From d50a3cb64fface7938a27e07d31a50506ad04b5d Mon Sep 17 00:00:00 2001 From: Sebastian Czech Date: Mon, 27 Jan 2025 23:39:53 +0100 Subject: [PATCH] Update variables description --- README.md | 4 +-- examples/block-public-access/README.md | 5 +-- examples/block-public-access/main.tf | 38 +++++++++++----------- variables.tf | 45 ++++++++++++++++++++++++-- 4 files changed, 67 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 66e50682b..f1e22af89 100644 --- a/README.md +++ b/README.md @@ -583,8 +583,8 @@ No modules. | [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [use\_ipam\_pool](#input\_use\_ipam\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no | -| [vpc\_block\_public\_access\_exclusions](#input\_vpc\_block\_public\_access\_exclusions) | List of VPC Block Public Access Exclusions | `map(any)` | `{}` | no | -| [vpc\_block\_public\_access\_options](#input\_vpc\_block\_public\_access\_options) | Map of VPC Block Public Access Options | `map(string)` | `{}` | no | +| [vpc\_block\_public\_access\_exclusions](#input\_vpc\_block\_public\_access\_exclusions) | List of VPC Block Public Access Exclusions e.g. to exclude the VPC:

vpc\_block\_public\_access\_exclusions = {
exclude\_vpc = {
exclude\_vpc = true
internet\_gateway\_exclusion\_mode = "allow-bidirectional"
}
}

or to exclude specific subnets:

vpc\_block\_public\_access\_exclusions = {
exclude\_subnet\_private1 = {
exclude\_subnet = true
subnet\_type = "private"
subnet\_index = 1
internet\_gateway\_exclusion\_mode = "allow-egress"
}
exclude\_subnet\_private2 = {
exclude\_subnet = true
subnet\_type = "private"
subnet\_index = 2
internet\_gateway\_exclusion\_mode = "allow-egress"
}
}

One of `exclude_vpc` or `exclude_subnet` must be set to true.
Value of `subnet_type` can be `public`, `private`, `database`, `redshift`, `elasticache`, `intra` or `custom`.
Value of `subnet_index` is the index of the subnet in the corresponding subnet list.
Value of `internet_gateway_exclusion_mode` can be `allow-egress` and `allow-bidirectional`. | `map(any)` | `{}` | no | +| [vpc\_block\_public\_access\_options](#input\_vpc\_block\_public\_access\_options) | Map of VPC Block Public Access Options e.g.:

vpc\_block\_public\_access\_options = {
internet\_gateway\_block\_mode = "block-bidirectional"
}

Currently only `internet_gateway_block_mode` is supported, for which
valid values are `block-bidirectional`, `block-ingress` and `off`. | `map(string)` | `{}` | no | | [vpc\_flow\_log\_iam\_policy\_name](#input\_vpc\_flow\_log\_iam\_policy\_name) | Name of the IAM policy | `string` | `"vpc-flow-log-to-cloudwatch"` | no | | [vpc\_flow\_log\_iam\_policy\_use\_name\_prefix](#input\_vpc\_flow\_log\_iam\_policy\_use\_name\_prefix) | Determines whether the name of the IAM policy (`vpc_flow_log_iam_policy_name`) is used as a prefix | `bool` | `true` | no | | [vpc\_flow\_log\_iam\_role\_name](#input\_vpc\_flow\_log\_iam\_role\_name) | Name to use on the VPC Flow Log IAM role created | `string` | `"vpc-flow-log-role"` | no | diff --git a/examples/block-public-access/README.md b/examples/block-public-access/README.md index 048b54b16..eeb1fd686 100644 --- a/examples/block-public-access/README.md +++ b/examples/block-public-access/README.md @@ -22,8 +22,9 @@ This example defines VPC Block Public Access Exclusion at the subnet level, but - configure VPC Block Public Access Options e.g.: ```hcl - internet_gateway_block_enabled = true - internet_gateway_block_mode = "block-bidirectional" + vpc_block_public_access_options = { + internet_gateway_block_mode = "block-bidirectional" + } ``` - define VPC Block Public Access Exclusion at the VPC level e.g.: diff --git a/examples/block-public-access/main.tf b/examples/block-public-access/main.tf index 468896295..6957610ee 100644 --- a/examples/block-public-access/main.tf +++ b/examples/block-public-access/main.tf @@ -37,28 +37,28 @@ module "vpc" { } ### VPC Block Public Access Exclusion at the VPC level - # vpc_block_public_access_exclusions = { - # exclude_vpc = { - # exclude_vpc = true - # internet_gateway_exclusion_mode = "allow-bidirectional" - # } - # } - - ### VPC Block Public Access Exclusion at the subnet level vpc_block_public_access_exclusions = { - exclude_subnet_private1 = { - exclude_subnet = true - subnet_type = "private" - subnet_index = 1 - internet_gateway_exclusion_mode = "allow-egress" - } - exclude_subnet_private2 = { - exclude_subnet = true - subnet_type = "private" - subnet_index = 2 - internet_gateway_exclusion_mode = "allow-egress" + exclude_vpc = { + exclude_vpc = true + internet_gateway_exclusion_mode = "allow-bidirectional" } } + ### VPC Block Public Access Exclusion at the subnet level + # vpc_block_public_access_exclusions = { + # exclude_subnet_private1 = { + # exclude_subnet = true + # subnet_type = "private" + # subnet_index = 1 + # internet_gateway_exclusion_mode = "allow-egress" + # } + # exclude_subnet_private2 = { + # exclude_subnet = true + # subnet_type = "private" + # subnet_index = 2 + # internet_gateway_exclusion_mode = "allow-egress" + # } + # } + tags = local.tags } diff --git a/variables.tf b/variables.tf index 193f19dda..49961cdfa 100644 --- a/variables.tf +++ b/variables.tf @@ -117,13 +117,54 @@ variable "tags" { } variable "vpc_block_public_access_options" { - description = "Map of VPC Block Public Access Options" + description = <