feat: Allow tagging on per-subnet basis

Radon Rosborough · Radon Rosborough · commit d13247b5fa5c · 2023-02-28T13:17:03.000-08:00
diff --git a/README.md b/README.md
@@ -383,6 +383,7 @@ No modules.
 | <a name="input_database_subnet_names"></a> [database\_subnet\_names](#input\_database\_subnet\_names) | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
 | <a name="input_database_subnet_suffix"></a> [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no |
 | <a name="input_database_subnet_tags"></a> [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no |
+| <a name="input_database_subnet_tags_per_subnet"></a> [database\_subnet\_tags\_per\_subnet](#input\_database\_subnet\_tags\_per\_subnet) | Additional tags for the database subnets, if specified then must have a length equal to the number of database subnets | `list(map(string))` | `[]` | no |
 | <a name="input_database_subnets"></a> [database\_subnets](#input\_database\_subnets) | A list of database subnets | `list(string)` | `[]` | no |
 | <a name="input_default_network_acl_egress"></a> [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | <a name="input_default_network_acl_ingress"></a> [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
@@ -419,6 +420,7 @@ No modules.
 | <a name="input_elasticache_subnet_names"></a> [elasticache\_subnet\_names](#input\_elasticache\_subnet\_names) | Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
 | <a name="input_elasticache_subnet_suffix"></a> [elasticache\_subnet\_suffix](#input\_elasticache\_subnet\_suffix) | Suffix to append to elasticache subnets name | `string` | `"elasticache"` | no |
 | <a name="input_elasticache_subnet_tags"></a> [elasticache\_subnet\_tags](#input\_elasticache\_subnet\_tags) | Additional tags for the elasticache subnets | `map(string)` | `{}` | no |
+| <a name="input_elasticache_subnet_tags_per_subnet"></a> [elasticache\_subnet\_tags\_per\_subnet](#input\_elasticache\_subnet\_tags\_per\_subnet) | Additional tags for the elasticache subnets, if specified then must have a length equal to the number of elasticache subnets | `list(map(string))` | `[]` | no |
 | <a name="input_elasticache_subnets"></a> [elasticache\_subnets](#input\_elasticache\_subnets) | A list of elasticache subnets | `list(string)` | `[]` | no |
 | <a name="input_enable_classiclink"></a> [enable\_classiclink](#input\_enable\_classiclink) | [DEPRECATED](https://github.com/hashicorp/terraform/issues/31730) Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
 | <a name="input_enable_classiclink_dns_support"></a> [enable\_classiclink\_dns\_support](#input\_enable\_classiclink\_dns\_support) | [DEPRECATED](https://github.com/hashicorp/terraform/issues/31730) Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic. | `bool` | `null` | no |
@@ -457,6 +459,7 @@ No modules.
 | <a name="input_intra_subnet_names"></a> [intra\_subnet\_names](#input\_intra\_subnet\_names) | Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
 | <a name="input_intra_subnet_suffix"></a> [intra\_subnet\_suffix](#input\_intra\_subnet\_suffix) | Suffix to append to intra subnets name | `string` | `"intra"` | no |
 | <a name="input_intra_subnet_tags"></a> [intra\_subnet\_tags](#input\_intra\_subnet\_tags) | Additional tags for the intra subnets | `map(string)` | `{}` | no |
+| <a name="input_intra_subnet_tags_per_subnet"></a> [intra\_subnet\_tags\_per\_subnet](#input\_intra\_subnet\_tags\_per\_subnet) | Additional tags for the intra subnets, if specified then must have a length equal to the number of intra subnets | `list(map(string))` | `[]` | no |
 | <a name="input_intra_subnets"></a> [intra\_subnets](#input\_intra\_subnets) | A list of intra subnets | `list(string)` | `[]` | no |
 | <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. | `string` | `null` | no |
 | <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4\_ipam\_pool\_id. | `number` | `null` | no |
@@ -484,6 +487,7 @@ No modules.
 | <a name="input_outpost_subnet_names"></a> [outpost\_subnet\_names](#input\_outpost\_subnet\_names) | Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
 | <a name="input_outpost_subnet_suffix"></a> [outpost\_subnet\_suffix](#input\_outpost\_subnet\_suffix) | Suffix to append to outpost subnets name | `string` | `"outpost"` | no |
 | <a name="input_outpost_subnet_tags"></a> [outpost\_subnet\_tags](#input\_outpost\_subnet\_tags) | Additional tags for the outpost subnets | `map(string)` | `{}` | no |
+| <a name="input_outpost_subnet_tags_per_subnet"></a> [outpost\_subnet\_tags\_per\_subnet](#input\_outpost\_subnet\_tags\_per\_subnet) | Additional tags for the outpost subnets, if specified then must have a length equal to the number of outpost subnets | `list(map(string))` | `[]` | no |
 | <a name="input_outpost_subnets"></a> [outpost\_subnets](#input\_outpost\_subnets) | A list of outpost subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_private_acl_tags"></a> [private\_acl\_tags](#input\_private\_acl\_tags) | Additional tags for the private subnets network ACL | `map(string)` | `{}` | no |
