Modified Variables & upgraded version of vpn modules and vpn security groups

Author: rachit89

README.md

@@ -52,12 +52,11 @@ No inputs.
 | Name | Description |
 |------|-------------|
 | <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
-| <a name="output_intra_subnets"></a> [intra\_subnets](#output\_intra\_subnets) | List of IDs of Intra subnets |
-| <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
-| <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
-| <a name="output_region"></a> [region](#output\_region) | AWS Region |
 | <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | AWS Region |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
+| <a name="output_vpc_intra_subnets"></a> [vpc\_intra\_subnets](#output\_vpc\_intra\_subnets) | List of IDs of Intra subnets |
+| <a name="output_vpc_private_subnets"></a> [vpc\_private\_subnets](#output\_vpc\_private\_subnets) | List of IDs of private subnets |
+| <a name="output_vpc_public_subnets"></a> [vpc\_public\_subnets](#output\_vpc\_public\_subnets) | List of IDs of public subnets |
 | <a name="output_vpn_host_public_ip"></a> [vpn\_host\_public\_ip](#output\_vpn\_host\_public\_ip) | IP Adress of VPN Server |
 | <a name="output_vpn_security_group"></a> [vpn\_security\_group](#output\_vpn\_security\_group) | Security Group ID of VPN Server |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/complete-vpc-with-vpn/README.md

@@ -5,12 +5,12 @@ locals {
   environment                                    = "prod"
   kms_user                                       = null
   vpc_cidr                                       = "10.10.0.0/16"
-  vpc_availability_zones                         = ["ap-northeast-1a", "ap-northeast-1b"]
+  vpc_availability_zones                         = ["ap-northeast-1a", "ap-northeast-1c"]
   kms_deletion_window_in_days                    = 7
   enable_key_rotation                            = false
   is_enabled                                     = true
-  vpc_flow_log_enabled                           = true
-  vpn_server_enabled                             = false
+  vpc_flow_log_enabled                           = false
+  vpn_server_enabled                             = true
   vpc_intra_subnet_enabled                       = true
   vpc_public_subnet_enabled                      = true
   auto_assign_public_ip                          = true

examples/complete-vpc-with-vpn/main.tf

@@ -1,8 +1,3 @@
-output "region" {
-  description = "AWS Region"
-  value       = local.region
-}
-
 output "vpc_id" {
   description = "The ID of the VPC"
   value       = module.vpc.vpc_id
@@ -13,24 +8,24 @@ output "vpc_cidr_block" {
   value       = module.vpc.vpc_cidr_block
 }
 
-output "public_subnets" {
+output "vpc_public_subnets" {
   description = "List of IDs of public subnets"
-  value       = module.vpc.public_subnets
+  value       = module.vpc.vpc_public_subnets
 }
 
-output "private_subnets" {
+output "vpc_private_subnets" {
   description = "List of IDs of private subnets"
-  value       = module.vpc.private_subnets
+  value       = module.vpc.vpc_private_subnets
 }
 
 output "database_subnets" {
   description = "List of IDs of database subnets"
   value       = module.vpc.database_subnets
 }
 
-output "intra_subnets" {
+output "vpc_intra_subnets" {
   description = "List of IDs of Intra subnets"
-  value       = module.vpc.intra_subnets
+  value       = module.vpc.vpc_intra_subnets
 }
 
 output "vpn_host_public_ip" {
@@ -41,4 +36,4 @@ output "vpn_host_public_ip" {
 output "vpn_security_group" {
   description = "Security Group ID of VPN Server"
   value       = module.vpc.vpn_security_group
-}
+}

examples/complete-vpc-with-vpn/outputs.tf

@@ -1,5 +1,5 @@
 provider "aws" {
-  region = local.region
+  region = local.aws_region
   default_tags {
     tags = local.additional_aws_tags
   }

examples/complete-vpc-with-vpn/providers.tf

@@ -22,4 +22,4 @@ module "vpc_peering" {
   vpc_peering_multi_account_enabled = true
   vpc_peering_requester_aws_profile = "peer"
   vpc_peering_accepter_aws_profile  = "accepter"
-}
+}

