From 23cfec7456ec7b75ec9bb05b8aeeb9e518bf0573 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sat, 21 Oct 2023 23:32:15 +0530 Subject: [PATCH 1/8] fix: Remove references to the create_vpc variable from unrelated resources such as subnets, route tables, and NAT gateways. If 'create_vpc' variable value is false then you have to provide vpc_id. --- main.tf | 53 +++++++++++++++++++++++++++------------------------- variables.tf | 2 +- 2 files changed, 29 insertions(+), 26 deletions(-) diff --git a/main.tf b/main.tf index 9d19218f1..b5cd63595 100644 --- a/main.tf +++ b/main.tf @@ -10,17 +10,19 @@ locals { max_subnet_length = max( local.len_private_subnets, local.len_public_subnets, + local.len_intra_subnets, local.len_elasticache_subnets, local.len_database_subnets, local.len_redshift_subnets, ) # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! - vpc_id = try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id, aws_vpc.this[0].id, "") + vpc_id = try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id, aws_vpc.this[0].id, var.vpc_id) - create_vpc = var.create_vpc && var.putin_khuylo + create_vpc = var.create_vpc } + ################################################################################ # VPC ################################################################################ @@ -51,12 +53,13 @@ resource "aws_vpc" "this" { } resource "aws_vpc_ipv4_cidr_block_association" "this" { - count = local.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0 + count = var.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0 # Do not turn this into `local.vpc_id` vpc_id = aws_vpc.this[0].id cidr_block = element(var.secondary_cidr_blocks, count.index) + } ################################################################################ @@ -89,9 +92,9 @@ resource "aws_vpc_dhcp_options_association" "this" { ################################################################################ # Publiс Subnets ################################################################################ - +# locals { - create_public_subnets = local.create_vpc && local.len_public_subnets > 0 + create_public_subnets = local.len_public_subnets > 0 } resource "aws_subnet" "public" { @@ -218,7 +221,7 @@ resource "aws_network_acl_rule" "public_outbound" { ################################################################################ locals { - create_private_subnets = local.create_vpc && local.len_private_subnets > 0 + create_private_subnets = local.len_private_subnets > 0 } resource "aws_subnet" "private" { @@ -337,7 +340,7 @@ resource "aws_network_acl_rule" "private_outbound" { ################################################################################ locals { - create_database_subnets = local.create_vpc && local.len_database_subnets > 0 + create_database_subnets = local.len_database_subnets > 0 create_database_route_table = local.create_database_subnets && var.create_database_subnet_route_table } @@ -519,7 +522,7 @@ resource "aws_network_acl_rule" "database_outbound" { ################################################################################ locals { - create_redshift_subnets = local.create_vpc && local.len_redshift_subnets > 0 + create_redshift_subnets = local.len_redshift_subnets > 0 create_redshift_route_table = local.create_redshift_subnets && var.create_redshift_subnet_route_table } @@ -656,7 +659,7 @@ resource "aws_network_acl_rule" "redshift_outbound" { ################################################################################ locals { - create_elasticache_subnets = local.create_vpc && local.len_elasticache_subnets > 0 + create_elasticache_subnets = local.len_elasticache_subnets > 0 create_elasticache_route_table = local.create_elasticache_subnets && var.create_elasticache_subnet_route_table } @@ -786,7 +789,7 @@ resource "aws_network_acl_rule" "elasticache_outbound" { ################################################################################ locals { - create_intra_subnets = local.create_vpc && local.len_intra_subnets > 0 + create_intra_subnets = local.len_intra_subnets > 0 } resource "aws_subnet" "intra" { @@ -895,7 +898,7 @@ resource "aws_network_acl_rule" "intra_outbound" { ################################################################################ locals { - create_outpost_subnets = local.create_vpc && local.len_outpost_subnets > 0 + create_outpost_subnets = local.len_outpost_subnets > 0 } resource "aws_subnet" "outpost" { @@ -1009,7 +1012,7 @@ resource "aws_internet_gateway" "this" { } resource "aws_egress_only_internet_gateway" "this" { - count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0 + count = var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0 vpc_id = local.vpc_id @@ -1021,7 +1024,7 @@ resource "aws_egress_only_internet_gateway" "this" { } resource "aws_route" "private_ipv6_egress" { - count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? local.len_private_subnets : 0 + count = var.create_egress_only_igw && var.enable_ipv6 ? local.len_private_subnets : 0 route_table_id = element(aws_route_table.private[*].id, count.index) destination_ipv6_cidr_block = "::/0" @@ -1038,7 +1041,7 @@ locals { } resource "aws_eip" "nat" { - count = local.create_vpc && var.enable_nat_gateway && !var.reuse_nat_ips ? local.nat_gateway_count : 0 + count = var.enable_nat_gateway && !var.reuse_nat_ips ? local.nat_gateway_count : 0 domain = "vpc" @@ -1057,7 +1060,7 @@ resource "aws_eip" "nat" { } resource "aws_nat_gateway" "this" { - count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 + count = var.enable_nat_gateway ? local.nat_gateway_count : 0 allocation_id = element( local.nat_gateway_ips, @@ -1083,7 +1086,7 @@ resource "aws_nat_gateway" "this" { } resource "aws_route" "private_nat_gateway" { - count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0 + count = var.enable_nat_gateway ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) destination_cidr_block = var.nat_gateway_destination_cidr_block @@ -1095,7 +1098,7 @@ resource "aws_route" "private_nat_gateway" { } resource "aws_route" "private_dns64_nat_gateway" { - count = local.create_vpc && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0 + count = var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) destination_ipv6_cidr_block = "64:ff9b::/96" @@ -1130,7 +1133,7 @@ resource "aws_customer_gateway" "this" { ################################################################################ resource "aws_vpn_gateway" "this" { - count = local.create_vpc && var.enable_vpn_gateway ? 1 : 0 + count = var.enable_vpn_gateway ? 1 : 0 vpc_id = local.vpc_id amazon_side_asn = var.amazon_side_asn @@ -1151,7 +1154,7 @@ resource "aws_vpn_gateway_attachment" "this" { } resource "aws_vpn_gateway_route_propagation" "public" { - count = local.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0 + count = var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0 route_table_id = element(aws_route_table.public[*].id, count.index) vpn_gateway_id = element( @@ -1164,7 +1167,7 @@ resource "aws_vpn_gateway_route_propagation" "public" { } resource "aws_vpn_gateway_route_propagation" "private" { - count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_private_subnets : 0 + count = var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_private_subnets : 0 route_table_id = element(aws_route_table.private[*].id, count.index) vpn_gateway_id = element( @@ -1177,7 +1180,7 @@ resource "aws_vpn_gateway_route_propagation" "private" { } resource "aws_vpn_gateway_route_propagation" "intra" { - count = local.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_intra_subnets : 0 + count = var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_intra_subnets : 0 route_table_id = element(aws_route_table.intra[*].id, count.index) vpn_gateway_id = element( @@ -1207,9 +1210,9 @@ resource "aws_default_vpc" "this" { } resource "aws_default_security_group" "this" { - count = local.create_vpc && var.manage_default_security_group ? 1 : 0 + count = var.manage_default_security_group ? 1 : 0 - vpc_id = aws_vpc.this[0].id + vpc_id = local.vpc_id dynamic "ingress" { for_each = var.default_security_group_ingress @@ -1253,7 +1256,7 @@ resource "aws_default_security_group" "this" { ################################################################################ resource "aws_default_network_acl" "this" { - count = local.create_vpc && var.manage_default_network_acl ? 1 : 0 + count = var.create_vpc && var.manage_default_network_acl ? 1 : 0 default_network_acl_id = aws_vpc.this[0].default_network_acl_id @@ -1306,7 +1309,7 @@ resource "aws_default_network_acl" "this" { ################################################################################ resource "aws_default_route_table" "default" { - count = local.create_vpc && var.manage_default_route_table ? 1 : 0 + count = var.create_vpc && var.manage_default_route_table ? 1 : 0 default_route_table_id = aws_vpc.this[0].default_route_table_id propagating_vgws = var.default_route_table_propagating_vgws diff --git a/variables.tf b/variables.tf index 148ce3f19..3f4fd2481 100644 --- a/variables.tf +++ b/variables.tf @@ -3,7 +3,7 @@ ################################################################################ variable "create_vpc" { - description = "Controls if VPC should be created (it affects almost all resources)" + description = "Controls if VPC should be created" type = bool default = true } From 55db50bfa39bf3221c6de0f84cdac0f436c50bb2 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 02:40:30 +0530 Subject: [PATCH 2/8] Update variables.tf --- variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/variables.tf b/variables.tf index 3f4fd2481..b26eba438 100644 --- a/variables.tf +++ b/variables.tf @@ -8,6 +8,12 @@ variable "create_vpc" { default = true } +variable "vpc_id" { + description = "If create_vpc variable value is false, then you must have to provide ID of the VPC." + type = string + default = null +} + variable "name" { description = "Name to be used on all the resources as identifier" type = string From 52306aafecac5b4d8563b0b259c633bffa080432 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 02:56:44 +0530 Subject: [PATCH 3/8] Added variable information in README.md file --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 73c591304..0d95bd3ec 100644 --- a/README.md +++ b/README.md @@ -371,7 +371,8 @@ No modules. | [create\_igw](#input\_create\_igw) | Controls if an Internet Gateway