feat!: use shared route table for public subnet (#125)

* feat!: use shared route table for public subnet

* docs: update terraform-docs

modules/vpc/README.md

@@ -28,6 +28,8 @@ Per the `aws_ec2_tag` [resource documentation](https://registry.terraform.io/pro
 In order for [subnet auto discovery](https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/8db51cb82370fba5e25e470829520e1da219776f/docs/deploy/subnet_discovery.md) in EKS to work properly, certain VPC resources need to be tagged with values specific to the EKS cluster they are associated with. These tags are often applied _after_ cluster creation, creating circular dependencies if trying to manage them within the actual VPC resouce.
 
 For this reason, we recommend managing the tags externally of the resource itself, and have thus added the `ignore_changes` block to any resource using a tag which makes the default tags applied by this module static, rather than being able to dynamically provide additional tags to this module.
+
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -39,7 +41,7 @@ For this reason, we recommend managing the tags externally of the resource itsel
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.64.2 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.36.0 |
 
 ## Modules
 
@@ -68,14 +70,14 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_num_azs"></a> [num\_azs](#input\_num\_azs) | The number of availability zones to provision | `number` | `2` | no |
-| <a name="input_private_subnet_newbits"></a> [private\_subnet\_newbits](#input\_private\_subnet\_newbits) | The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 8, the subnets will be /24s. | `number` | `8` | no |
-| <a name="input_private_subnet_start"></a> [private\_subnet\_start](#input\_private\_subnet\_start) | The starting octet for the private subnet CIDR blocks generated by this module. | `number` | `10` | no |
+| <a name="input_private_subnet_newbits"></a> [private\_subnet\_newbits](#input\_private\_subnet\_newbits) | The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 4, the subnets will be /20s. | `number` | `4` | no |
+| <a name="input_private_subnet_start"></a> [private\_subnet\_start](#input\_private\_subnet\_start) | The starting octet for the private subnet CIDR blocks generated by this module. | `number` | `8` | no |
 | <a name="input_public_subnet_auto_ip"></a> [public\_subnet\_auto\_ip](#input\_public\_subnet\_auto\_ip) | n/a | `bool` | `false` | no |
-| <a name="input_public_subnet_newbits"></a> [public\_subnet\_newbits](#input\_public\_subnet\_newbits) | The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 8, the subnets will be /24s. | `number` | `8` | no |
-| <a name="input_public_subnet_start"></a> [public\_subnet\_start](#input\_public\_subnet\_start) | The starting octet for the public subnet CIDR blocks generated by this module. | `number` | `20` | no |
+| <a name="input_public_subnet_newbits"></a> [public\_subnet\_newbits](#input\_public\_subnet\_newbits) | The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 4, the subnets will be /20s. | `number` | `4` | no |
+| <a name="input_public_subnet_start"></a> [public\_subnet\_start](#input\_public\_subnet\_start) | The starting octet for the public subnet CIDR blocks generated by this module. | `number` | `0` | no |
 | <a name="input_region"></a> [region](#input\_region) | n/a | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional to apply to the resources. Note that this module sets the tags Name, Type, and Vendor by default. They can be overwritten, but it is not recommended. | `map(string)` | `{}` | no |
-| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR range to be used by the AWS VPC. We recommend using a /16 prefix to automatically generate /24 subnets. If you are using a smaller or larger prefix, refer to the subnet\_newbits variable to ensure that the generated subnet ranges are a valid for EKS (minimum /24 is recommended). | `string` | n/a | yes |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR range to be used by the AWS VPC. We recommend using a /16 prefix to automatically generate /20 subnets. If you are using a smaller or larger prefix, refer to the subnet\_newbits variable to ensure that the generated subnet ranges are a valid for EKS (minimum /20 is recommended). | `string` | n/a | yes |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | The name used for the VPC and associated resources | `string` | n/a | yes |
 
 ## Outputs
@@ -85,3 +87,4 @@ No modules.
 | <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | A list of private subnet ID's created by this module |
 | <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | A list of public subnet ID's created by this module |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC created by this module |
+<!-- END_TF_DOCS -->

modules/vpc/main.tf

@@ -28,24 +28,26 @@ resource "aws_vpc" "vpc" {
 }
 
 resource "aws_subnet" "public" {
-  count                   = var.num_azs
+  count = var.num_azs
+
   vpc_id                  = aws_vpc.vpc.id
   cidr_block              = cidrsubnet(var.vpc_cidr, var.public_subnet_newbits, var.public_subnet_start + count.index)
   availability_zone       = data.aws_availability_zones.available.names[count.index]
   map_public_ip_on_launch = var.public_subnet_auto_ip
-  tags                    = merge({ "Vendor" = "StreamNative", "Type" = "public", Name = format("%s-public-sbn-%s", var.vpc_name, count.index) }, var.tags)
+  tags                    = merge({ "Vendor" = "StreamNative", "Type" = "public", "kubernetes.io/role/elb" = "1", Name = format("%s-public-sbn-%s", var.vpc_name, count.index) }, var.tags)
 
   lifecycle {
     ignore_changes = [tags]
   }
 }
 
 resource "aws_subnet" "private" {
-  count             = var.num_azs
+  count = var.num_azs
+
   vpc_id            = aws_vpc.vpc.id
   cidr_block        = cidrsubnet(var.vpc_cidr, var.private_subnet_newbits, var.private_subnet_start + count.index)
   availability_zone = data.aws_availability_zones.available.names[count.index]
-  tags              = merge({ "Vendor" = "StreamNative", "Type" = "private", Name = format("%s-private-sbn-%s", var.vpc_name, count.index) }, var.tags)
+  tags              = merge({ "Vendor" = "StreamNative", "Type" = "private", "kubernetes.io/role/internal-elb" = "1", Name = format("%s-private-sbn-%s", var.vpc_name, count.index) }, var.tags)
 
