diff --git a/.github/auto-release.yml b/.github/auto-release.yml
index b45efb7..17cd39c 100644
--- a/.github/auto-release.yml
+++ b/.github/auto-release.yml
@@ -17,7 +17,6 @@ version-resolver:
- 'bugfix'
- 'bug'
- 'hotfix'
- - 'no-release'
default: 'minor'
categories:
diff --git a/.github/renovate.json b/.github/renovate.json
index ae4f0aa..a780298 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -4,9 +4,9 @@
":preserveSemverRanges"
],
"labels": ["auto-update"],
+ "dependencyDashboardAutoclose": true,
"enabledManagers": ["terraform"],
"terraform": {
"ignorePaths": ["**/context.tf", "examples/**"]
}
}
-
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 70f829e..4b4a226 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -10,6 +10,7 @@ jobs:
steps:
- name: "Checkout source code at current commit"
uses: actions/checkout@v2
+ # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved
- uses: mszostok/codeowners-validator@v0.7.1
if: github.event.pull_request.head.repo.full_name == github.repository
name: "Full check of CODEOWNERS"
diff --git a/README.md b/README.md
index 5aa6813..4e66db5 100644
--- a/README.md
+++ b/README.md
@@ -192,6 +192,7 @@ Available targets:
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acceptor\_allow\_remote\_vpc\_dns\_resolution](#input\_acceptor\_allow\_remote\_vpc\_dns\_resolution) | Allow acceptor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requestor VPC | `bool` | `true` | no |
+| [acceptor\_ignore\_cidrs](#input\_acceptor\_ignore\_cidrs) | A list of CIDR blocks from the acceptor VPC to ignore | `list(string)` | `[]` | no |
| [acceptor\_route\_table\_tags](#input\_acceptor\_route\_table\_tags) | Only add peer routes to acceptor VPC route tables matching these tags | `map(string)` | `{}` | no |
| [acceptor\_vpc\_id](#input\_acceptor\_vpc\_id) | Acceptor VPC ID | `string` | `""` | no |
| [acceptor\_vpc\_tags](#input\_acceptor\_vpc\_tags) | Acceptor VPC tags | `map(string)` | `{}` | no |
@@ -214,6 +215,7 @@ Available targets:
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [requestor\_allow\_remote\_vpc\_dns\_resolution](#input\_requestor\_allow\_remote\_vpc\_dns\_resolution) | Allow requestor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the acceptor VPC | `bool` | `true` | no |
+| [requestor\_ignore\_cidrs](#input\_requestor\_ignore\_cidrs) | A list of CIDR blocks from the requestor VPC to ignore | `list(string)` | `[]` | no |
| [requestor\_route\_table\_tags](#input\_requestor\_route\_table\_tags) | Only add peer routes to requestor VPC route tables matching these tags | `map(string)` | `{}` | no |
| [requestor\_vpc\_id](#input\_requestor\_vpc\_id) | Requestor VPC ID | `string` | `""` | no |
| [requestor\_vpc\_tags](#input\_requestor\_vpc\_tags) | Requestor VPC tags | `map(string)` | `{}` | no |
@@ -399,7 +401,7 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
[![README Footer][readme_footer_img]][readme_footer_link]
[![Beacon][beacon]][website]
-
+
[logo]: https://cloudposse.com/logo-300x69.svg
[docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering&utm_content=docs
[website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering&utm_content=website
@@ -430,3 +432,4 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
[share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-vpc-peering
[share_email]: mailto:?subject=terraform-aws-vpc-peering&body=https://github.com/cloudposse/terraform-aws-vpc-peering
[beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-vpc-peering?pixel&cs=github&cm=readme&an=terraform-aws-vpc-peering
+
diff --git a/docs/terraform.md b/docs/terraform.md
index b36108e..91657b1 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -36,6 +36,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acceptor\_allow\_remote\_vpc\_dns\_resolution](#input\_acceptor\_allow\_remote\_vpc\_dns\_resolution) | Allow acceptor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requestor VPC | `bool` | `true` | no |
+| [acceptor\_ignore\_cidrs](#input\_acceptor\_ignore\_cidrs) | A list of CIDR blocks from the acceptor VPC to ignore | `list(string)` | `[]` | no |
| [acceptor\_route\_table\_tags](#input\_acceptor\_route\_table\_tags) | Only add peer routes to acceptor VPC route tables matching these tags | `map(string)` | `{}` | no |
| [acceptor\_vpc\_id](#input\_acceptor\_vpc\_id) | Acceptor VPC ID | `string` | `""` | no |
| [acceptor\_vpc\_tags](#input\_acceptor\_vpc\_tags) | Acceptor VPC tags | `map(string)` | `{}` | no |
@@ -58,6 +59,7 @@
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
| [requestor\_allow\_remote\_vpc\_dns\_resolution](#input\_requestor\_allow\_remote\_vpc\_dns\_resolution) | Allow requestor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the acceptor VPC | `bool` | `true` | no |
+| [requestor\_ignore\_cidrs](#input\_requestor\_ignore\_cidrs) | A list of CIDR blocks from the requestor VPC to ignore | `list(string)` | `[]` | no |
