From 1e36f9f8a01eb26be83d8e1ce2227a6890390b0e Mon Sep 17 00:00:00 2001 From: samul69 <81085359+samul69@users.noreply.github.com> Date: Thu, 7 Sep 2023 22:03:22 +0200 Subject: [PATCH 01/24] fix: The number of intra subnets should not influence the number of NAT gateways provisioned (#968) intra subnets shouldn't determine number of nat gateways "The module does not take into account the number of intra_subnets, since the latter are designed to have no Internet access via NAT Gateway." --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index 25fb194e4..9d19218f1 100644 --- a/main.tf +++ b/main.tf @@ -10,7 +10,6 @@ locals { max_subnet_length = max( local.len_private_subnets, local.len_public_subnets, - local.len_intra_subnets, local.len_elasticache_subnets, local.len_database_subnets, local.len_redshift_subnets, From bf9a89bf447a9c866dc0d30486aec5a24dbe2631 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 7 Sep 2023 20:03:58 +0000 Subject: [PATCH 02/24] chore(release): version 5.1.2 [skip ci] ### [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.1...v5.1.2) (2023-09-07) ### Bug Fixes * The number of intra subnets should not influence the number of NAT gateways provisioned ([#968](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/968)) ([1e36f9f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/1e36f9f8a01eb26be83d8e1ce2227a6890390b0e)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76a37073a..1792b27bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.1...v5.1.2) (2023-09-07) + + +### Bug Fixes + +* The number of intra subnets should not influence the number of NAT gateways provisioned ([#968](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/968)) ([1e36f9f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/1e36f9f8a01eb26be83d8e1ce2227a6890390b0e)) + ### [5.1.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.0...v5.1.1) (2023-07-25) From abe2c0fcd23f1adfcb6e3a7739811e2482e2d197 Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Sat, 18 Nov 2023 11:12:18 -0500 Subject: [PATCH 03/24] feat: Add `skip_destroy` to vpc flow log cloudwatch log group (#1009) add skip_destroy to vpc flow log cloudwatch log group Co-authored-by: magreenbaum --- README.md | 1 + variables.tf | 6 ++++++ vpc-flow-logs.tf | 1 + 3 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 73c591304..caf1610f4 100644 --- a/README.md +++ b/README.md @@ -449,6 +449,7 @@ No modules. | [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs | `string` | `"/aws/vpc-flow-log/"` | no | | [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `""` | no | | [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | `number` | `null` | no | +| [flow\_log\_cloudwatch\_log\_group\_skip\_destroy](#input\_flow\_log\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `false` | no | | [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided | `string` | `""` | no | | [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | | [flow\_log\_file\_format](#input\_flow\_log\_file\_format) | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no | diff --git a/variables.tf b/variables.tf index 148ce3f19..8a20ba93e 100644 --- a/variables.tf +++ b/variables.tf @@ -1572,6 +1572,12 @@ variable "flow_log_cloudwatch_log_group_kms_key_id" { default = null } +variable "flow_log_cloudwatch_log_group_skip_destroy" { + description = " Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state" + type = bool + default = false +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf index ac9f25758..127d7e016 100644 --- a/vpc-flow-logs.tf +++ b/vpc-flow-logs.tf @@ -48,6 +48,7 @@ resource "aws_cloudwatch_log_group" "flow_log" { name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}" retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id + skip_destroy = var.flow_log_cloudwatch_log_group_skip_destroy tags = merge(var.tags, var.vpc_flow_log_tags) } From c467edb180c38f493b0e9c6fdc22998a97dfde89 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 18 Nov 2023 16:12:43 +0000 Subject: [PATCH 04/24] chore(release): version 5.2.0 [skip ci] ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.2...v5.2.0) (2023-11-18) ### Features * Add `skip_destroy` to vpc flow log cloudwatch log group ([#1009](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1009)) ([abe2c0f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/abe2c0fcd23f1adfcb6e3a7739811e2482e2d197)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1792b27bb..40ef2b9fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.2...v5.2.0) (2023-11-18) + + +### Features + +* Add `skip_destroy` to vpc flow log cloudwatch log group ([#1009](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1009)) ([abe2c0f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/abe2c0fcd23f1adfcb6e3a7739811e2482e2d197)) + ### [5.1.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.1...v5.1.2) (2023-09-07) From 898bbaf46ba8ebad54983d63fa9e8eac6456903b Mon Sep 17 00:00:00 2001 From: Tormod Macleod <38500472+tormodmacleod@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:14:50 +0000 Subject: [PATCH 05/24] feat: Add NAT gateway interface ids output (#1006) * feat: Output network interface IDs of NAT gateways * docs: updated README --------- Co-authored-by: Bryant Biggs --- README.md | 1 + outputs.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index caf1610f4..78a2e5e18 100644 --- a/README.md +++ b/README.md @@ -637,6 +637,7 @@ No modules. | [nat\_ids](#output\_nat\_ids) | List of allocation ID of Elastic IPs created for AWS NAT Gateway | | [nat\_public\_ips](#output\_nat\_public\_ips) | List of public Elastic IPs created for AWS NAT Gateway | | [natgw\_ids](#output\_natgw\_ids) | List of NAT Gateway IDs | +| [natgw\_interface\_ids](#output\_natgw\_interface\_ids) | List of Network Interface IDs assigned to NAT Gateways | | [outpost\_network\_acl\_arn](#output\_outpost\_network\_acl\_arn) | ARN of the outpost network ACL | | [outpost\_network\_acl\_id](#output\_outpost\_network\_acl\_id) | ID of the outpost network ACL | | [outpost\_subnet\_arns](#output\_outpost\_subnet\_arns) | List of ARNs of outpost subnets | diff --git a/outputs.tf b/outputs.tf index d4e3e4079..a542e75a6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -484,6 +484,11 @@ output "natgw_ids" { value = aws_nat_gateway.this[*].id } +output "natgw_interface_ids" { + description = "List of Network Interface IDs assigned to NAT Gateways" + value = aws_nat_gateway.this[*].network_interface_id +} + ################################################################################ # Egress Only Gateway ################################################################################ From 68105dc05c9ca7c67d66adba21ca567af6d6e706 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 11 Dec 2023 15:15:21 +0000 Subject: [PATCH 06/24] chore(release): version 5.3.0 [skip ci] ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.2.0...v5.3.0) (2023-12-11) ### Features * Add NAT gateway interface ids output ([#1006](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1006)) ([898bbaf](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/898bbaf46ba8ebad54983d63fa9e8eac6456903b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40ef2b9fb..ccbe828f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.2.0...v5.3.0) (2023-12-11) + + +### Features + +* Add NAT gateway interface ids output ([#1006](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1006)) ([898bbaf](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/898bbaf46ba8ebad54983d63fa9e8eac6456903b)) + ## [5.2.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.1.2...v5.2.0) (2023-11-18) From 6e25437b16955b9393348d91965ead2f755fb2e0 Mon Sep 17 00:00:00 2001 From: Kasey Linden Date: Mon, 11 Dec 2023 09:34:22 -0600 Subject: [PATCH 07/24] feat: Add Cross Account Flow Support (#1014) * feat: Add Cross Account Flow Support * fix: update flow log naming convention --------- Co-authored-by: Kasey Linden Co-authored-by: Bryant Biggs --- README.md | 4 +++- outputs.tf | 5 +++++ variables.tf | 8 +++++++- vpc-flow-logs.tf | 15 ++++++++------- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 78a2e5e18..f154534c0 100644 --- a/README.md +++ b/README.md @@ -450,8 +450,9 @@ No modules. | [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `""` | no | | [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs | `number` | `null` | no | | [flow\_log\_cloudwatch\_log\_group\_skip\_destroy](#input\_flow\_log\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `false` | no | +| [flow\_log\_deliver\_cross\_account\_role](#input\_flow\_log\_deliver\_cross\_account\_role) | (Optional) ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. | `string` | `null` | no | | [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided | `string` | `""` | no | -| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | +| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3, kinesis-data-firehose or cloud-watch-logs | `string` | `"cloud-watch-logs"` | no | | [flow\_log\_file\_format](#input\_flow\_log\_file\_format) | (Optional) The format for the flow log. Valid