feat: adding additional outputs to the module

.github/workflows/release.yml

@@ -6,6 +6,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: write
+
 jobs:
   release:
     uses: appvia/appvia-cicd-workflows/.github/workflows/terraform-module-release.yml@main

Makefile

@@ -16,7 +16,7 @@
 #
 AUTHOR_EMAIL[email protected]
 
-.PHONY: all security lint format documentation documentation-examples
+.PHONY: all security lint format documentation documentation-examples validate-all validate validate-examples init
 
 default: all
 
@@ -45,10 +45,24 @@ init:
 	@echo "--> Running terraform init"
 	@terraform init -backend=false
 
+validate-all:
+	@echo "--> Running all validation checks"
+	$(MAKE) validate
+	$(MAKE) validate-examples
+
 validate:
 	@echo "--> Running terraform validate"
+	@terraform init -backend=false
 	@terraform validate
 
+validate-examples:
+	@echo "--> Running terraform validate on examples"
+	@find examples -type d -mindepth 1 -maxdepth 1 | while read -r dir; do \
+		echo "--> Validating $$dir"; \
+		terraform -chdir=$$dir init; \
+		terraform -chdir=$$dir validate; \
+	done
+
 lint:
 	@echo "--> Running tflint"
 	@tflint --init 
@@ -57,3 +71,10 @@ lint:
 format: 
 	@echo "--> Running terraform fmt"
 	@terraform fmt -recursive -write=true
+
+clean:
+	@echo "--> Cleaning up"
+	@find . -type d -name ".terraform" | while read -r dir; do \
+		echo "--> Removing $$dir"; \
+		rm -rf $$dir; \
+	done

README.md

@@ -109,16 +109,19 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="output_natgw_id_per_az"></a> [natgw\_id\_per\_az](#output\_natgw\_id\_per\_az) | The IDs of the NAT Gateways |
 | <a name="output_private_route_table_ids"></a> [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | The IDs of the private route tables |
 | <a name="output_private_subnet_attributes_by_az"></a> [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | The attributes of the private subnets |
-| <a name="output_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#output\_private\_subnet\_cidrs) | A map of the CIDRs for the private subnets |
+| <a name="output_private_subnet_id_to_cidr"></a> [private\_subnet\_id\_to\_cidr](#output\_private\_subnet\_id\_to\_cidr) | A map of the private subnet ID to CIDR block |
 | <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | The IDs of the private subnets |
 | <a name="output_private_subnet_list"></a> [private\_subnet\_list](#output\_private\_subnet\_list) | A list of the CIDRs for the private subnets |
 | <a name="output_private_subnet_netmask"></a> [private\_subnet\_netmask](#output\_private\_subnet\_netmask) | The netmask for the private subnets |
+| <a name="output_public_route_table_ids"></a> [public\_route\_table\_ids](#output\_public\_route\_table\_ids) | The IDs of the public route tables |
 | <a name="output_public_subnet_attributes_by_az"></a> [public\_subnet\_attributes\_by\_az](#output\_public\_subnet\_attributes\_by\_az) | The attributes of the public subnets |
+| <a name="output_public_subnet_id_to_cidr"></a> [public\_subnet\_id\_to\_cidr](#output\_public\_subnet\_id\_to\_cidr) | A map of the public subnet ID to CIDR block |
 | <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | The IDs of the public subnets |
 | <a name="output_public_subnet_list"></a> [public\_subnet\_list](#output\_public\_subnet\_list) | A list of the CIDRs for the public subnets |
 | <a name="output_public_subnet_netmask"></a> [public\_subnet\_netmask](#output\_public\_subnet\_netmask) | The netmask for the public subnets |
 | <a name="output_rt_attributes_by_type_by_az"></a> [rt\_attributes\_by\_type\_by\_az](#output\_rt\_attributes\_by\_type\_by\_az) | The attributes of the route tables |
 | <a name="output_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#output\_transit\_gateway\_attachment\_id) | The ID of the transit gateway attachment |
+| <a name="output_transit_route_table_by_az"></a> [transit\_route\_table\_by\_az](#output\_transit\_route\_table\_by\_az) | A map of availability zone to transit gateway route table ID |
 | <a name="output_transit_subnet_attributes_by_az"></a> [transit\_subnet\_attributes\_by\_az](#output\_transit\_subnet\_attributes\_by\_az) | The attributes of the transit gateway subnets |
 | <a name="output_transit_subnet_ids"></a> [transit\_subnet\_ids](#output\_transit\_subnet\_ids) | The IDs of the transit gateway subnets |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |

examples/basic/README.md

@@ -0,0 +1,42 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.11.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | Is the name of the network to provision | `string` | n/a | yes |
+| <a name="input_private_subnet_netmask"></a> [private\_subnet\_netmask](#input\_private\_subnet\_netmask) | The netmask for the private subnets | `number` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all resources | `map(string)` | n/a | yes |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The number of availability zone the network should be deployed into | `number` | `2` | no |
+| <a name="input_enable_ipam"></a> [enable\_ipam](#input\_enable\_ipam) | Indicates the cidr block for the network should be assigned from IPAM | `bool` | `true` | no |
+| <a name="input_enable_ssm"></a> [enable\_ssm](#input\_enable\_ssm) | Indicates we should provision SSM private endpoints | `bool` | `false` | no |
+| <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Indicates the network should provison nat gateways | `bool` | `false` | no |
+| <a name="input_public_subnet_netmask"></a> [public\_subnet\_netmask](#input\_public\_subnet\_netmask) | The netmask for the public subnets | `number` | `0` | no |
+| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | If enabled, and not lookup is disabled, the transit gateway id to connect to | `string` | `""` | no |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | An optional cidr block to assign to the VPC (if not using IPAM) | `string` | `null` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/basic/main.tf

@@ -0,0 +1,16 @@
+
+## Provision a VPC with public and private subnets
+module "vpc" {
+  source = "../.."
+
+  availability_zones     = var.availability_zones
+  enable_ipam            = var.enable_ipam
+  enable_ssm             = var.enable_ssm
+  enable_transit_gateway = var.enable_transit_gateway
+  name                   = var.name
+  private_subnet_netmask = var.private_subnet_netmask
+  public_subnet_netmask  = var.public_subnet_netmask
+  tags                   = var.tags
+  transit_gateway_id     = var.transit_gateway_id
+  vpc_cidr               = var.vpc_cidr
+}

examples/basic/providers.tf

@@ -0,0 +1,2 @@
+
+provider "aws" {}

examples/basic/terraform.tf

@@ -0,0 +1,15 @@
+
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+    awscc = {
+      source  = "hashicorp/awscc"
+      version = ">= 0.11.0"
+    }
+  }
+}

examples/basic/variables.tf

@@ -0,0 +1,62 @@
+
+variable "availability_zones" {
+  description = "The number of availability zone the network should be deployed into"
+  type        = number
+  default     = 2
+}
+
+variable "enable_ipam" {
+  description = "Indicates the cidr block for the network should be assigned from IPAM"
+  type        = bool
+  default     = true
+}
+
+variable "enable_transit_gateway" {
+  description = "Indicates the network should provison nat gateways"
+  type        = bool
+  default     = false
+}
+
+variable "enable_ssm" {
+  description = "Indicates we should provision SSM private endpoints"
+  type        = bool
+  default     = false
+}
+
+variable "name" {
+  description = "Is the name of the network to provision"
+  type        = string
+}
+
+variable "private_subnet_netmask" {
+  description = "The netmask for the private subnets"
+  type        = number
+
+  validation {
+    condition     = var.private_subnet_netmask > 0 && var.private_subnet_netmask <= 28
+    error_message = "private_subnet_netmask must be between 1 and 28"
+  }
+}
+
+variable "public_subnet_netmask" {
+  description = "The netmask for the public subnets"
+  type        = number
+  default     = 0
+}
+
+variable "tags" {
+  description = "Tags to apply to all resources"
+  type        = map(string)
+}
+
+variable "transit_gateway_id" {
+  description = "If enabled, and not lookup is disabled, the transit gateway id to connect to"
+  type        = string
+  default     = ""
+}
+
+variable "vpc_cidr" {
+  description = "An optional cidr block to assign to the VPC (if not using IPAM)"
+  type        = string
+  default     = null
+}

