diff --git a/.header.md b/.header.md
index d2e2b73..16b71be 100644
--- a/.header.md
+++ b/.header.md
@@ -2,7 +2,7 @@
This module can be used to deploy a pragmatic VPC with various subnets types in # AZs. Common deployment examples can be found in [examples/](https://github.com/aws-ia/terraform-aws-vpc/tree/main/examples). Subnet CIDRs can be explicitly set via list of string argument `cidrs` or set via a number `netmask` argument.
-_Note: For information regarding the 2.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-2.0.md)._
+_Note: For information regarding the 3.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-3.0.md)._
## Usage
diff --git a/README.md b/README.md
index b8fdf98..bfeab98 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
This module can be used to deploy a pragmatic VPC with various subnets types in # AZs. Common deployment examples can be found in [examples/](https://github.com/aws-ia/terraform-aws-vpc/tree/main/examples). Subnet CIDRs can be explicitly set via list of string argument `cidrs` or set via a number `netmask` argument.
-\_Note: For information regarding the 2.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-2.0.md).\_
+\_Note: For information regarding the 3.0 upgrade see our [upgrade guide](https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-3.0.md).\_
## Usage
@@ -216,7 +216,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.15.0 |
+| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [aws](#requirement\_aws) | >= 3.73.0 |
| [awscc](#requirement\_awscc) | >= 0.15.0 |
@@ -277,7 +277,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
| [transit\_gateway\_routes](#input\_transit\_gateway\_routes) | Configuration of route(s) to transit gateway.
For each `public` and/or `private` subnets named in the `subnets` variable,
Optionally create routes from the subnet to transit gateway. Specify the CIDR range or a prefix-list-id that you want routed to the transit gateway.
Example:transit_gateway_routes = {
public = "10.0.0.0/8"
private = "pl-123"
} | `any` | `{}` | no |
| [vpc\_enable\_dns\_hostnames](#input\_vpc\_enable\_dns\_hostnames) | Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. | `bool` | `true` | no |
| [vpc\_enable\_dns\_support](#input\_vpc\_enable\_dns\_support) | Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. | `bool` | `true` | no |
-| [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". By default creates flow logs to `cloudwatch`. Variable overrides null value types for some keys, defined in defaults.tf. | object({
log_destination = optional(string)
iam_role_arn = optional(string)
kms_key_id = optional(string)
log_destination_type = string
retention_in_days = optional(number)
tags = optional(map(string))
traffic_type = optional(string)
destination_options = optional(object({
file_format = optional(string)
hive_compatible_partitions = optional(bool)
per_hour_partition = optional(bool)
}))
}) | {
"log_destination_type": "none"
} | no |
+| [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". By default creates flow logs to `cloudwatch`. Variable overrides null value types for some keys, defined in defaults.tf. | object({
log_destination = optional(string)
iam_role_arn = optional(string)
kms_key_id = optional(string)
log_destination_type = string
retention_in_days = optional(number)
tags = optional(map(string))
traffic_type = optional(string, "ALL")
destination_options = optional(object({
file_format = optional(string, "plain-text")
hive_compatible_partitions = optional(bool, false)
per_hour_partition = optional(bool, false)
}))
}) | {
"log_destination_type": "none"
} | no |
| [vpc\_id](#input\_vpc\_id) | VPC ID to use if not creating VPC. | `string` | `null` | no |
| [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The allowed tenancy of instances launched into the VPC. | `string` | `"default"` | no |
| [vpc\_ipv4\_ipam\_pool\_id](#input\_vpc\_ipv4\_ipam\_pool\_id) | Set to use IPAM to get CIDR block. | `string` | `null` | no |
diff --git a/defaults.tf b/defaults.tf
deleted file mode 100644
index f255645..0000000
--- a/defaults.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-# defaults.tf sets defaults for complex object types
-# https://github.com/aws-ia/standards-terraform/issues/13
-
-locals {
- # defaults for var.vpc_flow_logs
- flow_logs_definition = {
- # defaults are null
- log_destination = try(var.vpc_flow_logs.log_destination, null)
- iam_role_arn = try(var.vpc_flow_logs.iam_role_arn, null)
- # should this be removed?