is created for public subnets and the related routes that connect them | `bool` | `true` | no | | [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | | [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | -| [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no | +| [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created | `bool` | `true` | no | +| [vpc\_id](#input\_vpc\_id) | If create_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | | [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | | [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | | [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no | From c8aecf194513536311039229e77f1429100940c9 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 03:07:39 +0530 Subject: [PATCH 4/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d95bd3ec..1dec38516 100644 --- a/README.md +++ b/README.md @@ -372,7 +372,7 @@ No modules. | [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | | [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | | [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created | `bool` | `true` | no | -| [vpc\_id](#input\_vpc\_id) | If create_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | + [vpc\_id](#input\_vpc\_id) | If create\_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | | [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | | [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | | [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no | From 483bd77fdc428bb8087a4daa3b4f0dd0436c8bf8 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 03:11:00 +0530 Subject: [PATCH 5/8] Typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1dec38516..4f726e5fd 100644 --- a/README.md +++ b/README.md @@ -372,7 +372,7 @@ No modules. | [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | | [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | | [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created | `bool` | `true` | no | - [vpc\_id](#input\_vpc\_id) | If create\_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | +| [vpc\_id](#input\_vpc\_id) | If create\_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | | [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | | [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | | [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no | From 8e5b586bf713a0e5b11e9ca7d5d187ccb27b096f Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 03:27:35 +0530 Subject: [PATCH 6/8] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b5cd63595..fb32e577a 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ locals { # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! vpc_id = try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id, aws_vpc.this[0].id, var.vpc_id) - create_vpc = var.create_vpc + create_vpc = var.create_vpc && var.putin_khuylo } From 501813360b45995f04c32ecfe210c6dd72bfa044 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 03:33:23 +0530 Subject: [PATCH 7/8] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 4f726e5fd..1004f3b10 100644 --- a/README.md +++ b/README.md @@ -372,7 +372,6 @@ No modules. | [create\_redshift\_subnet\_group](#input\_create\_redshift\_subnet\_group) | Controls if redshift subnet group should be created | `bool` | `true` | no | | [create\_redshift\_subnet\_route\_table](#input\_create\_redshift\_subnet\_route\_table) | Controls if separate route table for redshift should be created | `bool` | `false` | no | | [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created | `bool` | `true` | no | -| [vpc\_id](#input\_vpc\_id) | If create\_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | | [customer\_gateway\_tags](#input\_customer\_gateway\_tags) | Additional tags for the Customer Gateway | `map(string)` | `{}` | no | | [customer\_gateways](#input\_customer\_gateways) | Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) | `map(map(any))` | `{}` | no | | [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured | `string` | `null` | no | From 3e9407746e33a55704fb5abb5f017abd30c71b26 Mon Sep 17 00:00:00 2001 From: yatinsindhi Date: Sun, 22 Oct 2023 03:37:38 +0530 Subject: [PATCH 8/8] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1004f3b10..0a5b30a66 100644 --- a/README.md +++ b/README.md @@ -572,6 +572,7 @@ No modules. | [use\_ipam\_pool](#input\_use\_ipam\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no | | [vpc\_flow\_log\_permissions\_boundary](#input\_vpc\_flow\_log\_permissions\_boundary) | The ARN of the Permissions Boundary for the VPC Flow Log IAM Role | `string` | `null` | no | | [vpc\_flow\_log\_tags](#input\_vpc\_flow\_log\_tags) | Additional tags for the VPC Flow Logs | `map(string)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | If create\_vpc variable value is false, then you must have to provide ID of the VPC. | `string` | `null` | no | | [vpc\_tags](#input\_vpc\_tags) | Additional tags for the VPC | `map(string)` | `{}` | no | | [vpn\_gateway\_az](#input\_vpn\_gateway\_az) | The Availability Zone for the VPN Gateway | `string` | `null` | no | | [vpn\_gateway\_id](#input\_vpn\_gateway\_id) | ID of VPN Gateway to attach to the VPC | `string` | `""` | no |