diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c8299b7a8..137f95c95 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ repos: rev: v1.8.1 hooks: - id: terraform_fmt - - id: terraform_docs +# - id: terraform_docs # not yet compatible with Terraform 0.12 - repo: git://github.com/pre-commit/pre-commit-hooks rev: v2.1.0 hooks: diff --git a/README.md b/README.md index 039c699cd..4421d980c 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ These types of resources are supported: * [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html) * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html): * Gateway: S3, DynamoDB - * Interface: EC2, SSM, EC2 Messages, SSM Messages, ECR API, ECR DKR, API Gateway, KMS + * Interface: EC2, SSM, EC2 Messages, SSM Messages, SQS, ECR API, ECR DKR, API Gateway, KMS, ECS, ECS Agent, ECS Telemetry * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) * [Redshift Subnet Group](https://www.terraform.io/docs/providers/aws/r/redshift_subnet_group.html) @@ -28,6 +28,12 @@ Sponsored by [Cloudcraft - the best way to draw AWS diagrams](https://cloudcraft Cloudcraft - the best way to draw AWS diagrams +## Terraform versions + +For Terraform 0.12 use version `v2.*` of this module. + +If you are using Terraform 0.11 you can use versions `v1.*`. + ## Usage ```hcl @@ -252,6 +258,15 @@ Terraform version 0.10.3 or newer is required for this module to work. | ecr\_dkr\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint | string | `"false"` | no | | ecr\_dkr\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECR DKR endpoint | list | `[]` | no | | ecr\_dkr\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used. | list | `[]` | no | +| ecs\_agent\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint | string | `"false"` | no | +| ecs\_agent\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS Agent endpoint | list | `[]` | no | +| ecs\_agent\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ecs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint | string | `"false"` | no | +| ecs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS endpoint | list | `[]` | no | +| ecs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | +| ecs\_telemetry\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint | string | `"false"` | no | +| ecs\_telemetry\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint | list | `[]` | no | +| ecs\_telemetry\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | elasticache\_acl\_tags | Additional tags for the elasticache subnets network ACL | map | `{}` | no | | elasticache\_dedicated\_network\_acl | Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets | string | `"false"` | no | | elasticache\_inbound\_acl\_rules | Elasticache subnets inbound network ACL rules | list | `[ { "cidr_block": "0.0.0.0/0", "from_port": 0, "protocol": "-1", "rule_action": "allow", "rule_number": 100, "to_port": 0 } ]` | no | @@ -269,10 +284,14 @@ Terraform version 0.10.3 or newer is required for this module to work. | enable\_ec2messages\_endpoint | Should be true if you want to provision an EC2MESSAGES endpoint to the VPC | string | `"false"` | no | | enable\_ecr\_api\_endpoint | Should be true if you want to provision an ecr api endpoint to the VPC | string | `"false"` | no | | enable\_ecr\_dkr\_endpoint | Should be true if you want to provision an ecr dkr endpoint to the VPC | string | `"false"` | no | +| enable\_ecs\_agent\_endpoint | Should be true if you want to provision a ECS Agent endpoint to the VPC | string | `"false"` | no | +| enable\_ecs\_endpoint | Should be true if you want to provision a ECS endpoint to the VPC | string | `"false"` | no | +| enable\_ecs\_telemetry\_endpoint | Should be true if you want to provision a ECS Telemetry endpoint to the VPC | string | `"false"` | no | | enable\_kms\_endpoint | Should be true if you want to provision a KMS endpoint to the VPC | string | `"false"` | no | | enable\_nat\_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | string | `"false"` | no | | enable\_public\_redshift | Controls if redshift should have public routing table | string | `"false"` | no | | enable\_s3\_endpoint | Should be true if you want to provision an S3 endpoint to the VPC | string | `"false"` | no | +| enable\_sqs\_endpoint | Should be