Ensures the correct number of S3 and DDB VPC Endpoint associations (#90

) * Ensures the S3 VPC Endpoint association is only created if there are public subnets Fixes #89 * Ensures a single DDB association in the public route table
terraform-aws-modules · Apr 5, 2018 · b226dd2 · b226dd2
1 parent 6aad37f
commit b226dd2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -253,7 +253,7 @@ resource "aws_vpc_endpoint_route_table_association" "private_s3" {
 }
 
 resource "aws_vpc_endpoint_route_table_association" "public_s3" {
-  count = "${var.create_vpc && var.enable_s3_endpoint ? 1 : 0}"
+  count = "${var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
 
   vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
   route_table_id  = "${aws_route_table.public.id}"
@@ -283,7 +283,7 @@ resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" {
 }
 
 resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
-  count = "${var.create_vpc && var.enable_dynamodb_endpoint ? length(var.public_subnets) : 0}"
+  count = "${var.create_vpc && var.enable_dynamodb_endpoint && length(var.public_subnets) > 0 ? 1 : 0}"
 
   vpc_endpoint_id = "${aws_vpc_endpoint.dynamodb.id}"
   route_table_id  = "${aws_route_table.public.id}"