Add toggles for private & public subnet creation

This lets users create only private (or only public) subnets. The CIDR range is still divided as per usual, so you can change your mind later with minimal disruption.
cloudposse · Mar 14, 2021 · f7ee59e · f7ee59e
1 parent 56a4d6d
commit f7ee59e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/private.tf b/private.tf
@@ -17,7 +17,7 @@ locals {
 }
 
 resource "aws_subnet" "private" {
-  count             = local.enabled ? local.availability_zones_count : 0
+  count             = local.enabled && var.create_private_subnets ? local.availability_zones_count : 0
   vpc_id            = join("", data.aws_vpc.default.*.id)
   availability_zone = element(var.availability_zones, count.index)
 

diff --git a/public.tf b/public.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 resource "aws_subnet" "public" {
-  count             = local.enabled ? local.availability_zones_count : 0
+  count             = local.enabled && var.create_public_subnets ? local.availability_zones_count : 0
   vpc_id            = join("", data.aws_vpc.default.*.id)
   availability_zone = element(var.availability_zones, count.index)
 

diff --git a/variables.tf b/variables.tf
@@ -136,3 +136,15 @@ variable "root_block_device_encrypted" {
   default     = true
   description = "Whether to encrypt the root block device"
 }
+
+variable "create_public_subnets" {
+  type        = bool
+  default     = true
+  description = "Set to false to prevent the module from creating public subnets. Some of your CIDR block will still be reserved, so you can change this later without disruption."
+}
+
+variable "create_private_subnets" {
+  type        = bool
+  default     = true
+  description = "Set to false to prevent the module from creating private subnets. Some of your CIDR block will still be reserved, so you can change this later without disruption."
+}