true if you want to provision an SQS endpoint to the VPC | string | `"false"` | no | | enable\_ssm\_endpoint | Should be true if you want to provision an SSM endpoint to the VPC | string | `"false"` | no | | enable\_ssmmessages\_endpoint | Should be true if you want to provision a SSMMESSAGES endpoint to the VPC | string | `"false"` | no | | enable\_vpn\_gateway | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | string | `"false"` | no | @@ -327,6 +346,9 @@ Terraform version 0.10.3 or newer is required for this module to work. | reuse\_nat\_ips | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable | string | `"false"` | no | | secondary\_cidr\_blocks | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | list | `[]` | no | | single\_nat\_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | string | `"false"` | no | +| sqs\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint | string | `"false"` | no | +| sqs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SQS endpoint | list | `[]` | no | +| sqs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | ssm\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint | string | `"false"` | no | | ssm\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSM endpoint | list | `[]` | no | | ssm\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | @@ -415,11 +437,23 @@ Terraform version 0.10.3 or newer is required for this module to work. | vpc\_endpoint\_ecr\_dkr\_dns\_entry | The DNS entries for the VPC Endpoint for ECR DKR. | | vpc\_endpoint\_ecr\_dkr\_id | The ID of VPC endpoint for ECR DKR | | vpc\_endpoint\_ecr\_dkr\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECR DKR. | +| vpc\_endpoint\_ecs\_agent\_dns\_entry | The DNS entries for the VPC Endpoint for ECS Agent. | +| vpc\_endpoint\_ecs\_agent\_id | The ID of VPC endpoint for ECS Agent | +| vpc\_endpoint\_ecs\_agent\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS Agent. | +| vpc\_endpoint\_ecs\_dns\_entry | The DNS entries for the VPC Endpoint for ECS. | +| vpc\_endpoint\_ecs\_id | The ID of VPC endpoint for ECS | +| vpc\_endpoint\_ecs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS. | +| vpc\_endpoint\_ecs\_telemetry\_dns\_entry | The DNS entries for the VPC Endpoint for ECS Telemetry. | +| vpc\_endpoint\_ecs\_telemetry\_id | The ID of VPC endpoint for ECS Telemetry | +| vpc\_endpoint\_ecs\_telemetry\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for ECS Telemetry. | | vpc\_endpoint\_kms\_dns\_entry | The DNS entries for the VPC Endpoint for KMS. | | vpc\_endpoint\_kms\_id | The ID of VPC endpoint for KMS | | vpc\_endpoint\_kms\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for KMS. | | vpc\_endpoint\_s3\_id | The ID of VPC endpoint for S3 | | vpc\_endpoint\_s3\_pl\_id | The prefix list for the S3 VPC endpoint. | +| vpc\_endpoint\_sqs\_dns\_entry | The DNS entries for the VPC Endpoint for SQS. | +| vpc\_endpoint\_sqs\_id | The ID of VPC endpoint for SQS | +| vpc\_endpoint\_sqs\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SQS. | | vpc\_endpoint\_ssm\_dns\_entry | The DNS entries for the VPC Endpoint for SSM. | | vpc\_endpoint\_ssm\_id | The ID of VPC endpoint for SSM | | vpc\_endpoint\_ssm\_network\_interface\_ids | One or more network interfaces for the VPC Endpoint for SSM. | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index 8e258912e..f51519a87 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -45,7 +45,7 @@ module "vpc" { # VPC endpoint for SSM enable_ssm_endpoint = true ssm_endpoint_private_dns_enabled = true - ssm_endpoint_security_group_ids = [data.aws_security_group.default.id] # ssm_endpoint_subnet_ids = ["..."] + ssm_endpoint_security_group_ids = [data.aws_security_group.default.id] # VPC endpoint for SSMMESSAGES enable_ssmmessages_endpoint = true @@ -77,7 +77,20 @@ module "vpc" { kms_endpoint_private_dns_enabled = true kms_endpoint_security_group_ids = [data.aws_security_group.default.id] - # kms_endpoint_subnet_ids = ["..."] + # VPC endpoint for ECS + enable_ecs_endpoint = true + ecs_endpoint_private_dns_enabled = true + ecs_endpoint_security_group_ids = [data.aws_security_group.default.id] + + # VPC endpoint for ECS telemetry + enable_ecs_telemetry_endpoint = true + ecs_telemetry_endpoint_private_dns_enabled = true + ecs_telemetry_endpoint_security_group_ids = [data.aws_security_group.default.id] + + # VPC endpoint for SQS + enable_sqs_endpoint = true + sqs_endpoint_private_dns_enabled = true + sqs_endpoint_security_group_ids = [data.aws_security_group.default.id] tags = { Owner = "user" diff --git a/examples/complete-vpc/versions.tf b/examples/complete-vpc/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/complete-vpc/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/issue-108-route-already-exists/versions.tf b/examples/issue-108-route-already-exists/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/issue-108-route-already-exists/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/issue-224-vpcendpoint-apigw/versions.tf b/examples/issue-224-vpcendpoint-apigw/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/issue-224-vpcendpoint-apigw/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/issue-44-asymmetric-private-subnets/versions.tf b/examples/issue-44-asymmetric-private-subnets/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/issue-44-asymmetric-private-subnets/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/issue-46-no-private-subnets/versions.tf b/examples/issue-46-no-private-subnets/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/issue-46-no-private-subnets/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/manage-default-vpc/versions.tf b/examples/manage-default-vpc/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/manage-default-vpc/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/network-acls/versions.tf b/examples/network-acls/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/network-acls/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/secondary-cidr-blocks/versions.tf b/examples/secondary-cidr-blocks/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/secondary-cidr-blocks/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/simple-vpc/versions.tf b/examples/simple-vpc/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/simple-vpc/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/test_fixture/versions.tf b/examples/test_fixture/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/test_fixture/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/examples/vpc-separate-private-route-tables/versions.tf b/examples/vpc-separate-private-route-tables/versions.tf deleted file mode 100644 index ac97c6ac8..000000000 --- a/examples/vpc-separate-private-route-tables/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} diff --git a/main.tf b/main.tf index 9eb26d30c..035aee185 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,3 @@ -terraform { - required_version = ">= 0.12" -} - locals { max_subnet_length = max( length(var.private_subnets), @@ -901,6 +897,27 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" { route_table_id = aws_route_table.public[0].id } +####################### +# VPC Endpoint for SQS +####################### +data "aws_vpc_endpoint_service" "sqs" { + count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0 + + service = "sqs" +} + +resource "aws_vpc_endpoint" "sqs" { + count = var.create_vpc && var.enable_sqs_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.sqs[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.sqs_endpoint_security_group_ids + subnet_ids = coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.sqs_endpoint_private_dns_enabled +} + ####################### # VPC Endpoint for SSM ####################### @@ -1069,6 +1086,71 @@ resource "aws_vpc_endpoint" "kms" { private_dns_enabled = var.kms_endpoint_private_dns_enabled } +####################### +# VPC Endpoint for ECS +####################### +data "aws_vpc_endpoint_service" "ecs" { + count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0 + + service = "ecs" +} + +resource "aws_vpc_endpoint" "ecs" { + count = var.create_vpc && var.enable_ecs_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.ecs[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.ecs_endpoint_security_group_ids + subnet_ids = coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.ecs_endpoint_private_dns_enabled +} + + +####################### +# VPC Endpoint for ECS Agent +####################### +data "aws_vpc_endpoint_service" "ecs_agent" { + count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0 + + service = "ecs-agent" +} + +resource "aws_vpc_endpoint" "ecs_agent" { + count = var.create_vpc && var.enable_ecs_agent_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.ecs_agent[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.ecs_agent_endpoint_security_group_ids + subnet_ids = coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.ecs_agent_endpoint_private_dns_enabled +} + + +####################### +# VPC Endpoint for ECS Telemetry +####################### +data "aws_vpc_endpoint_service" "ecs_telemetry" { + count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0 + + service = "ecs-telemetry" +} + +resource "aws_vpc_endpoint" "ecs_telemetry" { + count = var.create_vpc && var.enable_ecs_telemetry_endpoint ? 1 : 0 + + vpc_id = local.vpc_id + service_name = data.aws_vpc_endpoint_service.ecs_telemetry[0].service_name + vpc_endpoint_type = "Interface" + + security_group_ids = var.ecs_telemetry_endpoint_security_group_ids + subnet_ids = coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id) + private_dns_enabled = var.ecs_telemetry_endpoint_private_dns_enabled +} + ########################## # Route table association ########################## diff --git a/outputs.tf b/outputs.tf index 304501b32..b5d3aefaa 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,46 +1,46 @@ output "vpc_id" { description = "The ID of the VPC" - value = element(concat(aws_vpc.this.*.id, [""]), 0) + value = concat(aws_vpc.this.*.id, [""])[0] } output "vpc_arn" { description = "The ARN of the VPC" - value = element(concat(aws_vpc.this.*.arn, [""]), 0) + value = concat(aws_vpc.this.*.arn, [""])[0] } output "vpc_cidr_block" { description = "The CIDR block of the VPC" - value = element(concat(aws_vpc.this.*.cidr_block, [""]), 0) + value = concat(aws_vpc.this.*.cidr_block, [""])[0] } output "default_security_group_id" { description = "The ID of the security group created by default on VPC creation" - value = element(concat(aws_vpc.this.*.default_security_group_id, [""]), 0) + value = concat(aws_vpc.this.*.default_security_group_id, [""])[0] } output "default_network_acl_id" { description = "The ID of the default network ACL" - value = element(concat(aws_vpc.this.*.default_network_acl_id, [""]), 0) + value = concat(aws_vpc.this.*.default_network_acl_id, [""])[0] } output "default_route_table_id" { description = "The ID of the default route table" - value = element(concat(aws_vpc.this.*.default_route_table_id, [""]), 0) + value = concat(aws_vpc.this.*.default_route_table_id, [""])[0] } output "vpc_instance_tenancy" { description = "Tenancy of instances spin up within VPC" - value = element(concat(aws_vpc.this.*.instance_tenancy, [""]), 0) + value = concat(aws_vpc.this.*.instance_tenancy, [""])[0] } output "vpc_enable_dns_support" { description = "Whether or not the VPC has DNS support" - value = element(concat(aws_vpc.this.*.enable_dns_support, [""]), 0) + value = concat(aws_vpc.this.*.enable_dns_support, [""])[0] } output "vpc_enable_dns_hostnames" { description = "Whether or not the VPC has DNS hostname support" - value = element(concat(aws_vpc.this.*.enable_dns_hostnames, [""]), 0) + value = concat(aws_vpc.this.*.enable_dns_hostnames, [""])[0] } //output "vpc_enable_classiclink" { @@ -50,7 +50,7 @@ output "vpc_enable_dns_hostnames" { output "vpc_main_route_table_id" { description = "The ID of the main route table associated with this VPC" - value = element(concat(aws_vpc.this.*.main_route_table_id, [""]), 0) + value = concat(aws_vpc.this.*.main_route_table_id, [""])[0] } //output "vpc_ipv6_association_id" { @@ -115,7 +115,7 @@ output "database_subnets_cidr_blocks" { output "database_subnet_group" { description = "ID of database subnet group" - value = element(concat(aws_db_subnet_group.database.*.id, [""]), 0) + value = concat(aws_db_subnet_group.database.*.id, [""])[0] } output "redshift_subnets" { @@ -135,7 +135,7 @@ output "redshift_subnets_cidr_blocks" { output "redshift_subnet_group" { description = "ID of redshift subnet group" - value = element(concat(aws_redshift_subnet_group.redshift.*.id, [""]), 0) + value = concat(aws_redshift_subnet_group.redshift.*.id, [""])[0] } output "elasticache_subnets" { @@ -170,18 +170,12 @@ output "intra_subnets_cidr_blocks" { output "elasticache_subnet_group" { description = "ID of elasticache subnet group" - value = element( - concat(aws_elasticache_subnet_group.elasticache.