fix: making various amendments to the code (#5)

README.md

@@ -61,7 +61,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_private_links"></a> [private\_links](#module\_private\_links) | terraform-aws-modules/security-group/aws | 5.1.2 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | = 4.4.2 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | 4.4.2 |
 
 ## Resources
 
@@ -71,7 +71,6 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | [aws_vpc_endpoint.vpe_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_route53_resolver_rules.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_resolver_rules) | data source |
-| [aws_vpc_ipam_pool.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_ipam_pool) | data source |
 
 ## Inputs
 
@@ -90,9 +89,8 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Indicates the network should provison nat gateways | `bool` | `false` | no |
 | <a name="input_enable_transit_gateway_appliance_mode"></a> [enable\_transit\_gateway\_appliance\_mode](#input\_enable\_transit\_gateway\_appliance\_mode) | Indicates the network should be connected to a transit gateway in appliance mode | `bool` | `false` | no |
 | <a name="input_enable_transit_gateway_subnet_natgw"></a> [enable\_transit\_gateway\_subnet\_natgw](#input\_enable\_transit\_gateway\_subnet\_natgw) | Indicates if the transit gateway subnets should be connected to a nat gateway | `bool` | `false` | no |
-| <a name="input_exclude_resolver_rules"></a> [exclude\_resolver\_rules](#input\_exclude\_resolver\_rules) | List of resolver rules to exclude from association | `list(string)` | `[]` | no |
-| <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | An optional pool id to use for IPAM pool to use | `string` | `""` | no |
-| <a name="input_ipam_pool_name"></a> [ipam\_pool\_name](#input\_ipam\_pool\_name) | An optional pool name to use for IPAM pool to use | `string` | `""` | no |
+| <a name="input_exclude_route53_resolver_rules"></a> [exclude\_route53\_resolver\_rules](#input\_exclude\_route53\_resolver\_rules) | List of resolver rules to exclude from association | `list(string)` | `[]` | no |
+| <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | An optional pool id to use for IPAM pool to use | `string` | `null` | no |
 | <a name="input_nat_gateway_mode"></a> [nat\_gateway\_mode](#input\_nat\_gateway\_mode) | The configuration mode of the NAT gateways | `string` | `"none"` | no |
 | <a name="input_public_subnet_netmask"></a> [public\_subnet\_netmask](#input\_public\_subnet\_netmask) | The netmask for the public subnets | `number` | `0` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | If enabled, and not lookup is disabled, the transit gateway id to connect to | `string` | `""` | no |

data.tf

@@ -0,0 +1,10 @@
+
+# Get the current region 
+data "aws_region" "current" {}
+
+### Find any forwarding rules which have been shared to us 
+data "aws_route53_resolver_rules" "current" {
+  rule_type    = "FORWARD"
+  share_status = "SHARED_WITH_ME"
+}
+

locals.tf

@@ -1,33 +1,27 @@
 
 locals {
+  # Th current region
+  region = data.aws_region.current.name
   # The id for the transit_gateway_id passed into the module
   transit_gateway_id = var.enable_transit_gateway ? var.transit_gateway_id : null
-
   # Is the routes to propagate down the transit gateway 
   transit_routes = var.enable_transit_gateway && length(var.transit_gateway_routes) > 0 ? var.transit_gateway_routes : null
-
   # The configuration for the private subnets
-  private_subnet = {
+  private_subnet = var.private_subnet_netmask > 0 ? {
     private = {
-      connect_to_public_natgw = var.enable_nat_gateway ? true : null
+      connect_to_public_natgw = var.enable_nat_gateway ? true : false
       netmask                 = var.private_subnet_netmask
       tags                    = var.tags
     }
-  }
-
+  } : null
   # Public subnets are optional
   public_subnet = var.public_subnet_netmask > 0 ? {
     public = {
-      connect_to_public_natgw   = var.enable_nat_gateway ? true : null
       nat_gateway_configuration = var.nat_gateway_mode
       netmask                   = var.public_subnet_netmask
       tags                      = var.tags
     }
   } : null
-
-  # We use the discovered IPAM pool id if the user has not provided one
-  ipam_pool_id = var.enable_ipam ? data.aws_vpc_ipam_pool.current[0].id : null
-
   # Configuration for the transit subnets 
   transit_subnet = var.enable_transit_gateway ? {
     transit_gateway = {
@@ -45,7 +39,6 @@ locals {
   private_subnet_cidrs = [for k, x in module.vpc.private_subnet_attributes_by_az : x.cidr_block if startswith(k, "private/")]
   # private subnet range map 
   private_subnet_cidr_map = { for k, x in module.vpc.private_subnet_attributes_by_az : x.id => x.cidr_block if startswith(k, "private/") }
-  #
 