   lifecycle {
     ignore_changes = [tags]
@@ -63,12 +65,19 @@ resource "aws_internet_gateway" "gw" {
 
 resource "aws_eip" "eip" {
   count = var.num_azs
-  vpc   = true
-  tags  = merge({ "Vendor" = "StreamNative", Name = format("%s-eip", var.vpc_name) }, var.tags)
+
+  domain = "vpc"
+  tags   = merge({ "Vendor" = "StreamNative", Name = format("%s-eip-%s", var.vpc_name, count.index) }, var.tags)
+
+  depends_on = [aws_internet_gateway.gw]
+  lifecycle {
+    ignore_changes = [tags]
+  }
 }
 
 resource "aws_nat_gateway" "nat_gw" {
-  count         = var.num_azs
+  count = var.num_azs
+
   allocation_id = aws_eip.eip[count.index].id
   subnet_id     = aws_subnet.public[count.index].id
   tags          = merge({ "Vendor" = "StreamNative", Name = format("%s-ngw-%s", var.vpc_name, count.index) }, var.tags)
@@ -79,29 +88,34 @@ resource "aws_nat_gateway" "nat_gw" {
 }
 
 resource "aws_route_table" "public_route_table" {
-  count  = var.num_azs
+  count = 1
+
   vpc_id = aws_vpc.vpc.id
-  tags   = merge({ "Vendor" = "StreamNative", Name = format("%s-public-rtb-%s", var.vpc_name, count.index) }, var.tags)
+  tags   = merge({ "Vendor" = "StreamNative", Name = format("%s-public-rtb", var.vpc_name) }, var.tags)
+
   lifecycle {
     ignore_changes = [tags]
   }
 }
 
 resource "aws_route" "public_route" {
-  count                  = var.num_azs
-  route_table_id         = aws_route_table.public_route_table[count.index].id
+  count = 1
+
+  route_table_id         = aws_route_table.public_route_table[0].id
   gateway_id             = aws_internet_gateway.gw.id
   destination_cidr_block = "0.0.0.0/0"
 }
 
 resource "aws_route_table_association" "public_assoc" {
-  count          = var.num_azs
+  count = var.num_azs
+
   subnet_id      = aws_subnet.public[count.index].id
-  route_table_id = aws_route_table.public_route_table[count.index].id
+  route_table_id = aws_route_table.public_route_table[0].id
 }
 
 resource "aws_route_table" "private_route_table" {
-  count  = var.num_azs
+  count = var.num_azs
+
   vpc_id = aws_vpc.vpc.id
   tags   = merge({ "Vendor" = "StreamNative", Name = format("%s-private-rtb-%s", var.vpc_name, count.index) }, var.tags)
 
@@ -111,14 +125,16 @@ resource "aws_route_table" "private_route_table" {
 }
 
 resource "aws_route" "private_route" {
-  count                  = var.num_azs
+  count = var.num_azs
+
   route_table_id         = aws_route_table.private_route_table[count.index].id
   nat_gateway_id         = aws_nat_gateway.nat_gw[count.index].id
   destination_cidr_block = "0.0.0.0/0"
 }
 
 resource "aws_route_table_association" "private_assoc" {
-  count          = var.num_azs
+  count = var.num_azs
+
   subnet_id      = aws_subnet.private[count.index].id
   route_table_id = aws_route_table.private_route_table[count.index].id
 }

modules/vpc/variables.tf

@@ -25,33 +25,38 @@ variable "vpc_name" {
   type        = string
 }
 
+variable "vpc_cidr" {
+  description = "The CIDR range to be used by the AWS VPC. We recommend using a /16 prefix to automatically generate /20 subnets. If you are using a smaller or larger prefix, refer to the subnet_newbits variable to ensure that the generated subnet ranges are a valid for EKS (minimum /20 is recommended)."
+  type        = string
+}
+
 variable "num_azs" {
   type        = number
   description = "The number of availability zones to provision"
   default     = 2
 }
 
 variable "private_subnet_start" {
-  default     = 10
+  default     = 8
   description = "The starting octet for the private subnet CIDR blocks generated by this module."
   type        = number
 }
 
 variable "public_subnet_start" {
-  default     = 20
+  default     = 0
   description = "The starting octet for the public subnet CIDR blocks generated by this module."
   type        = number
 }
 
 variable "private_subnet_newbits" {
-  default     = 8
-  description = "The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 8, the subnets will be /24s."
+  default     = 4
+  description = "The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 4, the subnets will be /20s."
   type        = number
 }
 
 variable "public_subnet_newbits" {
-  default     = 8
-  description = "The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 8, the subnets will be /24s."
+  default     = 4
+  description = "The number of bits to added to the VPC CIDR prefix. For instance, if your VPC CIDR is a /16 and you set this number to 4, the subnets will be /20s."
   type        = number
 }
 
@@ -65,8 +70,3 @@ variable "tags" {
   description = "Additional to apply to the resources. Note that this module sets the tags Name, Type, and Vendor by default. They can be overwritten, but it is not recommended."
   type        = map(string)
 }
-
-variable "vpc_cidr" {
-  description = "The CIDR range to be used by the AWS VPC. We recommend using a /16 prefix to automatically generate /24 subnets. If you are using a smaller or larger prefix, refer to the subnet_newbits variable to ensure that the generated subnet ranges are a valid for EKS (minimum /24 is recommended)."
-  type        = string
-}