diff --git a/README.md b/README.md
index 581c5b6f7..cca01cecb 100644
--- a/README.md
+++ b/README.md
@@ -383,6 +383,8 @@ No modules.
| [database\_subnet\_names](#input\_database\_subnet\_names) | Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated. | `list(string)` | `[]` | no |
| [database\_subnet\_suffix](#input\_database\_subnet\_suffix) | Suffix to append to database subnets name | `string` | `"db"` | no |
| [database\_subnet\_tags](#input\_database\_subnet\_tags) | Additional tags for the database subnets | `map(string)` | `{}` | no |
+| [database\_subnet\_tags\_per\_az](#input\_database\_subnet\_tags\_per\_az) | Additional tags for the database subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| [database\_subnet\_tags\_per\_cidr](#input\_database\_subnet\_tags\_per\_cidr) | Additional tags for the database subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
| [database\_subnets](#input\_database\_subnets) | A list of database subnets | `list(string)` | `[]` | no |
| [default\_network\_acl\_egress](#input\_default\_network\_acl\_egress) | List of maps of egress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
| [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | [
{
"action": "allow",
"cidr_block": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"rule_no": 100,
"to_port": 0
},
{
"action": "allow",
"from_port": 0,
"ipv6_cidr_block": "::/0",
"protocol": "-1",
"rule_no": 101,
"to_port": 0
}
]
| no |
@@ -496,6 +498,7 @@ No modules.
| [private\_subnet\_suffix](#input\_private\_subnet\_suffix) | Suffix to append to private subnets name | `string` | `"private"` | no |
| [private\_subnet\_tags](#input\_private\_subnet\_tags) | Additional tags for the private subnets | `map(string)` | `{}` | no |
| [private\_subnet\_tags\_per\_az](#input\_private\_subnet\_tags\_per\_az) | Additional tags for the private subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| [private\_subnet\_tags\_per\_cidr](#input\_private\_subnet\_tags\_per\_cidr) | Additional tags for the private subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
| [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC | `list(string)` | `[]` | no |
| [propagate\_intra\_route\_tables\_vgw](#input\_propagate\_intra\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
| [propagate\_private\_route\_tables\_vgw](#input\_propagate\_private\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
@@ -511,6 +514,7 @@ No modules.
| [public\_subnet\_suffix](#input\_public\_subnet\_suffix) | Suffix to append to public subnets name | `string` | `"public"` | no |
| [public\_subnet\_tags](#input\_public\_subnet\_tags) | Additional tags for the public subnets | `map(string)` | `{}` | no |
| [public\_subnet\_tags\_per\_az](#input\_public\_subnet\_tags\_per\_az) | Additional tags for the public subnets where the primary key is the AZ | `map(map(string))` | `{}` | no |
+| [public\_subnet\_tags\_per\_cidr](#input\_public\_subnet\_tags\_per\_cidr) | Additional tags for the public subnets where the primary key is the CIDR | `map(map(string))` | `{}` | no |
| [public\_subnets](#input\_public\_subnets) | A list of public subnets inside the VPC | `list(string)` | `[]` | no |
| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
| [redshift\_acl\_tags](#input\_redshift\_acl\_tags) | Additional tags for the redshift subnets network ACL | `map(string)` | `{}` | no |
diff --git a/examples/simple-vpc/main.tf b/examples/simple-vpc/main.tf
index e9071a794..cc6d15f10 100644
--- a/examples/simple-vpc/main.tf
+++ b/examples/simple-vpc/main.tf
@@ -23,9 +23,10 @@ module "vpc" {
name = local.name
cidr = "10.0.0.0/16"
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
- public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+ azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
+ private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+ public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+ database_subnets = ["10.0.104.0/24", "10.0.105.0/24", "10.0.106.0/24"]
enable_ipv6 = true
@@ -42,6 +43,24 @@ module "vpc" {
}
}
+ public_subnet_tags_per_cidr = {
+ "10.0.101.0/24" = {
+ type = "public-awesome-app"
+ }
+ }
+
+ private_subnet_tags_per_cidr = {
+ "10.0.1.0/24" = {
+ type = "private-awesome-app"
+ }
+ }
+
+ database_subnet_tags_per_cidr = {
+ "10.0.104.0/24" = {
+ type = "awesome-app-db"
+ }
+ }
+
tags = local.tags
vpc_tags = {
diff --git a/main.tf b/main.tf
index 7da643e60..7a775ef76 100644
--- a/main.tf
+++ b/main.tf
@@ -377,7 +377,8 @@ resource "aws_subnet" "public" {
},
var.tags,
var.public_subnet_tags,
- lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {})
+ lookup(var.public_subnet_tags_per_az, element(var.azs, count.index), {}),
+ lookup(var.public_subnet_tags_per_cidr, element(concat(var.public_subnets, [""]), count.index), {})
)
}
@@ -405,7 +406,8 @@ resource "aws_subnet" "private" {
},
var.tags,
var.private_subnet_tags,
- lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {})
+ lookup(var.private_subnet_tags_per_az, element(var.azs, count.index), {}),
+ lookup(var.private_subnet_tags_per_cidr, var.private_subnets[count.index], {})
)
}
@@ -461,6 +463,8 @@ resource "aws_subnet" "database" {
},
var.tags,
var.database_subnet_tags,
+ lookup(var.database_subnet_tags_per_az, element(var.azs, count.index), {}),
+ lookup(var.database_subnet_tags_per_cidr, var.database_subnets[count.index])
)
}
diff --git a/variables.tf b/variables.tf
index 4bd5da093..ef1df1905 100644
--- a/variables.tf
+++ b/variables.tf
@@ -492,6 +492,12 @@ variable "public_subnet_tags_per_az" {
default = {}
}
+variable "public_subnet_tags_per_cidr" {
+ description = "Additional tags for the public subnets where the primary key is the CIDR"
+ type = map(map(string))
+ default = {}
+}
+
variable "private_subnet_tags" {
description = "Additional tags for the private subnets"
type = map(string)
@@ -504,6 +510,12 @@ variable "private_subnet_tags_per_az" {
default = {}
}
+variable "private_subnet_tags_per_cidr" {
+ description = "Additional tags for the private subnets where the primary key is the CIDR"
+ type = map(map(string))
+ default = {}
+}
+
variable "outpost_subnet_tags" {
description = "Additional tags for the outpost subnets"
type = map(string)
@@ -558,6 +570,18 @@ variable "database_subnet_tags" {
default = {}
}
+variable "database_subnet_tags_per_az" {
+ description = "Additional tags for the database subnets where the primary key is the AZ"
+ type = map(map(string))
+ default = {}
+}
+
+variable "database_subnet_tags_per_cidr" {
+ description = "Additional tags for the database subnets where the primary key is the CIDR"
+ type = map(map(string))
+ default = {}
+}
+
variable "database_subnet_group_tags" {
description = "Additional tags for the database subnet group"
type = map(string)