Skip to content

Commit

Permalink
Merge pull request #59 from isovalent/pr/fgiloux/azs
Browse files Browse the repository at this point in the history
feat: Make it possible to select availability zones
  • Loading branch information
fgiloux authored Nov 6, 2024
2 parents 5013400 + 3c12df8 commit 197ba0e
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 19 deletions.
9 changes: 5 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,17 +47,18 @@ An opinionated Terraform module that can be used to create and manage an VPC in
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_additional_private_subnet_tags"></a> [additional\_private\_subnet\_tags](#input\_additional\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
| <a name="input_additional_private_subnets"></a> [additional\_private\_subnets](#input\_additional\_private\_subnets) | Additional private subnets to create. | <pre>list(object({<br> availability_zone = string<br> cidr = string<br> tags = map(string)<br> }))</pre> | `[]` | no |
| <a name="input_additional_private_subnets"></a> [additional\_private\_subnets](#input\_additional\_private\_subnets) | Additional private subnets to create. | <pre>list(object({<br/> availability_zone = string<br/> cidr = string<br/> tags = map(string)<br/> }))</pre> | `[]` | no |
| <a name="input_additional_public_subnet_tags"></a> [additional\_public\_subnet\_tags](#input\_additional\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
| <a name="input_additional_public_subnets"></a> [additional\_public\_subnets](#input\_additional\_public\_subnets) | Additional public subnets to create. | <pre>list(object({<br> availability_zone = string<br> cidr = string<br> tags = map(string)<br> }))</pre> | `[]` | no |
| <a name="input_additional_public_subnets"></a> [additional\_public\_subnets](#input\_additional\_public\_subnets) | Additional public subnets to create. | <pre>list(object({<br/> availability_zone = string<br/> cidr = string<br/> tags = map(string)<br/> }))</pre> | `[]` | no |
| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zone names that subnets can get deployed into.<br/> If not provided, defaults to all AZs for the region. | `list(string)` | `[]` | no |
| <a name="input_bastion_host_ami_id"></a> [bastion\_host\_ami\_id](#input\_bastion\_host\_ami\_id) | The ID of the AIM to use for the instance. Setting this will ignore `bastion_host_ami_name_filter` and `bastion_host_ami_owners`. | `string` | `null` | no |
| <a name="input_bastion_host_ami_name_filter"></a> [bastion\_host\_ami\_name\_filter](#input\_bastion\_host\_ami\_name\_filter) | The AMI filter to use for the bastion host's AMI. | `string` | `"amzn2-ami-hvm-2.*-x86_64-ebs"` | no |
| <a name="input_bastion_host_ami_owners"></a> [bastion\_host\_ami\_owners](#input\_bastion\_host\_ami\_owners) | The list of owners used to select the AMI. | `list(string)` | <pre>[<br> "amazon"<br>]</pre> | no |
| <a name="input_bastion_host_ami_owners"></a> [bastion\_host\_ami\_owners](#input\_bastion\_host\_ami\_owners) | The list of owners used to select the AMI. | `list(string)` | <pre>[<br/> "amazon"<br/>]</pre> | no |
| <a name="input_bastion_host_assign_public_ip"></a> [bastion\_host\_assign\_public\_ip](#input\_bastion\_host\_assign\_public\_ip) | Whether to assign a public IP address to the bastion host. | `bool` | `false` | no |
| <a name="input_bastion_host_enabled"></a> [bastion\_host\_enabled](#input\_bastion\_host\_enabled) | Whether to create an EC2 instance in the VPC that can be used as a bastion host. | `bool` | `false` | no |
| <a name="input_bastion_host_extra_security_groups"></a> [bastion\_host\_extra\_security\_groups](#input\_bastion\_host\_extra\_security\_groups) | A list of extra security groups to associate with the bastion host. | `list(string)` | `[]` | no |
| <a name="input_bastion_host_instance_type"></a> [bastion\_host\_instance\_type](#input\_bastion\_host\_instance\_type) | The instance type to use for the bastion host. | `string` | `"t2.micro"` | no |
| <a name="input_bastion_host_security_group_rules"></a> [bastion\_host\_security\_group\_rules](#input\_bastion\_host\_security\_group\_rules) | A list of security group rules to apply to the bastion host. | `list(any)` | <pre>[<br> {<br> "cidr_blocks": [<br> "0.0.0.0/0"<br> ],<br> "description": "Allow all outbound traffic",<br> "from_port": 0,<br> "protocol": -1,<br> "to_port": 0,<br> "type": "egress"<br> },<br> {<br> "cidr_blocks": [<br> "0.0.0.0/0"<br> ],<br> "description": "Allow all inbound to SSH",<br> "from_port": 22,<br> "protocol": "tcp",<br> "to_port": 22,<br> "type": "ingress"<br> }<br>]</pre> | no |
| <a name="input_bastion_host_security_group_rules"></a> [bastion\_host\_security\_group\_rules](#input\_bastion\_host\_security\_group\_rules) | A list of security group rules to apply to the bastion host. | `list(any)` | <pre>[<br/> {<br/> "cidr_blocks": [<br/> "0.0.0.0/0"<br/> ],<br/> "description": "Allow all outbound traffic",<br/> "from_port": 0,<br/> "protocol": -1,<br/> "to_port": 0,<br/> "type": "egress"<br/> },<br/> {<br/> "cidr_blocks": [<br/> "0.0.0.0/0"<br/> ],<br/> "description": "Allow all inbound to SSH",<br/> "from_port": 22,<br/> "protocol": "tcp",<br/> "to_port": 22,<br/> "type": "ingress"<br/> }<br/>]</pre> | no |
| <a name="input_bastion_host_ssh_public_key"></a> [bastion\_host\_ssh\_public\_key](#input\_bastion\_host\_ssh\_public\_key) | If specified, will be used as the public SSH key for the bastion host. | `string` | `""` | no |
| <a name="input_bastion_host_user_data"></a> [bastion\_host\_user\_data](#input\_bastion\_host\_user\_data) | The user data to use for the bastion host. | `list(string)` | `[]` | no |
| <a name="input_bastion_host_user_data_base64"></a> [bastion\_host\_user\_data\_base64](#input\_bastion\_host\_user\_data\_base64) | The user data to use for the bastion host, base64 encoded. | `string` | `""` | no |
Expand Down
1 change: 1 addition & 0 deletions locals.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
locals {
bastion_host_key_pair_name = "${var.name}-bastion"
availability_zones = length(var.availability_zones) > 0 ? var.availability_zones : data.aws_availability_zones.available.names
}
28 changes: 14 additions & 14 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,16 @@ module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.0.0"