- kms_key_id = try(var.vpc_flow_logs.kms_key_id, null)
-
- # sensiblie defaults that can all be overridden
- log_destination_type = var.vpc_flow_logs.log_destination_type == null ? "cloud-watch-logs" : var.vpc_flow_logs.log_destination_type
- retention_in_days = try(var.vpc_flow_logs.retention_in_days, null)
- traffic_type = var.vpc_flow_logs.traffic_type == null ? "ALL" : var.vpc_flow_logs.traffic_type
- destination_options = can(var.vpc_flow_logs.destination_options) ? {
- file_format = "plain-text"
- hive_compatible_partitions = false
- per_hour_partition = false
- } : var.vpc_flow_logs.destination_options
- }
-}
diff --git a/examples/ipam/main.tf b/examples/ipam/main.tf
index 0f4ed0e..f90020f 100644
--- a/examples/ipam/main.tf
+++ b/examples/ipam/main.tf
@@ -1,6 +1,6 @@
module "vpc" {
source = "aws-ia/vpc/aws"
- version = ">= 3.0.0"
+ version = ">= 3.0.1"
name = "ipam-vpc"
az_count = 3
diff --git a/examples/public_private_flow_logs/main.tf b/examples/public_private_flow_logs/main.tf
index 48b26ca..8403c4a 100644
--- a/examples/public_private_flow_logs/main.tf
+++ b/examples/public_private_flow_logs/main.tf
@@ -2,9 +2,9 @@ data "aws_availability_zones" "current" {}
module "vpc" {
source = "aws-ia/vpc/aws"
- version = ">= 2.0.0"
+ version = ">= 3.0.1"
- name = "public-private-flowlogs"
+ name = "flowlogs"
cidr_block = "10.0.0.0/20"
az_count = 2
diff --git a/examples/public_private_flow_logs/providers.tf b/examples/public_private_flow_logs/providers.tf
index 1eb3fce..7f884e2 100644
--- a/examples/public_private_flow_logs/providers.tf
+++ b/examples/public_private_flow_logs/providers.tf
@@ -1,6 +1,5 @@
terraform {
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/examples/secondary_cidr/main.tf b/examples/secondary_cidr/main.tf
index f625f3d..93925e0 100644
--- a/examples/secondary_cidr/main.tf
+++ b/examples/secondary_cidr/main.tf
@@ -2,7 +2,7 @@ data "aws_region" "current" {}
module "secondary" {
source = "aws-ia/vpc/aws"
- version = ">= 2.0.0"
+ version = ">= 3.0.1"
name = "secondary-cidr"
az_count = 2
diff --git a/examples/transit_gateway/main.tf b/examples/transit_gateway/main.tf
index 3b36c75..d850c50 100644
--- a/examples/transit_gateway/main.tf
+++ b/examples/transit_gateway/main.tf
@@ -2,7 +2,7 @@ data "aws_availability_zones" "current" {}
module "vpc" {
source = "aws-ia/vpc/aws"
- version = ">= 3.0.0"
+ version = ">= 3.0.1"
name = "tgw"
cidr_block = "10.0.0.0/16"
diff --git a/main.tf b/main.tf
index 1ecd595..9547a29 100644
--- a/main.tf
+++ b/main.tf
@@ -255,9 +255,8 @@ module "flow_logs" {
source = "./modules/flow_logs"
- name = var.name
- # see defaults.tf for local definition
- flow_log_defintion = local.flow_logs_definition
- vpc_id = local.vpc.id
- tags = module.tags.tags_aws
+ name = var.name
+ flow_log_definition = var.vpc_flow_logs
+ vpc_id = local.vpc.id
+ tags = module.tags.tags_aws
}
diff --git a/modules/calculate_subnets/providers.tf b/modules/calculate_subnets/providers.tf
index 4ee0ddb..db5ea45 100644
--- a/modules/calculate_subnets/providers.tf
+++ b/modules/calculate_subnets/providers.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 0.15.0"
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/modules/flow_logs/main.tf b/modules/flow_logs/main.tf