*.id, [""]), - 0, - ) + value = concat(aws_elasticache_subnet_group.elasticache.*.id, [""])[0] } output "elasticache_subnet_group_name" { description = "Name of elasticache subnet group" - value = element( - concat(aws_elasticache_subnet_group.elasticache.*.name, [""]), - 0, - ) + value = concat(aws_elasticache_subnet_group.elasticache.*.name, [""])[0] } output "public_route_table_ids" { @@ -231,68 +225,56 @@ output "natgw_ids" { output "igw_id" { description = "The ID of the Internet Gateway" - value = element(concat(aws_internet_gateway.this.*.id, [""]), 0) + value = concat(aws_internet_gateway.this.*.id, [""])[0] } output "vgw_id" { description = "The ID of the VPN Gateway" - value = element( - concat( - aws_vpn_gateway.this.*.id, - aws_vpn_gateway_attachment.this.*.vpn_gateway_id, - [""], - ), - 0, - ) + value = concat( + aws_vpn_gateway.this.*.id, + aws_vpn_gateway_attachment.this.*.vpn_gateway_id, + [""], + )[0] } output "default_vpc_id" { description = "The ID of the VPC" - value = element(concat(aws_default_vpc.this.*.id, [""]), 0) + value = concat(aws_default_vpc.this.*.id, [""])[0] } output "default_vpc_cidr_block" { description = "The CIDR block of the VPC" - value = element(concat(aws_default_vpc.this.*.cidr_block, [""]), 0) + value = concat(aws_default_vpc.this.*.cidr_block, [""])[0] } output "default_vpc_default_security_group_id" { description = "The ID of the security group created by default on VPC creation" - value = element( - concat(aws_default_vpc.this.*.default_security_group_id, [""]), - 0, - ) + value = concat(aws_default_vpc.this.*.default_security_group_id, [""])[0] } output "default_vpc_default_network_acl_id" { description = "The ID of the default network ACL" - value = element( - concat(aws_default_vpc.this.*.default_network_acl_id, [""]), - 0, - ) + value = concat(aws_default_vpc.this.*.default_network_acl_id, [""])[0] } output "default_vpc_default_route_table_id" { description = "The ID of the default route table" - value = element( - concat(aws_default_vpc.this.*.default_route_table_id, [""]), - 0, - ) + value = concat(aws_default_vpc.this.*.default_route_table_id, [""])[0] } output "default_vpc_instance_tenancy" { description = "Tenancy of instances spin up within VPC" - value = element(concat(aws_default_vpc.this.*.instance_tenancy, [""]), 0) + value = concat(aws_default_vpc.this.*.instance_tenancy, [""])[0] } output "default_vpc_enable_dns_support" { description = "Whether or not the VPC has DNS support" - value = element(concat(aws_default_vpc.this.*.enable_dns_support, [""]), 0) + value = concat(aws_default_vpc.this.*.enable_dns_support, [""])[0] } output "default_vpc_enable_dns_hostnames" { description = "Whether or not the VPC has DNS hostname support" - value = element(concat(aws_default_vpc.this.*.enable_dns_hostnames, [""]), 0) + value = concat(aws_default_vpc.this.*.enable_dns_hostnames, [""])[0] } //output "default_vpc_enable_classiclink" { @@ -302,7 +284,7 @@ output "default_vpc_enable_dns_hostnames" { output "default_vpc_main_route_table_id" { description = "The ID of the main route table associated with this VPC" - value = element(concat(aws_default_vpc.this.*.main_route_table_id, [""]), 0) + value = concat(aws_default_vpc.this.*.main_route_table_id, [""])[0] } //output "default_vpc_ipv6_association_id" { @@ -317,58 +299,73 @@ output "default_vpc_main_route_table_id" { output "public_network_acl_id" { description = "ID of the public network ACL" - value = element(concat(aws_network_acl.public.*.id, [""]), 0) + value = concat(aws_network_acl.public.*.id, [""])[0] } output "private_network_acl_id" { description = "ID of the private network ACL" - value = element(concat(aws_network_acl.private.*.id, [""]), 0) + value = concat(aws_network_acl.private.*.id, [""])[0] } output "intra_network_acl_id" { description = "ID of the intra network ACL" - value = element(concat(aws_network_acl.intra.*.id, [""]), 0) + value = concat(aws_network_acl.intra.*.id, [""])[0] } output "database_network_acl_id" { description = "ID of the database network ACL" - value = element(concat(aws_network_acl.database.*.id, [""]), 0) + value = concat(aws_network_acl.database.