chore: updating the variable with comments (#11)

appvia · May 2, 2024 · 6e85032 · 6e85032
1 parent bdede32
commit 6e85032
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -314,7 +314,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_amazon_side_asn"></a> [amazon\_side\_asn](#input\_amazon\_side\_asn) | The ASN for the transit gateway. | `number` | n/a | yes |
-| <a name="input_connectivity_config"></a> [connectivity\_config](#input\_connectivity\_config) | The type of connectivity options for the transit gateway. | <pre>object({<br>    egress = optional(object({<br>      network = object({<br>        availability_zones = optional(number, 2)<br>        ipam_pool_id       = optional(string, null)<br>        name               = optional(string, "egress")<br>        private_netmask    = optional(number, 28)<br>        public_netmask     = optional(number, 28)<br>        vpc_cidr           = optional(string, null)<br>        vpc_netmask        = optional(string, null)<br>      })<br>    }), null)<br>    endpoints = optional(object({<br>      network = object({<br>        availability_zones = optional(number, 2)<br>        ipam_pool_id       = optional(string, null)<br>        name               = optional(string, "endpoints")<br>        private_netmask    = optional(number, 24)<br>        vpc_cidr           = optional(string, null)<br>        vpc_netmask        = optional(string, null)<br>      })<br>      sharing = optional(object({<br>        principals = optional(list(string), [])<br>      }), null)<br>      services = optional(map(object({<br>        private_dns_enabled = optional(bool, true)<br>        service_type        = optional(string, "Interface")<br>        service             = string<br>        policy              = optional(string, null)<br>        })), {<br>        ec2 = {<br>          service = "ec2"<br>        },<br>        ec2messages = {<br>          service = "ec2messages"<br>        },<br>        ssm = {<br>          service = "ssm"<br>        },<br>        ssmmessages = {<br>          service = "ssmmessages"<br>        },<br>        logs = {<br>          service = "logs"<br>        },<br>        kms = {<br>          service = "kms"<br>        },<br>        secretsmanager = {<br>          service = "secretsmanager"<br>        },<br>        s3 = {<br>          service = "s3"<br>        },<br>      })<br>    }), null)<br>    ingress = optional(object({<br>      network = object({<br>        availability_zones = optional(number, 2)<br>        ipam_pool_id       = optional(string, null)<br>        name               = optional(string, "ingress")<br>        private_netmask    = number<br>        public_netmask     = number<br>        vpc_cidr           = optional(string, null)<br>        vpc_netmask        = optional(string, null)<br>      })<br>    }), null)<br>    inspection = optional(object({<br>      inbound_route_table_name = optional(string, "inbound")<br>      network = optional(object({<br>        availability_zones = number<br>        name               = optional(string, "inspection")<br>        private_netmask    = optional(number, 24)<br>        vpc_cidr           = optional(string, "100.64.0.0/21")<br>      }), null)<br>      spokes_route_table_name = optional(string, "spokes")<br>    }), null)<br>    trusted = optional(object({<br>      trusted_attachments      = optional(list(string), [])<br>      trusted_route_table_name = optional(string, "trusted")<br>    }), null)<br>  })</pre> | n/a | yes |
+| <a name="input_connectivity_config"></a> [connectivity\_config](#input\_connectivity\_config) | The type of connectivity options for the transit gateway. | <pre>object({<br>    egress = optional(object({<br>      network = object({<br>        # Defines the configuration for an egress network. <br>        availability_zones = optional(number, 2)<br>        # The number of availablity zones to use for the egress network. Defaults to 2.<br>        ipam_pool_id = optional(string, null)<br>        # The ID of the IPAM pool to use for the egress network. Defaults to null. <br>        name = optional(string, "egress")<br>        # The name of the egress network. Defaults to 'egress'. <br>        private_netmask = optional(number, 28)<br>        # The netmask to use for the private network. Defaults to 28. <br>        public_netmask = optional(number, 28)<br>        # The netmask to use for the public network. Defaults to 28. <br>        vpc_cidr = optional(string, null)<br>        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM<br>        vpc_netmask = optional(string, null)<br>        # The netmask to use for the VPC. Defaults to null, required when using IPAM<br>      })<br>    }), null)<br>    endpoints = optional(object({<br>      # Defines the configuration for the endpoints network. <br>      network = object({<br>        # Defines the configuration for the endpoints network. <br>        availability_zones = optional(number, 2)<br>        # The number of availablity zones to use for the endpoints network. Defaults to 2. <br>        ipam_pool_id = optional(string, null)<br>        # The ID of the IPAM pool to use for the endpoints network. Defaults to null. <br>        name = optional(string, "endpoints")<br>        # The name of the endpoints network. Defaults to 'endpoints'. <br>        private_netmask = optional(number, 24)<br>        # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services. <br>        vpc_cidr = optional(string, null)<br>        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM <br>        vpc_netmask = optional(string, null)<br>        # The netmask to use for the VPC. Defaults to null, required when using IPAM <br>      })<br>      sharing = optional(object({<br>        # Defines the configuration for the sharing network via AWS RAM <br>        principals = optional(list(string), [])<br>        # The list of organizational units or accounts to share the endpoints resolvers rules with. Defaults to an empty list.