Changes made in variables.

rachit89 · rachit89 · commit 053ba9573da6 · 2024-04-02T13:20:17.000+05:30
diff --git a/README.md b/README.md
@@ -29,23 +29,30 @@ module "vpc" {
   ipv6_enabled                                    = true
   create_ipam_pool                                = false
   ipam_enabled                                    = false
-  flow_log_enabled                                = true
-  vpn_key_pair_name                               = module.key_pair_vpn.key_pair_name
-  availability_zones                              = ["us-east-1a", "us-east-1b"]
+  vpc_flow_log_enabled                            = true
+  vpn_server_key_pair_name                        = module.key_pair_vpn.key_pair_name
+  vpc_availability_zones                          = ["us-east-1a", "us-east-1b"]
   vpn_server_enabled                              = false
-  intra_subnet_enabled                            = true
+  vpc_intra_subnet_enabled                        = true
   auto_assign_public_ip                           = true
-  public_subnet_enabled                           = true
-  private_subnet_enabled                          = true
-  one_nat_gateway_per_az                          = true
-  database_subnet_enabled                         = true
+  vpc_public_subnet_enabled                       = true
+  vpc_private_subnet_enable                       = true
+  vpc_one_nat_gateway_per_az                      = true
+  vpc_database_subnet_enabled                     = true
   vpn_server_instance_type                        = "t3a.small"
+  vpc_public_subnets_counts                       = 2
+  vpc_private_subnets_counts                      = 2
+  vpc_database_subnets_counts                     = 2
+  vpc_intra_subnets_counts                        = 2
+  vpc_endpoint_type_private_s3                    = "Gateway"
+  vpc_endpoint_type_ecr_dkr                       = "Interface"
+  vpc_endpoint_type_ecr_api                       = "Interface"
   vpc_s3_endpoint_enabled                         = true
   vpc_ecr_endpoint_enabled                        = true
-  flow_log_max_aggregation_interval               = 60
-  flow_log_cloudwatch_log_group_skip_destroy      = true
-  flow_log_cloudwatch_log_group_retention_in_days = 90
-  flow_log_cloudwatch_log_group_kms_key_arn       = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn" #Enter your kms key arn
+  vpc_flow_log_max_aggregation_interval           = 60
+  vpc_flow_log_cloudwatch_log_group_skip_destroy  = true
+  vpc_flow_log_cloudwatch_log_group_retention_in_days = 90
+  vpc_flow_log_cloudwatch_log_group_kms_key_arn   = "arn:aws:kms:us-east-2:222222222222:key/kms_key_arn" #Enter your kms key arn
 }
 ```
 Refer [this](https://github.com/squareops/terraform-aws-vpc/tree/main/examples) for more examples.
diff --git a/modules/vpc_peering/README.md b/modules/vpc_peering/README.md
@@ -58,15 +58,15 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_vpc_peering_accepter_aws_profile"></a> [vpc\_peering\_accepter\_aws\_profile](#input\_vpc\_peering\_accepter\_aws\_profile) | Provide the AWS profile where the accepter VPC is located. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_id"></a> [vpc\_peering\_accepter\_id](#input\_vpc\_peering\_accepter\_id) | Specify the unique identifier of the VPC that will act as the Acceptor in the VPC peering connection. | `string` | `""` | no |
 | <a name="input_vpc_peering_accepter_name"></a> [vpc\_peering\_accepter\_name](#input\_vpc\_peering\_accepter\_name) | Assign a meaningful name or label to the VPC Accepter. This aids in distinguishing the Accepter VPC within the VPC peering connection. | `string` | `""` | no |
-| <a name="input_vpc_peering_accepter_vpc_id"></a> [vpc\_peering\_accepter\_vpc\_id](#input\_vpc\_peering\_accepter\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Acceptor in the VPC peering connection. | `string` | `""` | no |
-| <a name="input_vpc_peering_accepter_vpc_region"></a> [vpc\_peering\_accepter\_vpc\_region](#input\_vpc\_peering\_accepter\_vpc\_region) | Provide the AWS region where the Acceptor VPC is located. This helps in identifying the correct region for establishing the VPC peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_region"></a> [vpc\_peering\_accepter\_region](#input\_vpc\_peering\_accepter\_region) | Provide the AWS region where the Acceptor VPC is located. This helps in identifying the correct region for establishing the VPC peering connection. | `string` | `""` | no |
 | <a name="input_vpc_peering_enabled"></a> [vpc\_peering\_enabled](#input\_vpc\_peering\_enabled) | Set this variable to true if you want to create the VPC peering connection. Set it to false if you want to skip the creation process. | `bool` | `true` | no |
