diff --git a/CHANGELOG.md b/CHANGELOG.md
index f552e04..8cc0b14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,10 +2,10 @@
## Version 1.x
-* v1.0.0 -- 20210502
+* 1.0.0 -- 20210502
- initial creation
-* v1.0.1 -- 20210504
+* 1.0.1 -- 20210504
- security-groups
- add default security group
- vpc
@@ -13,70 +13,70 @@
- vpn
- add bgp_asn to output
-* v1.0.2 -- 20210505
+* 1.0.2 -- 20210505
- add nacls, nacls-rules
- move variables into more common things and make links
-* v1.0.3 -- 20210512
+* 1.0.3 -- 20210512
- security-groups
- add output of security_groups map(object{name,id,arn})
-* v1.0.4 -- 20210514
+* 1.0.4 -- 20210514
- flowlogs
- setup flow logs
-* v1.0.5 -- 20210531
+* 1.0.5 -- 20210531
- peer
- setup peer
-* v1.1.0 -- 20210625
+* 1.1.0 -- 20210625
- vpc
- add enable_aws_dns to use the AmazonDNS Route53 DNS
-* v1.1.1 -- 20210629
+* 1.1.1 -- 20210629
- peer
- add output of nacl_info
-* v1.1.2 -- 20210702
+* 1.1.2 -- 20210702
- routing
- export vpc s3 and dynamodb cidr blocks too, change the way the structure is constructed
-* v1.1.3 -- 20210708
+* 1.1.3 -- 20210708
- subnets
- add per-subnet tags
-* v1.1.4 -- 20210709
+* 1.1.4 -- 20210709
- vpn
- add custom_preshared_keys
-* v1.1.5 -- 20210712
+* 1.1.5 -- 20210712
- flowlogs
- change template input name
-* v1.1.6 -- 20210714
+* 1.1.6 -- 20210714
- flowlogs
- add tags to resources
-* v1.2.0 -- 20211019
+* 1.2.0 -- 20211019
- vpn
- add create variable to create/not-create the resources
-* v1.3.0 -- 20211020
+* 1.3.0 -- 20211020
- peer
- add peer_network_acl_filter
-* v1.4.0 -- 20211109
+* 1.4.0 -- 20211109
- vpc-interface-endpoint
- create new submodule for setting up an interface endpoint
-* v1.4.1 -- 20211109
+* 1.4.1 -- 20211109
- vpc-interface-endpoint
- minor change to tagging on name
* (no version) -- 20211119
- add example for full-setup
-* v1.4.2 -- 20220109
+* 1.4.2 -- 20220109
- add common/versions.tf to prep for tf 0.13+
- common/defaults.tf
- add 10/8 to enteprise list and make the default, due to a max of 40 nacl entries in a nacl
@@ -85,12 +85,20 @@
- peers
- add variables enable_nacl_entry_self and enable_nacl_entry_peer to determine whether to create the rule local/remote (default false)
-* v1.4.3 -- 20220118
+* 1.4.3 -- 20220118
- vpc-interface-endpoint
- add to output: subnet_ids, network_interface_ids
-* v1.4.4 -- 20220119
+* 1.4.4 -- 20220119
- vpc-interface-endpoint
- add vpc-interface-type=Interface filter
+* 1.5.0 -- 20220204
+ - routing
+ - add lables for private, public route tables
+
+* 1.5.1 -- 20220208
+ - vpc-interface-endpoint
+ - permit use of aws.* name in service
+
## Version 2.x
diff --git a/common/version.tf b/common/version.tf
index c7fced2..34b1108 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.4.4"
+ _module_version = "1.5.1"
}
diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf
index 57ea481..efff5ab 100644
--- a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf
+++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf
@@ -1,3 +1,16 @@
+locals {
+ bootstrap_commands = [
+ # "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log",
+ "sleep 60",
+ "sudo yum install -y iperf3 bind-utils curl nc awscli",
+ # set region in default profile
+ "aws configure --profile default set region ${local.region}",
+ "aws configure --profile default set output json",
+ "sudo aws configure --profile default set region ${local.region}",
+ "sudo aws configure --profile default set output json",
+ ]
+}
+
resource "aws_instance" "test" {
for_each = var.enable_instances ? local.private_subnets_id_map : {}
@@ -46,7 +59,7 @@ resource "aws_instance" "test" {
tags = merge(
local.common_tags,
- tomap({ "Name" = format("%v-test-%v", local.vpc_short_name, each.value.label) }),
+ tomap({ "Name" = format("%v-test-%v.%v", local.vpc_short_name, each.value.label, var.vpc_domain_name) }),
)
}
diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf
index dc58f3d..a2c9cda 100644
--- a/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf
+++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf
@@ -4,3 +4,15 @@ variable "enable_instances" {
default = true
}
+variable "enable_bootstrap" {
+ description = "Flag to enable or disable bootstrap (yum and awscli setup)"
+ type = bool
+ default = true
+}
+
+variable "instance_count" {
+ description = "Number to indicate how many instances (up to subnet-count x az-count)"
+ type = number
+ default = null
+}
+
diff --git a/routing/README.md b/routing/README.md
index 3f69546..5b41902 100644
--- a/routing/README.md
+++ b/routing/README.md
@@ -24,13 +24,18 @@ module "routing" {
## Requirements
-No requirements.