examples/multi-account-vpc-peering/main.tf

@@ -14,4 +14,4 @@ provider "aws" {
   default_tags {
     tags = local.additional_tags
   }
-}
+}

examples/multi-account-vpc-peering/provider.tf

@@ -1,13 +1,13 @@
 locals {
-  azs                   = length(var.vpc_availability_zones)
+  azs = length(var.vpc_availability_zones)
   # public subnets cidr
   public_subnets_native = var.vpc_public_subnet_enabled ? length(var.vpc_public_subnet_cidrs) > 0 ? var.vpc_public_subnet_cidrs : [for netnum in range(0, var.vpc_public_subnets_counts) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
   secondary_public_subnets = var.vpc_public_subnet_enabled && var.secondry_cidr_enabled ? [
     for cidr_block in var.secondary_cidr_blocks : [
       for netnum in range(0, var.vpc_public_subnets_counts) : cidrsubnet(cidr_block, 8, netnum)
     ]
   ] : []
-  vpc_public_subnets       = concat(local.public_subnets_native, flatten(local.secondary_public_subnets))
+  vpc_public_subnets = concat(local.public_subnets_native, flatten(local.secondary_public_subnets))
 
   # intra subnets cidr
   intra_subnets_native = var.vpc_intra_subnet_enabled ? length(var.vpc_intra_subnet_cidrs) > 0 ? var.vpc_intra_subnet_cidrs : [for netnum in range(var.vpc_intra_subnets_counts * 3, var.vpc_intra_subnets_counts * 4) : cidrsubnet(var.vpc_cidr, 4, netnum)] : []
@@ -16,26 +16,26 @@ locals {
       for netnum in range(var.vpc_intra_subnets_counts * 3, var.vpc_intra_subnets_counts * 4) : cidrsubnet(cidr_block, 8, netnum)
     ]
   ] : []
-  vpc_intra_subnets          = concat(local.intra_subnets_native, flatten(local.secondary_intra_subnets))
-  
+  vpc_intra_subnets = concat(local.intra_subnets_native, flatten(local.secondary_intra_subnets))
+
   # private subnets cidr
   private_subnets_native = var.vpc_private_subnet_enabled ? length(var.vpc_private_subnet_cidrs) > 0 ? var.vpc_private_subnet_cidrs : [for netnum in range(var.vpc_private_subnets_counts * 4, var.vpc_private_subnets_counts * 5) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
   secondary_private_subnets = var.vpc_private_subnet_enabled && var.secondry_cidr_enabled ? [
     for cidr_block in var.secondary_cidr_blocks : [
       for netnum in range(var.vpc_private_subnets_counts, var.vpc_private_subnets_counts * 2) : cidrsubnet(cidr_block, 4, netnum)
     ]
   ] : []
-  vpc_private_subnets         = concat(local.private_subnets_native, flatten(local.secondary_private_subnets))
-  
+  vpc_private_subnets = concat(local.private_subnets_native, flatten(local.secondary_private_subnets))
+
   # database subnets cidr
   database_subnets_native = var.vpc_database_subnet_enabled ? length(var.vpc_database_subnet_cidrs) > 0 ? var.vpc_database_subnet_cidrs : [for netnum in range(var.vpc_database_subnets_counts * 2, var.vpc_database_subnets_counts * 3) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
   secondary_database_subnets = var.vpc_database_subnet_enabled && var.secondry_cidr_enabled ? [
     for cidr_block in var.secondary_cidr_blocks : [
       for netnum in range(var.vpc_database_subnets_counts * 2, var.vpc_database_subnets_counts * 3) : cidrsubnet(cidr_block, 8, netnum)
     ]
   ] : []
-  vpc_database_subnets                     = concat(local.database_subnets_native, flatten(local.secondary_database_subnets))
-  vpc_single_nat_gateway                   = var.vpc_one_nat_gateway_per_az == true ? false : true
+  vpc_database_subnets                 = concat(local.database_subnets_native, flatten(local.secondary_database_subnets))
+  vpc_single_nat_gateway               = var.vpc_one_nat_gateway_per_az == true ? false : true
   create_database_subnet_route_table   = var.vpc_database_subnet_enabled
   create_flow_log_cloudwatch_log_group = var.vpc_flow_log_enabled == true || var.vpc_flow_log_cloudwatch_log_group_skip_destroy == true ? true : false
   is_supported_arch                    = data.aws_ec2_instance_type.arch.supported_architectures[0] == "arm64" ? false : true # for VPN Instance
@@ -65,7 +65,6 @@ data "aws_availability_zones" "available" {}
 data "aws_ec2_instance_type" "arch" {
   instance_type = var.vpn_server_instance_type
 }
-
 module "vpc" {
   source                                          = "terraform-aws-modules/vpc/aws"
   version                                         = "5.2.0"
@@ -269,12 +268,12 @@ resource "aws_security_group" "vpc_endpoints" {
 }
 # private links for ECR.dkr
 