   # public_subnet ranges 
   public_subnet_cidrs = [for k, x in module.vpc.public_subnet_attributes_by_az : x.cidr_block]
@@ -72,6 +65,6 @@ locals {
   # enabled_endpotints is a list of all the private endpoints to enable 
   enabled_endpoints = concat(var.enable_private_endpoints, local.ssm_endpoints)
   ## Build the list of resolver rules to associate with the vpc 
-  resolver_rules = var.enable_route53_resolver_rules ? [for id in data.aws_route53_resolver_rules.current.resolver_rule_ids : id if !contains(var.exclude_resolver_rules, id)] : []
+  resolver_rules = var.enable_route53_resolver_rules ? [for id in data.aws_route53_resolver_rules.current.resolver_rule_ids : id if !contains(var.exclude_route53_resolver_rules, id)] : []
 }
 

main.tf

@@ -1,39 +1,8 @@
-# Get the current region 
-data "aws_region" "current" {}
-
-## Find any forwarding rules which have been shared to us 
-data "aws_route53_resolver_rules" "current" {
-  rule_type    = "FORWARD"
-  share_status = "SHARED_WITH_ME"
-}
-
-## Lookup the IPAM by protocol
-data "aws_vpc_ipam_pool" "current" {
-  count = var.enable_ipam ? 1 : 0
-
-  dynamic "filter" {
-    for_each = var.ipam_pool_name != "" ? [1] : []
-
-    content {
-      name   = "description"
-      values = [var.ipam_pool_name]
-    }
-  }
-
-  dynamic "filter" {
-    for_each = var.ipam_pool_id != "" ? [1] : []
-
-    content {
-      name   = "ipam-pool-id"
-      values = [var.ipam_pool_id]
-    }
-  }
-}
 
 ## Provision the VPC for VPN
 module "vpc" {
   source  = "aws-ia/vpc/aws"
-  version = "= 4.4.2"
+  version = "4.4.2"
 
   name                     = var.name
   az_count                 = var.availability_zones
@@ -45,7 +14,7 @@ module "vpc" {
   vpc_instance_tenancy     = var.vpc_instance_tenancy
   vpc_enable_dns_hostnames = true
   vpc_enable_dns_support   = true
-  vpc_ipv4_ipam_pool_id    = local.ipam_pool_id
+  vpc_ipv4_ipam_pool_id    = var.enable_ipam ? var.ipam_pool_id : null
   vpc_ipv4_netmask_length  = var.vpc_netmask
 }
 
@@ -64,7 +33,7 @@ module "private_links" {
   count   = length(local.enabled_endpoints) > 0 ? 1 : 0
 
   description         = "Provides the security groups for the private links access"
-  ingress_rules       = ["https-443-tcp", "http-80-tcp"]
+  ingress_rules       = ["https-443-tcp"]
   ingress_cidr_blocks = local.private_subnet_cidrs
   name                = "private-links-${var.name}"
   tags                = var.tags
@@ -77,7 +46,7 @@ resource "aws_vpc_endpoint" "vpe_endpoints" {
 
   private_dns_enabled = true
   security_group_ids  = [module.private_links[0].security_group_id]
-  service_name        = "com.amazonaws.${data.aws_region.current.name}.${each.value}"
+  service_name        = "com.amazonaws.${local.region}.${each.value}"
   subnet_ids          = local.private_subnet_ids
   tags                = merge(var.tags, { Name = "vpe-${each.value}-${var.name}" })
   vpc_endpoint_type   = "Interface"

variables.tf

@@ -22,7 +22,7 @@ variable "enable_route53_resolver_rules" {
   default     = true
 }
 
-variable "exclude_resolver_rules" {
+variable "exclude_route53_resolver_rules" {
   description = "List of resolver rules to exclude from association"
   type        = list(string)
   default     = []
@@ -64,16 +64,10 @@ variable "enable_ssm" {
   default     = false
 }
 
-variable "ipam_pool_name" {
-  description = "An optional pool name to use for IPAM pool to use"
-  type        = string
-  default     = ""
-}
-
 variable "ipam_pool_id" {
   description = "An optional pool id to use for IPAM pool to use"
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "name" {