index 38e822b..02e3cfa 100644
--- a/modules/flow_logs/main.tf
+++ b/modules/flow_logs/main.tf
@@ -1,34 +1,34 @@
locals {
# does log destination need to be created?
- create_flow_log_destination = (var.flow_log_defintion.log_destination == null && var.flow_log_defintion.log_destination_type != "none") ? true : false
+ create_flow_log_destination = (var.flow_log_definition.log_destination == null && var.flow_log_definition.log_destination_type != "none") ? true : false
# which log destination to use
log_destination = local.create_flow_log_destination ? (
- var.flow_log_defintion.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].log_group.arn : module.s3_log_bucket[0].bucket_flow_logs_attributes.arn # change to s3 when implemented
- ) : var.flow_log_defintion.log_destination
+ var.flow_log_definition.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].log_group.arn : module.s3_log_bucket[0].bucket_flow_logs_attributes.arn # change to s3 when implemented
+ ) : var.flow_log_definition.log_destination
# Use IAM from submodule if if not passed
iam_role_arn = local.create_flow_log_destination ? (
- var.flow_log_defintion.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].iam_role.arn : null # s3: unnecessary, svc creates its own bucket policy
- ) : var.flow_log_defintion.iam_role_arn
+ var.flow_log_definition.log_destination_type == "cloud-watch-logs" ? module.cloudwatch_log_group[0].iam_role.arn : null # s3: unnecessary, svc creates its own bucket policy
+ ) : var.flow_log_definition.iam_role_arn
}
module "cloudwatch_log_group" {
# if create destination and type = cloud-watch-logs
- count = (local.create_flow_log_destination && var.flow_log_defintion.log_destination_type == "cloud-watch-logs") ? 1 : 0
+ count = (local.create_flow_log_destination && var.flow_log_definition.log_destination_type == "cloud-watch-logs") ? 1 : 0
source = "aws-ia/cloudwatch-log-group/aws"
version = "1.0.0"
name = var.name
- retention_in_days = var.flow_log_defintion.retention_in_days == null ? 180 : var.flow_log_defintion.retention_in_days
- kms_key_id = var.flow_log_defintion.kms_key_id
+ retention_in_days = var.flow_log_definition.retention_in_days == null ? 180 : var.flow_log_definition.retention_in_days
+ kms_key_id = var.flow_log_definition.kms_key_id
aws_service_principal = "vpc-flow-logs.amazonaws.com"
tags = var.tags
}
module "s3_log_bucket" {
# if create destination and type = s3
- count = (local.create_flow_log_destination && var.flow_log_defintion.log_destination_type == "s3") ? 1 : 0
+ count = (local.create_flow_log_destination && var.flow_log_definition.log_destination_type == "s3") ? 1 : 0
source = "./modules/s3_log_bucket"
name = var.name
@@ -37,17 +37,17 @@ module "s3_log_bucket" {
resource "aws_flow_log" "main" {
log_destination = local.log_destination
iam_role_arn = local.iam_role_arn
- log_destination_type = var.flow_log_defintion.log_destination_type
- traffic_type = var.flow_log_defintion.traffic_type
+ log_destination_type = var.flow_log_definition.log_destination_type
+ traffic_type = var.flow_log_definition.traffic_type
vpc_id = var.vpc_id
dynamic "destination_options" {
- for_each = var.flow_log_defintion.log_destination_type == "s3" ? [true] : []
+ for_each = var.flow_log_definition.log_destination_type == "s3" ? [true] : []
content {
- file_format = var.flow_log_defintion.destination_options.file_format
- per_hour_partition = var.flow_log_defintion.destination_options.per_hour_partition
- hive_compatible_partitions = var.flow_log_defintion.destination_options.hive_compatible_partitions
+ file_format = var.flow_log_definition.destination_options.file_format
+ per_hour_partition = var.flow_log_definition.destination_options.per_hour_partition
+ hive_compatible_partitions = var.flow_log_definition.destination_options.hive_compatible_partitions
}
}
diff --git a/modules/flow_logs/providers.tf b/modules/flow_logs/providers.tf
index 4ee0ddb..db5ea45 100644
--- a/modules/flow_logs/providers.tf
+++ b/modules/flow_logs/providers.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 0.15.0"
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/modules/flow_logs/variables.tf b/modules/flow_logs/variables.tf
index d83345c..e3c405f 100644
--- a/modules/flow_logs/variables.tf
+++ b/modules/flow_logs/variables.tf
@@ -3,7 +3,7 @@ variable "name" {
type = string
}
-variable "flow_log_defintion" {
+variable "flow_log_definition" {
description = "Definition of the Flow Logs (FL) to create. Can define pre-existing log_destination / iam_role_arn or theyll be created, default is Cloud Watch."
