diff --git a/README.md b/README.md
index f80500a..26ab4e0 100644
--- a/README.md
+++ b/README.md
@@ -233,7 +233,7 @@ No modules.
| [tags](#input\_tags) | The tags to associate with your network and subnets. | `map(string)` | `{}` | no |
| [tracing\_tags\_enabled](#input\_tracing\_tags\_enabled) | Whether enable tracing tags that generated by BridgeCrew Yor. | `bool` | `false` | no |
| [tracing\_tags\_prefix](#input\_tracing\_tags\_prefix) | Default prefix for generated tracing tags | `string` | `"avm_"` | no |
-| [use\_for\_each](#input\_use\_for\_each) | Use `for_each` instead of `count` to create multiple resource instances. | `bool` | n/a | yes |
+| [use\_for\_each](#input\_use\_for\_each) | Use `for_each` instead of `count` to create multiple resource instances. Defaults to `true`. | `bool` | `true` | no |
| [vnet\_location](#input\_vnet\_location) | The location of the vnet to create. | `string` | n/a | yes |
| [vnet\_name](#input\_vnet\_name) | Name of the vnet to create | `string` | `"acctvnet"` | no |
diff --git a/main.tf b/main.tf
index ab7ac61..829605d 100644
--- a/main.tf
+++ b/main.tf
@@ -34,13 +34,13 @@ moved {
resource "azurerm_subnet" "subnet_count" {
count = var.use_for_each ? 0 : length(var.subnet_names)
- address_prefixes = [var.subnet_prefixes[count.index]]
- name = var.subnet_names[count.index]
- resource_group_name = var.resource_group_name
- virtual_network_name = azurerm_virtual_network.vnet.name
- enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false)
- enforce_private_link_service_network_policies = lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false)
- service_endpoints = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], null)
+ address_prefixes = [var.subnet_prefixes[count.index]]
+ name = var.subnet_names[count.index]
+ resource_group_name = var.resource_group_name
+ virtual_network_name = azurerm_virtual_network.vnet.name
+ private_endpoint_network_policies = (lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false) != null) ? (lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false) ? ("Disabled") : ("Enabled")) : ("Enabled")
+ private_link_service_network_policies_enabled = (lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false) != null) ? (!lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false)) : (true)
+ service_endpoints = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], null)
dynamic "delegation" {
for_each = lookup(var.subnet_delegation, var.subnet_names[count.index], {})
@@ -59,13 +59,13 @@ resource "azurerm_subnet" "subnet_count" {
resource "azurerm_subnet" "subnet_for_each" {
for_each = var.use_for_each ? toset(var.subnet_names) : []
- address_prefixes = [local.subnet_names_prefixes[each.value]]
- name = each.value
- resource_group_name = var.resource_group_name
- virtual_network_name = azurerm_virtual_network.vnet.name
- enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false)
- enforce_private_link_service_network_policies = lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false)
- service_endpoints = lookup(var.subnet_service_endpoints, each.value, null)
+ address_prefixes = [local.subnet_names_prefixes[each.value]]
+ name = each.value
+ resource_group_name = var.resource_group_name
+ virtual_network_name = azurerm_virtual_network.vnet.name
+ private_endpoint_network_policies = (lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false) != null) ? (lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false) ? ("Disabled") : ("Enabled")) : ("Enabled")
+ private_link_service_network_policies_enabled = (lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false) != null) ? (!lookup(var.subnet_enforce_private_link_service_network_policies, each.value, false)) : (true)
+ service_endpoints = lookup(var.subnet_service_endpoints, each.value, null)
dynamic "delegation" {
for_each = lookup(var.subnet_delegation, each.value, {})
diff --git a/variables.tf b/variables.tf
index e5ed97c..dc41735 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,12 +4,6 @@ variable "resource_group_name" {
nullable = false
}
-variable "use_for_each" {
- type = bool
- description = "Use `for_each` instead of `count` to create multiple resource instances."
- nullable = false
-}
-
variable "vnet_location" {
type = string
description = "The location of the vnet to create."
@@ -115,6 +109,13 @@ variable "tracing_tags_prefix" {
nullable = false
}
+variable "use_for_each" {
+ type = bool
+ default = true
+ description = "Use `for_each` instead of `count` to create multiple resource instances. Defaults to `true`."
+ nullable = false
+}
+
variable "vnet_name" {
type = string
default = "acctvnet"