values: `plain-text`, `parquet` | `string` | `null` | no | | [flow\_log\_hive\_compatible\_partitions](#input\_flow\_log\_hive\_compatible\_partitions) | (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 | `bool` | `false` | no | | [flow\_log\_log\_format](#input\_flow\_log\_log\_format) | The fields to include in the flow log record, in the order in which they should appear | `string` | `null` | no | @@ -682,6 +683,7 @@ No modules. | [vpc\_enable\_dns\_hostnames](#output\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support | | [vpc\_enable\_dns\_support](#output\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support | | [vpc\_flow\_log\_cloudwatch\_iam\_role\_arn](#output\_vpc\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN of the IAM role used when pushing logs to Cloudwatch log group | +| [vpc\_flow\_log\_deliver\_cross\_account\_role](#output\_vpc\_flow\_log\_deliver\_cross\_account\_role) | The ARN of the IAM role used when pushing logs cross account | | [vpc\_flow\_log\_destination\_arn](#output\_vpc\_flow\_log\_destination\_arn) | The ARN of the destination for VPC Flow Logs | | [vpc\_flow\_log\_destination\_type](#output\_vpc\_flow\_log\_destination\_type) | The type of the destination for VPC Flow Logs | | [vpc\_flow\_log\_id](#output\_vpc\_flow\_log\_id) | The ID of the Flow Log resource | diff --git a/outputs.tf b/outputs.tf index a542e75a6..5cf1ffc0c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -609,6 +609,11 @@ output "vpc_flow_log_cloudwatch_iam_role_arn" { value = local.flow_log_iam_role_arn } +output "vpc_flow_log_deliver_cross_account_role" { + description = "The ARN of the IAM role used when pushing logs cross account" + value = try(aws_flow_log.this[0].deliver_cross_account_role, null) +} + ################################################################################ # Static values (arguments) ################################################################################ diff --git a/variables.tf b/variables.tf index 8a20ba93e..c990ecdbd 100644 --- a/variables.tf +++ b/variables.tf @@ -1485,7 +1485,7 @@ variable "flow_log_traffic_type" { } variable "flow_log_destination_type" { - description = "Type of flow log destination. Can be s3 or cloud-watch-logs" + description = "Type of flow log destination. Can be s3, kinesis-data-firehose or cloud-watch-logs" type = string default = "cloud-watch-logs" } @@ -1502,6 +1502,12 @@ variable "flow_log_destination_arn" { default = "" } +variable "flow_log_deliver_cross_account_role" { + description = "(Optional) ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts." + type = string + default = null +} + variable "flow_log_file_format" { description = "(Optional) The format for the flow log. Valid values: `plain-text`, `parquet`" type = string diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf index 127d7e016..9e453c819 100644 --- a/vpc-flow-logs.tf +++ b/vpc-flow-logs.tf @@ -17,13 +17,14 @@ locals { resource "aws_flow_log" "this" { count = local.enable_flow_log ? 1 : 0 - log_destination_type = var.flow_log_destination_type - log_destination = local.flow_log_destination_arn - log_format = var.flow_log_log_format - iam_role_arn = local.flow_log_iam_role_arn - traffic_type = var.flow_log_traffic_type - vpc_id = local.vpc_id - max_aggregation_interval = var.flow_log_max_aggregation_interval + log_destination_type = var.flow_log_destination_type + log_destination = local.flow_log_destination_arn + log_format = var.flow_log_log_format + iam_role_arn = local.flow_log_iam_role_arn + deliver_cross_account_role = var.flow_log_deliver_cross_account_role + traffic_type = var.flow_log_traffic_type + vpc_id = local.vpc_id + max_aggregation_interval = var.flow_log_max_aggregation_interval dynamic "destination_options" { for_each = var.flow_log_destination_type == "s3" ? [true] : [] From acadfc42ba1ec23404eec03b69603a2cc52679b1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 11 Dec 2023 15:34:52 +0000 Subject: [PATCH 08/24] chore(release): version 5.4.0 [skip ci] ## [5.4.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.3.0...v5.4.0) (2023-12-11) ### Features * Add Cross Account Flow Support ([#1014](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1014)) ([6e25437](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6e25437b16955b9393348d91965ead2f755fb2e0)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ccbe828f0..53356fefd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.4.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.3.0...v5.4.0) (2023-12-11) + + +### Features + +* Add Cross Account Flow Support ([#1014](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1014)) ([6e25437](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/6e25437b16955b9393348d91965ead2f755fb2e0)) + ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.2.0...v5.3.0) (2023-12-11) From 32f853f4c099ad134d9c739d585c42a7c06a797b Mon Sep 17 00:00:00 2001 From: Erez Tamam Date: Tue, 9 Jan 2024 22:53:24 +0200 Subject: [PATCH 09/24] feat: Add support for `dns_options` on VPC endpoints (#1023) * add dns_options dynamic block * use fmt to format doc * add example for complete * fix condition to a better approach * add interface chek * add empty brackets for default values * fix: Increase provider MSV to support, correct looping logic --------- Co-authored-by: Bryant Biggs --- .pre-commit-config.yaml | 4 ++-- README.md | 4 ++-- examples/complete/README.md | 4 ++-- examples/complete/main.tf | 8 ++++++-- examples/complete/versions.tf | 2 +- examples/ipam/README.md | 4 ++-- examples/ipam/versions.tf | 2 +- examples/ipv6-dualstack/README.md | 4 ++-- examples/ipv6-dualstack/versions.tf | 2 +- examples/ipv6-only/README.md | 4 ++-- examples/ipv6-only/versions.tf | 2 +- examples/issues/README.md | 4 ++-- examples/issues/versions.tf | 2 +- examples/manage-default-vpc/README.md | 2 +- examples/manage-default-vpc/versions.tf | 2 +- examples/network-acls/README.md | 4 ++-- examples/network-acls/versions.tf | 2 +- examples/outpost/README.md | 4 ++-- examples/outpost/versions.tf | 2 +- examples/secondary-cidr-blocks/README.md | 4 ++-- examples/secondary-cidr-blocks/versions.tf | 2 +- examples/separate-route-tables/README.md | 4 ++-- examples/separate-route-tables/versions.tf | 2 +- examples/simple/README.md | 4 ++-- examples/simple/versions.tf | 2 +- examples/vpc-flow-logs/README.md | 4 ++-- examples/vpc-flow-logs/versions.tf | 2 +- modules/vpc-endpoints/README.md | 4 ++-- modules/vpc-endpoints/main.tf | 9 +++++++++ modules/vpc-endpoints/versions.tf | 2 +- versions.tf | 2 +- 31 files changed, 58 insertions(+), 45 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0f3428382..74b0a6bcd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 + rev: v1.86.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index f154534c0..371702918 100644 --- a/README.md +++ b/README.md @@ -256,13 +256,13 @@ Full contributing [guidelines are covered here](.github/contributing.md). | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/complete/README.md b/examples/complete/README.md index d6e4eb4a8..4d359dd89 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 514355631..204489880 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -102,8 +102,12 @@ module "vpc_endpoints" { endpoints = { s3 = { - service = "s3" - tags = { Name = "s3-vpc-endpoint" } + service = "s3" + private_dns_enabled = true + dns_options = { + private_dns_only_for_inbound_resolver_endpoint = false + } + tags = { Name = "s3-vpc-endpoint" } }, dynamodb = { service = "dynamodb" diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/ipam/README.md b/examples/ipam/README.md index 07373875a..2aa0998e6 100644 --- a/examples/ipam/README.md +++ b/examples/ipam/README.md @@ -30,13 +30,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/ipam/versions.tf b/examples/ipam/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/ipam/versions.tf +++ b/examples/ipam/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/ipv6-dualstack/README.md b/examples/ipv6-dualstack/README.md index 3318683ec..9b99735f5 100644 --- a/examples/ipv6-dualstack/README.md +++ b/examples/ipv6-dualstack/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/ipv6-dualstack/versions.tf b/examples/ipv6-dualstack/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/ipv6-dualstack/versions.tf +++ b/examples/ipv6-dualstack/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/ipv6-only/README.md b/examples/ipv6-only/README.md index eb8cea2e0..fca0b6799 100644 --- a/examples/ipv6-only/README.md +++ b/examples/ipv6-only/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/ipv6-only/versions.tf b/examples/ipv6-only/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/ipv6-only/versions.tf +++ b/examples/ipv6-only/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/issues/README.md b/examples/issues/README.md index 92cc3a4ca..6ec13c86f 100644 --- a/examples/issues/README.md +++ b/examples/issues/README.md @@ -25,13 +25,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/issues/versions.tf b/examples/issues/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/issues/versions.tf +++ b/examples/issues/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index 0c506f33f..c37171dc9 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -22,7 +22,7 @@ Run `terraform destroy` when you don't need these resources. