/nacls/variables.common.subnets.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.subnets.tf \ No newline at end of file diff --git a/routing/variables.common.subnet_ids.tf b/routing/variables.common.subnet_ids.tf new file mode 120000 index 0000000..3d70185 --- /dev/null +++ b/routing/variables.common.subnet_ids.tf @@ -0,0 +1 @@ +../common/variables.common.subnet_ids.tf \ No newline at end of file diff --git a/routing/variables.common.subnets.tf b/routing/variables.common.subnets.tf deleted file mode 120000 index ad715ca..0000000 --- a/routing/variables.common.subnets.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.subnets.tf \ No newline at end of file