 | <a name="input_private_dedicated_network_acl"></a> [private\_dedicated\_network\_acl](#input\_private\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for private subnets | `bool` | `false` | no |
@@ -496,6 +500,7 @@ No modules.
 | <a name="input_private_subnet_suffix"></a> [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no |
 | <a name="input_private_subnet_tags"></a> [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
 | <a name="input_private_subnet_tags_per_az"></a> [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| <a name="input_private_subnet_tags_per_subnet"></a> [private\_subnet\_tags\_per\_subnet](#input\_private\_subnet\_tags\_per\_subnet) | Additional tags for the private subnets, if specified then must have a length equal to the number of private subnets | `list(map(string))` | `[]` | no |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_propagate_intra_route_tables_vgw"></a> [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
 | <a name="input_propagate_private_route_tables_vgw"></a> [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
@@ -511,6 +516,7 @@ No modules.
 | <a name="input_public_subnet_suffix"></a> [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no |
 | <a name="input_public_subnet_tags"></a> [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
 | <a name="input_public_subnet_tags_per_az"></a> [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| <a name="input_public_subnet_tags_per_subnet"></a> [public\_subnet\_tags\_per\_subnet](#input\_public\_subnet\_tags\_per\_subnet) | Additional tags for the public subnets, if specified then must have a length equal to the number of public subnets | `list(map(string))` | `[]` | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
 | <a name="input_redshift_acl_tags"></a> [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
@@ -525,6 +531,7 @@ No modules.
 | <a name="input_redshift_subnet_names"></a> [redshift\_subnet\_names](#input\_redshift\_subnet\_names) | Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
 | <a name="input_redshift_subnet_suffix"></a> [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no |
 | <a name="input_redshift_subnet_tags"></a> [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no |
+| <a name="input_redshift_subnet_tags_per_subnet"></a> [redshift\_subnet\_tags\_per\_subnet](#input\_redshift\_subnet\_tags\_per\_subnet) | Additional tags for the redshift subnets, if specified then must have a length equal to the number of redshift subnets | `list(map(string))` | `[]` | no |
 | <a name="input_redshift_subnets"></a> [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets | `list(string)` | `[]` | no |
 | <a name="input_reuse_nat_ips"></a> [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
 | <a name="input_secondary_cidr_blocks"></a> [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
diff --git a/main.tf b/main.tf
@@ -377,7 +377,8 @@ resource "aws_subnet" "public" {
     },
     var.tags,
     var.public_subnet_tags,
-    lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})
+    lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}),
+    length(var.public_subnet_tags_per_subnet) > 0 ? element(var.public_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -405,7 +406,8 @@ resource "aws_subnet" "private" {
     },
     var.tags,
     var.private_subnet_tags,
-    lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})
+    lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}),
+    length(var.private_subnet_tags_per_subnet) > 0 ? element(var.private_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -434,6 +436,7 @@ resource "aws_subnet" "outpost" {
     },
     var.tags,
     var.outpost_subnet_tags,
+    length(var.outpost_subnet_tags_per_subnet) > 0 ? element(var.outpost_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -461,6 +464,7 @@ resource "aws_subnet" "database" {
     },
     var.tags,
     var.database_subnet_tags,
+    length(var.database_subnet_tags_per_subnet) > 0 ? element(var.database_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -504,6 +508,7 @@ resource "aws_subnet" "redshift" {
     },
     var.tags,
     var.redshift_subnet_tags,
+    length(var.redshift_subnet_tags_per_subnet) > 0 ? element(var.redshift_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -545,6 +550,7 @@ resource "aws_subnet" "elasticache" {
     },
     var.tags,
     var.elasticache_subnet_tags,
+    length(var.elasticache_subnet_tags_per_subnet) > 0 ? element(var.elasticache_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
@@ -586,6 +592,7 @@ resource "aws_subnet" "intra" {
     },
     var.tags,
     var.intra_subnet_tags,
+    length(var.intra_subnet_tags_per_subnet) > 0 ? element(var.intra_subnet_tags_per_subnet, count.index) : {},
   )
 }
 