type = any
}
diff --git a/providers.tf b/providers.tf
index ae88b12..ddbf597 100644
--- a/providers.tf
+++ b/providers.tf
@@ -1,6 +1,5 @@
terraform {
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/test/examples_ipam_test.go b/test/examples_ipam_test.go
index 4213968..58e6105 100644
--- a/test/examples_ipam_test.go
+++ b/test/examples_ipam_test.go
@@ -9,9 +9,6 @@ import (
func TestExamplesIPAM(t *testing.T) {
terraformOptions := &terraform.Options{
TerraformDir: "../examples/ipam",
- Vars: map[string]interface{}{
- "ipam_pool_id": "test",
- },
}
defer terraform.Destroy(t, terraformOptions)
diff --git a/test/examples_transit_gatway_test.go b/test/examples_transit_gateway_test.go
similarity index 100%
rename from test/examples_transit_gatway_test.go
rename to test/examples_transit_gateway_test.go
diff --git a/test/hcl_fixtures/ipam_base/main.tf b/test/hcl_fixtures/ipam_base/main.tf
index d6e9f11..1c9f05f 100644
--- a/test/hcl_fixtures/ipam_base/main.tf
+++ b/test/hcl_fixtures/ipam_base/main.tf
@@ -2,7 +2,7 @@ data "aws_region" "current" {}
module "ipam" {
source = "aws-ia/ipam/aws"
- version = ">= 1.0.0"
+ version = ">= 1.1.4"
top_cidr = ["172.0.0.0/8"]
diff --git a/test/hcl_fixtures/ipam_base/providers.tf b/test/hcl_fixtures/ipam_base/providers.tf
index af07474..fe9454a 100644
--- a/test/hcl_fixtures/ipam_base/providers.tf
+++ b/test/hcl_fixtures/ipam_base/providers.tf
@@ -1,11 +1,9 @@
terraform {
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.72.0"
}
}
-}
-
+}
\ No newline at end of file
diff --git a/test/hcl_fixtures/nat_gw_routes/main.tf b/test/hcl_fixtures/nat_gw_routes/main.tf
index 9847cd5..a44abad 100644
--- a/test/hcl_fixtures/nat_gw_routes/main.tf
+++ b/test/hcl_fixtures/nat_gw_routes/main.tf
@@ -1,5 +1,6 @@
module "nat_gw_vpc" {
- source = "../../.."
+ source = "aws-ia/vpc/aws"
+ version = ">= 3.0.0"
name = "nat-gw-options-vpc"
cidr_block = "10.51.0.0/16"
diff --git a/test/hcl_fixtures/secondary_cidr_base/main.tf b/test/hcl_fixtures/secondary_cidr_base/main.tf
index a60b181..4ae7d46 100644
--- a/test/hcl_fixtures/secondary_cidr_base/main.tf
+++ b/test/hcl_fixtures/secondary_cidr_base/main.tf
@@ -1,7 +1,7 @@
data "aws_availability_zones" "current" {}
module "vpc" {
- source = "../../.."
+ source = "../../.."
name = "primary-az-vpc"
cidr_block = "10.0.0.0/16"
diff --git a/test/hcl_fixtures/secondary_cidr_base/providers.tf b/test/hcl_fixtures/secondary_cidr_base/providers.tf
index 0920426..da0117c 100644
--- a/test/hcl_fixtures/secondary_cidr_base/providers.tf
+++ b/test/hcl_fixtures/secondary_cidr_base/providers.tf
@@ -1,6 +1,5 @@
terraform {
- required_version = ">= 1.0.7"
- experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/test/hcl_fixtures/transit_gateway_base/providers.tf b/test/hcl_fixtures/transit_gateway_base/providers.tf
index af07474..da0117c 100644
--- a/test/hcl_fixtures/transit_gateway_base/providers.tf
+++ b/test/hcl_fixtures/transit_gateway_base/providers.tf
@@ -1,6 +1,5 @@
terraform {
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
diff --git a/variables.tf b/variables.tf
index 672efd5..ec76b60 100644
--- a/variables.tf
+++ b/variables.tf
@@ -183,11 +183,11 @@ variable "vpc_flow_logs" {
log_destination_type = string
retention_in_days = optional(number)
tags = optional(map(string))
- traffic_type = optional(string)
+ traffic_type = optional(string, "ALL")
destination_options = optional(object({
- file_format = optional(string)
- hive_compatible_partitions = optional(bool)
- per_hour_partition = optional(bool)
+ file_format = optional(string, "plain-text")
+ hive_compatible_partitions = optional(bool, false)
+ per_hour_partition = optional(bool, false)
}))
})