add: support for static ip address

terraform-aws-modules · Jun 14, 2024 · 0097ead · 0097ead
1 parent 75d0ffc
commit 0097ead
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 15 deletions.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -288,10 +288,18 @@ module "resolver_rule_associations" {
 module "inbound_resolver_endpoints" {
   source = "../../modules/resolver-endpoints"
 
-  name       = "example1"
-  direction  = "INBOUND"
-  protocols  = ["Do53", "DoH"]
-  subnet_ids = module.vpc1.private_subnets
+  name      = "example1"
+  direction = "INBOUND"
+  protocols = ["Do53", "DoH"]
+
+  ip_address = [
+    {
+      subnet_id = module.vpc1.private_subnets[0]
+    },
+    {
+      subnet_id = module.vpc1.private_subnets[1]
+    }
+  ]
 
   vpc_id                     = module.vpc1.vpc_id
   security_group_name_prefix = "example1-sg-"
@@ -306,10 +314,18 @@ module "inbound_resolver_endpoints" {
 module "outbound_resolver_endpoints" {
   source = "../../modules/resolver-endpoints"
 
-  name       = "example2"
-  direction  = "OUTBOUND"
-  protocols  = ["Do53", "DoH"]
-  subnet_ids = module.vpc1.private_subnets
+  name      = "example2"
+  direction = "OUTBOUND"
+  protocols = ["Do53", "DoH"]
+
+  ip_address = [
+    {
+      subnet_id = module.vpc1.private_subnets[0]
+    },
+    {
+      subnet_id = module.vpc1.private_subnets[1]
+    }
+  ]
 
   vpc_id                     = module.vpc1.vpc_id
   security_group_name_prefix = "example2-sg-"

diff --git a/modules/resolver-endpoints/README.md b/modules/resolver-endpoints/README.md
@@ -34,6 +34,7 @@ No modules.
 | <a name="input_create"></a> [create](#input\_create) | Whether to create Route53 resolver endpoints | `bool` | `true` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Whether to create Security Groups for Route53 Resolver Endpoints | `bool` | `true` | no |
 | <a name="input_direction"></a> [direction](#input\_direction) | The resolver endpoint flow direction | `string` | `"INBOUND"` | no |
+| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | A list of IP addresses and subnets where Route53 resolver endpoints will be deployed | <pre>list(object({<br>    ip        = optional(string)<br>    subnet_id = string<br>  }))</pre> | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | The resolver endpoint name | `string` | `null` | no |
 | <a name="input_protocols"></a> [protocols](#input\_protocols) | The resolver endpoint protocols | `list(string)` | `[]` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | The security group description | `string` | `null` | no |
@@ -43,7 +44,6 @@ No modules.
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name of the security group | `string` | `null` | no |
 | <a name="input_security_group_name_prefix"></a> [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | The prefix of the security group | `string` | `null` | no |
 | <a name="input_security_group_tags"></a> [security\_group\_tags](#input\_security\_group\_tags) | A map of tags for the security group | `map(string)` | `{}` | no |
-| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnets where Route53 resolver endpoints will be deployed | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags for the Route53 resolver endpoint | `map(string)` | `{}` | no |
 | <a name="input_type"></a> [type](#input\_type) | The resolver endpoint IP type | `string` | `"IPV4"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID for all the Route53 Resolver Endpoints | `string` | `""` | no |

diff --git a/modules/resolver-endpoints/main.tf b/modules/resolver-endpoints/main.tf
@@ -12,10 +12,11 @@ resource "aws_route53_resolver_endpoint" "this" {
   security_group_ids     = local.security_group_ids
 
   dynamic "ip_address" {
-    for_each = var.subnet_ids
+    for_each = var.ip_address
 
     content {
-      subnet_id = ip_address.value
+      ip        = ip_address.value.ip
+      subnet_id = ip_address.value.subnet_id
     }
   }
 

diff --git a/modules/resolver-endpoints/variables.tf b/modules/resolver-endpoints/variables.tf
@@ -28,10 +28,13 @@ variable "type" {
   default     = "IPV4"
 }
 
-variable "subnet_ids" {
-  description = "A list of subnets where Route53 resolver endpoints will be deployed"
-  type        = list(string)
-  default     = []
+variable "ip_address" {
+  description = "A list of IP addresses and subnets where Route53 resolver endpoints will be deployed"
+  type = list(object({
+    ip        = optional(string)
+    subnet_id = string
+  }))
+  default = []
 }
 
 variable "security_group_ids" {