Merge pull request #74 from aws-ia/b-rm-unecessary-outputs

rm unecessary outputs

Author: drewmullen

.pre-commit-config.yaml

@@ -5,6 +5,8 @@ minimum_pre_commit_version: "2.6.0"
 
 repos:
   - repo: https://github.com/aws-ia/pre-commit-configs
-    rev: 82b2dd4f3c3c8b064ce15c7cc518e14c43f6a068  # frozen: v1.4.1
+    # To update run:
+    # pre-commit autoupdate --freeze
+    rev: 0733cc52fa0fc8809c727fee4fccb324ceb994d0  # frozen: v1.6.0
     hooks:
       - id: aws-ia-meta-hook

.tflint.hcl

@@ -3,7 +3,7 @@
 
 plugin "aws" {
     enabled = true
-    version = "0.14.0"
+    version = "0.15.0"
     source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
 

README.md

@@ -255,10 +255,8 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 | <a name="output_nat_gateway_attributes_by_az"></a> [nat\_gateway\_attributes\_by\_az](#output\_nat\_gateway\_attributes\_by\_az) | Map of nat gateway resource attributes by AZ.<br><br>Example:<pre>nat_gateway_attributes_by_az = {<br>  "us-east-1a" = {<br>    "allocation_id" = "eipalloc-0e8b20303eea88b13"<br>    "connectivity_type" = "public"<br>    "id" = "nat-0fde39f9550f4abb5"<br>    "network_interface_id" = "eni-0d422727088bf9a86"<br>    "private_ip" = "10.0.3.40"<br>    "public_ip" = <><br>    "subnet_id" = "subnet-0f11c92e439c8ab4a"<br>    "tags" = tomap({<br>      "Name" = "nat-my-public-us-east-1a"<br>    })<br>    "tags_all" = tomap({<br>      "Name" = "nat-my-public-us-east-1a"<br>    })<br>  }<br>  "us-east-1b" = { ... }<br>}</pre> |
 | <a name="output_private_subnet_attributes_by_az"></a> [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | Map of all private subnets containing their attributes.<br><br>Example:<pre>private_subnet_attributes = {<br>  "private/us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"<br>    "assign_ipv6_address_on_creation" = false<br>    ...<br>    <all attributes of subnet: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#attributes-reference><br>  }<br>  "us-east-1b" = {...)<br>}</pre> |
 | <a name="output_public_subnet_attributes_by_az"></a> [public\_subnet\_attributes\_by\_az](#output\_public\_subnet\_attributes\_by\_az) | Map of all public subnets containing their attributes.<br><br>Example:<pre>public_subnet_attributes = {<br>  "us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"<br>    "assign_ipv6_address_on_creation" = false<br>    ...<br>    <all attributes of subnet: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#attributes-reference><br>  }<br>  "us-east-1b" = {...)<br>}</pre> |
-| <a name="output_public_subnet_cidrs_by_az"></a> [public\_subnet\_cidrs\_by\_az](#output\_public\_subnet\_cidrs\_by\_az) | Map of public subnet resource attributes grouped by AZ.<br><br>Example:<pre>public_subnets = {<br>  "us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-028d7f65ccc12ff98"<br>    "vpc_id" = "vpc-05601d7778af1ba9c"<br>    ...<br>  }<br>  "us-east-1b" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-0091597b2b4c78dda"<br>    ...<br>  }</pre> |
 | <a name="output_rt_attributes_by_type_by_az"></a> [rt\_attributes\_by\_type\_by\_az](#output\_rt\_attributes\_by\_type\_by\_az) | Map of route tables by type => az => route table attributes. Example usage: module.vpc.route\_table\_by\_subnet\_type.private.id<br><br>Example:<pre>route_table_attributes_by_type_by_az = {<br>  "private" = {<br>    "us-east-1a" = {<br>      "id" = "rtb-0e77040c0598df003"<br>      "route_table_id" = "rtb-0e77040c0598df003"<br>      "tags" = tolist([<br>        {<br>          "key" = "Name"<br>          "value" = "private-us-east-1a"<br>        },<br>      ])<br>      "vpc_id" = "vpc-033e054f49409592a"<br>    }<br>    "us-east-1b" = { ... }<br>  "public" = { ... }</pre> |
 | <a name="output_tgw_subnet_attributes_by_az"></a> [tgw\_subnet\_attributes\_by\_az](#output\_tgw\_subnet\_attributes\_by\_az) | Map of all tgw subnets containing their attributes.<br><br>Example:<pre>tgw_subnet_attributes = {<br>  "us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"<br>    "assign_ipv6_address_on_creation" = false<br>    ...<br>    <all attributes of subnet: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#attributes-reference><br>  }<br>  "us-east-1b" = {...)<br>}</pre> |
-| <a name="output_tgw_subnet_cidrs_by_az"></a> [tgw\_subnet\_cidrs\_by\_az](#output\_tgw\_subnet\_cidrs\_by\_az) | Map of transit gateway subnet resource attributes grouped by AZ.<br><br>Example:<pre>tgw_subnets = {<br>  "us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-028d7f65ccc12ff98"<br>    "vpc_id" = "vpc-05601d7778af1ba9c"<br>    ...<br>  }<br>  "us-east-1b" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-0091597b2b4c78dda"<br>    ...<br>  }</pre> |
 | <a name="output_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#output\_transit\_gateway\_attachment\_id) | Transit gateway attachment id. |
 | <a name="output_vpc_attributes"></a> [vpc\_attributes](#output\_vpc\_attributes) | VPC resource attributes. Full output of aws\_vpc. |
 <!-- END_TF_DOCS -->

data.tf

@@ -3,11 +3,21 @@ locals {
 
   # references to module.calculate_subnets output
   calculated_subnets = module.calculate_subnets.subnets_by_type
-  subnet_keys        = keys(var.subnets)
 
