diff --git a/README.md b/README.md index 114ec22..4562cec 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Create subnets for your existing VPC -![License](https://img.shields.io/github/license/terrablocks/aws-subnets?style=for-the-badge) ![Tests](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/tests/master?label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/checkov/master?label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/aws-subnets?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/aws-subnets?style=for-the-badge) +![License](https://img.shields.io/github/license/terrablocks/aws-subnets?style=for-the-badge) ![Tests](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/tests/main?label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/workflow/status/terrablocks/aws-subnets/checkov/main?label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/aws-subnets?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/aws-subnets?style=for-the-badge) This terraform module will deploy the following services: - Subnets @@ -11,10 +11,53 @@ This terraform module will deploy the following services: # Usage Instructions ## Example ```terraform -module "subnet" { +module "vpc" { + source = "github.com/terrablocks/aws-vpc.git" + + network_name = "dev" +} + +module "pub_subnet" { + source = "github.com/terrablocks/aws-subnets.git" + + vpc_id = module.vpc.id + cidr_blocks = { + us-east-1a = "10.0.1.0/24" + us-east-1b = "10.0.2.0/24" + us-east-1c = "10.0.3.0/24" + } + subnet_name = "public-subnet" + map_public_ip = true + rtb_name = "public-rtb" + attach_igw = true +} + +module "pvt_subnet" { + source = "github.com/terrablocks/aws-subnets.git" + + vpc_id = module.vpc.id + cidr_blocks = { + us-east-1a = "10.0.4.0/24" + us-east-1b = "10.0.5.0/24" + us-east-1c = "10.0.6.0/24" + } + subnet_name = "private-subnet" + rtb_name = "private-rtb" + create_nat = true + natgw_subnet_id = module.pub_subnet.ids[0] +} + +module "protected_subnet" { source = "github.com/terrablocks/aws-subnets.git" - vpc_id = "vpc-xxxx" + vpc_id = module.vpc.id + cidr_blocks = { + ap-south-1a = "10.0.7.0/24" + ap-south-1b = "10.0.8.0/24" + ap-south-1c = "10.0.9.0/24" + } + subnet_name = "protected-subnet" + rtb_name = "protected-rtb" } ``` @@ -29,17 +72,14 @@ module "subnet" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| azs | List of availability zones to be used for creating subnets | `list(string)` |
[| no | | vpc_id | ID of VPC to associate resource with | `string` | n/a | yes | -| cidr_block | VPC CIDR block to use as a base for assigning CIDR to subnet. Leave it blank to use the default CIDR block | `string` | `""` | no | -| subnet_index | Nth network within a CIDR to use as the starting point for subnet CIDR or count of existing subnets in VPC. 0 means no subnets exist within the VPC CIDR block | `number` | `0` | no | +| cidr_blocks | Map of availability zone and cidr block to assign
"us-east-1a",
"us-east-1b"
]
{| `map(string)` | `{}` | no | | subnet_name | Name of subnet | `string` | `""` | no | | map_public_ip | Automatically assign public ip to resources launched in this subnet | `bool` | `false` | no | -| mask | Subnet mask to assign to subnet | `number` | `26` | no | | create_rtb | Create route table for the subnet and associate it | `bool` | `true` | no | | rtb_name | Name for route table to be created if `create_rtb` is set to true | `string` | `null` | no | | rtb_id | Existing route table to associate with subnet. **Note:** Required only if `create_rtb` is set to false | `string` | `""` | no | -| igw_id | Internet gateway id to assicate with route table | `string` | `""` | no | +| attach_igw | Whether to attach internet gateway to the route table | `bool` | `false` | no | | create_nat | Whether to create NAT gateway for subnet and associate it to the route table | `bool` | `false` | no | | natgw_subnet_id | Subnet ID to place NAT gateway in. **Note:** Required if `create_nat` is set to true | `string` | `""` | no | | natgw_id | Existing NAT gateway to associate with route table | `string` | `null` | no | diff --git a/main.tf b/main.tf index eb145d1..14c7439 100644 --- a/main.tf +++ b/main.tf @@ -2,26 +2,24 @@ data "aws_vpc" "this" { id = var.vpc_id } -locals { - vpc_cidr = var.cidr_block == "" ? data.aws_vpc.this.cidr_block : var.cidr_block - vpc_mask = element(split("/", local.vpc_cidr), 1) +data "aws_internet_gateway" "this" { + filter { + name = "attachment.vpc-id" + values = [data.aws_vpc.this.id] + } } resource "aws_subnet" "this" { # checkov:skip=CKV_AWS_130: Enabling public IP for subnet depends on user - count = length(var.azs) + for_each = var.cidr_blocks vpc_id = data.aws_vpc.this.id map_public_ip_on_launch = var.map_public_ip - cidr_block = cidrsubnet( - local.vpc_cidr, - var.mask - local.vpc_mask, - count.index + var.subnet_index, - ) - availability_zone = element(var.azs, count.index) + cidr_block = each.value + availability_zone = each.key tags = merge({ - Name = var.subnet_name - Zone = element(var.azs, count.index) + Name = "${var.subnet_name}-${split("-", each.key)[2]}" + Zone = each.key }, var.tags) lifecycle { @@ -39,10 +37,10 @@ resource "aws_route_table" "this" { } resource "aws_route" "igw" { - count = var.create_rtb && var.igw_id != "" ? 1 : 0 + count = var.create_rtb && var.attach_igw ? 1 : 0 route_table_id = join(",", aws_route_table.this.*.id) destination_cidr_block = "0.0.0.0/0" - gateway_id = var.igw_id + gateway_id = data.aws_internet_gateway.this.internet_gateway_id } resource "aws_eip" "nat" { @@ -67,14 +65,14 @@ resource "aws_route" "ngw" { } resource "aws_route_table_association" "this" { - count = length(var.azs) - subnet_id = aws_subnet.this[count.index].id + for_each = var.cidr_blocks + subnet_id = aws_subnet.this[each.key].id route_table_id = var.create_rtb ? join(",", aws_route_table.this.*.id) : var.rtb_id } resource "aws_network_acl" "this" { vpc_id = data.aws_vpc.this.id - subnet_ids = aws_subnet.this.*.id + subnet_ids = [for _, v in aws_subnet.this : v.id] dynamic "ingress" { for_each = var.nacl_ingress_rules diff --git a/output.tf b/output.tf index 5caa023..d4fb558 100644 --- a/output.tf +++ b/output.tf @@ -1,10 +1,10 @@ output "ids" { - value = aws_subnet.this.*.id + value = [for _, v in aws_subnet.this : v.id] description = "List of subnet ids" } output "cidrs" { - value = aws_subnet.this.*.cidr_block + value = [for _, v in aws_subnet.this : v.cidr_block] description = "List of subnet CIDR blocks" } diff --git a/vars.tf b/vars.tf index ecf36ed..c93d68c 100644 --- a/vars.tf +++ b/vars.tf @@ -1,27 +1,19 @@ -variable "azs" { - type = list(string) - default = [ - "us-east-1a", - "us-east-1b", - ] - description = "List of availability zones to be used for creating subnets" -} - variable "vpc_id" { type = string description = "ID of VPC to associate resource with" } -variable "cidr_block" { - type = string - default = "" - description = "VPC CIDR block to use as a base for assigning CIDR to subnet. Leave it blank to use the default CIDR block" -} - -variable "subnet_index" { - type = number - default = 0 - description = "Nth network within a CIDR to use as the starting point for subnet CIDR or count of existing subnets in VPC. 0 means no subnets exist within the VPC CIDR block" +variable "cidr_blocks" { + type = map(string) + default = {} + description = <<-EOT + Map of availability zone and cidr block to assign + ```{ + us-east-1a = "10.0.1.0/24" + us-east-1b = "10.0.2.0/24" + us-east-1c = "10.0.3.0/24" + }``` + EOT } variable "subnet_name" { @@ -36,12 +28,6 @@ variable "map_public_ip" { description = "Automatically assign public ip to resources launched in this subnet" } -variable "mask" { - type = number - default = 26 - description = "Subnet mask to assign to subnet" -} - variable "create_rtb" { type = bool default = true @@ -60,10 +46,10 @@ variable "rtb_id" { description = "Existing route table to associate with subnet. **Note:** Required only if `create_rtb` is set to false" } -variable "igw_id" { - type = string - default = "" - description = "Internet gateway id to assicate with route table" +variable "attach_igw" { + type = bool + default = false + description = "Whether to attach internet gateway to the route table" } variable "create_nat" {
us-east-1a = "10.0.1.0/24"
us-east-1b = "10.0.2.0/24"
us-east-1c = "10.0.3.0/24"
}