From abc27c1bfd18d698bcbef2119786ba1b19fc8790 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 22 Feb 2021 17:13:53 -0500 Subject: [PATCH 1/2] feat: add default route table resource to manage default route table, its tags, routes, etc. --- README.md | 5 +++++ examples/complete-vpc/main.tf | 3 +++ main.tf | 37 +++++++++++++++++++++++++++++++++++ variables.tf | 24 +++++++++++++++++++++++ 4 files changed, 69 insertions(+) diff --git a/README.md b/README.md index cf822aff2..b241d9829 100644 --- a/README.md +++ b/README.md @@ -249,6 +249,7 @@ No Modules. | [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/customer_gateway) | | [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/db_subnet_group) | | [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_network_acl) | +| [aws_default_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_route_table) | | [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_security_group) | | [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_vpc) | | [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/egress_only_internet_gateway) | @@ -377,6 +378,9 @@ No Modules. | default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | 
[
  {
    "action": "allow",
    "cidr_block": "0.0.0.0/0",
    "from_port": 0,
    "protocol": "-1",
    "rule_no": 100,
    "to_port": 0
  },
  {
    "action": "allow",
    "from_port": 0,
    "ipv6_cidr_block": "::/0",
    "protocol": "-1",
    "rule_no": 101,
    "to_port": 0
  }
]
| no | | default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no | | default\_network\_acl\_tags | Additional tags for the Default Network ACL | `map(string)` | `{}` | no | +| default\_route\_table\_propagating\_vgws | List of virtual gateways for propagation | `list(string)` | `[]` | no | +| default\_route\_table\_routes | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no | +| default\_route\_table\_tags | Additional tags for the default route table | `map(string)` | `{}` | no | | default\_security\_group\_egress | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no | | default\_security\_group\_ingress | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no | | default\_security\_group\_name | Name to be used on the default security group | `string` | `"default"` | no | @@ -581,6 +585,7 @@ No Modules. | logs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint | `list(string)` | `[]` | no | | logs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no | | manage\_default\_network\_acl | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no | +| manage\_default\_route\_table | Should be true to manage default route table | `bool` | `false` | no | | manage\_default\_security\_group | Should be true to adopt and manage default security group | `bool` | `false` | no | | manage\_default\_vpc | Should be true to adopt and manage Default VPC | `bool` | `false` | no | | map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index a94cca585..a2c4c4d1b 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -24,6 +24,9 @@ module "vpc" { create_database_subnet_group = false + manage_default_route_table = true + default_route_table_tags = { DefaultRouteTable = true } + enable_dns_hostnames = true enable_dns_support = true diff --git a/main.tf b/main.tf index fb65d5012..cf33ab61f 100644 --- a/main.tf +++ b/main.tf @@ -160,6 +160,43 @@ resource "aws_egress_only_internet_gateway" "this" { ) } +############### +# Default route +############### + +resource "aws_default_route_table" "default" { + count = var.create_vpc && var.manage_default_route_table ? 1 : 0 + + default_route_table_id = aws_vpc.this[0].default_route_table_id + propagating_vgws = var.default_route_table_propagating_vgws + + dynamic "route" { + for_each = var.default_route_table_routes + content { + # One of the following destinations must be provided + cidr_block = route.value.cidr_block + ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null) + + # One of the following targets must be provided + egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null) + gateway_id = lookup(route.value, "gateway_id", null) + instance_id = lookup(route.value, "instance_id", null) + nat_gateway_id = lookup(route.value, "nat_gateway_id", null) + network_interface_id = lookup(route.value, "network_interface_id", null) + transit_gateway_id = lookup(route.value, "transit_gateway_id", null) + # `vpc_endpoint_id` was recently added in v3.15.0 + # vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null) + vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null) + } + } + + tags = merge( + { "Name" = var.name }, + var.tags, + var.default_route_table_tags, + ) +} + ################ # Publiс routes ################ diff --git a/variables.tf b/variables.tf index 484c2bcb7..2a0c12eaf 100644 --- a/variables.tf +++ b/variables.tf @@ -2009,6 +2009,30 @@ variable "propagate_public_route_tables_vgw" { default = false } +variable "manage_default_route_table" { + description = "Should be true to manage default route table" + type = bool + default = false +} + +variable "default_route_table_propagating_vgws" { + description = "List of virtual gateways for propagation" + type = list(string) + default = [] +} + +variable "default_route_table_routes" { + description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route" + type = list(map(string)) + default = [] +} + +variable "default_route_table_tags" { + description = "Additional tags for the default route table" + type = map(string) + default = {} +} + variable "tags" { description = "A map of tags to add to all resources" type = map(string) From 1fd300c39fba01210f5a587a33d4a04ddecd5104 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Tue, 23 Feb 2021 10:15:31 +0100 Subject: [PATCH 2/2] chore: Run pre-commit terraform_docs hook --- README.md | 68 ++++++++++++++++---------------- examples/complete-vpc/README.md | 2 +- examples/ipv6/README.md | 2 +- examples/vpc-flow-logs/README.md | 12 +++--- 4 files changed, 42 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index b241d9829..d8da2a49c 100644 --- a/README.md +++ b/README.md @@ -245,40 +245,40 @@ No Modules. | Name | |------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/cloudwatch_log_group) | -| [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/customer_gateway) | -| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/db_subnet_group) | -| [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_network_acl) | -| [aws_default_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_route_table) | -| [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_security_group) | -| [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/default_vpc) | -| [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/egress_only_internet_gateway) | -| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/eip) | -| [aws_elasticache_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/elasticache_subnet_group) | -| [aws_flow_log](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/flow_log) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/iam_policy_document) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_policy) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role_policy_attachment) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role) | -| [aws_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/internet_gateway) | -| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/nat_gateway) | -| [aws_network_acl_rule](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/network_acl_rule) | -| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/network_acl) | -| [aws_redshift_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/redshift_subnet_group) | -| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route_table_association) | -| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route_table) | -| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/route) | -| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/subnet) | -| [aws_vpc_dhcp_options_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_dhcp_options_association) | -| [aws_vpc_dhcp_options](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_dhcp_options) | -| [aws_vpc_endpoint_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_endpoint_route_table_association) | -| [aws_vpc_endpoint_service](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/vpc_endpoint_service) | -| [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_endpoint) | -| [aws_vpc_ipv4_cidr_block_association](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc_ipv4_cidr_block_association) | -| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpc) | -| [aws_vpn_gateway_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway_attachment) | -| [aws_vpn_gateway_route_propagation](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway_route_propagation) | -| [aws_vpn_gateway](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/vpn_gateway) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | +| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | +| [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) | +| [aws_default_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) | +| [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) | +| [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) | +| [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) | +| [aws_eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | +| [aws_elasticache_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | +| [aws_flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | +| [aws_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | +| [aws_network_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl) | +| [aws_network_acl_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule) | +| [aws_redshift_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_subnet_group) | +| [aws_route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | +| [aws_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | +| [aws_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | +| [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | +| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | +| [aws_vpc_dhcp_options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options) | +| [aws_vpc_dhcp_options_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_dhcp_options_association) | +| [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | +| [aws_vpc_endpoint_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint_route_table_association) | +| [aws_vpc_endpoint_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_endpoint_service) | +| [aws_vpc_ipv4_cidr_block_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | +| [aws_vpn_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | +| [aws_vpn_gateway_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment) | +| [aws_vpn_gateway_route_propagation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | ## Inputs diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index 1236328ce..dd9717599 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -40,7 +40,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | |------| -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.10/docs/data-sources/security_group) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | ## Inputs diff --git a/examples/ipv6/README.md b/examples/ipv6/README.md index fd26219da..d99686447 100644 --- a/examples/ipv6/README.md +++ b/examples/ipv6/README.md @@ -38,7 +38,7 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | |------| -| [aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/availability_zones) | +| [aws_availability_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | ## Inputs diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md index 752da36b6..759182d18 100644 --- a/examples/vpc-flow-logs/README.md +++ b/examples/vpc-flow-logs/README.md @@ -47,12 +47,12 @@ Note that this example may create resources which can cost money (AWS Elastic IP | Name | |------| -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/cloudwatch_log_group) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/data-sources/iam_policy_document) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_policy) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role_policy_attachment) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/2.70/docs/resources/iam_role) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2/docs/resources/pet) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | ## Inputs