-  # default names if no name_prefix is passed
+  ##################################################################
+  # Subnet names
+  # A subnet's name is the subnet key by default but can be overrided by `name_prefix`.
+  # Subnet names are used for Name tags.
+  # resource name labels always use subnet key
+  subnet_keys  = keys(var.subnets)
   subnet_names = { for type, v in var.subnets : type => try(v.name_prefix, type) }
 
+  ##################################################################
+  # Internal variables for mapping user input from var.subnets to HCL useful values
+  # Notes:
+  # - subnets map contains arbitrary amount of subnet "keys" which are both defined as the subnets type and default name (unless name_prefix is provided).
+  # - resource name labels for subnet use the key as  private subnet keys are constructed
+
   singleton_subnet_types = ["public", "transit_gateway"]
   private_subnet_names   = setsubtract(local.subnet_keys, local.singleton_subnet_types)
 
@@ -21,7 +31,8 @@ locals {
   private_subnets_tgw_routed          = [for type in local.private_subnet_names : type if can(var.subnets[type].route_to_transit_gateway)]
   private_subnet_key_names_tgw_routed = [for subnet in local.private_per_az : subnet if contains(local.private_subnets_tgw_routed, split("/", subnet)[0])]
 
-  # NAT configurations options, selected based on nat_gateway_configuration
+  ##################################################################
+  # NAT configurations options, maps user string input to HCL usable values. selected based on nat_gateway_configuration
   # null   = none
   # all    = local.azs
   # single = local.azs[0]
@@ -34,6 +45,13 @@ locals {
   # options defined by `local.nat_options`
   nat_configuration = contains(local.subnet_keys, "public") ? local.nat_options[try(var.subnets.public.nat_gateway_configuration, "none")] : local.nat_options["none"]
 
+
+  ##################################################################
+  # Feature toggles for whether:
+  # - create or reference a VPC
+  # - get cidr block value from AWS IPAM
+  # - create flow logs
+
   # # if var.vpc_id is passed, assume create = `false` and cidr comes from data.aws_vpc
   create_vpc = var.vpc_id == null ? true : false
   vpc        = local.create_vpc ? aws_vpc.main[0] : data.awscc_ec2_vpc.main[0]

examples/ipam/outputs.tf

@@ -5,5 +5,5 @@ output "public_subnets" {
 
 output "private_subnets" {
   description = "Map of private subnet attributes grouped by az."
-  value       = module.vpc.private_subnet_cidrs_by_az
+  value       = module.vpc.private_subnet_attributes_by_az
 }

examples/public_private_flow_logs/main.tf

@@ -4,7 +4,7 @@ module "vpc" {
 
   name       = "multi-az-vpc"
   cidr_block = "10.0.0.0/20"
-  az_count   = 3
+  az_count   = 2
 
   subnets = {
     public = {
@@ -26,4 +26,8 @@ module "vpc" {
     retention_in_days    = 180
     kms_key_id           = var.kms_key_id
   }
+
+  tags = {
+    "key" = "value"
+  }
 }

examples/public_private_flow_logs/outputs.tf

@@ -5,5 +5,5 @@ output "public_subnets" {
 
 output "private_subnets" {
   description = "Map of private subnet attributes grouped by az."
-  value       = module.vpc.private_subnet_cidrs_by_az
+  value       = module.vpc.private_subnet_attributes_by_az
 }

examples/secondary_cidr/outputs.tf

@@ -5,5 +5,5 @@ output "public_subnets" {
 
 output "private_subnets" {
   description = "Map of private subnet attributes grouped by az."
-  value       = module.secondary.private_subnet_cidrs_by_az
+  value       = module.secondary.private_subnet_attributes_by_az
 }

outputs.tf

@@ -3,48 +3,6 @@ output "vpc_attributes" {
   value       = local.vpc
 }
 
-output "public_subnet_cidrs_by_az" {
-  value       = try(aws_subnet.public, null)
-  description = <<-EOF
-  Map of public subnet resource attributes grouped by AZ.
-
-  Example:
-  ```
-  public_subnets = {
-    "us-east-1a" = {
-      "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-028d7f65ccc12ff98"
-      "vpc_id" = "vpc-05601d7778af1ba9c"
-      ...
-    }
-    "us-east-1b" = {
-      "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-0091597b2b4c78dda"
-      ...
-    }
-  ```
-EOF
-}
-
-output "tgw_subnet_cidrs_by_az" {
-  value       = try(aws_subnet.tgw, null)
-  description = <<-EOF
-  Map of transit gateway subnet resource attributes grouped by AZ.
-
-  Example:
-  ```
-  tgw_subnets = {
-    "us-east-1a" = {
-      "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-028d7f65ccc12ff98"
-      "vpc_id" = "vpc-05601d7778af1ba9c"
-      ...
-    }
-    "us-east-1b" = {
-      "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-0091597b2b4c78dda"
-      ...
-    }
-  ```
-EOF
-}
-
 output "transit_gateway_attachment_id" {
   description = "Transit gateway attachment id."
   value       = try(aws_ec2_transit_gateway_vpc_attachment.tgw[0].id, null)