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers diff --git a/examples/manage-default-vpc/versions.tf b/examples/manage-default-vpc/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/manage-default-vpc/versions.tf +++ b/examples/manage-default-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md index 4e6ca7a0c..f0fa51948 100644 --- a/examples/network-acls/README.md +++ b/examples/network-acls/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/network-acls/versions.tf b/examples/network-acls/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/network-acls/versions.tf +++ b/examples/network-acls/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/outpost/README.md b/examples/outpost/README.md index 8c7173bb9..6d3ca4d47 100644 --- a/examples/outpost/README.md +++ b/examples/outpost/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/outpost/versions.tf b/examples/outpost/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/outpost/versions.tf +++ b/examples/outpost/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 5054d43f9..176b774ce 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/secondary-cidr-blocks/versions.tf b/examples/secondary-cidr-blocks/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/secondary-cidr-blocks/versions.tf +++ b/examples/secondary-cidr-blocks/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/separate-route-tables/README.md b/examples/separate-route-tables/README.md index 57ee751f9..063a51dde 100644 --- a/examples/separate-route-tables/README.md +++ b/examples/separate-route-tables/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/separate-route-tables/versions.tf b/examples/separate-route-tables/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/separate-route-tables/versions.tf +++ b/examples/separate-route-tables/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/simple/README.md b/examples/simple/README.md index 0d5658b4a..9fb29e7f2 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -26,13 +26,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md index d0cb120a8..47bc8bc94 100644 --- a/examples/vpc-flow-logs/README.md +++ b/examples/vpc-flow-logs/README.md @@ -24,14 +24,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/vpc-flow-logs/versions.tf b/examples/vpc-flow-logs/versions.tf index 383652286..0ac52370c 100644 --- a/examples/vpc-flow-logs/versions.tf +++ b/examples/vpc-flow-logs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } random = { diff --git a/modules/vpc-endpoints/README.md b/modules/vpc-endpoints/README.md index a59292ae8..235cef659 100644 --- a/modules/vpc-endpoints/README.md +++ b/modules/vpc-endpoints/README.md @@ -56,13 +56,13 @@ module "endpoints" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.0 | +| [aws](#requirement\_aws) | >= 5.20 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.0 | +| [aws](#provider\_aws) | >= 5.20 | ## Modules diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf index 8c4b09c38..096f077fc 100644 --- a/modules/vpc-endpoints/main.tf +++ b/modules/vpc-endpoints/main.tf @@ -34,6 +34,15 @@ resource "aws_vpc_endpoint" "this" { policy = try(each.value.policy, null) private_dns_enabled = try(each.value.service_type, "Interface") == "Interface" ? try(each.value.private_dns_enabled, null) : null + dynamic "dns_options" { + for_each = try([each.value.dns_options], []) + + content { + dns_record_ip_type = try(each.value.dns_options.dns_record_ip_type, null) + private_dns_only_for_inbound_resolver_endpoint = try(each.value.private_dns_only_for_inbound_resolver_endpoint, null) + } + } + tags = merge(var.tags, try(each.value.tags, {})) timeouts { diff --git a/modules/vpc-endpoints/versions.tf b/modules/vpc-endpoints/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/modules/vpc-endpoints/versions.tf +++ b/modules/vpc-endpoints/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } diff --git a/versions.tf b/versions.tf index ddfcb0e05..f8fba3dfd 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.0" + version = ">= 5.20" } } } From e4768508a17f79337f9f1e48ebf47ee885b98c1f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 9 Jan 2024 20:53:49 +0000 Subject: [PATCH 10/24] chore(release): version 5.5.0 [skip ci] ## [5.5.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.4.0...v5.5.0) (2024-01-09) ### Features * Add support for `dns_options` on VPC endpoints ([#1023](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1023)) ([32f853f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/32f853f4c099ad134d9c739d585c42a7c06a797b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53356fefd..6ce848dc1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.5.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.4.0...v5.5.0) (2024-01-09) + + +### Features + +* Add support for `dns_options` on VPC endpoints ([#1023](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1023)) ([32f853f](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/32f853f4c099ad134d9c739d585c42a7c06a797b)) + ## [5.4.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.3.0...v5.4.0) (2023-12-11) From a837be12882c8f74984620752937b4806da2d6d4 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 13 Jan 2024 16:03:26 -0500 Subject: [PATCH 11/24] fix: Correct VPC endpoint private DNS resolver `for_each` key (#1029) --- modules/vpc-endpoints/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf index 096f077fc..fef2f8c05 100644 --- a/modules/vpc-endpoints/main.tf +++ b/modules/vpc-endpoints/main.tf @@ -38,8 +38,8 @@ resource "aws_vpc_endpoint" "this" { for_each = try([each.value.dns_options], []) content { - dns_record_ip_type = try(each.value.dns_options.dns_record_ip_type, null) - private_dns_only_for_inbound_resolver_endpoint = try(each.value.private_dns_only_for_inbound_resolver_endpoint, null) + dns_record_ip_type = try(dns_options.value.dns_options.dns_record_ip_type, null) + private_dns_only_for_inbound_resolver_endpoint = try(dns_options.value.private_dns_only_for_inbound_resolver_endpoint, null) } } From 7666869d9ca7ff658f5bd10a29dea53bde5dc464 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 13 Jan 2024 21:03:50 +0000 Subject: [PATCH 12/24] chore(release): version 5.5.1 [skip ci] ### [5.5.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.0...v5.5.1) (2024-01-13) ### Bug Fixes * Correct VPC endpoint private DNS resolver `for_each` key ([#1029](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1029)) ([a837be1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/a837be12882c8f74984620752937b4806da2d6d4)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ce848dc1..93ca3ed79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [5.5.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.0...v5.5.1) (2024-01-13) + + +### Bug Fixes + +* Correct VPC endpoint private DNS resolver `for_each` key ([#1029](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1029)) ([a837be1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/a837be12882c8f74984620752937b4806da2d6d4)) + ## [5.5.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.4.0...v5.5.0) (2024-01-09) From 5f5df571925895ad1fdf5a3bd04e539aa13f5a1d Mon Sep 17 00:00:00 2001 From: Vladimir Samoylov <51059484+cageyv@users.noreply.github.com> Date: Fri, 9 Feb 2024 19:10:26 +0700 Subject: [PATCH 13/24] fix: Added create_before_destroy to aws_customer_gateway (#1036) Co-authored-by: Anton Babenko --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 9d19218f1..ef65f2be7 100644 --- a/main.tf +++ b/main.tf @@ -1123,6 +1123,10 @@ resource "aws_customer_gateway" "this" { var.tags, var.customer_gateway_tags, ) + + lifecycle { + create_before_destroy = true + } } ################################################################################ From f7f84f70ad6db36e4eae0273bf08ed2ffd0a69c4 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 9 Feb 2024 12:10:52 +0000 Subject: [PATCH 14/24] chore(release): version 5.5.2 [skip ci] ### [5.5.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.1...v5.5.2) (2024-02-09) ### Bug Fixes * Added create_before_destroy to aws_customer_gateway ([#1036](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1036)) ([5f5df57](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/5f5df571925895ad1fdf5a3bd04e539aa13f5a1d)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93ca3ed79..97060b8f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +### [5.5.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.1...v5.5.2) (2024-02-09) + + +### Bug Fixes + +* Added create_before_destroy to aws_customer_gateway ([#1036](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1036)) ([5f5df57](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/5f5df571925895ad1fdf5a3bd04e539aa13f5a1d)) + ### [5.5.