*.id, [""])[0] } output "redshift_network_acl_id" { description = "ID of the redshift network ACL" - value = element(concat(aws_network_acl.redshift.*.id, [""]), 0) + value = concat(aws_network_acl.redshift.*.id, [""])[0] } output "elasticache_network_acl_id" { description = "ID of the elasticache network ACL" - value = element(concat(aws_network_acl.elasticache.*.id, [""]), 0) + value = concat(aws_network_acl.elasticache.*.id, [""])[0] } # VPC Endpoints output "vpc_endpoint_s3_id" { description = "The ID of VPC endpoint for S3" - value = element(concat(aws_vpc_endpoint.s3.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.s3.*.id, [""])[0] } output "vpc_endpoint_s3_pl_id" { description = "The prefix list for the S3 VPC endpoint." - value = element(concat(aws_vpc_endpoint.s3.*.prefix_list_id, [""]), 0) + value = concat(aws_vpc_endpoint.s3.*.prefix_list_id, [""])[0] } output "vpc_endpoint_dynamodb_id" { description = "The ID of VPC endpoint for DynamoDB" - value = element(concat(aws_vpc_endpoint.dynamodb.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.dynamodb.*.id, [""])[0] } output "vpc_endpoint_dynamodb_pl_id" { description = "The prefix list for the DynamoDB VPC endpoint." - value = element(concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, [""]), 0) + value = concat(aws_vpc_endpoint.dynamodb.*.prefix_list_id, [""])[0] +} + +output "vpc_endpoint_sqs_id" { + description = "The ID of VPC endpoint for SQS" + value = concat(aws_vpc_endpoint.sqs.*.id, [""])[0] +} + +output "vpc_endpoint_sqs_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for SQS." + value = flatten(aws_vpc_endpoint.sqs.*.network_interface_ids) +} + +output "vpc_endpoint_sqs_dns_entry" { + description = "The DNS entries for the VPC Endpoint for SQS." + value = flatten(aws_vpc_endpoint.sqs.*.dns_entry) } output "vpc_endpoint_ssm_id" { description = "The ID of VPC endpoint for SSM" - value = element(concat(aws_vpc_endpoint.ssm.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ssm.*.id, [""])[0] } output "vpc_endpoint_ssm_network_interface_ids" { @@ -383,7 +380,7 @@ output "vpc_endpoint_ssm_dns_entry" { output "vpc_endpoint_ssmmessages_id" { description = "The ID of VPC endpoint for SSMMESSAGES" - value = element(concat(aws_vpc_endpoint.ssmmessages.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ssmmessages.*.id, [""])[0] } output "vpc_endpoint_ssmmessages_network_interface_ids" { @@ -398,7 +395,7 @@ output "vpc_endpoint_ssmmessages_dns_entry" { output "vpc_endpoint_ec2_id" { description = "The ID of VPC endpoint for EC2" - value = element(concat(aws_vpc_endpoint.ec2.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ec2.*.id, [""])[0] } output "vpc_endpoint_ec2_network_interface_ids" { @@ -413,7 +410,7 @@ output "vpc_endpoint_ec2_dns_entry" { output "vpc_endpoint_ec2messages_id" { description = "The ID of VPC endpoint for EC2MESSAGES" - value = element(concat(aws_vpc_endpoint.ec2messages.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ec2messages.*.id, [""])[0] } output "vpc_endpoint_ec2messages_network_interface_ids" { @@ -428,7 +425,7 @@ output "vpc_endpoint_ec2messages_dns_entry" { output "vpc_endpoint_kms_id" { description = "The ID of VPC endpoint for KMS" - value = element(concat(aws_vpc_endpoint.kms.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.kms.*.id, [""])[0] } output "vpc_endpoint_kms_network_interface_ids" { @@ -443,7 +440,7 @@ output "vpc_endpoint_kms_dns_entry" { output "vpc_endpoint_ecr_api_id" { description = "The ID of VPC endpoint for ECR API" - value = element(concat(aws_vpc_endpoint.ecr_api.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ecr_api.*.id, [""])[0] } output "vpc_endpoint_ecr_api_network_interface_ids" { @@ -458,7 +455,7 @@ output "vpc_endpoint_ecr_api_dns_entry" { output "vpc_endpoint_ecr_dkr_id" { description = "The ID of VPC endpoint for ECR DKR" - value = element(concat(aws_vpc_endpoint.ecr_dkr.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.ecr_dkr.*.id, [""])[0] } output "vpc_endpoint_ecr_dkr_network_interface_ids" { @@ -473,7 +470,7 @@ output "vpc_endpoint_ecr_dkr_dns_entry" { output "vpc_endpoint_apigw_id" { description = "The ID of VPC endpoint for APIGW" - value = element(concat(aws_vpc_endpoint.apigw.*.id, [""]), 0) + value = concat(aws_vpc_endpoint.apigw.*.id, [""])[0] } output "vpc_endpoint_apigw_network_interface_ids" { @@ -486,6 +483,51 @@ output "vpc_endpoint_apigw_dns_entry" { value = flatten(aws_vpc_endpoint.apigw.