Merge pull request #78 from aws-ia/b-subnet-tags

add tags at subnet level type definitions

README.md

@@ -222,6 +222,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 |------|--------|---------|
 | <a name="module_calculate_subnets"></a> [calculate\_subnets](#module\_calculate\_subnets) | ./modules/calculate_subnets | n/a |
 | <a name="module_flow_logs"></a> [flow\_logs](#module\_flow\_logs) | ./modules/flow_logs | n/a |
+| <a name="module_subnet_tags"></a> [subnet\_tags](#module\_subnet\_tags) | aws-ia/label/aws | 0.0.5 |
 | <a name="module_tags"></a> [tags](#module\_tags) | aws-ia/label/aws | 0.0.5 |
 
 ## Resources

data.tf

@@ -9,8 +9,9 @@ locals {
   # A subnet's name is the subnet key by default but can be overrided by `name_prefix`.
   # Subnet names are used for Name tags.
   # resource name labels always use subnet key
-  subnet_keys  = keys(var.subnets)
-  subnet_names = { for type, v in var.subnets : type => try(v.name_prefix, type) }
+  subnet_keys           = keys(var.subnets)
+  subnet_names          = { for type, v in var.subnets : type => try(v.name_prefix, type) }
+  subnet_keys_with_tags = { for type, v in var.subnets : type => v.tags if can(v.tags) }
 
   ##################################################################
   # Internal variables for mapping user input from var.subnets to HCL useful values
@@ -85,3 +86,12 @@ module "tags" {
 
   tags = var.tags
 }
+
+module "subnet_tags" {
+  source  = "aws-ia/label/aws"
+  version = "0.0.5"
+
+  for_each = local.subnet_keys_with_tags
+
+  tags = each.value
+}

examples/ipam/main.tf

@@ -9,10 +9,6 @@ module "vpc" {
   vpc_ipv4_netmask_length = 20
 
   subnets = {
-    public = {
-      netmask                   = 24
-      nat_gateway_configuration = "all_azs"
-    }
     private = {
       netmask                 = 24
       connect_to_public_natgw = true

examples/public_private_flow_logs/README.md

@@ -11,7 +11,9 @@ No requirements.
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 ## Modules
 
@@ -21,7 +23,9 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 
 ## Inputs
 
@@ -34,5 +38,7 @@ No resources.
 | Name | Description |
 |------|-------------|
 | <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | Map of private subnet attributes grouped by az. |
+| <a name="output_private_subnets_tags_length"></a> [private\_subnets\_tags\_length](#output\_private\_subnets\_tags\_length) | Count of private subnet tags for a single az. |
 | <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | Map of public subnet attributes grouped by az. |
+| <a name="output_public_subnets_tags_length"></a> [public\_subnets\_tags\_length](#output\_public\_subnets\_tags\_length) | Count of public subnet tags for a single az. |
 <!-- END_TF_DOCS -->

examples/public_private_flow_logs/main.tf

@@ -1,8 +1,10 @@
+data "aws_availability_zones" "current" {}
+
 module "vpc" {
   source  = "aws-ia/vpc/aws"
   version = ">= 2.0.0"
 
-  name       = "multi-az-vpc"
+  name       = "tag-test"
   cidr_block = "10.0.0.0/20"
   az_count   = 2
 
@@ -11,6 +13,9 @@ module "vpc" {
       name_prefix               = "my-public" # omit to prefix with "public"
       netmask                   = 24
       nat_gateway_configuration = "all_azs" # options: "single_az", "none"
+      tags = {
+        subnet_type = "public"
+      }
     }
 
     private = {

examples/public_private_flow_logs/outputs.tf

@@ -1,6 +1,16 @@
 output "public_subnets" {
   description = "Map of public subnet attributes grouped by az."
-  value       = module.vpc.public_subnet_cidrs_by_az
+  value       = module.vpc.public_subnet_attributes_by_az
+}
+
+output "public_subnets_tags_length" {
+  description = "Count of public subnet tags for a single az."
+  value       = length(module.vpc.public_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags)
+}
+
+output "private_subnets_tags_length" {
+  description = "Count of private subnet tags for a single az."
+  value       = length(module.vpc.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags)
 }
 
