Merge pull request #1 from terrablocks/remove-complications

update subnet creation logic, bug fix and update example
terrablocks · Feb 4, 2022 · d1637c9 · d1637c9
2 parents 15abf5a + 1919996
commit d1637c9
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 56 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Create subnets for your existing VPC
 
-![License](https://img.shields.io/github/license/terrablocks/aws-subnets?style=for-the-badge) ![Tests](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/tests/master?label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/checkov/master?label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/aws-subnets?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/aws-subnets?style=for-the-badge)
+![License](https://img.shields.io/github/license/terrablocks/aws-subnets?style=for-the-badge) ![Tests](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/tests/main?label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/checkov/main?label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/aws-subnets?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/aws-subnets?style=for-the-badge)
 
 This terraform module will deploy the following services:
 - Subnets
@@ -11,10 +11,53 @@ This terraform module will deploy the following services:
 # Usage Instructions
 ## Example
 ```terraform
-module "subnet" {
+module "vpc" {
+  source = "github.com/terrablocks/aws-vpc.git"
+
+  network_name = "dev"
+}
+
+module "pub_subnet" {
+  source = "github.com/terrablocks/aws-subnets.git"
+
+  vpc_id = module.vpc.id
+  cidr_blocks = {
+    us-east-1a = "10.0.1.0/24"
+    us-east-1b = "10.0.2.0/24"
+    us-east-1c = "10.0.3.0/24"
+  }
+  subnet_name   = "public-subnet"
+  map_public_ip = true
+  rtb_name      = "public-rtb"
+  attach_igw    = true
+}
+
+module "pvt_subnet" {
+  source = "github.com/terrablocks/aws-subnets.git"
+
+  vpc_id = module.vpc.id
+  cidr_blocks = {
+    us-east-1a = "10.0.4.0/24"
+    us-east-1b = "10.0.5.0/24"
+    us-east-1c = "10.0.6.0/24"
+  }
+  subnet_name     = "private-subnet"
+  rtb_name        = "private-rtb"
+  create_nat      = true
+  natgw_subnet_id = module.pub_subnet.ids[0]
+}
+
+module "protected_subnet" {
   source = "github.com/terrablocks/aws-subnets.git"
 
-  vpc_id = "vpc-xxxx"
+  vpc_id = module.vpc.id
+  cidr_blocks = {
+    ap-south-1a = "10.0.7.0/24"
+    ap-south-1b = "10.0.8.0/24"
+    ap-south-1c = "10.0.9.0/24"
+  }
+  subnet_name = "protected-subnet"
+  rtb_name    = "protected-rtb"
 }
 ```
 
@@ -29,17 +72,14 @@ module "subnet" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| azs | List of availability zones to be used for creating subnets | `list(string)` | <pre>[<br>  "us-east-1a",<br>  "us-east-1b"<br>]</pre> | no |
 | vpc_id | ID of VPC to associate resource with | `string` | n/a | yes |
-| cidr_block | VPC CIDR block to use as a base for assigning CIDR to subnet. Leave it blank to use the default CIDR block | `string` | `""` | no |
-| subnet_index | Nth network within a CIDR to use as the starting point for subnet CIDR or count of existing subnets in VPC. 0 means no subnets exist within the VPC CIDR block | `number` | `0` | no |
+| cidr_blocks | Map of availability zone and cidr block to assign<pre>{<br>  us-east-1a = "10.0.1.0/24"<br>  us-east-1b = "10.0.2.0/24"<br>  us-east-1c = "10.0.3.0/24"<br>}</pre> | `map(string)` | `{}` | no |
 | subnet_name | Name of subnet | `string` | `""` | no |
 | map_public_ip | Automatically assign public ip to resources launched in this subnet | `bool` | `false` | no |
-| mask | Subnet mask to assign to subnet | `number` | `26` | no |
 | create_rtb | Create route table for the subnet and associate it | `bool` | `true` | no |
 | rtb_name | Name for route table to be created if `create_rtb` is set to true | `string` | `null` | no |
 | rtb_id | Existing route table to associate with subnet. **Note:** Required only if `create_rtb` is set to false | `string` | `""` | no |
-| igw_id | Internet gateway id to assicate with route table | `string` | `""` | no |
+| attach_igw | Whether to attach internet gateway to the route table | `bool` | `false` | no |
 | create_nat | Whether to create NAT gateway for subnet and associate it to the route table | `bool` | `false` | no |
 | natgw_subnet_id | Subnet ID to place NAT gateway in. **Note:** Required if `create_nat` is set to true | `string` | `""` | no |
 | natgw_id | Existing NAT gateway to associate with route table | `string` | `null` | no |

diff --git a/main.tf b/main.tf
@@ -2,26 +2,24 @@ data "aws_vpc" "this" {
   id = var.vpc_id
 }
 