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.0...v5.5.1) (2024-01-13) From 3b5b7f1fea768c6c933ea1ce2f8ee11250fa94cb Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Wed, 6 Mar 2024 14:12:17 -0500 Subject: [PATCH 15/24] fix: Update CI workflow versions to remove deprecated runtime warnings (#1052) --- .github/workflows/lock.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 36 +++++++++++++++++------- .github/workflows/release.yml | 12 ++++---- .github/workflows/stale-actions.yaml | 2 +- .pre-commit-config.yaml | 6 ++-- examples/separate-route-tables/README.md | 2 +- 7 files changed, 40 insertions(+), 22 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 6b6c9cec0..bd5f2df7c 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v4 + - uses: dessant/lock-threads@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} issue-comment: > diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index cb32a0f81..3973df443 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.0.2 + - uses: amannn/action-semantic-pull-request@v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index cb8267134..c2632d1a4 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,7 @@ on: env: TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.44.1 + TFLINT_VERSION: v0.50.3 jobs: collectInputs: @@ -18,11 +18,11 @@ jobs: directories: ${{ steps.dirs.outputs.directories }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get root directories id: dirs - uses: clowdhaus/terraform-composite-actions/directories@v1.8.3 + uses: clowdhaus/terraform-composite-actions/directories@v1.9.0 preCommitMinVersions: name: Min TF pre-commit @@ -32,19 +32,27 @@ jobs: matrix: directory: ${{ fromJson(needs.collectInputs.outputs.directories) }} steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -53,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -64,18 +72,26 @@ jobs: runs-on: ubuntu-latest needs: collectInputs steps: + # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 + - name: Delete huge unnecessary tools folder + run: | + rm -rf /opt/hostedtoolcache/CodeQL + rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk + rm -rf /opt/hostedtoolcache/Ruby + rm -rf /opt/hostedtoolcache/go + - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.2.4 + uses: clowdhaus/terraform-min-max@v1.3.0 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 81f674740..4a9422614 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,18 +20,18 @@ jobs: if: github.repository_owner == 'terraform-aws-modules' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@v3 + uses: cycjimmy/semantic-release-action@v4 with: - semantic_version: 18.0.0 + semantic_version: 23.0.2 extra_plugins: | - @semantic-release/changelog@6.0.0 - @semantic-release/git@10.0.0 - conventional-changelog-conventionalcommits@4.6.3 + @semantic-release/changelog@6.0.3 + @semantic-release/git@10.0.1 + conventional-changelog-conventionalcommits@7.0.2 env: GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 50379957f..6ccd0ed85 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74b0a6bcd..395404e80 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,9 +1,8 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 + rev: v1.88.0 hooks: - id: terraform_fmt - - id: terraform_validate - id: terraform_docs args: - '--args=--lockfile=false' @@ -22,8 +21,11 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' + - '--args=--only=terraform_unused_required_providers' + - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer + - id: trailing-whitespace diff --git a/examples/separate-route-tables/README.md b/examples/separate-route-tables/README.md index 063a51dde..5f45a5276 100644 --- a/examples/separate-route-tables/README.md +++ b/examples/separate-route-tables/README.md @@ -1,6 +1,6 @@ # VPC with separate private route tables -Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup). +Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup). There are public, private, database, ElastiCache, Redshift subnets, NAT Gateways created in each availability zone. **This example sets up separate private route for database, elasticache and redshift subnets.**. From 3e793b424af55cca62b1158eb02fd662cc7e4ca1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 6 Mar 2024 19:12:48 +0000 Subject: [PATCH 16/24] chore(release): version 5.5.3 [skip ci] ## [5.5.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.2...v5.5.3) (2024-03-06) ### Bug Fixes * Update CI workflow versions to remove deprecated runtime warnings ([#1052](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1052)) ([3b5b7f1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/3b5b7f1fea768c6c933ea1ce2f8ee11250fa94cb)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97060b8f6..96017b202 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.5.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.2...v5.5.3) (2024-03-06) + + +### Bug Fixes + +* Update CI workflow versions to remove deprecated runtime warnings ([#1052](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1052)) ([3b5b7f1](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/3b5b7f1fea768c6c933ea1ce2f8ee11250fa94cb)) + ### [5.5.2](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.1...v5.5.2) (2024-02-09) From e2970fd747bbf5d0b1539f7bbbdced56977a1bdf Mon Sep 17 00:00:00 2001 From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com> Date: Thu, 14 Mar 2024 09:13:56 -0400 Subject: [PATCH 17/24] feat: Support VPC flow log cloudwatch log group class (#1053) support log group class --- README.md | 5 +++-- examples/complete/README.md | 4 ++-- examples/complete/versions.tf | 2 +- examples/ipam/README.md | 4 ++-- examples/ipam/versions.tf | 2 +- examples/ipv6-dualstack/README.md | 4 ++-- examples/ipv6-dualstack/versions.tf | 2 +- examples/ipv6-only/README.md | 4 ++-- examples/ipv6-only/versions.tf | 2 +- examples/issues/README.md | 4 ++-- examples/issues/versions.tf | 2 +- examples/manage-default-vpc/README.md | 2 +- examples/manage-default-vpc/versions.tf | 2 +- examples/network-acls/README.md | 4 ++-- examples/network-acls/versions.tf | 2 +- examples/outpost/README.md | 4 ++-- examples/outpost/versions.tf | 2 +- examples/secondary-cidr-blocks/README.md | 4 ++-- examples/secondary-cidr-blocks/versions.tf | 2 +- examples/separate-route-tables/README.md | 4 ++-- examples/separate-route-tables/versions.tf | 2 +- examples/simple/README.md | 4 ++-- examples/simple/versions.tf | 2 +- examples/vpc-flow-logs/README.md | 4 ++-- examples/vpc-flow-logs/main.tf | 1 + examples/vpc-flow-logs/versions.tf | 2 +- modules/vpc-endpoints/README.md | 4 ++-- modules/vpc-endpoints/versions.tf | 2 +- variables.tf | 6 ++++++ versions.tf | 2 +- vpc-flow-logs.tf | 1 + 31 files changed, 50 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 371702918..127493807 100644 --- a/README.md +++ b/README.md @@ -256,13 +256,13 @@ Full contributing [guidelines are covered here](.github/contributing.md). | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules @@ -445,6 +445,7 @@ No modules. | [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no | | [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no | | [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided | `string` | `""` | no | +| [flow\_log\_cloudwatch\_log\_group\_class](#input\_flow\_log\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no | | [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs | `string` | `null` | no | | [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs | `string` | `"/aws/vpc-flow-log/"` | no | | [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs | `string` | `""` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 4d359dd89..fbe618488 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/ipam/README.md b/examples/ipam/README.md index 2aa0998e6..ce1070c5a 100644 --- a/examples/ipam/README.md +++ b/examples/ipam/README.md @@ -30,13 +30,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/ipam/versions.tf b/examples/ipam/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/ipam/versions.tf +++ b/examples/ipam/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/ipv6-dualstack/README.md b/examples/ipv6-dualstack/README.md index 9b99735f5..5b5c17c09 100644 --- a/examples/ipv6-dualstack/README.md +++ b/examples/ipv6-dualstack/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/ipv6-dualstack/versions.tf b/examples/ipv6-dualstack/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/ipv6-dualstack/versions.tf +++ b/examples/ipv6-dualstack/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/ipv6-only/README.md b/examples/ipv6-only/README.md index fca0b6799..e4fea6c43 100644 --- a/examples/ipv6-only/README.md +++ b/examples/ipv6-only/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/ipv6-only/versions.tf b/examples/ipv6-only/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/ipv6-only/versions.tf +++ b/examples/ipv6-only/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/issues/README.md b/examples/issues/README.md index 6ec13c86f..a312e67a7 100644 --- a/examples/issues/README.md +++ b/examples/issues/README.md @@ -25,13 +25,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/issues/versions.tf b/examples/issues/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/issues/versions.tf +++ b/examples/issues/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index c37171dc9..d1e70e542 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -22,7 +22,7 @@ Run `terraform destroy` when you don't need these resources. