* 2.9.17 -- 2024-05-09

  - tag-shared-vpc-resources
    - remap Name tag of subnet if the AZ ID is different in the source vs the taget

CHANGELOG.md

@@ -387,3 +387,7 @@
 * 2.9.16 -- 2024-05-08
   - tag-shared-vpc-resources
     - fix nacl tagging
+
+* 2.9.17 -- 2024-05-09
+  - tag-shared-vpc-resources
+    - remap Name tag of subnet if the AZ ID is different in the source vs the taget

tag-shared-vpc-resources/README.md

@@ -401,6 +401,8 @@ No modules.
 | [null_resource.setup_directory](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_ec2_transit_gateway.transit_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
@@ -441,5 +443,9 @@ No modules.
 
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
+| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
+| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
 <!-- END_TF_DOCS -->

tag-shared-vpc-resources/availabilty_zones.tf

@@ -0,0 +1 @@
+../common/availabilty_zones.tf

tag-shared-vpc-resources/az.tf

@@ -0,0 +1,3 @@
+locals {
+  az_id_map = zipmap(data.aws_availability_zones.zones.zone_ids, data.aws_availability_zones.zones.names)
+}

tag-shared-vpc-resources/tag-subnets.tf

@@ -24,16 +24,30 @@ data "aws_subnet" "subnet" {
 ##   value = data.aws_subnet.subnet
 ## }
 
+# the remap of the Name tag is needed because not always, is the AZ the same
+#  https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/use-consistent-availability-zones-in-vpcs-across-different-aws-accounts.html#:~:text=If%20you%20create%20VPCs%20in,to%20the%20same%20AZ%20ID.
+# we have the problem where id az1 is 1b in one account and it is 1a in another. This will remap them
+
 locals {
   _subnet_enabled  = var.tag_enabled_subnets
   subnets_tags     = { for k, v in data.aws_subnet.subnet : k => merge(v.tags, { "boc:vpc:owner_id" = v.owner_id }) }
   subnets_tags_map = flatten([for k, v in local.subnets_tags : [for tk, tv in v : { label = format("%v__%v", k, tk), subnet_id = k, key = tk, value = tv }]])
+
+  subnets_tag_remap = { for k, v in data.aws_subnet.subnet : k => {
+    source_az_name  = v.availability_zone
+    source_az_id    = v.availability_zone_id
+    source_tag_name = v.tags.Name
+    target_az_name  = local.az_id_map[v.availability_zone_id]
+    target_az_id    = v.availability_zone_id
+    target_tag_name = replace(v.tags.Name, v.availability_zone, local.az_id_map[v.availability_zone_id])
+    remap           = v.availability_zone != local.az_id_map[v.availability_zone_id]
+  } }
 }
 
 resource "aws_ec2_tag" "subnets" {
   for_each = { for t in local.subnets_tags_map : t.label => t }
 
   resource_id = each.value.subnet_id
   key         = each.value.key
-  value       = each.value.value
+  value       = each.value.key == "Name" ? local.subnets_tag_remap[each.value.subnet_id].target_tag_name : each.value.value
 }