chore: reworking the module

README.md

@@ -125,30 +125,27 @@ When adding a new group to SSO, there are following steps to complete:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_authorizations_rules"></a> [authorizations\_rules](#input\_authorizations\_rules) | Authorization rules for the VPN | <pre>list(object({<br>    access_group_id     = string<br>    description         = string<br>    name                = string<br>    target_network_cidr = string<br>  }))</pre> | n/a | yes |
-| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | Amount of availability zones to use for the VPC | `number` | n/a | yes |
+| <a name="input_authorization_rules"></a> [authorization\_rules](#input\_authorization\_rules) | Authorization rules for the VPN | <pre>list(object({<br>    access_group_id     = string<br>    description         = string<br>    name                = string<br>    target_network_cidr = string<br>  }))</pre> | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name of the VPN | `string` | n/a | yes |
-| <a name="input_private_subnet_netmask"></a> [private\_subnet\_netmask](#input\_private\_subnet\_netmask) | Netmask length for the private subnets | `number` | n/a | yes |
+| <a name="input_network"></a> [network](#input\_network) | Network configuration for the VPN | <pre>object({<br>    availability_zones      = optional(number, 2)<br>    ipam_pool_id            = optional(string, null)<br>    name                    = optional(string, "vpn")<br>    private_subnet_netmasks = optional(number, 24)<br>    public_subnet_netmasks  = optional(number, 24)<br>    transit_gateway_id      = string<br>    vpc_cidr                = optional(string, null)<br>    vpc_netmask             = optional(number, null)<br>  })</pre> | n/a | yes |
 | <a name="input_saml_provider_document"></a> [saml\_provider\_document](#input\_saml\_provider\_document) | Document for the SAML provider | `string` | n/a | yes |
 | <a name="input_saml_provider_portal_document"></a> [saml\_provider\_portal\_document](#input\_saml\_provider\_portal\_document) | Document for the SAML provider portal | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all resources | `map(string)` | n/a | yes |
 | <a name="input_vpn_log_stream_name"></a> [vpn\_log\_stream\_name](#input\_vpn\_log\_stream\_name) | Name of the CloudWatch log stream for the VPN | `string` | n/a | yes |
 | <a name="input_vpn_org_name"></a> [vpn\_org\_name](#input\_vpn\_org\_name) | Name of the organization for the VPN | `string` | n/a | yes |
 | <a name="input_client_cidr"></a> [client\_cidr](#input\_client\_cidr) | CIDR block for the VPN clients | `string` | `"172.16.0.0/16"` | no |
-| <a name="input_enable_ipam"></a> [enable\_ipam](#input\_enable\_ipam) | Enable IPAM for the VPC | `bool` | `false` | no |
-| <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Enable transit gateway for the VPC | `bool` | `true` | no |
-| <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | The ID of the IPAM pool to use for the VPC | `string` | `null` | no |
 | <a name="input_saml_provider_name"></a> [saml\_provider\_name](#input\_saml\_provider\_name) | Name of the SAML provider | `string` | `"Client_VPN"` | no |
 | <a name="input_saml_provider_portal_name"></a> [saml\_provider\_portal\_name](#input\_saml\_provider\_portal\_name) | Name of the SAML provider portal | `string` | `"Client_VPN_Portal"` | no |
-| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | ID of the transit gateway to use for the VPC | `string` | `""` | no |
-| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | CIDR block for the VPC, when not using IPAM | `string` | `null` | no |
-| <a name="input_vpc_netmask"></a> [vpc\_netmask](#input\_vpc\_netmask) | Netmask length for the VPN VPC, when using IPAM | `number` | `0` | no |
 | <a name="input_vpn_log_retention"></a> [vpn\_log\_retention](#input\_vpn\_log\_retention) | Number of days to retain VPN logs | `number` | `7` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_client_configuration"></a> [client\_configuration](#output\_client\_configuration) | VPN Client Configuration data. |
+| <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | The IDs of the private subnets. |
+| <a name="output_public_subnet_attributes_by_az"></a> [public\_subnet\_attributes\_by\_az](#output\_public\_subnet\_attributes\_by\_az) | The attributes of the public subnets by availability zone. |
+| <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | The IDs of the public subnets. |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC. |
 | <a name="output_vpn_endpoint_dns_name"></a> [vpn\_endpoint\_dns\_name](#output\_vpn\_endpoint\_dns\_name) | The DNS Name of the Client VPN Endpoint Connection. |
 <!-- END_TF_DOCS -->

examples/basic/README.md

@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_vpn"></a> [vpn](#module\_vpn) | appvia/vpn/aws | 0.0.2 |
+| <a name="module_vpn"></a> [vpn](#module\_vpn) | ../../ | n/a |
 