<br>      }), null)<br>      services = optional(map(object({<br>        # Defines the configuration for the private endpoints in the shared network. <br>        private_dns_enabled = optional(bool, true)<br>        # Whether private DNS is enabled. Defaults to true. <br>        service_type = optional(string, "Interface")<br>        # The type of service, i.e. Gateway or Interface. Defaults to 'Interface'<br>        service = string<br>        # The name of the service i.e. ec2, ec2messages, ssm, ssmmessages, logs, kms, secretsmanager, s3.awsamazon.com<br>        policy = optional(string, null)<br>        # An optional IAM policy to use for the endpoint. Defaults to null.<br>        })), {<br>        ec2 = {<br>          service = "ec2"<br>        },<br>        ec2messages = {<br>          service = "ec2messages"<br>        },<br>        ssm = {<br>          service = "ssm"<br>        },<br>        ssmmessages = {<br>          service = "ssmmessages"<br>        },<br>        logs = {<br>          service = "logs"<br>        },<br>        kms = {<br>          service = "kms"<br>        },<br>        secretsmanager = {<br>          service = "secretsmanager"<br>        },<br>        s3 = {<br>          service = "s3"<br>        },<br>      })<br>    }), null)<br>    ingress = optional(object({<br>      # Defines the configuration for the ingress network. <br>      network = object({<br>        # Defines the configuration for the ingress network. <br>        availability_zones = optional(number, 2)<br>        # The number of availablity zones to use for the ingress network. Defaults to 2. <br>        ipam_pool_id = optional(string, null)<br>        # The ID of the IPAM pool to use for the ingress network. Defaults to null. <br>        name = optional(string, "ingress")<br>        # The name of the ingress network. Defaults to 'ingress'. <br>        private_netmask = number<br>        # The netmask to use for the private network. Required, ensure space for enough aws services. <br>        public_netmask = number<br>        # The netmask to use for the public network. Required, ensure space for enough aws services. <br>        vpc_cidr = optional(string, null)<br>        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM <br>        vpc_netmask = optional(string, null)<br>        # The netmask to use for the VPC. Defaults to null, required when using IPAM <br>      })<br>    }), null)<br>    inspection = optional(object({<br>      # Defines the configuration for the inspection network. <br>      inbound_route_table_name = optional(string, "inbound")<br>      # The name of the inbound route table. Defaults to 'inbound'. <br>      network = optional(object({<br>        # Defines the configuration for the inspection network. <br>        availability_zones = number<br>        # The number of availablity zones to use for the inspection network. Required. Must match the <br>        # number of availability zones you use in the organization, due to symmetric routing requirements. <br>        name = optional(string, "inspection")<br>        # The name of the inspection network. Defaults to 'inspection'. <br>        private_netmask = optional(number, 24)<br>        # The netmask to use for the private network. Defaults to 24<br>        vpc_cidr = optional(string, "100.64.0.0/21")<br>        # The CIDR block to use for the VPC. Defaults to carrier-grade NAT space. <br>      }), null)<br>      spokes_route_table_name = optional(string, "spokes")<br>      # The name of the spokes route table. Defaults to 'spokes'. <br>    }), null)<br>    trusted = optional(object({<br>      # Defines the configuration for the trusted routing<br>      trusted_attachments = optional(list(string), [])<br>      # The list of transit gateway attachments to trust e.g can see all the other untrusted networks. Defaults to an empty list.<br>      trusted_route_table_name = optional(string, "trusted")<br>      # The name of the trusted route table. Defaults to 'trusted'.<br>    }), null)<br>  })</pre> | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | The description of the transit gateway to provision. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | n/a | yes |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | Whether DNS support is enabled. | `bool` | `true` | no |

diff --git a/variables.tf b/variables.tf
@@ -34,32 +34,55 @@ variable "connectivity_config" {
   type = object({
     egress = optional(object({
       network = object({
+        # Defines the configuration for an egress network. 
         availability_zones = optional(number, 2)
-        ipam_pool_id       = optional(string, null)
-        name               = optional(string, "egress")
-        private_netmask    = optional(number, 28)
-        public_netmask     = optional(number, 28)
-        vpc_cidr           = optional(string, null)
-        vpc_netmask        = optional(string, null)
+        # The number of availablity zones to use for the egress network. Defaults to 2.
+        ipam_pool_id = optional(string, null)
+        # The ID of the IPAM pool to use for the egress network. Defaults to null. 
+        name = optional(string, "egress")
+        # The name of the egress network. Defaults to 'egress'. 
+        private_netmask = optional(number, 28)
+        # The netmask to use for the private network. Defaults to 28. 
+        public_netmask = optional(number, 28)
+        # The netmask to use for the public network. Defaults to 28. 