+| Name | Version |
+|------|---------|
+| [aws](#requirement\_aws) | >= 3.66.0 |
+| [null](#requirement\_null) | >= 3.0 |
+| [random](#requirement\_random) | >= 3.0 |
+| [template](#requirement\_template) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | >= 3.66.0 |
## Modules
@@ -68,12 +73,16 @@ No modules.
| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| [create\_private\_route\_table](#input\_create\_private\_route\_table) | Flag to enable creation of private route tables (default: true) | `bool` | `true` | no |
+| [create\_public\_route\_table](#input\_create\_public\_route\_table) | Flag to enable creation of public route tables (default: true) | `bool` | `true` | no |
| [enable\_igw](#input\_enable\_igw) | Flag to enable AWS Internet Gateway (IGW) in the VPC (default: false) | `bool` | `false` | no |
| [enable\_nat](#input\_enable\_nat) | Flag to enable AWS NAT Gateway in the VPC (default: false) | `bool` | `false` | no |
| [enable\_vpc\_endpoint\_dynamodb](#input\_enable\_vpc\_endpoint\_dynamodb) | Flag to enable\|disable DynamoDB VPC Endpoint (default: true) | `bool` | `true` | no |
| [enable\_vpc\_endpoint\_s3](#input\_enable\_vpc\_endpoint\_s3) | Flag to enable\|disable S3 VPC Endpoint (default: true) | `bool` | `true` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [private\_route\_table\_label](#input\_private\_route\_table\_label) | Label to include in the route table description for private subnets (default: private) | `string` | `"private"` | no |
| [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | list(object({
subnet = string
label = string
availability_zone = string
id = string
})) | `[]` | no |
+| [public\_route\_table\_label](#input\_public\_route\_table\_label) | Label to include in the route table description for public subnets (default: public) | `string` | `"public"` | no |
| [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | list(object({
subnet = string
label = string
availability_zone = string
id = string
})) | `[]` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | n/a | yes |
diff --git a/routing/main.tf b/routing/main.tf
index 8182ddc..3d9eb1d 100644
--- a/routing/main.tf
+++ b/routing/main.tf
@@ -44,18 +44,18 @@ locals {
# route table: public
#---
resource "aws_route_table" "public" {
- for_each = local.availability_zones
+ for_each = var.create_public_route_table ? local.availability_zones : toset([])
vpc_id = var.vpc_id
tags = merge(
local.base_tags,
var.tags,
- map("Name", format("%v%v-%v-%v", local._prefixes["route-table"], var.vpc_full_name, "public", each.key))
+ map("Name", format("%v%v-%v-%v", local._prefixes["route-table"], var.vpc_full_name, var.public_route_table_label, each.key))
)
}
resource "aws_route_table_association" "public" {
- for_each = { for subnet in var.public_subnets_ids : subnet.label => subnet }
+ for_each = var.create_public_route_table ? { for subnet in var.public_subnets_ids : subnet.label => subnet } : {}
subnet_id = each.value.id
route_table_id = aws_route_table.public[each.value.availability_zone].id
}
@@ -64,18 +64,18 @@ resource "aws_route_table_association" "public" {
# route table: private
#---
resource "aws_route_table" "private" {
- for_each = local.availability_zones
+ for_each = var.create_private_route_table ? local.availability_zones : toset([])
vpc_id = var.vpc_id
tags = merge(
local.base_tags,
var.tags,
- map("Name", format("%v%v-%v-%v", local._prefixes["route-table"], var.vpc_full_name, "private", each.key))
+ map("Name", format("%v%v-%v-%v", local._prefixes["route-table"], var.vpc_full_name, var.private_route_table_label, each.key))
)
}
resource "aws_route_table_association" "private" {
- for_each = { for subnet in var.private_subnets_ids : subnet.label => subnet }
+ for_each = var.create_private_route_table ? { for subnet in var.private_subnets_ids : subnet.label => subnet } : {}
subnet_id = each.value.id
route_table_id = aws_route_table.private[each.value.availability_zone].id
}
@@ -87,7 +87,7 @@ resource "aws_route_table_association" "private" {
# NATGW
#---
resource "aws_eip" "nat" {
- for_each = var.enable_igw && var.enable_nat ? local.availability_zones : local.empty
+ for_each = var.enable_igw && var.enable_nat ? local.availability_zones : toset([])
vpc = true
tags = merge(
@@ -97,6 +97,9 @@ resource "aws_eip" "nat" {
)
}
+# might want to disalbe creation of igw and natgw if not creating public or private route tables
+# or pass in the table names
+
resource "aws_internet_gateway" "gateway" {