 | <a name="input_vpc_peering_multi_account_enabled"></a> [vpc\_peering\_multi\_account\_enabled](#input\_vpc\_peering\_multi\_account\_enabled) | Set this variable to true if you want to create the VPC peering connection between reagions. Set it to false if you want to skip the creation process. | `bool` | `true` | no |
 | <a name="input_vpc_peering_requester_aws_profile"></a> [vpc\_peering\_requester\_aws\_profile](#input\_vpc\_peering\_requester\_aws\_profile) | Provide the AWS profile where the requester VPC is located. | `string` | `""` | no |
+| <a name="input_vpc_peering_requester_id"></a> [vpc\_peering\_requester\_id](#input\_vpc\_peering\_requester\_id) | Specify the unique identifier of the VPC that will act as the Reqester in the VPC peering connection. | `string` | `""` | no |
 | <a name="input_vpc_peering_requester_name"></a> [vpc\_peering\_requester\_name](#input\_vpc\_peering\_requester\_name) | Provide a descriptive name or label for the VPC Requester. This helps identify and differentiate the Requester VPC in the peering connection. | `string` | `""` | no |
-| <a name="input_vpc_peering_requester_vpc_id"></a> [vpc\_peering\_requester\_vpc\_id](#input\_vpc\_peering\_requester\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Reqester in the VPC peering connection. | `string` | `""` | no |
-| <a name="input_vpc_peering_requester_vpc_region"></a> [vpc\_peering\_requester\_vpc\_region](#input\_vpc\_peering\_requester\_vpc\_region) | Specify the AWS region where the Requester VPC resides. It ensures the correct region is used for setting up the VPC peering. | `string` | `""` | no |
+| <a name="input_vpc_peering_requester_region"></a> [vpc\_peering\_requester\_region](#input\_vpc\_peering\_requester\_region) | Specify the AWS region where the Requester VPC resides. It ensures the correct region is used for setting up the VPC peering. | `string` | `""` | no |
 
 ## Outputs
 
diff --git a/modules/vpc_peering/main.tf b/modules/vpc_peering/main.tf
@@ -5,33 +5,33 @@ locals {
 
 provider "aws" {
   alias   = "peer"
-  region  = var.vpc_peering_requester_vpc_region
+  region  = var.vpc_peering_requester_region
   profile = var.vpc_peering_multi_account_enabled ? var.vpc_peering_requester_aws_profile : "default"
 }
 
 provider "aws" {
   alias   = "accepter"
-  region  = var.vpc_peering_accepter_vpc_region
+  region  = var.vpc_peering_accepter_region
   profile = var.vpc_peering_multi_account_enabled ? var.vpc_peering_accepter_aws_profile : "default"
 }
 
 data "aws_vpc" "accepter" {
-  id       = var.vpc_peering_accepter_vpc_id
+  id       = var.vpc_peering_accepter_id
   provider = aws.accepter
 }
 
 data "aws_route_tables" "accepter" {
-  vpc_id   = var.vpc_peering_accepter_vpc_id
+  vpc_id   = var.vpc_peering_accepter_id
   provider = aws.accepter
 }
 
 data "aws_vpc" "requester" {
-  id       = var.vpc_peering_requester_vpc_id
+  id       = var.vpc_peering_requester_id
   provider = aws.peer
 }
 
 data "aws_route_tables" "requester" {
-  vpc_id   = var.vpc_peering_requester_vpc_id
+  vpc_id   = var.vpc_peering_requester_id
   provider = aws.peer
 }
 
@@ -41,9 +41,9 @@ data "aws_caller_identity" "accepter" {
 
 resource "aws_vpc_peering_connection" "this" {
   count         = var.vpc_peering_enabled ? 1 : 0
-  vpc_id        = var.vpc_peering_requester_vpc_id
-  peer_vpc_id   = var.vpc_peering_accepter_vpc_id
-  peer_region   = var.vpc_peering_multi_account_enabled ? var.vpc_peering_accepter_vpc_region : null
+  vpc_id        = var.vpc_peering_requester_id
+  peer_vpc_id   = var.vpc_peering_accepter_id
+  peer_region   = var.vpc_peering_multi_account_enabled ? var.vpc_peering_accepter_region : null
   auto_accept   = false
   peer_owner_id = var.vpc_peering_multi_account_enabled ? data.aws_caller_identity.accepter.id : null
   provider      = aws.peer
diff --git a/modules/vpc_peering/variables.tf b/modules/vpc_peering/variables.tf
@@ -1,22 +1,22 @@
-variable "vpc_peering_accepter_vpc_id" {
+variable "vpc_peering_accepter_id" {
   type        = string
   description = "Specify the unique identifier of the VPC that will act as the Acceptor in the VPC peering connection."
   default     = ""
 }
 
-variable "vpc_peering_accepter_vpc_region" {
+variable "vpc_peering_accepter_region" {
   type        = string
   description = "Provide the AWS region where the Acceptor VPC is located. This helps in identifying the correct region for establishing the VPC peering connection."
   default     = ""
 }
 
-variable "vpc_peering_requester_vpc_id" {
+variable "vpc_peering_requester_id" {
   type        = string
   description = "Specify the unique identifier of the VPC that will act as the Reqester in the VPC peering connection."
   default     = ""
 }
 
-variable "vpc_peering_requester_vpc_region" {
+variable "vpc_peering_requester_region" {
   type        = string
   description = "Specify the AWS region where the Requester VPC resides. It ensures the correct region is used for setting up the VPC peering."
