From fd89d1aad9568ac2bb6c705a0a18cbb96b7b318c Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 1 Jun 2021 13:30:26 -0400 Subject: [PATCH] rework to exclude public subnets from route table associations --- peer/README.md | 3 +++ peer/data.peer.tf | 10 ++++++++-- peer/data.self.tf | 10 ++++++++-- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/peer/README.md b/peer/README.md index 0ce0970..f636201 100644 --- a/peer/README.md +++ b/peer/README.md @@ -53,6 +53,7 @@ No requirements. | Name | Version | |------|---------| +| [aws](#provider\_aws) | n/a | | [aws.peer](#provider\_aws.peer) | n/a | | [aws.self](#provider\_aws.self) | n/a | @@ -83,6 +84,8 @@ No requirements. | [aws_route_table.self_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | | [aws_route_tables.default_peer_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source | | [aws_route_tables.default_self_route_tables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source | +| [aws_subnet.peer_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | +| [aws_subnet.self_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | | [aws_vpc.peer_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | | [aws_vpc.self_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | diff --git a/peer/data.peer.tf b/peer/data.peer.tf index cbf5bb3..2117bdc 100644 --- a/peer/data.peer.tf +++ b/peer/data.peer.tf @@ -34,7 +34,8 @@ data "aws_route_table" "peer_route_table" { } locals { - peer_subnets = flatten([for rt in data.aws_route_table.peer_route_table : [for a in rt.associations : a.subnet_id]]) + peer_subnet_associations = flatten([for rt in data.aws_route_table.peer_route_table : [for a in rt.associations : a.subnet_id]]) + peer_subnets = [for sn in data.aws_subnet.peer_subnets : sn.id if length(regexall("public", sn.tags.Name)) == 0] } # get network acls associated with subnets in route table @@ -43,6 +44,11 @@ data "aws_network_acls" "default_peer_network_acls" { vpc_id = local.peer_vpc_id filter { name = "association.subnet-id" - values = local.peer_subnets + values = local.peer_subnet_associations } } + +data "aws_subnet" "peer_subnets" { + for_each = toset(local.peer_subnet_associations) + id = each.key +} diff --git a/peer/data.self.tf b/peer/data.self.tf index 79eafa1..53dea25 100644 --- a/peer/data.self.tf +++ b/peer/data.self.tf @@ -34,7 +34,8 @@ data "aws_route_table" "self_route_table" { } locals { - self_subnets = flatten([for rt in data.aws_route_table.self_route_table : [for a in rt.associations : a.subnet_id]]) + self_subnet_associations = flatten([for rt in data.aws_route_table.self_route_table : [for a in rt.associations : a.subnet_id]]) + self_subnets = [for sn in data.aws_subnet.self_subnets : sn.id if length(regexall("public", sn.tags.Name)) == 0] } # get network acls associated with subnets in route table @@ -43,6 +44,11 @@ data "aws_network_acls" "default_self_network_acls" { vpc_id = local.self_vpc_id filter { name = "association.subnet-id" - values = local.self_subnets + values = local.self_subnet_associations } } + +data "aws_subnet" "self_subnets" { + for_each = toset(local.self_subnet_associations) + id = each.key +}