-locals {
-  vpc_cidr = var.cidr_block == "" ? data.aws_vpc.this.cidr_block : var.cidr_block
-  vpc_mask = element(split("/", local.vpc_cidr), 1)
+data "aws_internet_gateway" "this" {
+  filter {
+    name   = "attachment.vpc-id"
+    values = [data.aws_vpc.this.id]
+  }
 }
 
 resource "aws_subnet" "this" {
   # checkov:skip=CKV_AWS_130: Enabling public IP for subnet depends on user
-  count                   = length(var.azs)
+  for_each                = var.cidr_blocks
   vpc_id                  = data.aws_vpc.this.id
   map_public_ip_on_launch = var.map_public_ip
-  cidr_block = cidrsubnet(
-    local.vpc_cidr,
-    var.mask - local.vpc_mask,
-    count.index + var.subnet_index,
-  )
-  availability_zone = element(var.azs, count.index)
+  cidr_block              = each.value
+  availability_zone       = each.key
 
   tags = merge({
-    Name = var.subnet_name
-    Zone = element(var.azs, count.index)
+    Name = "${var.subnet_name}-${split("-", each.key)[2]}"
+    Zone = each.key
   }, var.tags)
 
   lifecycle {
@@ -39,10 +37,10 @@ resource "aws_route_table" "this" {
 }
 
 resource "aws_route" "igw" {
-  count                  = var.create_rtb && var.igw_id != "" ? 1 : 0
+  count                  = var.create_rtb && var.attach_igw ? 1 : 0
   route_table_id         = join(",", aws_route_table.this.*.id)
   destination_cidr_block = "0.0.0.0/0"
-  gateway_id             = var.igw_id
+  gateway_id             = data.aws_internet_gateway.this.internet_gateway_id
 }
 
 resource "aws_eip" "nat" {
@@ -67,14 +65,14 @@ resource "aws_route" "ngw" {
 }
 
 resource "aws_route_table_association" "this" {
-  count          = length(var.azs)
-  subnet_id      = aws_subnet.this[count.index].id
+  for_each       = var.cidr_blocks
+  subnet_id      = aws_subnet.this[each.key].id
   route_table_id = var.create_rtb ? join(",", aws_route_table.this.*.id) : var.rtb_id
 }
 
 resource "aws_network_acl" "this" {
   vpc_id     = data.aws_vpc.this.id
-  subnet_ids = aws_subnet.this.*.id
+  subnet_ids = [for _, v in aws_subnet.this : v.id]
 
   dynamic "ingress" {
     for_each = var.nacl_ingress_rules

diff --git a/output.tf b/output.tf
@@ -1,10 +1,10 @@
 output "ids" {
-  value       = aws_subnet.this.*.id
+  value       = [for _, v in aws_subnet.this : v.id]
   description = "List of subnet ids"
 }
 
 output "cidrs" {
-  value       = aws_subnet.this.*.cidr_block
+  value       = [for _, v in aws_subnet.this : v.cidr_block]
   description = "List of subnet CIDR blocks"
 }
 

diff --git a/vars.tf b/vars.tf
@@ -1,27 +1,19 @@
-variable "azs" {
-  type = list(string)
-  default = [
-    "us-east-1a",
-    "us-east-1b",
-  ]
-  description = "List of availability zones to be used for creating subnets"
-}
-
 variable "vpc_id" {
   type        = string
   description = "ID of VPC to associate resource with"
 }
 
-variable "cidr_block" {
-  type        = string
-  default     = ""
-  description = "VPC CIDR block to use as a base for assigning CIDR to subnet. Leave it blank to use the default CIDR block"
-}
-
-variable "subnet_index" {
-  type        = number
-  default     = 0
-  description = "Nth network within a CIDR to use as the starting point for subnet CIDR or count of existing subnets in VPC. 0 means no subnets exist within the VPC CIDR block"
+variable "cidr_blocks" {
+  type        = map(string)
+  default     = {}
+  description = <<-EOT
+    Map of availability zone and cidr block to assign
+    ```{
+      us-east-1a = "10.0.1.0/24"
+      us-east-1b = "10.0.2.0/24"
+      us-east-1c = "10.0.3.0/24"
+    }```
+  EOT
 }
 
 variable "subnet_name" {
@@ -36,12 +28,6 @@ variable "map_public_ip" {
   description = "Automatically assign public ip to resources launched in this subnet"
 }
 
-variable "mask" {
-  type        = number
-  default     = 26
-  description = "Subnet mask to assign to subnet"
-}
-
 variable "create_rtb" {
   type        = bool
   default     = true
@@ -60,10 +46,10 @@ variable "rtb_id" {
   description = "Existing route table to associate with subnet. **Note:** Required only if `create_rtb` is set to false"
 }
 
-variable "igw_id" {
-  type        = string
-  default     = ""
-  description = "Internet gateway id to assicate with route table"
+variable "attach_igw" {
+  type        = bool
+  default     = false
+  description = "Whether to attach internet gateway to the route table"
 }
 
 variable "create_nat" {