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers diff --git a/examples/manage-default-vpc/versions.tf b/examples/manage-default-vpc/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/manage-default-vpc/versions.tf +++ b/examples/manage-default-vpc/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md index f0fa51948..477a903d2 100644 --- a/examples/network-acls/README.md +++ b/examples/network-acls/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/network-acls/versions.tf b/examples/network-acls/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/network-acls/versions.tf +++ b/examples/network-acls/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/outpost/README.md b/examples/outpost/README.md index 6d3ca4d47..8105dff04 100644 --- a/examples/outpost/README.md +++ b/examples/outpost/README.md @@ -24,13 +24,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/outpost/versions.tf b/examples/outpost/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/outpost/versions.tf +++ b/examples/outpost/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 176b774ce..be90f2670 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/secondary-cidr-blocks/versions.tf b/examples/secondary-cidr-blocks/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/secondary-cidr-blocks/versions.tf +++ b/examples/secondary-cidr-blocks/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/separate-route-tables/README.md b/examples/separate-route-tables/README.md index 5f45a5276..cd7be22ed 100644 --- a/examples/separate-route-tables/README.md +++ b/examples/separate-route-tables/README.md @@ -22,13 +22,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/separate-route-tables/versions.tf b/examples/separate-route-tables/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/separate-route-tables/versions.tf +++ b/examples/separate-route-tables/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/simple/README.md b/examples/simple/README.md index 9fb29e7f2..fb62fba7c 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -26,13 +26,13 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/examples/simple/versions.tf b/examples/simple/versions.tf index f8fba3dfd..22111ba53 100644 --- a/examples/simple/versions.tf +++ b/examples/simple/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md index 47bc8bc94..e8b6f0d3b 100644 --- a/examples/vpc-flow-logs/README.md +++ b/examples/vpc-flow-logs/README.md @@ -24,14 +24,14 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf index 140aa0cd6..9fee41bdf 100644 --- a/examples/vpc-flow-logs/main.tf +++ b/examples/vpc-flow-logs/main.tf @@ -78,6 +78,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" { flow_log_max_aggregation_interval = 60 flow_log_cloudwatch_log_group_name_prefix = "/aws/my-amazing-vpc-flow-logz/" flow_log_cloudwatch_log_group_name_suffix = "my-test" + flow_log_cloudwatch_log_group_class = "INFREQUENT_ACCESS" vpc_flow_log_tags = local.tags } diff --git a/examples/vpc-flow-logs/versions.tf b/examples/vpc-flow-logs/versions.tf index 0ac52370c..6af908428 100644 --- a/examples/vpc-flow-logs/versions.tf +++ b/examples/vpc-flow-logs/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } random = { diff --git a/modules/vpc-endpoints/README.md b/modules/vpc-endpoints/README.md index 235cef659..6c0de6a46 100644 --- a/modules/vpc-endpoints/README.md +++ b/modules/vpc-endpoints/README.md @@ -56,13 +56,13 @@ module "endpoints" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.20 | +| [aws](#requirement\_aws) | >= 5.30 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.20 | +| [aws](#provider\_aws) | >= 5.30 | ## Modules diff --git a/modules/vpc-endpoints/versions.tf b/modules/vpc-endpoints/versions.tf index f8fba3dfd..22111ba53 100644 --- a/modules/vpc-endpoints/versions.tf +++ b/modules/vpc-endpoints/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/variables.tf b/variables.tf index c990ecdbd..ce81d687a 100644 --- a/variables.tf +++ b/variables.tf @@ -1584,6 +1584,12 @@ variable "flow_log_cloudwatch_log_group_skip_destroy" { default = false } +variable "flow_log_cloudwatch_log_group_class" { + description = "Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS" + type = string + default = null +} + variable "putin_khuylo" { description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" type = bool diff --git a/versions.tf b/versions.tf index f8fba3dfd..22111ba53 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.20" + version = ">= 5.30" } } } diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf index 9e453c819..e21cd11e6 100644 --- a/vpc-flow-logs.tf +++ b/vpc-flow-logs.tf @@ -50,6 +50,7 @@ resource "aws_cloudwatch_log_group" "flow_log" { retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id skip_destroy = var.flow_log_cloudwatch_log_group_skip_destroy + log_group_class = var.flow_log_cloudwatch_log_group_class tags = merge(var.tags, var.vpc_flow_log_tags) } From 878b5d2e5a94f94819dcf93424c0d3c026144de8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 14 Mar 2024 13:14:25 +0000 Subject: [PATCH 18/24] chore(release): version 5.6.0 [skip ci] ## [5.6.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.3...v5.6.0) (2024-03-14) ### Features * Support VPC flow log cloudwatch log group class ([#1053](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1053)) ([e2970fd](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/e2970fd747bbf5d0b1539f7bbbdced56977a1bdf)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96017b202..ea27525ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.6.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.3...v5.6.0) (2024-03-14) + + +### Features + +* Support VPC flow log cloudwatch log group class ([#1053](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1053)) ([e2970fd](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/e2970fd747bbf5d0b1539f7bbbdced56977a1bdf)) + ## [5.5.3](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.2...v5.5.3) (2024-03-06) From 9163310db647ed98094319980bd8eef72bee492b Mon Sep 17 00:00:00 2001 From: Zack A <24322023+zack-is-cool@users.noreply.github.com> Date: Fri, 22 Mar 2024 11:40:04 -0700 Subject: [PATCH 19/24] feat: Allow setting vpc endpoints as an input for each endpoint (#1056) --- modules/vpc-endpoints/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf index fef2f8c05..5526c3344 100644 --- a/modules/vpc-endpoints/main.tf +++ b/modules/vpc-endpoints/main.tf @@ -24,7 +24,7 @@ resource "aws_vpc_endpoint" "this" { for_each = local.endpoints vpc_id = var.vpc_id - service_name = data.aws_vpc_endpoint_service.this[each.key].service_name + service_name = try(each.value.service_endpoint, data.aws_vpc_endpoint_service.this[each.key].service_name) vpc_endpoint_type = try(each.value.service_type, "Interface") auto_accept = try(each.value.auto_accept, null) From 47e101dc71818902de9bf8967c22fdbb42cd540d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 22 Mar 2024 18:40:35 +0000 Subject: [PATCH 20/24] chore(release): version 5.7.0 [skip ci] ## [5.7.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.6.0...v5.7.0) (2024-03-22) ### Features * Allow setting vpc endpoints as an input for each endpoint ([#1056](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1056)) ([9163310](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/9163310db647ed98094319980bd8eef72bee492b)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea27525ba..b91031574 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.7.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.6.0...v5.7.0) (2024-03-22) + + +### Features + +* Allow setting vpc endpoints as an input for each endpoint ([#1056](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1056)) ([9163310](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/9163310db647ed98094319980bd8eef72bee492b)) + ## [5.6.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.5.3...v5.6.0) (2024-03-14) From 77df552a8aa43bb3711243a3a5ef3e29f70a4068 Mon Sep 17 00:00:00 2001 From: wiseelf <30684491+wiseelf@users.noreply.github.com> Date: Sat, 6 Apr 2024 02:27:00 +0200 Subject: [PATCH 21/24] fix: Create the same number of IPv6 egress only gateway routes as the number of NAT gateways that are enabled/created (#1059) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index ef65f2be7..d7429e59f 100644 --- a/main.tf +++ b/main.tf @@ -1021,7 +1021,7 @@ resource "aws_egress_only_internet_gateway" "this" { } resource "aws_route" "private_ipv6_egress" { - count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? local.len_private_subnets : 0 + count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 ? local.nat_gateway_count : 0 route_table_id = element(aws_route_table.private[*].id, count.index) destination_ipv6_cidr_block = "::/0" From c182453f881ae77afd14c826dc8e23498b957907 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 6 Apr 2024 00:27:27 +0000 Subject: [PATCH 22/24] chore(release): version 5.7.1 [skip ci] ## [5.7.