changes azs input

Ajay-sops · Ajay-sops · commit 02aa42aa84b5 · 2023-08-31T10:29:06.000+05:30
diff --git a/README.md b/README.md
@@ -50,6 +50,42 @@ To prevent destruction interruptions, any resources that have been created outsi
 
 The private key generated by Keypair module will be stored in AWS Systems Manager Parameter Store. For more details refer [this](https://registry.terraform.io/modules/squareops/keypair/aws)
 
+For encrypting vpc flow log cloudwatch log group please use this kms key policy. Change the account id and region.
+
+```json
+{
+    "Version": "2012-10-17",
+    "Id": "allow-cloudwatch-logs-encryption",
+    "Statement": [
+        {
+            "Sid": "AllowRootFullPermissions",
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::12345678:root"
+            },
+            "Action": "kms:*",
+            "Resource": "*"
+        },
+        {
+            "Sid": "AllowCloudWatchLogsEncryption",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "logs.us-east-2.amazonaws.com"
+            },
+            "Action": [
+                "kms:Encrypt*",
+                "kms:Decrypt*",
+                "kms:ReEncrypt*",
+                "kms:GenerateDataKey*",
+                "kms:Describe*"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+
 ## Network Scenarios
 
 Users need to declare `vpc_cidr` and subnets are calculated with the help of in-built functions.
diff --git a/examples/complete-vpc-with-vpn/main.tf b/examples/complete-vpc-with-vpn/main.tf
@@ -22,9 +22,9 @@ module "vpc" {
   name                                            = local.name
   vpc_cidr                                        = local.vpc_cidr
   environment                                     = local.environment
-  flow_log_enabled                                = true
+  flow_log_enabled                                = false
   vpn_key_pair_name                               = module.key_pair_vpn.key_pair_name
-  availability_zones                              = 2
+  availability_zones                              = ["us-east-1a", "us-east-1b"]
   vpn_server_enabled                              = false
   intra_subnet_enabled                            = true
   public_subnet_enabled                           = true
@@ -35,5 +35,5 @@ module "vpc" {
   vpn_server_instance_type                        = "t3a.small"
   flow_log_max_aggregation_interval               = 60
   flow_log_cloudwatch_log_group_retention_in_days = 90
-  flow_log_cloudwatch_log_group_kms_key_arn       = "" #Enter your kms key arn
+  flow_log_cloudwatch_log_group_kms_key_arn       = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn" #Enter your kms key arn
 }
diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf
@@ -11,11 +11,11 @@ locals {
 }
 
 module "vpc" {
-  source                = "squareops/vpc/aws"
+  source                = "../.."
   name                  = local.name
   vpc_cidr              = local.vpc_cidr
   environment           = local.environment
-  availability_zones    = 2
+  availability_zones    = ["us-east-1a", "us-east-1b"]
   public_subnet_enabled = true
   auto_assign_public_ip = true
 }
diff --git a/examples/vpc-with-ipv6/main.tf b/examples/vpc-with-ipv6/main.tf
@@ -16,7 +16,7 @@ module "vpc" {
   name                                            = local.name
   vpc_cidr                                        = local.vpc_cidr
   environment                                     = local.environment
-  availability_zones                              = 2
+  availability_zones                              = ["us-east-1a", "us-east-1b"]
   public_subnet_enabled                           = true
   private_subnet_enabled                          = true
   intra_subnet_enabled                            = false
diff --git a/examples/vpc-with-private-subnet/main.tf b/examples/vpc-with-private-subnet/main.tf
@@ -15,7 +15,7 @@ module "vpc" {
   name                   = local.name
   vpc_cidr               = local.vpc_cidr
   environment            = local.environment
-  availability_zones     = 2
+  availability_zones     = ["us-east-1a", "us-east-1b"]
   public_subnet_enabled  = true
   private_subnet_enabled = true
   auto_assign_public_ip  = true
diff --git a/main.tf b/main.tf
@@ -1,8 +1,9 @@
 locals {
-  intra_subnets                        = var.intra_subnet_enabled ? length(var.intra_subnet_cidrs) > 0 ? var.intra_subnet_cidrs : [for netnum in range(var.availability_zones * 3, var.availability_zones * 4) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
-  public_subnets                       = var.public_subnet_enabled ? length(var.public_subnet_cidrs) > 0 ? var.public_subnet_cidrs : [for netnum in range(0, var.availability_zones) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
-  private_subnets                      = var.private_subnet_enabled ? length(var.private_subnet_cidrs) > 0 ? var.private_subnet_cidrs : [for netnum in range(var.availability_zones, var.availability_zones * 2) : cidrsubnet(var.vpc_cidr, 4, netnum)] : []
-  database_subnets                     = var.database_subnet_enabled ? length(var.database_subnet_cidrs) > 0 ? var.database_subnet_cidrs : [for netnum in range(var.availability_zones * 2, var.availability_zones * 3) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
+  azs                                  = length(var.availability_zones)
+  intra_subnets                        = var.intra_subnet_enabled ? length(var.intra_subnet_cidrs) > 0 ? var.intra_subnet_cidrs : [for netnum in range(local.azs * 3, local.azs * 4) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
+  public_subnets                       = var.public_subnet_enabled ? length(var.public_subnet_cidrs) > 0 ? var.public_subnet_cidrs : [for netnum in range(0, local.azs) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
+  private_subnets                      = var.private_subnet_enabled ? length(var.private_subnet_cidrs) > 0 ? var.private_subnet_cidrs : [for netnum in range(local.azs, local.azs * 2) : cidrsubnet(var.vpc_cidr, 4, netnum)] : []
+  database_subnets                     = var.database_subnet_enabled ? length(var.database_subnet_cidrs) > 0 ? var.database_subnet_cidrs : [for netnum in range(local.azs * 2, local.azs * 3) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
   single_nat_gateway                   = var.one_nat_gateway_per_az == true ? false : true
   create_database_subnet_route_table   = var.database_subnet_enabled
   create_flow_log_cloudwatch_log_group = var.flow_log_enabled == true ? true : false
@@ -23,10 +24,10 @@ locals {
   database_subnet_assign_ipv6_address_on_creation = var.database_subnet_assign_ipv6_address_on_creation == true && var.ipv6_enabled == true ? true : false
   intra_subnet_assign_ipv6_address_on_creation    = var.intra_subnet_assign_ipv6_address_on_creation == true && var.ipv6_enabled == true ? true : false
 