*.dns_entry) } +output "vpc_endpoint_ecs_id" { + description = "The ID of VPC endpoint for ECS" + value = concat(aws_vpc_endpoint.ecs.*.id, [""])[0] +} + +output "vpc_endpoint_ecs_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for ECS." + value = flatten(aws_vpc_endpoint.ecs.*.network_interface_ids) +} + +output "vpc_endpoint_ecs_dns_entry" { + description = "The DNS entries for the VPC Endpoint for ECS." + value = flatten(aws_vpc_endpoint.ecs.*.dns_entry) +} + +output "vpc_endpoint_ecs_agent_id" { + description = "The ID of VPC endpoint for ECS Agent" + value = concat(aws_vpc_endpoint.ecs_agent.*.id, [""])[0] +} + +output "vpc_endpoint_ecs_agent_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for ECS Agent." + value = flatten(aws_vpc_endpoint.ecs_agent.*.network_interface_ids) +} + +output "vpc_endpoint_ecs_agent_dns_entry" { + description = "The DNS entries for the VPC Endpoint for ECS Agent." + value = flatten(aws_vpc_endpoint.ecs_agent.*.dns_entry) +} + +output "vpc_endpoint_ecs_telemetry_id" { + description = "The ID of VPC endpoint for ECS Telemetry" + value = concat(aws_vpc_endpoint.ecs_telemetry.*.id, [""])[0] +} + +output "vpc_endpoint_ecs_telemetry_network_interface_ids" { + description = "One or more network interfaces for the VPC Endpoint for ECS Telemetry." + value = flatten(aws_vpc_endpoint.ecs_telemetry.*.network_interface_ids) +} + +output "vpc_endpoint_ecs_telemetry_dns_entry" { + description = "The DNS entries for the VPC Endpoint for ECS Telemetry." + value = flatten(aws_vpc_endpoint.ecs_telemetry.*.dns_entry) +} + # Static values (arguments) output "azs" { description = "A list of availability zones specified as argument to this module" diff --git a/variables.tf b/variables.tf index 471e37b1e..de3106f28 100644 --- a/variables.tf +++ b/variables.tf @@ -218,6 +218,26 @@ variable "enable_s3_endpoint" { default = false } +variable "enable_sqs_endpoint" { + description = "Should be true if you want to provision an SQS endpoint to the VPC" + default = false +} + +variable "sqs_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for SQS endpoint" + default = [] +} + +variable "sqs_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + default = [] +} + +variable "sqs_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint" + default = false +} + variable "enable_ssm_endpoint" { description = "Should be true if you want to provision an SSM endpoint to the VPC" type = bool @@ -410,6 +430,78 @@ variable "kms_endpoint_private_dns_enabled" { default = false } +variable "enable_ecs_endpoint" { + description = "Should be true if you want to provision a ECS endpoint to the VPC" + type = bool + default = false +} + +variable "ecs_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECS endpoint" + type = list(string) + default = [] +} + +variable "ecs_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "ecs_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint" + type = bool + default = false +} + +variable "enable_ecs_agent_endpoint" { + description = "Should be true if you want to provision a ECS Agent endpoint to the VPC" + type = bool + default = false +} + +variable "ecs_agent_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint" + type = list(string) + default = [] +} + +variable "ecs_agent_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "ecs_agent_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint" + type = bool + default = false +} + +variable "enable_ecs_telemetry_endpoint" { + description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC" + type = bool + default = false +} + +variable "ecs_telemetry_endpoint_security_group_ids" { + description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint" + type = list(string) + default = [] +} + +variable "ecs_telemetry_endpoint_subnet_ids" { + description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used." + type = list(string) + default = [] +} + +variable "ecs_telemetry_endpoint_private_dns_enabled" { + description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint" + type = bool + default = false +} + variable "map_public_ip_on_launch" { description = "Should be false if you do not want to auto-assign public IP on launch" type = bool