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.7.0...v5.7.1) (2024-04-06) ### Bug Fixes * Create the same number of IPv6 egress only gateway routes as the number of NAT gateways that are enabled/created ([#1059](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1059)) ([77df552](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/77df552a8aa43bb3711243a3a5ef3e29f70a4068)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b91031574..f2c9ad330 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [5.7.1](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.7.0...v5.7.1) (2024-04-06) + + +### Bug Fixes + +* Create the same number of IPv6 egress only gateway routes as the number of NAT gateways that are enabled/created ([#1059](https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/1059)) ([77df552](https://github.com/terraform-aws-modules/terraform-aws-vpc/commit/77df552a8aa43bb3711243a3a5ef3e29f70a4068)) + ## [5.7.0](https://github.com/terraform-aws-modules/terraform-aws-vpc/compare/v5.6.0...v5.7.0) (2024-03-22) From b2544c908249a5fa258c13c02a7823bd3c3ae174 Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Tue, 28 Feb 2023 12:46:54 -0800 Subject: [PATCH 23/24] feat: Allow tagging on per-subnet basis --- README.md | 11 +++++++++ main.tf | 46 ++++++++++++++++++++++++------------ variables.tf | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 127493807..1cb6a2e61 100644 --- a/README.md +++ b/README.md @@ -379,7 +379,9 @@ No modules. | [database\_dedicated\_network\_acl](#input\_database\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for database subnets | `bool` | `false` | no | | [database\_inbound\_acl\_rules](#input\_database\_inbound\_acl\_rules) | Database subnets inbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | [database\_outbound\_acl\_rules](#input\_database\_outbound\_acl\_rules) | Database subnets outbound network ACL rules | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| [database\_route\_table\_names](#input\_database\_route\_table\_names) | Explicit values to use in the Name tag on database route tables. If empty, Name tags are generated. | `list(string)` | `[]` | no | | [database\_route\_table\_tags](#input\_database\_route\_table\_tags) | Additional tags for the database route tables | `map(string)` | `{}` | no | +| [database\_route\_table\_tags\_per\_subnet](#input\_database\_route\_table\_tags\_per\_subnet) | Additional tags for the database route tables, if specified then must have a length equal to the number of database subnets | `list(map(string))` | `[]` | no | | [database\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_database\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | | [database\_subnet\_enable\_dns64](#input\_database\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | | [database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_database\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | @@ -392,6 +394,7 @@ No modules. | [database\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_database\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | | [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no | | [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no | +| [database\_subnet\_tags\_per\_subnet](#input\_database\_subnet\_tags\_per\_subnet) | Additional tags for the database subnets, if specified then must have a length equal to the number of database subnets | `list(map(string))` | `[]` | no | | [database\_subnets](#input\_database\_subnets) | A list of database subnets inside the VPC | `list(string)` | `[]` | no | | [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | | [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | @@ -432,6 +435,7 @@ No modules. | [elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_elasticache\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | | [elasticache\_subnet\_suffix](#input\_elasticache\_subnet\_suffix) | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no | | [elasticache\_subnet\_tags](#input\_elasticache\_subnet\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no | +| [elasticache\_subnet\_tags\_per\_subnet](#input\_elasticache\_subnet\_tags\_per\_subnet) | Additional tags for the elasticache subnets, if specified then must have a length equal to the number of elasticache subnets | `list(map(string))` | `[]` | no | | [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets inside the VPC | `list(string)` | `[]` | no | | [enable\_dhcp\_options](#input\_enable\_dhcp\_options) | Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type | `bool` | `false` | no | | [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | Should be true to enable DNS hostnames in the VPC | `bool` | `true` | no | @@ -477,6 +481,7 @@ No modules. | [intra\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_intra\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | | [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no | | [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no | +| [intra\_subnet\_tags\_per\_subnet](#input\_intra\_subnet\_tags\_per\_subnet) | Additional tags for the intra subnets, if specified then must have a length equal to the number of intra subnets | `list(map(string))` | `[]` | no | | [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets inside the VPC | `list(string)` | `[]` | no | | [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR | `string` | `null` | no | | [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id | `number` | `null` | no | @@ -511,12 +516,15 @@ No modules. | [outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_outpost\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | | [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no | | [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no | +| [outpost\_subnet\_tags\_per\_subnet](#input\_outpost\_subnet\_tags\_per\_subnet) | Additional tags for the outpost subnets, if specified then must have a length equal to the number of outpost subnets | `list(map(string))` | `[]` | no | | [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no | | [private\_acl\_tags](#input\_private\_acl\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no | | [private\_dedicated\_network\_acl](#input\_private\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no | | [private\_inbound\_acl\_rules](#input\_private\_inbound\_acl\_rules) | Private subnets inbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | | [private\_outbound\_acl\_rules](#input\_private\_outbound\_acl\_rules) | Private subnets outbound network ACLs | `list(map(string))` | 
[
  {
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_action": "allow",
    "rule_number": 100,
    "to_port": 0
  }
]
| no | +| [private\_route\_table\_names](#input\_private\_route\_table\_names) | Explicit values to use in the Name tag on private route tables. If empty, Name tags are generated. | `list(string)` | `[]` | no | | [private\_route\_table\_tags](#input\_private\_route\_table\_tags) | Additional tags for the private route tables | `map(string)` | `{}` | no | +| [private\_route\_table\_tags\_per\_subnet](#input\_private\_route\_table\_tags\_per\_subnet) | Additional tags for the private route tables, if specified then must have a length equal to the number of private subnets | `list(map(string))` | `[]` | no | | [private\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_private\_subnet\_assign\_ipv6\_address\_on\_creation) | Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false` | `bool` | `false` | no | | [private\_subnet\_enable\_dns64](#input\_private\_subnet\_enable\_dns64) | Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true` | `bool` | `true` | no | | [private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch](#input\_private\_subnet\_enable\_resource\_name\_dns\_a\_record\_on\_launch) | Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false` | `bool` | `false` | no | @@ -528,6 +536,7 @@ No modules. | [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no | | [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no | | [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no | +| [private\_subnet\_tags\_per\_subnet](#input\_private\_subnet\_tags\_per\_subnet) | Additional tags for the private subnets, if specified then must have a length equal to the number of private subnets | `list(map(string))` | `[]` | no | | [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no | | [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | | [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no | @@ -548,6 +557,7 @@ No modules. | [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no | | [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no | | [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no | +| [public\_subnet\_tags\_per\_subnet](#input\_public\_subnet\_tags\_per\_subnet) | Additional tags for the public subnets, if specified then must have a length equal to the number of public subnets | `list(map(string))` | `[]` | no | | [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | | [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no | @@ -567,6 +577,7 @@ No modules. | [redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch](#input\_redshift\_subnet\_private\_dns\_hostname\_type\_on\_launch) | The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name` | `string` | `null` | no | | [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no | | [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no | +| [redshift\_subnet\_tags\_per\_subnet](#input\_redshift\_subnet\_tags\_per\_subnet) | Additional tags for the redshift subnets, if specified then must have a length equal to the number of redshift subnets | `list(map(string))` | `[]` | no | | [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no | | [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no | | [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no | diff --git a/main.tf b/main.tf index d7429e59f..5d20acdf7 100644 --- a/main.tf +++ b/main.tf @@ -238,14 +238,17 @@ resource "aws_subnet" "private" { tags = merge( { - Name = try( - var.private_subnet_names[count.index], - format("${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index)) + "Name" = try( + var.private_route_table_names[count.index], + var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( + "${var.name}-${var.private_subnet_suffix}-%s", + element(var.azs, count.index), + ) ) }, var.tags, - var.private_subnet_tags, - lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}) + var.private_route_table_tags, + length(var.private_route_table_tags_per_subnet) > 0 ? element(var.private_route_table_tags_per_subnet, count.index) : {}, ) } @@ -257,13 +260,17 @@ resource "aws_route_table" "private" { tags = merge( { - "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "${var.name}-${var.private_subnet_suffix}-%s", - element(var.azs, count.index), + "Name" = try( + var.database_route_table_names[count.index], + var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( + "${var.name}-${var.database_subnet_suffix}-%s", + element(var.azs, count.index), + ) ) }, var.tags, - var.private_route_table_tags, + var.database_route_table_tags, + length(var.database_route_table_tags_per_subnet) > 0 ? element(var.database_route_table_tags_per_subnet, count.index) : {}, ) } @@ -364,7 +371,9 @@ resource "aws_subnet" "database" { ) }, var.tags, - var.database_subnet_tags, + var.public_subnet_tags, + lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}), + length(var.public_subnet_tags_per_subnet) > 0 ? element(var.public_subnet_tags_per_subnet, count.index) : {}, ) } @@ -380,7 +389,9 @@ resource "aws_db_subnet_group" "database" { "Name" = lower(coalesce(var.database_subnet_group_name, var.name)) }, var.tags, - var.database_subnet_group_tags, + var.private_subnet_tags, + lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}), + length(var.private_subnet_tags_per_subnet) > 0 ? element(var.private_subnet_tags_per_subnet, count.index) : {}, ) } @@ -397,7 +408,8 @@ resource "aws_route_table" "database" { ) }, var.tags, - var.database_route_table_tags, + var.outpost_subnet_tags, + length(var.outpost_subnet_tags_per_subnet) > 0 ? element(var.outpost_subnet_tags_per_subnet, count.index) : {}, ) } @@ -476,7 +488,8 @@ resource "aws_network_acl" "database" { tags = merge( { "Name" = "${var.name}-${var.database_subnet_suffix}" }, var.tags, - var.database_acl_tags, + var.database_subnet_tags, + length(var.database_subnet_tags_per_subnet) > 0 ? element(var.database_subnet_tags_per_subnet, count.index) : {}, ) } @@ -547,6 +560,7 @@ resource "aws_subnet" "redshift" { }, var.tags, var.redshift_subnet_tags, + length(var.redshift_subnet_tags_per_subnet) > 0 ? element(var.redshift_subnet_tags_per_subnet, count.index) : {}, ) } @@ -572,7 +586,8 @@ resource "aws_route_table" "redshift" { tags = merge( { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, var.tags, - var.redshift_route_table_tags, + var.elasticache_subnet_tags, + length(var.elasticache_subnet_tags_per_subnet) > 0 ? element(var.elasticache_subnet_tags_per_subnet, count.index) : {}, ) } @@ -613,7 +628,8 @@ resource "aws_network_acl" "redshift" { tags = merge( { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, var.tags, - var.redshift_acl_tags, + var.intra_subnet_tags, + length(var.intra_subnet_tags_per_subnet) > 0 ? element(var.intra_subnet_tags_per_subnet, count.index) : {}, ) } diff --git a/variables.tf b/variables.tf index ce81d687a..d2dc9f70d 100644 --- a/variables.tf +++ b/variables.tf @@ -238,6 +238,12 @@ variable "public_subnet_tags" { default = {} } +variable "public_subnet_tags_per_subnet" { + description = "Additional tags for the public subnets, if specified then must have a length equal to the number of public subnets" + type = list(map(string)) + default = [] +} + variable "public_subnet_tags_per_az" { description = "Additional tags for the public subnets where the primary key is the AZ" type = map(map(string)) @@ -366,18 +372,36 @@ variable "private_subnet_tags" { default = {} } +variable "private_subnet_tags_per_subnet" { + description = "Additional tags for the private subnets, if specified then must have a length equal to the number of private subnets" + type = list(map(string)) + default = [] +} + variable "private_subnet_tags_per_az" { description = "Additional tags for the private subnets where the primary key is the AZ" type = map(map(string)) default = {} } +variable "private_route_table_names" { + description = "Explicit values to use in the Name tag on private route tables. If empty, Name tags are generated." + type = list(string) + default = [] +} + variable "private_route_table_tags" { description = "Additional tags for the private route tables" type = map(string) default = {} } +variable "private_route_table_tags_per_subnet" { + description = "Additional tags for the private route tables, if specified then must have a length equal to the number of private subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Private Network ACLs ################################################################################ @@ -506,12 +530,24 @@ variable "create_database_nat_gateway_route" { default = false } +variable "database_route_table_names" { + description = "Explicit values to use in the Name tag on database route tables. If empty, Name tags are generated." + type = list(string) + default = [] +} + variable "database_route_table_tags" { description = "Additional tags for the database route tables" type = map(string) default = {} } +variable "database_route_table_tags_per_subnet" { + description = "Additional tags for the database route tables, if specified then must have a length equal to the number of database subnets" + type = list(map(string)) + default = [] +} + variable "database_subnet_tags" { description = "Additional tags for the database subnets" type = map(string) @@ -536,6 +572,12 @@ variable "database_subnet_group_tags" { default = {} } +variable "database_subnet_tags_per_subnet" { + description = "Additional tags for the database subnets, if specified then must have a length equal to the number of database subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Database Network ACLs ################################################################################ @@ -688,6 +730,12 @@ variable "redshift_subnet_group_tags" { default = {} } +variable "redshift_subnet_tags_per_subnet" { + description = "Additional tags for the redshift subnets, if specified then must have a length equal to the number of redshift subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Redshift Network ACLs ################################################################################ @@ -804,6 +852,12 @@ variable "elasticache_subnet_tags" { default = {} } +variable "elasticache_subnet_tags_per_subnet" { + description = "Additional tags for the elasticache subnets, if specified then must have a length equal to the number of elasticache subnets" + type = list(map(string)) + default = [] +} + variable "create_elasticache_subnet_route_table" { description = "Controls if separate route table for elasticache should be created" type = bool @@ -956,6 +1010,12 @@ variable "intra_route_table_tags" { default = {} } +variable "intra_subnet_tags_per_subnet" { + description = "Additional tags for the intra subnets, if specified then must have a length equal to the number of intra subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Intra Network ACLs ################################################################################ @@ -1096,6 +1156,12 @@ variable "outpost_subnet_tags" { default = {} } +variable "outpost_subnet_tags_per_subnet" { + description = "Additional tags for the outpost subnets, if specified then must have a length equal to the number of outpost subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Outpost Network ACLs ################################################################################ From f026da013fbe261a5c55b2c73e99686c898b89a6 Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Thu, 26 Oct 2023 14:10:49 -0700 Subject: [PATCH 24/24] add eip and ngw tags --- README.md | 4 ++++ main.tf | 65 +++++++++++++++++++++++++++------------------------- variables.tf | 25 ++++++++++++++++++++ 3 files changed, 63 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 1cb6a2e61..ca7fdffbf 100644 --- a/README.md +++ b/README.md @@ -497,8 +497,12 @@ No modules. | [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false` | `bool` | `false` | no | | [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no | | [nat\_eip\_tags](#input\_nat\_eip\_tags) | Additional tags for the NAT EIP | `map(string)` | `{}` | no | +| [nat\_eip\_tags\_per\_az](#input\_nat\_eip\_tags\_per\_az) | Additional tags for the NAT EIPs where the primary key is the AZ | `map(map(string))` | `{}` | no | +| [nat\_eip\_tags\_per\_subnet](#input\_nat\_eip\_tags\_per\_subnet) | Additional tags for the NAT EIPs, if specified then must have a length equal to the number of private subnets | `list(map(string))` | `[]` | no | | [nat\_gateway\_destination\_cidr\_block](#input\_nat\_gateway\_destination\_cidr\_block) | Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route | `string` | `"0.0.0.0/0"` | no | | [nat\_gateway\_tags](#input\_nat\_gateway\_tags) | Additional tags for the NAT gateways | `map(string)` | `{}` | no | +| [nat\_gateway\_tags\_per\_az](#input\_nat\_gateway\_tags\_per\_az) | Additional tags for the NAT gateways where the primary key is the AZ | `map(map(string))` | `{}` | no | +| [nat\_gateway\_tags\_per\_subnet](#input\_nat\_gateway\_tags\_per\_subnet) | Additional tags for the NAT gateways, if specified then must have a length equal to the number of private subnets | `list(map(string))` | `[]` | no | | [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs` | `bool` | `false` | no | | [outpost\_acl\_tags](#input\_outpost\_acl\_tags) | Additional tags for the outpost subnets network ACL | `map(string)` | `{}` | no | | [outpost\_arn](#input\_outpost\_arn) | ARN of Outpost you want to create a subnet in | `string` | `null` | no | diff --git a/main.tf b/main.tf index 5d20acdf7..ffb00b1ba 100644 --- a/main.tf +++ b/main.tf @@ -119,7 +119,8 @@ resource "aws_subnet" "public" { }, var.tags, var.public_subnet_tags, - lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}) + lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}), + length(var.public_subnet_tags_per_subnet) > 0 ? element(var.public_subnet_tags_per_subnet, count.index) : {}, ) } @@ -238,17 +239,15 @@ resource "aws_subnet" "private" { tags = merge( { - "Name" = try( - var.private_route_table_names[count.index], - var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "${var.name}-${var.private_subnet_suffix}-%s", - element(var.azs, count.index), - ) + Name = try( + var.private_subnet_names[count.index], + format("${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index)) ) }, var.tags, - var.private_route_table_tags, - length(var.private_route_table_tags_per_subnet) > 0 ? element(var.private_route_table_tags_per_subnet, count.index) : {}, + var.private_subnet_tags, + lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}), + length(var.private_subnet_tags_per_subnet) > 0 ? element(var.private_subnet_tags_per_subnet, count.index) : {}, ) } @@ -261,16 +260,16 @@ resource "aws_route_table" "private" { tags = merge( { "Name" = try( - var.database_route_table_names[count.index], - var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "${var.name}-${var.database_subnet_suffix}-%s", + var.private_route_table_names[count.index], + var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( + "${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index), ) ) }, var.tags, - var.database_route_table_tags, - length(var.database_route_table_tags_per_subnet) > 0 ? element(var.database_route_table_tags_per_subnet, count.index) : {}, + var.private_route_table_tags, + length(var.private_route_table_tags_per_subnet) > 0 ? element(var.private_route_table_tags_per_subnet, count.index) : {}, ) } @@ -371,9 +370,8 @@ resource "aws_subnet" "database" { ) }, var.tags, - var.public_subnet_tags, - lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}), - length(var.public_subnet_tags_per_subnet) > 0 ? element(var.public_subnet_tags_per_subnet, count.index) : {}, + var.database_subnet_tags, + length(var.database_subnet_tags_per_subnet) > 0 ? element(var.database_subnet_tags_per_subnet, count.index) : {}, ) } @@ -389,9 +387,7 @@ resource "aws_db_subnet_group" "database" { "Name" = lower(coalesce(var.database_subnet_group_name, var.name)) }, var.tags, - var.private_subnet_tags, - lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}), - length(var.private_subnet_tags_per_subnet) > 0 ? element(var.private_subnet_tags_per_subnet, count.index) : {}, + var.database_subnet_group_tags, ) } @@ -402,14 +398,17 @@ resource "aws_route_table" "database" { tags = merge( { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "${var.name}-${var.database_subnet_suffix}-%s", - element(var.azs, count.index), + "Name" = try( + var.database_route_table_names[count.index], + var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( + "${var.name}-${var.database_subnet_suffix}-%s", + element(var.azs, count.index), + ) ) }, var.tags, - var.outpost_subnet_tags, - length(var.outpost_subnet_tags_per_subnet) > 0 ? element(var.outpost_subnet_tags_per_subnet, count.index) : {}, + var.database_route_table_tags, + length(var.database_route_table_tags_per_subnet) > 0 ? element(var.database_route_table_tags_per_subnet, count.index) : {}, ) } @@ -488,8 +487,7 @@ resource "aws_network_acl" "database" { tags = merge( { "Name" = "${var.name}-${var.database_subnet_suffix}" }, var.tags, - var.database_subnet_tags, - length(var.database_subnet_tags_per_subnet) > 0 ? element(var.database_subnet_tags_per_subnet, count.index) : {}, + var.database_acl_tags, ) } @@ -586,8 +584,7 @@ resource "aws_route_table" "redshift" { tags = merge( { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, var.tags, - var.elasticache_subnet_tags, - length(var.elasticache_subnet_tags_per_subnet) > 0 ? element(var.elasticache_subnet_tags_per_subnet, count.index) : {}, + var.redshift_route_table_tags, ) } @@ -628,8 +625,7 @@ resource "aws_network_acl" "redshift" { tags = merge( { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, var.tags, - var.intra_subnet_tags, - length(var.intra_subnet_tags_per_subnet) > 0 ? element(var.intra_subnet_tags_per_subnet, count.index) : {}, + var.redshift_acl_tags, ) } @@ -700,6 +696,7 @@ resource "aws_subnet" "elasticache" { }, var.tags, var.elasticache_subnet_tags, + length(var.elasticache_subnet_tags_per_subnet) > 0 ? element(var.elasticache_subnet_tags_per_subnet, count.index) : {}, ) } @@ -829,6 +826,7 @@ resource "aws_subnet" "intra" { }, var.tags, var.intra_subnet_tags, + length(var.intra_subnet_tags_per_subnet) > 0 ? element(var.intra_subnet_tags_per_subnet, count.index) : {}, ) } @@ -940,6 +938,7 @@ resource "aws_subnet" "outpost" { }, var.tags, var.outpost_subnet_tags, + length(var.outpost_subnet_tags_per_subnet) > 0 ? element(var.outpost_subnet_tags_per_subnet, count.index) : {}, ) } @@ -1067,6 +1066,8 @@ resource "aws_eip" "nat" { }, var.tags, var.nat_eip_tags, + lookup(var.nat_eip_tags_per_az, element(var.azs, count.index), {}), + length(var.nat_eip_tags_per_subnet) > 0 ? element(var.nat_eip_tags_per_subnet, count.index) : {}, ) depends_on = [aws_internet_gateway.this] @@ -1093,6 +1094,8 @@ resource "aws_nat_gateway" "this" { }, var.tags, var.nat_gateway_tags, + lookup(var.nat_gateway_tags_per_az, element(var.azs, count.index), {}), + length(var.nat_gateway_tags_per_subnet) > 0 ? element(var.nat_gateway_tags_per_subnet, count.index) : {}, ) depends_on = [aws_internet_gateway.this] diff --git a/variables.tf b/variables.tf index d2dc9f70d..7ddfb90c8 100644 --- a/variables.tf +++ b/variables.tf @@ -348,6 +348,7 @@ variable "private_subnet_ipv6_native" { default = false } + variable "private_subnet_private_dns_hostname_type_on_launch" { description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" type = string @@ -1282,12 +1283,36 @@ variable "nat_gateway_tags" { default = {} } +variable "nat_gateway_tags_per_az" { + description = "Additional tags for the NAT gateways where the primary key is the AZ" + type = map(map(string)) + default = {} +} + +variable "nat_gateway_tags_per_subnet" { + description = "Additional tags for the NAT gateways, if specified then must have a length equal to the number of private subnets" + type = list(map(string)) + default = [] +} + variable "nat_eip_tags" { description = "Additional tags for the NAT EIP" type = map(string) default = {} } +variable "nat_eip_tags_per_az" { + description = "Additional tags for the NAT EIPs where the primary key is the AZ" + type = map(map(string)) + default = {} +} + +variable "nat_eip_tags_per_subnet" { + description = "Additional tags for the NAT EIPs, if specified then must have a length equal to the number of private subnets" + type = list(map(string)) + default = [] +} + ################################################################################ # Customer Gateways ################################################################################