updated module

yuvraj-revnue · yuvraj-revnue · commit b311d37c25c0 · 2023-09-14T13:51:09.000+05:30
diff --git a/README.md b/README.md
@@ -247,7 +247,7 @@ In this module, we have implemented the following CIS Compliance checks for VPC:
 | <a name="input_public_subnet_assign_ipv6_address_on_creation"></a> [public\_subnet\_assign\_ipv6\_address\_on\_creation](#input\_public\_subnet\_assign\_ipv6\_address\_on\_creation) | Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map\_public\_ip\_on\_launch | `bool` | `null` | no |
 | <a name="input_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | A list of public subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |
 | <a name="input_public_subnet_enabled"></a> [public\_subnet\_enabled](#input\_public\_subnet\_enabled) | Set true to enable public subnets | `bool` | `false` | no |
-| <a name="input_region"></a> [region](#input\_region) | The AWS region name | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The AWS region name | `string` | `null` | no |
 | <a name="input_secondary_cidr_blocks"></a> [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of the secondary CIDR blocks which can be at most 5 | `list(string)` | `[]` | no |
 | <a name="input_secondry_cidr_enabled"></a> [secondry\_cidr\_enabled](#input\_secondry\_cidr\_enabled) | Whether enable secondary CIDR with VPC | `bool` | `false` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block of the VPC | `string` | `"10.0.0.0/16"` | no |
diff --git a/main.tf b/main.tf
@@ -1,6 +1,5 @@
 locals {
   azs                   = length(var.availability_zones)
-  region_name           = var.region
   public_subnets_native = var.public_subnet_enabled ? length(var.public_subnet_cidrs) > 0 ? var.public_subnet_cidrs : [for netnum in range(0, local.azs) : cidrsubnet(var.vpc_cidr, 8, netnum)] : []
   secondary_public_subnets = var.public_subnet_enabled && var.secondry_cidr_enabled ? [
     for cidr_block in var.secondary_cidr_blocks : [
@@ -67,8 +66,8 @@ module "vpc" {
   cidr                                            = var.vpc_cidr # CIDR FOR VPC
   azs                                             = [for n in range(0, local.azs) : data.aws_availability_zones.available.names[n]]
   use_ipam_pool                                   = var.ipam_enabled ? true : false
-  ipv4_ipam_pool_id                               = var.create_ipam_pool ? aws_vpc_ipam_pool.ipam_pool[0].id : var.ipam_pool_id
-  ipv4_netmask_length                             = var.ipv4_netmask_length
+  ipv4_ipam_pool_id                               = var.ipam_enabled && var.create_ipam_pool ? aws_vpc_ipam_pool.ipam_pool[0].id : null
+  ipv4_netmask_length                             = var.ipam_enabled ? var.ipv4_netmask_length : null
   create_database_subnet_group                    = length(local.database_subnets) > 1 && var.enable_database_subnet_group ? true : false
   intra_subnets                                   = local.intra_subnets
   public_subnets                                  = local.public_subnets
@@ -190,7 +189,7 @@ module "vpn_server" {
 resource "aws_vpc_ipam" "ipam" {
   count = var.ipam_enabled && var.create_ipam_pool ? 1 : 0
   operating_regions {
-    region_name = local.region_name
+    region_name = var.region
   }
 
 
@@ -202,7 +201,7 @@ resource "aws_vpc_ipam_pool" "ipam_pool" {
   description                       = "IPv4 pool"
   address_family                    = "ipv4"
   ipam_scope_id                     = aws_vpc_ipam.ipam[0].private_default_scope_id
-  locale                            = local.region_name
+  locale                            = var.region
   allocation_default_netmask_length = 16
 
 
@@ -213,25 +212,3 @@ resource "aws_vpc_ipam_pool_cidr" "ipam_pool_cidr" {
   ipam_pool_id = var.create_ipam_pool ? aws_vpc_ipam_pool.ipam_pool[0].id : var.ipam_pool_id
   cidr         = var.create_ipam_pool ? var.vpc_cidr : var.existing_ipam_managed_cidr
 }
-
-# resource "aws_vpc_ipam_preview_next_cidr" "this" {
-#   ipam_pool_id = aws_vpc_ipam_pool.this.id
-
-#   depends_on = [
-#     aws_vpc_ipam_pool_cidr.this
-#   ]
-# }
-
-# IPv6
-# resource "aws_vpc_ipam_pool" "ipv6" {
-#   count =
-#   description                       = "IPv6 pool"
-#   address_family                    = "ipv6"
-#   ipam_scope_id                     = aws_vpc_ipam.this.public_default_scope_id
-#   locale                            = var.region
-#   allocation_default_netmask_length = 56
-#   publicly_advertisable             = false
-#   aws_service                       = "ec2"
-
-#
-# }
diff --git a/variables.tf b/variables.tf
@@ -255,6 +255,7 @@ variable "ipv4_netmask_length" {
 variable "region" {
   description = "The AWS region name"
   type        = string
+  default     = null
 }
 
 variable "existing_ipam_managed_cidr" {

Original file line number	Diff line number	Diff line change
`@@ -255,6 +255,7 @@ variable "ipv4_netmask_length" {`
`255`	`255`	`variable "region" {`
`256`	`256`	`description = "The AWS region name"`
`257`	`257`	`type = string`
	`258`	`+ default = null`
`258`	`259`	`}`
`259`	`260`
`260`	`261`	`variable "existing_ipam_managed_cidr" {`