azs = data.aws_availability_zones.available.names // Use all availability zones.
cidr = var.cidr // Use the CIDR specified as a variable.
enable_dns_hostnames = true // Enable DNS hostnames (required by EKS).
enable_nat_gateway = true // Enable NAT gateway to enable outbound internet traffic from instances in a private subnet.
name = var.name // Use the name specified as a variable.
one_nat_gateway_per_az = false // Use a single NAT gateway as that's the simplest and also all we need.
secondary_cidr_blocks = var.secondary_cidr_blocks // Define secondary CIDR blocks.
single_nat_gateway = true // Use a single NAT gateway as that's the simplest and also all we need.
tags = var.tags // Use the tags specified as a variable.
map_public_ip_on_launch = var.map_public_ip_on_launch // Map public IP on launch for instances in public subnets.
azs = local.availability_zones // Use selected availability zones.
cidr = var.cidr // Use the CIDR specified as a variable.
enable_dns_hostnames = true // Enable DNS hostnames (required by EKS).
enable_nat_gateway = true // Enable NAT gateway to enable outbound internet traffic from instances in a private subnet.
name = var.name // Use the name specified as a variable.
one_nat_gateway_per_az = false // Use a single NAT gateway as that's the simplest and also all we need.
secondary_cidr_blocks = var.secondary_cidr_blocks // Define secondary CIDR blocks.
single_nat_gateway = true // Use a single NAT gateway as that's the simplest and also all we need.
tags = var.tags // Use the tags specified as a variable.
map_public_ip_on_launch = var.map_public_ip_on_launch // Map public IP on launch for instances in public subnets.

enable_ipv6 = var.enable_ipv6 // this will provide Amazon-provided IPv6 CIDR block which is a /56 block
public_subnet_assign_ipv6_address_on_creation = var.enable_ipv6 // this will help the EC2 to get the IPV6 address when it boots
Expand All @@ -40,7 +40,7 @@ module "vpc" {
// Create one private subnet per AZ (e.g. "10.1.0.0/24", "10.1.1.0/24", "10.1.2.0/24", ...).
// This could surely have been made differently (possibly even sourced from a variable), but it suffices for the time being.
private_subnets = [
for i, v in data.aws_availability_zones.available.names :
for i, v in local.availability_zones :
cidrsubnet(var.cidr, 8, i)
]
// Tag the private subnets adequately.
Expand All @@ -56,7 +56,7 @@ module "vpc" {
// Create one public subnet per AZ (e.g. "10.1.100.0/24", "10.1.101.0/24", "10.1.102.0/24", ...).
// This could surely have been made differently (possibly even sourced from a variable), but it suffices for the time being.
public_subnets = [
for i, v in data.aws_availability_zones.available.names :
for i, v in local.availability_zones :
cidrsubnet(var.cidr, 8, 100 + i)
]
// Tag the public subnets adequately.
Expand All @@ -69,11 +69,11 @@ module "vpc" {
)
//This is needed when enabling the IPV6 but will not hurt when the IPV6 is not enabled.
private_subnet_ipv6_prefixes = [
for i, v in data.aws_availability_zones.available.names :
for i, v in local.availability_zones :
i
]
public_subnet_ipv6_prefixes = [
for i, v in data.aws_availability_zones.available.names :
for i, v in local.availability_zones :
10 + i
]

Expand Down
12 changes: 11 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,16 @@
// See the License for the specific language governing permissions and
// limitations under the License.

variable "availability_zones" {
# Usage: -var 'availability_zones=["us-east-1a"]'
description = <<-EOT
List of availability zone names that subnets can get deployed into.
If not provided, defaults to all AZs for the region.
EOT
type = list(string)
default = []
}

variable "additional_private_subnet_tags" {
description = "Additional tags for the private subnets"
type = map(string)
Expand Down Expand Up @@ -168,4 +178,4 @@ variable "map_public_ip_on_launch" {
default = false
description = "Whether to map public IPs on launch."
type = bool
}
}

0 comments on commit 197ba0e

Please sign in to comment.