diff --git a/variables.tf b/variables.tf
@@ -492,6 +492,12 @@ variable "public_subnet_tags_per_az" {
   default     = {}
 }
 
+variable "public_subnet_tags_per_subnet" {
+  description = "Additional tags for the public subnets, if specified then must have a length equal to the number of public subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "private_subnet_tags" {
   description = "Additional tags for the private subnets"
   type        = map(string)
@@ -504,12 +510,24 @@ variable "private_subnet_tags_per_az" {
   default     = {}
 }
 
+variable "private_subnet_tags_per_subnet" {
+  description = "Additional tags for the private subnets, if specified then must have a length equal to the number of private subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "outpost_subnet_tags" {
   description = "Additional tags for the outpost subnets"
   type        = map(string)
   default     = {}
 }
 
+variable "outpost_subnet_tags_per_subnet" {
+  description = "Additional tags for the outpost subnets, if specified then must have a length equal to the number of outpost subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "public_route_table_tags" {
   description = "Additional tags for the public route tables"
   type        = map(string)
@@ -558,6 +576,12 @@ variable "database_subnet_tags" {
   default     = {}
 }
 
+variable "database_subnet_tags_per_subnet" {
+  description = "Additional tags for the database subnets, if specified then must have a length equal to the number of database subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "database_subnet_group_tags" {
   description = "Additional tags for the database subnet group"
   type        = map(string)
@@ -570,6 +594,12 @@ variable "redshift_subnet_tags" {
   default     = {}
 }
 
+variable "redshift_subnet_tags_per_subnet" {
+  description = "Additional tags for the redshift subnets, if specified then must have a length equal to the number of redshift subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "redshift_subnet_group_name" {
   description = "Name of redshift subnet group"
   type        = string
@@ -600,12 +630,24 @@ variable "elasticache_subnet_tags" {
   default     = {}
 }
 
+variable "elasticache_subnet_tags_per_subnet" {
+  description = "Additional tags for the elasticache subnets, if specified then must have a length equal to the number of elasticache subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "intra_subnet_tags" {
   description = "Additional tags for the intra subnets"
   type        = map(string)
   default     = {}
 }
 
+variable "intra_subnet_tags_per_subnet" {
+  description = "Additional tags for the intra subnets, if specified then must have a length equal to the number of intra subnets"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "public_acl_tags" {
   description = "Additional tags for the public subnets network ACL"
   type        = map(string)

Original file line number	Diff line number	Diff line change
`@@ -377,7 +377,8 @@ resource "aws_subnet" "public" {`
`377`	`377`	`},`
`378`	`378`	`var.tags,`
`379`	`379`	`var.public_subnet_tags,`
`380`		`- lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})`
	`380`	`+ lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}),`
	`381`	`+ length(var.public_subnet_tags_per_subnet) > 0 ? element(var.public_subnet_tags_per_subnet, count.index) : {},`
`381`	`382`	`)`
`382`	`383`	`}`
`383`	`384`
`@@ -405,7 +406,8 @@ resource "aws_subnet" "private" {`
`405`	`406`	`},`
`406`	`407`	`var.tags,`
`407`	`408`	`var.private_subnet_tags,`
`408`		`- lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})`
	`409`	`+ lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}),`
	`410`	`+ length(var.private_subnet_tags_per_subnet) > 0 ? element(var.private_subnet_tags_per_subnet, count.index) : {},`
`409`	`411`	`)`
`410`	`412`	`}`
`411`	`413`
`@@ -434,6 +436,7 @@ resource "aws_subnet" "outpost" {`
`434`	`436`	`},`
`435`	`437`	`var.tags,`
`436`	`438`	`var.outpost_subnet_tags,`
	`439`	`+ length(var.outpost_subnet_tags_per_subnet) > 0 ? element(var.outpost_subnet_tags_per_subnet, count.index) : {},`
`437`	`440`	`)`
`438`	`441`	`}`
`439`	`442`
`@@ -461,6 +464,7 @@ resource "aws_subnet" "database" {`
`461`	`464`	`},`
`462`	`465`	`var.tags,`
`463`	`466`	`var.database_subnet_tags,`
	`467`	`+ length(var.database_subnet_tags_per_subnet) > 0 ? element(var.database_subnet_tags_per_subnet, count.index) : {},`
`464`	`468`	`)`
`465`	`469`	`}`
`466`	`470`
`@@ -504,6 +508,7 @@ resource "aws_subnet" "redshift" {`
`504`	`508`	`},`
`505`	`509`	`var.tags,`
`506`	`510`	`var.redshift_subnet_tags,`
	`511`	`+ length(var.redshift_subnet_tags_per_subnet) > 0 ? element(var.redshift_subnet_tags_per_subnet, count.index) : {},`
`507`	`512`	`)`
`508`	`513`	`}`
`509`	`514`
`@@ -545,6 +550,7 @@ resource "aws_subnet" "elasticache" {`
`545`	`550`	`},`
`546`	`551`	`var.tags,`
`547`	`552`	`var.elasticache_subnet_tags,`
	`553`	`+ length(var.elasticache_subnet_tags_per_subnet) > 0 ? element(var.elasticache_subnet_tags_per_subnet, count.index) : {},`
`548`	`554`	`)`
`549`	`555`	`}`
`550`	`556`
`@@ -586,6 +592,7 @@ resource "aws_subnet" "intra" {`
`586`	`592`	`},`
`587`	`593`	`var.tags,`
`588`	`594`	`var.intra_subnet_tags,`
	`595`	`+ length(var.intra_subnet_tags_per_subnet) > 0 ? element(var.intra_subnet_tags_per_subnet, count.index) : {},`
`589`	`596`	`)`
`590`	`597`	`}`
`591`	`598`