locals.tf

@@ -35,14 +35,14 @@ locals {
     }
   } : null
 
-  # private subnet ranges 
+  # A list of all the private subnets cidr blocks
   private_subnet_cidrs = [for k, x in module.vpc.private_subnet_attributes_by_az : x.cidr_block if startswith(k, "private/")]
-  # private subnet range map 
-  private_subnet_cidr_map = { for k, x in module.vpc.private_subnet_attributes_by_az : x.id => x.cidr_block if startswith(k, "private/") }
-
+  # A map of private subnet id to cidr block
+  private_subnet_cidr_by_id = { for k, x in module.vpc.private_subnet_attributes_by_az : x.id => x.cidr_block if startswith(k, "private/") }
+  # A map of public subnet id to cidr block 
+  public_subnet_cidr_by_id = { for k, x in module.vpc.public_subnet_attributes_by_az : x.id => x.cidr_block }
   # public_subnet ranges 
   public_subnet_cidrs = [for k, x in module.vpc.public_subnet_attributes_by_az : x.cidr_block]
-
   # The subnet id for the private subnets
   private_subnet_ids = [for k, x in module.vpc.private_subnet_attributes_by_az : x.id if startswith(k, "private/")]
   # The subnet id for the public subnets
@@ -52,6 +52,9 @@ locals {
   # The routing tables for the private subnets
   private_route_table_ids = [for k, x in module.vpc.rt_attributes_by_type_by_az.private : x.id]
   # The transgit gateway route table ids 
+  public_route_table_ids = var.public_subnet_netmask > 0 ? [for k, x in module.vpc.rt_attributes_by_type_by_az.public : x.id] : []
+  # A map of the route table ids for the transit gateway by az 
+  transit_route_table_by_az = var.enable_transit_gateway ? { for k, v in module.vpc.rt_attributes_by_type_by_az.transit_gateway : k => v.id } : {}
 
   subnets = merge(
     local.private_subnet,

outputs.tf

@@ -22,9 +22,14 @@ output "private_subnet_list" {
   value       = local.private_subnet_cidrs
 }
 
-output "private_subnet_cidrs" {
-  description = "A map of the CIDRs for the private subnets"
-  value       = local.private_subnet_cidr_map
+output "private_subnet_id_to_cidr" {
+  description = "A map of the private subnet ID to CIDR block"
+  value       = local.private_subnet_cidr_by_id
+}
+
+output "public_subnet_id_to_cidr" {
+  description = "A map of the public subnet ID to CIDR block"
+  value       = local.public_subnet_cidr_by_id
 }
 
 output "public_subnet_list" {
@@ -72,6 +77,16 @@ output "private_route_table_ids" {
   value       = local.private_route_table_ids
 }
 
+output "public_route_table_ids" {
+  description = "The IDs of the public route tables"
+  value       = local.public_route_table_ids
+}
+
+output "transit_route_table_by_az" {
+  description = "A map of availability zone to transit gateway route table ID"
+  value       = var.enable_transit_gateway ? local.transit_route_table_by_az : null
+}
+
 output "transit_gateway_attachment_id" {
   description = "The ID of the transit gateway attachment"
   value       = var.enable_transit_gateway ? module.vpc.transit_gateway_attachment_id : null