count = var.enable_igw ? 1 : 0
vpc_id = var.vpc_id
@@ -115,7 +118,7 @@ locals {
}
resource "aws_nat_gateway" "nat" {
- for_each = var.enable_igw && var.enable_nat ? zipmap(local.availability_zones, local.public_subnets_ids_az) : local.empty
+ for_each = var.enable_igw && var.enable_nat ? zipmap(local.availability_zones, local.public_subnets_ids_az) : {}
allocation_id = aws_eip.nat[each.key].id
subnet_id = each.value
# depends_on = [aws_internet_gateway.gateway]
@@ -128,14 +131,14 @@ resource "aws_nat_gateway" "nat" {
}
resource "aws_route" "nat_public" {
- for_each = var.enable_igw && var.enable_nat ? local.availability_zones : local.empty
+ for_each = var.create_public_route_table && var.enable_igw && var.enable_nat ? local.availability_zones : toset([])
route_table_id = aws_route_table.public[each.key].id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway[0].id
}
resource "aws_route" "nat_private" {
- for_each = var.enable_igw && var.enable_nat ? local.availability_zones : local.empty
+ for_each = var.create_private_route_table && var.enable_igw && var.enable_nat ? local.availability_zones : toset([])
route_table_id = aws_route_table.private[each.key].id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat[each.key].id
diff --git a/routing/outputs.tf b/routing/outputs.tf
index 0ea51b8..c49a148 100644
--- a/routing/outputs.tf
+++ b/routing/outputs.tf
@@ -40,12 +40,12 @@
output "public_route_table_ids" {
description = "Public route table IDs map by availability zone"
- value = { for k in local.availability_zones : k => aws_route_table.public[k].id }
+ value = var.create_public_route_table ? { for k in local.availability_zones : k => aws_route_table.public[k].id } : {}
}
output "private_route_table_ids" {
description = "Private route table IDs map by availability zone"
- value = { for k in local.availability_zones : k => aws_route_table.private[k].id }
+ value = var.create_private_route_table ? { for k in local.availability_zones : k => aws_route_table.private[k].id } : {}
}
output "vpc_endpoint_s3_id" {
diff --git a/routing/variables.routing.tf b/routing/variables.routing.tf
new file mode 100644
index 0000000..f49585a
--- /dev/null
+++ b/routing/variables.routing.tf
@@ -0,0 +1,23 @@
+variable "private_route_table_label" {
+ description = "Label to include in the route table description for private subnets (default: private)"
+ type = string
+ default = "private"
+}
+
+variable "public_route_table_label" {
+ description = "Label to include in the route table description for public subnets (default: public)"
+ type = string
+ default = "public"
+}
+
+variable "create_private_route_table" {
+ description = "Flag to enable creation of private route tables (default: true)"
+ type = bool
+ default = true
+}
+
+variable "create_public_route_table" {
+ description = "Flag to enable creation of public route tables (default: true)"
+ type = bool
+ default = true
+}
diff --git a/vpc-interface-endpoint/main.tf b/vpc-interface-endpoint/main.tf
index c2d11ee..1b5aa3e 100644
--- a/vpc-interface-endpoint/main.tf
+++ b/vpc-interface-endpoint/main.tf
@@ -57,8 +57,12 @@ locals {
account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
region = data.aws_region.current.name
- service = length(regexall("^com.amazonaws", var.service)) == 0 ? var.service : format("com.amazonaws.%v.%v", local.region, var.service)
- short_service = length(regexall("^com.amazonaws", var.service)) == 0 ? var.service : replace(local.service, format("com.amazonaws.%v.", local.region), "")
+ service_parts = split(".", var.service)
+ service = length(local.service_parts) == 1 ? format("com.amazonaws.%v.%v", local.region, var.service) : var.service
+ full_service_parts = split(".", local.service)
+
+ # short_service = length(regexall("^com.amazonaws", var.service)) == 0 ? var.service : replace(local.service, format("com.amazonaws.%v.", local.region), "")
+ short_service = element(local.full_service_parts, local.full_service_parts[0] == "com" ? length(local.full_service_parts) - 1 : 0)
base_tags = {
"boc:tf_module_version" = local._module_version
@@ -70,7 +74,8 @@ locals {
# https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html
data "aws_vpc_endpoint_service" "interface_endpoint" {
- service = local.service
+ service = local.full_service_parts[0] == "com" ? local.service : null
+ service_name = local.full_service_parts[0] != "com" ? local.service : null
filter {
name = "service-type"
values = ["Interface"]