From b5dae4d731f1a7fad861cc4c5670dd04b1ced653 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 3 May 2021 10:44:29 -0400
Subject: [PATCH] update

---
 routing/README.md    |  2 ++
 routing/main.tf      | 36 ++++++++++++++----------------------
 routing/variables.tf | 23 +++++++++++++++++++++++
 subnets/README.md    |  4 ++--
 subnets/outputs.tf   |  4 ++--
 5 files changed, 43 insertions(+), 26 deletions(-)

diff --git a/routing/README.md b/routing/README.md
index e21b747..7f5a4f2 100644
--- a/routing/README.md
+++ b/routing/README.md
@@ -73,6 +73,8 @@ No modules.
 | <a name="input_enable_vpc_endpoint_dynamodb"></a> [enable\_vpc\_endpoint\_dynamodb](#input\_enable\_vpc\_endpoint\_dynamodb) | Flag to enable\|disable DynamoDB VPC Endpoint (default: true) | `bool` | `true` | no |
 | <a name="input_enable_vpc_endpoint_s3"></a> [enable\_vpc\_endpoint\_s3](#input\_enable\_vpc\_endpoint\_s3) | Flag to enable\|disable S3 VPC Endpoint (default: true) | `bool` | `true` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | n/a | yes |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
diff --git a/routing/main.tf b/routing/main.tf
index 93e74ee..f02bab8 100644
--- a/routing/main.tf
+++ b/routing/main.tf
@@ -55,9 +55,9 @@ resource "aws_route_table" "public" {
 }
 
 resource "aws_route_table_association" "public" {
-  count          = length(local.public_subnets)
-  subnet_id      = aws_subnet.public[count.index].id
-  route_table_id = element(aws_route_table.public[*].id, count.index)
+  for_each       = { for subnet in var.public_subnet_ids : subnet.label => subnet }
+  subnet_id      = each.value.id
+  route_table_id = aws_route_table.public[each.value.availability_zone].id
 }
 
 #---
@@ -74,24 +74,12 @@ resource "aws_route_table" "private" {
   )
 }
 
-# resource "aws_route_table" "private" {
-#   count  = local.az_count
-#   vpc_id = aws_vpc.vpc.id
-#   #  propagating_vgws = var.vpc_vpn_dynamic_routing ? [ aws_vpn_gateway.vpn.id ] : []
-# 
-#   tags = merge(
-#     local.common_tags,
-#     map("Name", format("route-%s-%s-%s", var.vpc_full_name, "private", element(local.az_list, count.index)))
-#   )
-# }
-
 resource "aws_route_table_association" "private" {
-  count          = length(local.private_subnets)
-  subnet_id      = aws_subnet.private[count.index].id
-  route_table_id = element(aws_route_table.private[*].id, count.index)
+  for_each       = { for subnet in var.private_subnet_ids : subnet.label => subnet }
+  subnet_id      = each.value.id
+  route_table_id = aws_route_table.private[each.value.availability_zone].id
 }
 
-
 #---
 # NAT Gateway setup
 #   EIP
@@ -121,12 +109,16 @@ resource "aws_internet_gateway" "gateway" {
   )
 }
 
-# need public subnet ids by az
+# assume only 1 public subnet block (per AZ)
+# should figure out the first one
+locals {
+  public_subnet_ids_az = { for subnet in var.public_subnet_ids : subnet.availability_zone => subnet }
+}
+
 resource "aws_nat_gateway" "nat" {
-  for_each      = var.enable_igw && var.enable_nat ? local.availability_zones : local.empty
+  for_each      = var.enable_igw && var.enable_nat ? zipmap(local.availability_zones, local.public_subnet_ids_az) : local.empty
   allocation_id = aws_eip.nat[each.key].id
-  #  subnet_id     = element(aws_subnet.public[*].id, count.index)
-  subnet_id = "string"
+  subnet_id     = each.value
   #  depends_on    = [aws_internet_gateway.gateway]
 
   tags = merge(
diff --git a/routing/variables.tf b/routing/variables.tf
index 4c23749..bdb1ceb 100644
--- a/routing/variables.tf
+++ b/routing/variables.tf
@@ -38,6 +38,29 @@ variable "availability_zones" {
   default     = []
 }
 
+variable "public_subnet_ids" {
+  description = "List of public subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
+
+variable "private_subnet_ids" {
+  description = "List of private subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
+
+
 ###
 ## 
 ## variable "vpc_domain_name" {
diff --git a/subnets/README.md b/subnets/README.md
index 7b182f4..e237632 100644
--- a/subnets/README.md
+++ b/subnets/README.md
@@ -74,5 +74,5 @@ No modules.
 | <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
 | <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
 | <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
-| <a name="output_private_subnets_list"></a> [private\_subnets\_list](#output\_private\_subnets\_list) | Resulting private subnets list of objects: subnet, label, availability\_zone, id |
-| <a name="output_public_subnets_list"></a> [public\_subnets\_list](#output\_public\_subnets\_list) | Resulting public subnets list of objects: subnet, label, availability\_zone, id |
+| <a name="output_private_subnets_ids"></a> [private\_subnets\_ids](#output\_private\_subnets\_ids) | Resulting private subnets list of objects: subnet, label, availability\_zone, id |
+| <a name="output_public_subnets_ids"></a> [public\_subnets\_ids](#output\_public\_subnets\_ids) | Resulting public subnets list of objects: subnet, label, availability\_zone, id |
diff --git a/subnets/outputs.tf b/subnets/outputs.tf
index 6822e58..e22e49c 100644
--- a/subnets/outputs.tf
+++ b/subnets/outputs.tf
@@ -13,12 +13,12 @@ locals {
   ]
 }
 
-output "public_subnets_list" {
+output "public_subnets_ids" {
   description = "Resulting public subnets list of objects: subnet, label, availability_zone, id"
   value       = local.output_public_subnets
 }
 
-output "private_subnets_list" {
+output "private_subnets_ids" {
   description = "Resulting private subnets list of objects: subnet, label, availability_zone, id"
   value       = local.output_private_subnets
 }