 ## Resources
 
@@ -29,24 +29,21 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | Amount of availability zones to use for the VPC | `number` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name of the VPN | `string` | n/a | yes |
-| <a name="input_private_subnet_netmask"></a> [private\_subnet\_netmask](#input\_private\_subnet\_netmask) | Netmask length for the private subnets | `number` | n/a | yes |
-| <a name="input_saml_provider_document"></a> [saml\_provider\_document](#input\_saml\_provider\_document) | Document for the SAML provider | `string` | n/a | yes |
-| <a name="input_saml_provider_portal_document"></a> [saml\_provider\_portal\_document](#input\_saml\_provider\_portal\_document) | Document for the SAML provider portal | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all resources | `map(string)` | n/a | yes |
+| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | ID of the transit gateway to use for the VPC | `string` | n/a | yes |
 | <a name="input_vpn_log_stream_name"></a> [vpn\_log\_stream\_name](#input\_vpn\_log\_stream\_name) | Name of the CloudWatch log stream for the VPN | `string` | n/a | yes |
 | <a name="input_vpn_org_name"></a> [vpn\_org\_name](#input\_vpn\_org\_name) | Name of the organization for the VPN | `string` | n/a | yes |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | Amount of availability zones to use for the VPC | `number` | `2` | no |
 | <a name="input_client_cidr"></a> [client\_cidr](#input\_client\_cidr) | CIDR block for the VPN clients | `string` | `"172.16.0.0/16"` | no |
-| <a name="input_enable_ipam"></a> [enable\_ipam](#input\_enable\_ipam) | Enable IPAM for the VPC | `bool` | `false` | no |
-| <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Enable transit gateway for the VPC | `bool` | `true` | no |
 | <a name="input_ipam_pool_id"></a> [ipam\_pool\_id](#input\_ipam\_pool\_id) | The ID of the IPAM pool to use for the VPC | `string` | `null` | no |
+| <a name="input_private_subnet_netmask"></a> [private\_subnet\_netmask](#input\_private\_subnet\_netmask) | Netmask length for the private subnets | `number` | `25` | no |
+| <a name="input_public_subnet_netmask"></a> [public\_subnet\_netmask](#input\_public\_subnet\_netmask) | Netmask length for the public subnets | `number` | `25` | no |
 | <a name="input_saml_provider_name"></a> [saml\_provider\_name](#input\_saml\_provider\_name) | Name of the SAML provider | `string` | `"Client_VPN"` | no |
 | <a name="input_saml_provider_portal_name"></a> [saml\_provider\_portal\_name](#input\_saml\_provider\_portal\_name) | Name of the SAML provider portal | `string` | `"Client_VPN_Portal"` | no |
 | <a name="input_sso_groups"></a> [sso\_groups](#input\_sso\_groups) | SSO groups to create VPN rules for | `list(string)` | `[]` | no |
-| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | ID of the transit gateway to use for the VPC | `string` | `""` | no |
-| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | CIDR block for the VPC, when not using IPAM | `string` | `null` | no |
-| <a name="input_vpc_netmask"></a> [vpc\_netmask](#input\_vpc\_netmask) | Netmask length for the VPN VPC, when using IPAM | `number` | `0` | no |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | CIDR block for the VPC, when not using IPAM | `string` | `"10.90.0.0/21"` | no |
+| <a name="input_vpc_netmask"></a> [vpc\_netmask](#input\_vpc\_netmask) | Netmask length for the VPN VPC, when using IPAM | `number` | `null` | no |
 | <a name="input_vpn_log_retention"></a> [vpn\_log\_retention](#input\_vpn\_log\_retention) | Number of days to retain VPN logs | `number` | `7` | no |
 
 ## Outputs

examples/basic/main.tf

@@ -22,10 +22,8 @@ data "aws_identitystore_group" "groups" {
 }
 
 locals {
-  ## The instance ARN for the identity store 
-  instance_arn = tolist(data.aws_ssoadmin_instances.this.arns)[0]
   ## The identity store ID
-  identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0]
+  identity_store_id = tolist(data.aws_ssoadmin_instances.current.identity_store_ids)[0]
 
   networks = {
     "all-internal"       = "10.0.0.0/8"
@@ -70,27 +68,28 @@ locals {
 
 ## Provision the AWS VPN
 module "vpn" {
-  source  = "appvia/vpn/aws"
-  version = "0.0.2"
+  source = "../../"
 
-  availability_zones            = var.availability_zones
   authorization_rules           = local.authorization_rules
   client_cidr                   = var.client_cidr
-  enable_ssm                    = var.enable_ssm
-  identity_store_id             = var.identity_store_id
-  ipam_pool_name                = var.ipam_pool_name
   name                          = var.name
-  private_subnet_netmasks       = var.private_subnet_netmasks
-  public_subnet_netmasks        = var.public_subnet_netmasks
   saml_provider_document        = file("${path.module}/metadata/saml.xml")
   saml_provider_name            = var.saml_provider_name
   saml_provider_portal_document = file("${path.module}/metadata/saml_portal.xml")
   saml_provider_portal_name     = var.saml_provider_portal_name
-  sso_groups                    = var.sso_groups
   tags                          = var.tags
-  transit_gateway_id            = var.transit_gateway_id
-  vpc_netmask                   = var.vpc_netmask
   vpn_log_retention             = var.vpn_log_retention
   vpn_log_stream_name           = var.vpn_log_stream_name
   vpn_org_name                  = var.vpn_org_name
+
+  network = {
+    availability_zones      = var.availability_zones
+    ipam_pool_id            = var.ipam_pool_id
+    name                    = var.name
+    private_subnet_netmasks = var.private_subnet_netmask
+    public_subnet_netmasks  = var.public_subnet_netmask
+    transit_gateway_id      = var.transit_gateway_id
+    vpc_netmask             = var.vpc_netmask
+    vpc_cidr                = var.vpc_cidr
+  }
 }