-resource "aws_vpc_endpoint" "private-ecr_dkr" {
+resource "aws_vpc_endpoint" "private_ecr_dkr" {
   count               = var.vpc_ecr_endpoint_enabled ? 1 : 0
   depends_on          = [data.aws_route_tables.aws_private_routes]
   vpc_id              = module.vpc.vpc_id
   service_name        = "com.amazonaws.${var.aws_region}.ecr.dkr"
-  subnet_ids          = module.vpc.private_subnets
+  subnet_ids          = [module.vpc.private_subnets[count.index]]
   security_group_ids  = [aws_security_group.vpc_endpoints[0].id]
   vpc_endpoint_type   = var.vpc_endpoint_type_ecr_dkr
   private_dns_enabled = true
@@ -297,11 +296,11 @@ POLICY
 
 # private links for ECR.api
 
-resource "aws_vpc_endpoint" "private-ecr_api" {
+resource "aws_vpc_endpoint" "private_ecr_api" {
   count               = var.vpc_ecr_endpoint_enabled ? 1 : 0
   depends_on          = [data.aws_route_tables.aws_private_routes]
   vpc_id              = module.vpc.vpc_id
-  subnet_ids          = module.vpc.private_subnets
+  subnet_ids          = [module.vpc.private_subnets[count.index]]
   service_name        = "com.amazonaws.${var.aws_region}.ecr.api"
   vpc_endpoint_type   = var.vpc_endpoint_type_ecr_api
   private_dns_enabled = true