-  public_subnet_ipv6_prefixes   = var.public_subnet_enabled ? [for i in range(var.availability_zones) : i] : []
-  private_subnet_ipv6_prefixes  = var.private_subnet_enabled ? [for i in range(var.availability_zones) : i + length(data.aws_availability_zones.available.names)] : []
-  database_subnet_ipv6_prefixes = var.database_subnet_enabled ? [for i in range(var.availability_zones) : i + 2 * length(data.aws_availability_zones.available.names)] : []
-  intra_subnet_ipv6_prefixes    = var.intra_subnet_enabled ? [for i in range(var.availability_zones) : i + 3 * length(data.aws_availability_zones.available.names)] : []
+  public_subnet_ipv6_prefixes   = var.public_subnet_enabled ? [for i in range(local.azs) : i] : []
+  private_subnet_ipv6_prefixes  = var.private_subnet_enabled ? [for i in range(local.azs) : i + length(data.aws_availability_zones.available.names)] : []
+  database_subnet_ipv6_prefixes = var.database_subnet_enabled ? [for i in range(local.azs) : i + 2 * length(data.aws_availability_zones.available.names)] : []
+  intra_subnet_ipv6_prefixes    = var.intra_subnet_enabled ? [for i in range(local.azs) : i + 3 * length(data.aws_availability_zones.available.names)] : []
 }
 data "aws_availability_zones" "available" {}
 data "aws_ec2_instance_type" "arch" {
@@ -38,7 +39,7 @@ module "vpc" {
   version                                         = "5.1.1"
   name                                            = format("%s-%s-vpc", var.environment, var.name)
   cidr                                            = var.vpc_cidr # CIDR FOR VPC
-  azs                                             = [for n in range(0, var.availability_zones) : data.aws_availability_zones.available.names[n]]
+  azs                                             = [for n in range(0, local.azs) : data.aws_availability_zones.available.names[n]]
   intra_subnets                                   = local.intra_subnets
   public_subnets                                  = local.public_subnets
   private_subnets                                 = local.private_subnets
diff --git a/variables.tf b/variables.tf
@@ -19,8 +19,8 @@ variable "vpc_cidr" {
 
 variable "availability_zones" {
   description = "Number of Availability Zone to be used by VPC Subnets"
-  default     = 2
-  type        = number
+  default     = []
+  type        = list(any)
 }
 
 variable "public_subnet_enabled" {

Original file line number	Diff line number	Diff line change
`@@ -11,11 +11,11 @@ locals {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`module "vpc" {`
`14`		`- source = "squareops/vpc/aws"`
	`14`	`+ source = "../.."`
`15`	`15`	`name = local.name`
`16`	`16`	`vpc_cidr = local.vpc_cidr`
`17`	`17`	`environment = local.environment`
`18`		`- availability_zones = 2`
	`18`	`+ availability_zones = ["us-east-1a", "us-east-1b"]`
`19`	`19`	`public_subnet_enabled = true`
`20`	`20`	`auto_assign_public_ip = true`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,8 @@ variable "vpc_cidr" {`
`19`	`19`
`20`	`20`	`variable "availability_zones" {`
`21`	`21`	`description = "Number of Availability Zone to be used by VPC Subnets"`
`22`		`- default = 2`
`23`		`- type = number`
	`22`	`+ default = []`
	`23`	`+ type = list(any)`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`variable "public_subnet_enabled" {`