 output "private_subnets" {

main.tf

@@ -18,7 +18,8 @@ resource "aws_vpc" "main" {
 
   tags = merge(
     { "Name" = var.name },
-  module.tags.tags_aws)
+    module.tags.tags_aws
+  )
 }
 
 resource "aws_vpc_ipv4_cidr_block_association" "secondary" {
@@ -40,7 +41,8 @@ resource "aws_subnet" "public" {
 
   tags = merge(
     { Name = "${local.subnet_names["public"]}-${each.key}" },
-    module.tags.tags_aws
+    module.tags.tags_aws,
+    try(module.subnet_tags["public"].tags_aws, {})
   )
 }
 
@@ -51,7 +53,8 @@ resource "awscc_ec2_route_table" "public" {
 
   tags = concat(
     [{ "key" = "Name", "value" = "${local.subnet_names["public"]}-${each.key}" }],
-    module.tags.tags
+    module.tags.tags,
+    try(module.subnet_tags["public"].tags, [])
   )
 }
 
@@ -61,7 +64,8 @@ resource "aws_eip" "nat" {
 
   tags = merge(
     { Name = "nat-${local.subnet_names["public"]}-${each.key}" },
-    module.tags.tags_aws
+    module.tags.tags_aws,
+    try(module.subnet_tags["public"].tags_aws, {})
   )
 }
 
@@ -73,7 +77,8 @@ resource "aws_nat_gateway" "main" {
 
   tags = merge(
     { Name = "nat-${local.subnet_names["public"]}-${each.key}" },
-    module.tags.tags_aws
+    module.tags.tags_aws,
+    try(module.subnet_tags["public"].tags_aws, {})
   )
 
   depends_on = [
@@ -87,7 +92,8 @@ resource "aws_internet_gateway" "main" {
 
   tags = merge(
     { Name = var.name },
-    module.tags.tags_aws
+    module.tags.tags_aws,
+    try(module.subnet_tags["public"].tags_aws, {})
   )
 }
 
@@ -129,7 +135,9 @@ resource "aws_subnet" "private" {
 
   tags = merge(
     { Name = "${local.subnet_names[split("/", each.key)[0]]}-${split("/", each.key)[1]}" },
-  module.tags.tags_aws)
+    module.tags.tags_aws,
+    try(module.subnet_tags[split("/", each.key)[0]].tags_aws, {})
+  )
 
   depends_on = [
     aws_vpc_ipv4_cidr_block_association.secondary
@@ -143,7 +151,8 @@ resource "awscc_ec2_route_table" "private" {
 
   tags = concat(
     [{ "key" = "Name", "value" = "${local.subnet_names[split("/", each.key)[0]]}-${split("/", each.key)[1]}" }],
-    module.tags.tags
+    module.tags.tags,
+    try(module.subnet_tags[split("/", each.key)[0]].tags, [])
   )
 }
 
@@ -184,7 +193,8 @@ resource "aws_subnet" "tgw" {
 
   tags = merge(
     { Name = "${local.subnet_names["transit_gateway"]}-${each.key}" },
-    module.tags.tags_aws
+    module.tags.tags_aws,
+    try(module.subnet_tags["transit_gateway"].tags_aws, {})
   )
 
 }
@@ -196,7 +206,8 @@ resource "awscc_ec2_route_table" "tgw" {
 
   tags = concat(
     [{ "key" = "Name", "value" = "${local.subnet_names["transit_gateway"]}-${each.key}" }],
-    module.tags.tags
+    module.tags.tags,
+    try(module.subnet_tags[split("/", each.key)[0]].tags, {})
   )
 }
 

test/examples_public_private_test.go

@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/likexian/gokit/assert"
 )
 
 func TestExamplesPublicPrivate(t *testing.T) {
@@ -14,4 +15,10 @@ func TestExamplesPublicPrivate(t *testing.T) {
 
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
+	terraform.ApplyAndIdempotent(t, terraformOptions)
+
+	publicTagsLength := terraform.Output(t, terraformOptions, "public_subnets_tags_length")
+	assert.Equal(t, "3", publicTagsLength)
+	privateTagsLength := terraform.Output(t, terraformOptions, "private_subnets_tags_length")
+	assert.Equal(t, "2", privateTagsLength)
 }