main.tf

@@ -47,6 +47,7 @@ No modules.
 | [aws_vpc_peering_connection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource |
 | [aws_vpc_peering_connection_accepter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource |
 | [aws_vpc_peering_connection_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource |
+| [aws_caller_identity.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_route_tables.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |
 | [aws_route_tables.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |
 | [aws_vpc.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
@@ -56,13 +57,16 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_accepter_name"></a> [accepter\_name](#input\_accepter\_name) | Assign a meaningful name or label to the VPC Accepter. This aids in distinguishing the Accepter VPC within the VPC peering connection. | `string` | `""` | no |
-| <a name="input_accepter_vpc_id"></a> [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Acceptor in the VPC peering connection. | `string` | `""` | no |
-| <a name="input_accepter_vpc_region"></a> [accepter\_vpc\_region](#input\_accepter\_vpc\_region) | Provide the AWS region where the Acceptor VPC is located. This helps in identifying the correct region for establishing the VPC peering connection. | `string` | `""` | no |
-| <a name="input_peering_enabled"></a> [peering\_enabled](#input\_peering\_enabled) | Set this variable to true if you want to create the VPC peering connection. Set it to false if you want to skip the creation process. | `bool` | `true` | no |
-| <a name="input_requester_name"></a> [requester\_name](#input\_requester\_name) | Provide a descriptive name or label for the VPC Requester. This helps identify and differentiate the Requester VPC in the peering connection. | `string` | `""` | no |
-| <a name="input_requester_vpc_id"></a> [requester\_vpc\_id](#input\_requester\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Reqester in the VPC peering connection. | `string` | `""` | no |
-| <a name="input_requester_vpc_region"></a> [requester\_vpc\_region](#input\_requester\_vpc\_region) | Specify the AWS region where the Requester VPC resides. It ensures the correct region is used for setting up the VPC peering. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_aws_profile"></a> [vpc\_peering\_accepter\_aws\_profile](#input\_vpc\_peering\_accepter\_aws\_profile) | Provide the AWS profile where the accepter VPC is located. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_name"></a> [vpc\_peering\_accepter\_name](#input\_vpc\_peering\_accepter\_name) | Assign a meaningful name or label to the VPC Accepter. This aids in distinguishing the Accepter VPC within the VPC peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_vpc_id"></a> [vpc\_peering\_accepter\_vpc\_id](#input\_vpc\_peering\_accepter\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Acceptor in the VPC peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_accepter_vpc_region"></a> [vpc\_peering\_accepter\_vpc\_region](#input\_vpc\_peering\_accepter\_vpc\_region) | Provide the AWS region where the Acceptor VPC is located. This helps in identifying the correct region for establishing the VPC peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_enabled"></a> [vpc\_peering\_enabled](#input\_vpc\_peering\_enabled) | Set this variable to true if you want to create the VPC peering connection. Set it to false if you want to skip the creation process. | `bool` | `true` | no |
+| <a name="input_vpc_peering_multi_account_enabled"></a> [vpc\_peering\_multi\_account\_enabled](#input\_vpc\_peering\_multi\_account\_enabled) | Set this variable to true if you want to create the VPC peering connection between reagions. Set it to false if you want to skip the creation process. | `bool` | `true` | no |
+| <a name="input_vpc_peering_requester_aws_profile"></a> [vpc\_peering\_requester\_aws\_profile](#input\_vpc\_peering\_requester\_aws\_profile) | Provide the AWS profile where the requester VPC is located. | `string` | `""` | no |
+| <a name="input_vpc_peering_requester_name"></a> [vpc\_peering\_requester\_name](#input\_vpc\_peering\_requester\_name) | Provide a descriptive name or label for the VPC Requester. This helps identify and differentiate the Requester VPC in the peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_requester_vpc_id"></a> [vpc\_peering\_requester\_vpc\_id](#input\_vpc\_peering\_requester\_vpc\_id) | Specify the unique identifier of the VPC that will act as the Reqester in the VPC peering connection. | `string` | `""` | no |
+| <a name="input_vpc_peering_requester_vpc_region"></a> [vpc\_peering\_requester\_vpc\_region](#input\_vpc\_peering\_requester\_vpc\_region) | Specify the AWS region where the Requester VPC resides. It ensures the correct region is used for setting up the VPC peering. | `string` | `""` | no |
 
 ## Outputs
 

modules/vpc_peering/README.md

@@ -48,7 +48,7 @@ resource "aws_vpc_peering_connection" "this" {
   peer_owner_id = var.vpc_peering_multi_account_enabled ? data.aws_caller_identity.accepter.id : null
   provider      = aws.peer
   tags = {
-    Name = format("%s-%s-%s", var.requester_name, "to", var.accepter_name)
+    Name = format("%s-%s-%s", var.vpc_peering_requester_name, "to", var.vpc_peering_accepter_name)
   }
 }
 
@@ -59,7 +59,7 @@ resource "aws_vpc_peering_connection_accepter" "this" {
   vpc_peering_connection_id = aws_vpc_peering_connection.this[0].id
   auto_accept               = true
   tags = {
-    Name = format("%s-%s-%s", var.requester_name, "to", var.accepter_name)
+    Name = format("%s-%s-%s", var.vpc_peering_requester_name, "to", var.vpc_peering_accepter_name)
   }
 }
 
@@ -90,4 +90,4 @@ resource "aws_route" "accepter" {
   destination_cidr_block    = data.aws_vpc.requester.cidr_block
   vpc_peering_connection_id = var.vpc_peering_enabled ? aws_vpc_peering_connection.this[0].id : null
   provider                  = aws.accepter
-}
+}