+        vpc_cidr = optional(string, null)
+        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM
+        vpc_netmask = optional(string, null)
+        # The netmask to use for the VPC. Defaults to null, required when using IPAM
       })
     }), null)
     endpoints = optional(object({
+      # Defines the configuration for the endpoints network. 
       network = object({
+        # Defines the configuration for the endpoints network. 
         availability_zones = optional(number, 2)
-        ipam_pool_id       = optional(string, null)
-        name               = optional(string, "endpoints")
-        private_netmask    = optional(number, 24)
-        vpc_cidr           = optional(string, null)
-        vpc_netmask        = optional(string, null)
+        # The number of availablity zones to use for the endpoints network. Defaults to 2. 
+        ipam_pool_id = optional(string, null)
+        # The ID of the IPAM pool to use for the endpoints network. Defaults to null. 
+        name = optional(string, "endpoints")
+        # The name of the endpoints network. Defaults to 'endpoints'. 
+        private_netmask = optional(number, 24)
+        # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services. 
+        vpc_cidr = optional(string, null)
+        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM 
+        vpc_netmask = optional(string, null)
+        # The netmask to use for the VPC. Defaults to null, required when using IPAM 
       })
       sharing = optional(object({
+        # Defines the configuration for the sharing network via AWS RAM 
         principals = optional(list(string), [])
+        # The list of organizational units or accounts to share the endpoints resolvers rules with. Defaults to an empty list.
       }), null)
       services = optional(map(object({
+        # Defines the configuration for the private endpoints in the shared network. 
         private_dns_enabled = optional(bool, true)
-        service_type        = optional(string, "Interface")
-        service             = string
-        policy              = optional(string, null)
+        # Whether private DNS is enabled. Defaults to true. 
+        service_type = optional(string, "Interface")
+        # The type of service, i.e. Gateway or Interface. Defaults to 'Interface'
+        service = string
+        # The name of the service i.e. ec2, ec2messages, ssm, ssmmessages, logs, kms, secretsmanager, s3.awsamazon.com
+        policy = optional(string, null)
+        # An optional IAM policy to use for the endpoint. Defaults to null.
         })), {
         ec2 = {
           service = "ec2"
@@ -88,29 +111,50 @@ variable "connectivity_config" {
       })
     }), null)
     ingress = optional(object({
+      # Defines the configuration for the ingress network. 
       network = object({
+        # Defines the configuration for the ingress network. 
         availability_zones = optional(number, 2)
-        ipam_pool_id       = optional(string, null)
-        name               = optional(string, "ingress")
-        private_netmask    = number
-        public_netmask     = number
-        vpc_cidr           = optional(string, null)
-        vpc_netmask        = optional(string, null)
+        # The number of availablity zones to use for the ingress network. Defaults to 2. 
+        ipam_pool_id = optional(string, null)
+        # The ID of the IPAM pool to use for the ingress network. Defaults to null. 
+        name = optional(string, "ingress")
+        # The name of the ingress network. Defaults to 'ingress'. 
+        private_netmask = number
+        # The netmask to use for the private network. Required, ensure space for enough aws services. 
+        public_netmask = number
+        # The netmask to use for the public network. Required, ensure space for enough aws services. 
+        vpc_cidr = optional(string, null)
+        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM 
+        vpc_netmask = optional(string, null)
+        # The netmask to use for the VPC. Defaults to null, required when using IPAM 
       })
     }), null)
     inspection = optional(object({
+      # Defines the configuration for the inspection network. 
       inbound_route_table_name = optional(string, "inbound")
+      # The name of the inbound route table. Defaults to 'inbound'. 
       network = optional(object({
+        # Defines the configuration for the inspection network. 
         availability_zones = number
-        name               = optional(string, "inspection")
-        private_netmask    = optional(number, 24)
-        vpc_cidr           = optional(string, "100.64.0.0/21")
+        # The number of availablity zones to use for the inspection network. Required. Must match the 
+        # number of availability zones you use in the organization, due to symmetric routing requirements. 
+        name = optional(string, "inspection")
+        # The name of the inspection network. Defaults to 'inspection'. 
+        private_netmask = optional(number, 24)
+        # The netmask to use for the private network. Defaults to 24
+        vpc_cidr = optional(string, "100.64.0.0/21")
+        # The CIDR block to use for the VPC. Defaults to carrier-grade NAT space. 
       }), null)
       spokes_route_table_name = optional(string, "spokes")
+      # The name of the spokes route table. Defaults to 'spokes'. 
     }), null)
     trusted = optional(object({
-      trusted_attachments      = optional(list(string), [])
+      # Defines the configuration for the trusted routing
+      trusted_attachments = optional(list(string), [])
+      # The list of transit gateway attachments to trust e.g can see all the other untrusted networks. Defaults to an empty list.
       trusted_route_table_name = optional(string, "trusted")
+      # The name of the trusted route table. Defaults to 'trusted'.
     }), null)
   })
 }