feat: Add public and private and database tags per cidr

kahirokunn · kahirokunn · commit 8514cfbfa5f2 · 2023-03-06T16:12:59.000+09:00
diff --git a/README.md b/README.md
@@ -384,6 +384,7 @@ No modules.
 | <a name="input_database_subnet_suffix"></a> [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no |
 | <a name="input_database_subnet_tags"></a> [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no |
 | <a name="input_database_subnet_tags_per_az"></a> [database\_subnet\_tags\_per\_az](#input\_database\_subnet\_tags\_per\_az) | Additional tags for the database subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| <a name="input_database_subnet_tags_per_cidr"></a> [database\_subnet\_tags\_per\_cidr](#input\_database\_subnet\_tags\_per\_cidr) | Additional tags for the database subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
 | <a name="input_database_subnets"></a> [database\_subnets](#input\_database\_subnets) | A list of database subnets | `list(string)` | `[]` | no |
 | <a name="input_default_network_acl_egress"></a> [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | <a name="input_default_network_acl_ingress"></a> [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
@@ -497,6 +498,7 @@ No modules.
 | <a name="input_private_subnet_suffix"></a> [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no |
 | <a name="input_private_subnet_tags"></a> [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
 | <a name="input_private_subnet_tags_per_az"></a> [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| <a name="input_private_subnet_tags_per_cidr"></a> [private\_subnet\_tags\_per\_cidr](#input\_private\_subnet\_tags\_per\_cidr) | Additional tags for the private subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_propagate_intra_route_tables_vgw"></a> [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
 | <a name="input_propagate_private_route_tables_vgw"></a> [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
@@ -512,6 +514,7 @@ No modules.
 | <a name="input_public_subnet_suffix"></a> [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no |
 | <a name="input_public_subnet_tags"></a> [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
 | <a name="input_public_subnet_tags_per_az"></a> [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| <a name="input_public_subnet_tags_per_cidr"></a> [public\_subnet\_tags\_per\_cidr](#input\_public\_subnet\_tags\_per\_cidr) | Additional tags for the public subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
 | <a name="input_redshift_acl_tags"></a> [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf
@@ -23,9 +23,10 @@ module "vpc" {
   name = local.name
   cidr = "10.0.0.0/16"
 
-  azs             = ["${local.region}a", "${local.region}b", "${local.region}c"]
-  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
-  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  private_subnets  = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+  database_subnets = ["10.0.104.0/24", "10.0.105.0/24", "10.0.106.0/24"]
 
   enable_ipv6 = true
 
@@ -42,6 +43,24 @@ module "vpc" {
     }
   }
 
+  public_subnet_tags_per_cidr = {
+    "10.0.101.0/24" = {
+      type = "public-awesome-app"
+    }
+  }
+
+  private_subnet_tags_per_cidr = {
+    "10.0.1.0/24" = {
+      type = "private-awesome-app"
+    }
+  }
+
+  database_subnet_tags_per_cidr = {
+    "10.0.104.0/24" = {
+      type = "awesome-app-db"
+    }
+  }
+
   tags = local.tags
 
   vpc_tags = {
diff --git a/main.tf b/main.tf
@@ -377,7 +377,8 @@ resource "aws_subnet" "public" {
     },
     var.tags,
     var.public_subnet_tags,
-    lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})
+    lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}),
+    lookup(var.public_subnet_tags_per_cidr, element(concat(var.public_subnets, [""]), count.index), {})
   )
 }
 
@@ -405,7 +406,8 @@ resource "aws_subnet" "private" {
     },
     var.tags,
     var.private_subnet_tags,
-    lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})
+    lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}),
+    lookup(var.private_subnet_tags_per_cidr, var.private_subnets[count.index], {})
   )
 }
 
@@ -461,7 +463,8 @@ resource "aws_subnet" "database" {
     },
     var.tags,
     var.database_subnet_tags,
-    lookup(var.database_subnet_tags_per_az, element(var.azs, count.index), {})
+    lookup(var.database_subnet_tags_per_az, element(var.azs, count.index), {}),
+    lookup(var.database_subnet_tags_per_cidr, var.database_subnets[count.index])
   )
 }
 
diff --git a/variables.tf b/variables.tf
@@ -492,6 +492,12 @@ variable "public_subnet_tags_per_az" {
   default     = {}
 }
 
+variable "public_subnet_tags_per_cidr" {
+  description = "Additional tags for the public subnets where the primary key is the CIDR"
+  type        = map(map(string))
+  default     = {}
+}
+
 variable "private_subnet_tags" {
   description = "Additional tags for the private subnets"
   type        = map(string)
@@ -504,6 +510,12 @@ variable "private_subnet_tags_per_az" {
   default     = {}
 }
 
+variable "private_subnet_tags_per_cidr" {
+  description = "Additional tags for the private subnets where the primary key is the CIDR"
+  type        = map(map(string))
+  default     = {}
+}
+
 variable "outpost_subnet_tags" {
   description = "Additional tags for the outpost subnets"
   type        = map(string)
@@ -564,6 +576,12 @@ variable "database_subnet_tags_per_az" {
   default     = {}
 }
 
+variable "database_subnet_tags_per_cidr" {
+  description = "Additional tags for the database subnets where the primary key is the CIDR"
+  type        = map(map(string))
+  default     = {}
+}
+
 variable "database_subnet_group_tags" {
   description = "Additional tags for the database subnet group"
   type        = map(string)

Original file line number	Diff line number	Diff line change
`@@ -377,7 +377,8 @@ resource "aws_subnet" "public" {`
`377`	`377`	`},`
`378`	`378`	`var.tags,`
`379`	`379`	`var.public_subnet_tags,`
`380`		`- lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})`
	`380`	`+ lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}),`
	`381`	`+ lookup(var.public_subnet_tags_per_cidr, element(concat(var.public_subnets, [""]), count.index), {})`
`381`	`382`	`)`
`382`	`383`	`}`
`383`	`384`
`@@ -405,7 +406,8 @@ resource "aws_subnet" "private" {`
`405`	`406`	`},`
`406`	`407`	`var.tags,`
`407`	`408`	`var.private_subnet_tags,`
`408`		`- lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})`
	`409`	`+ lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}),`
	`410`	`+ lookup(var.private_subnet_tags_per_cidr, var.private_subnets[count.index], {})`
`409`	`411`	`)`
`410`	`412`	`}`
`411`	`413`
`@@ -461,7 +463,8 @@ resource "aws_subnet" "database" {`
`461`	`463`	`},`
`462`	`464`	`var.tags,`
`463`	`465`	`var.database_subnet_tags,`
`464`		`- lookup(var.database_subnet_tags_per_az, element(var.azs, count.index), {})`
	`466`	`+ lookup(var.database_subnet_tags_per_az, element(var.azs, count.index), {}),`
	`467`	`+ lookup(var.database_subnet_tags_per_cidr, var.database_subnets[count.index])`
`465`	`468`	`)`
`466`	`469`	`}`
`467`	`470`