   default     = ""
diff --git a/modules/vpn/README.md b/modules/vpn/README.md
@@ -52,19 +52,19 @@ Refer [this](https://pritunl.com/) for more information.
 | [aws_ami.ubuntu_20_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_iam_policy.SSMManagedInstanceCore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 | [aws_iam_policy.SecretsManagerReadWrite](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [template_file.pritunl](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | Name of the AWS region where S3 bucket is to be created. | `string` | `""` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Specify the environment indentifier for the VPC | `string` | `""` | no |
 | <a name="input_name"></a> [name](#input\_name) | Specify the name of the VPC | `string` | `""` | no |
-| <a name="input_public_subnet"></a> [public\_subnet](#input\_public\_subnet) | The VPC Subnet ID to launch in | `string` | `""` | no |
+| <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | The VPC Subnet ID to launch in | `string` | `""` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block of the Default VPC | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | `""` | no |
-| <a name="input_vpn_key_pair"></a> [vpn\_key\_pair](#input\_vpn\_key\_pair) | Specify the name of AWS Keypair to be used for VPN Server | `string` | `""` | no |
+| <a name="input_vpn_key_pair_name"></a> [vpn\_key\_pair\_name](#input\_vpn\_key\_pair\_name) | Specify the name of AWS Keypair to be used for VPN Server | `string` | `""` | no |
 | <a name="input_vpn_server_instance_type"></a> [vpn\_server\_instance\_type](#input\_vpn\_server\_instance\_type) | EC2 instance Type for VPN Server, Only amd64 based instance type are supported eg. t2.medium, t3.micro, c5a.large etc. | `string` | `"t3a.small"` | no |
 
 ## Outputs
diff --git a/modules/vpn/main.tf b/modules/vpn/main.tf
@@ -79,16 +79,14 @@ data "template_file" "pritunl" {
   template = file("${path.module}/scripts/pritunl-vpn.sh")
 }
 
-data "aws_region" "current" {}
-
 module "vpn_server" {
   source                      = "terraform-aws-modules/ec2-instance/aws"
   version                     = "5.6.0"
   name                        = format("%s-%s-%s", var.environment, var.name, "vpn-ec2-instance")
   ami                         = data.aws_ami.ubuntu_20_ami.image_id
   instance_type               = var.vpn_server_instance_type
-  subnet_id                   = var.public_subnet
-  key_name                    = var.vpn_key_pair
+  subnet_id                   = var.public_subnet_ids
+  key_name                    = var.vpn_key_pair_name
   associate_public_ip_address = true
   vpc_security_group_ids      = [module.security_group_vpn.security_group_id]
   user_data                   = join("", data.template_file.pritunl[*].rendered)
@@ -195,7 +193,7 @@ resource "aws_ssm_document" "vpn_ssm_document" {
                "PASSWORD=$(sudo pritunl default-password | grep password | awk '{ print $2 }' | tail -n1)",
                "sleep 60",
                "VPN_HOST=${aws_eip.vpn.public_ip}",
-               "aws secretsmanager create-secret --region ${data.aws_region.current.name} --name ${var.environment}-${var.name}-vpnp --secret-string \"{\\\"user\\\": \\\"pritunl\\\", \\\"password\\\": $PASSWORD, \\\"setup-key\\\": \\\"$SETUPKEY\\\", \\\"vpn_host\\\": \\\"$VPN_HOST\\\"}\""
+               "aws secretsmanager create-secret --region ${var.aws_region} --name ${var.environment}-${var.name}-vpnp --secret-string \"{\\\"user\\\": \\\"pritunl\\\", \\\"password\\\": $PASSWORD, \\\"setup-key\\\": \\\"$SETUPKEY\\\", \\\"vpn_host\\\": \\\"$VPN_HOST\\\"}\""
             ]
          }
       }
@@ -208,7 +206,7 @@ resource "null_resource" "vpn_delete_secret" {
   triggers = {
     environment = var.environment
     name        = var.name
-    region      = data.aws_region.current.name
+    region      = var.aws_region
   }
   provisioner "local-exec" {
     when        = destroy
diff --git a/modules/vpn/variables.tf b/modules/vpn/variables.tf
@@ -1,3 +1,8 @@
+variable "aws_region" {
+  description = "Name of the AWS region where S3 bucket is to be created."
+  default     = ""
+  type        = string
+}
 
 variable "vpn_server_instance_type" {
   description = "EC2 instance Type for VPN Server, Only amd64 based instance type are supported eg. t2.medium, t3.micro, c5a.large etc. "
@@ -17,7 +22,7 @@ variable "name" {
   type        = string
 }
 
-variable "public_subnet" {
+variable "public_subnet_ids" {
   description = "The VPC Subnet ID to launch in"
   default     = ""
   type        = string
@@ -35,7 +40,7 @@ variable "vpc_id" {
   type        = string
 }
 
-variable "vpn_key_pair" {
+variable "vpn_key_pair_name" {
   description = "Specify the name of AWS Keypair to be used for VPN Server"
   default     = ""
   type        = string
diff --git a/providers.tf b/providers.tf
