diff --git a/routing/README.md b/routing/README.md
index e21b747..7f5a4f2 100644
--- a/routing/README.md
+++ b/routing/README.md
@@ -73,6 +73,8 @@ No modules.
| [enable\_vpc\_endpoint\_dynamodb](#input\_enable\_vpc\_endpoint\_dynamodb) | Flag to enable\|disable DynamoDB VPC Endpoint (default: true) | `bool` | `true` | no |
| [enable\_vpc\_endpoint\_s3](#input\_enable\_vpc\_endpoint\_s3) | Flag to enable\|disable S3 VPC Endpoint (default: true) | `bool` | `true` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | list(object({
subnet = string
label = string
availability_zone = string
id = string
})) | `[]` | no |
+| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | list(object({
subnet = string
label = string
availability_zone = string
id = string
})) | `[]` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | n/a | yes |
| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
diff --git a/routing/main.tf b/routing/main.tf
index 93e74ee..f02bab8 100644
--- a/routing/main.tf
+++ b/routing/main.tf
@@ -55,9 +55,9 @@ resource "aws_route_table" "public" {
}
resource "aws_route_table_association" "public" {
- count = length(local.public_subnets)
- subnet_id = aws_subnet.public[count.index].id
- route_table_id = element(aws_route_table.public[*].id, count.index)
+ for_each = { for subnet in var.public_subnet_ids : subnet.label => subnet }
+ subnet_id = each.value.id
+ route_table_id = aws_route_table.public[each.value.availability_zone].id
}
#---
@@ -74,24 +74,12 @@ resource "aws_route_table" "private" {
)
}
-# resource "aws_route_table" "private" {
-# count = local.az_count
-# vpc_id = aws_vpc.vpc.id
-# # propagating_vgws = var.vpc_vpn_dynamic_routing ? [ aws_vpn_gateway.vpn.id ] : []
-#
-# tags = merge(
-# local.common_tags,
-# map("Name", format("route-%s-%s-%s", var.vpc_full_name, "private", element(local.az_list, count.index)))
-# )
-# }
-
resource "aws_route_table_association" "private" {
- count = length(local.private_subnets)
- subnet_id = aws_subnet.private[count.index].id
- route_table_id = element(aws_route_table.private[*].id, count.index)
+ for_each = { for subnet in var.private_subnet_ids : subnet.label => subnet }
+ subnet_id = each.value.id
+ route_table_id = aws_route_table.private[each.value.availability_zone].id
}
-
#---
# NAT Gateway setup
# EIP
@@ -121,12 +109,16 @@ resource "aws_internet_gateway" "gateway" {
)
}
-# need public subnet ids by az
+# assume only 1 public subnet block (per AZ)
+# should figure out the first one
+locals {
+ public_subnet_ids_az = { for subnet in var.public_subnet_ids : subnet.availability_zone => subnet }
+}
+
resource "aws_nat_gateway" "nat" {
- for_each = var.enable_igw && var.enable_nat ? local.availability_zones : local.empty
+ for_each = var.enable_igw && var.enable_nat ? zipmap(local.availability_zones, local.public_subnet_ids_az) : local.empty
allocation_id = aws_eip.nat[each.key].id
- # subnet_id = element(aws_subnet.public[*].id, count.index)
- subnet_id = "string"
+ subnet_id = each.value
# depends_on = [aws_internet_gateway.gateway]
tags = merge(
diff --git a/routing/variables.tf b/routing/variables.tf
index 4c23749..bdb1ceb 100644
--- a/routing/variables.tf
+++ b/routing/variables.tf
@@ -38,6 +38,29 @@ variable "availability_zones" {
default = []
}
+variable "public_subnet_ids" {
+ description = "List of public subnet objects including: subnet, label, availability_zone, id"
+ type = list(object({
+ subnet = string
+ label = string
+ availability_zone = string
+ id = string
+ }))
+ default = []
+}
+
+variable "private_subnet_ids" {
+ description = "List of private subnet objects including: subnet, label, availability_zone, id"
+ type = list(object({
+ subnet = string
+ label = string
+ availability_zone = string
+ id = string
+ }))
+ default = []
+}
+
+
###
##
## variable "vpc_domain_name" {
diff --git a/subnets/README.md b/subnets/README.md
index 7b182f4..e237632 100644
--- a/subnets/README.md
+++ b/subnets/README.md
@@ -74,5 +74,5 @@ No modules.
| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
-| [private\_subnets\_list](#output\_private\_subnets\_list) | Resulting private subnets list of objects: subnet, label, availability\_zone, id |
-| [public\_subnets\_list](#output\_public\_subnets\_list) | Resulting public subnets list of objects: subnet, label, availability\_zone, id |
+| [private\_subnets\_ids](#output\_private\_subnets\_ids) | Resulting private subnets list of objects: subnet, label, availability\_zone, id |
+| [public\_subnets\_ids](#output\_public\_subnets\_ids) | Resulting public subnets list of objects: subnet, label, availability\_zone, id |
diff --git a/subnets/outputs.tf b/subnets/outputs.tf
index 6822e58..e22e49c 100644
--- a/subnets/outputs.tf
+++ b/subnets/outputs.tf
@@ -13,12 +13,12 @@ locals {
]
}
-output "public_subnets_list" {
+output "public_subnets_ids" {
description = "Resulting public subnets list of objects: subnet, label, availability_zone, id"
value = local.output_public_subnets
}
-output "private_subnets_list" {
+output "private_subnets_ids" {
description = "Resulting private subnets list of objects: subnet, label, availability_zone, id"
value = local.output_private_subnets
}