| [requestor\_route\_table\_tags](#input\_requestor\_route\_table\_tags) | Only add peer routes to requestor VPC route tables matching these tags | `map(string)` | `{}` | no |
| [requestor\_vpc\_id](#input\_requestor\_vpc\_id) | Requestor VPC ID | `string` | `""` | no |
| [requestor\_vpc\_tags](#input\_requestor\_vpc\_tags) | Requestor VPC tags | `map(string)` | `{}` | no |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index c98956a..86a6547 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -11,3 +11,5 @@ name = "vpc-peering"
requestor_vpc_cidr = "172.16.0.0/16"
acceptor_vpc_cidr = "172.32.0.0/16"
+
+requestor_additional_ipv4_cidr_block = "100.64.0.0/16"
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 55ad94c..c8d3e5b 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -3,45 +3,70 @@ provider "aws" {
}
module "requestor_vpc" {
- source = "cloudposse/vpc/aws"
- version = "0.18.1"
- attributes = ["requestor"]
- cidr_block = var.requestor_vpc_cidr
+ source = "cloudposse/vpc/aws"
+ version = "1.2.0"
+ attributes = ["requestor"]
+ ipv4_primary_cidr_block = var.requestor_vpc_cidr
+ ipv4_additional_cidr_block_associations = {
+ "${var.requestor_additional_ipv4_cidr_block}" = {
+ ipv4_cidr_block = var.requestor_additional_ipv4_cidr_block
+ ipv4_ipam_pool_id = null
+ ipv4_netmask_length = null
+ }
+ }
context = module.this.context
}
module "requestor_subnets" {
source = "cloudposse/dynamic-subnets/aws"
- version = "0.33.0"
+ version = "2.0.4"
availability_zones = var.availability_zones
attributes = ["requestor"]
vpc_id = module.requestor_vpc.vpc_id
- igw_id = module.requestor_vpc.igw_id
- cidr_block = module.requestor_vpc.vpc_cidr_block
+ igw_id = [module.requestor_vpc.igw_id]
+ ipv4_cidr_block = [module.requestor_vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
context = module.this.context
}
+module "requestor_subnets_additional" {
+ source = "cloudposse/dynamic-subnets/aws"
+ version = "2.0.4"
+ availability_zones = var.availability_zones
+ attributes = ["requestor"]
+ vpc_id = module.requestor_vpc.vpc_id
+ igw_id = [module.requestor_vpc.igw_id]
+ ipv4_cidr_block = [var.requestor_additional_ipv4_cidr_block]
+ nat_gateway_enabled = false
+ nat_instance_enabled = false
+ public_subnets_enabled = false
+
+ context = module.this.context
+
+ # necessary for clean destory, see open issue: https://github.com/hashicorp/terraform-provider-aws/issues/9592
+ depends_on = [module.requestor_vpc]
+}
+
module "acceptor_vpc" {
- source = "cloudposse/vpc/aws"
- version = "0.18.1"
- attributes = ["acceptor"]
- cidr_block = var.acceptor_vpc_cidr
+ source = "cloudposse/vpc/aws"
+ version = "1.2.0"
+ attributes = ["acceptor"]
+ ipv4_primary_cidr_block = var.acceptor_vpc_cidr
context = module.this.context
}
module "acceptor_subnets" {
source = "cloudposse/dynamic-subnets/aws"
- version = "0.33.0"
+ version = "2.0.4"
availability_zones = var.availability_zones
attributes = ["acceptor"]
vpc_id = module.acceptor_vpc.vpc_id
- igw_id = module.acceptor_vpc.igw_id
- cidr_block = module.acceptor_vpc.vpc_cidr_block
+ igw_id = [module.acceptor_vpc.igw_id]
+ ipv4_cidr_block = [module.acceptor_vpc.vpc_cidr_block]
nat_gateway_enabled = false
nat_instance_enabled = false
@@ -55,6 +80,7 @@ module "vpc_peering" {
acceptor_allow_remote_vpc_dns_resolution = true
requestor_vpc_id = module.requestor_vpc.vpc_id
acceptor_vpc_id = module.acceptor_vpc.vpc_id
+ requestor_ignore_cidrs = [var.requestor_additional_ipv4_cidr_block]
create_timeout = "5m"
update_timeout = "5m"
delete_timeout = "10m"
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index 128d66e..1032c9d 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -1,6 +1,11 @@
output "requestor_vpc_cidr" {
value = module.requestor_vpc.vpc_cidr_block
- description = "Requestor VPC ID"
+ description = "Requestor VPC CIDR block"
+}
+
+output "requestor_vpc_additional_cidrs" {
+ value = module.requestor_vpc.additional_cidr_blocks
+ description = "Requestor VPC additional CIDR block associations"
}
output "requestor_public_subnet_cidrs" {
@@ -13,6 +18,11 @@ output "requestor_private_subnet_cidrs" {
description = "Requestor private subnet CIDRs"
}
+output "requestor_additional_subnet_cidrs" {
+ value = module.requestor_subnets_additional.private_subnet_cidrs
+ description = "Requestor additional subnet CIDRs"
+}
+
output "acceptor_vpc_cidr" {
value = module.acceptor_vpc.vpc_cidr_block
description = "Acceptor VPC ID"
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index e3165ba..e6c5646 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -17,3 +17,8 @@ variable "acceptor_vpc_cidr" {
type = string
description = "Acceptor VPC CIDR"
}
+
+variable "requestor_additional_ipv4_cidr_block" {
+ description = "An additional IPv4 CIDR block to associate with the VPC"
+ type = string
+}
diff --git a/main.tf b/main.tf
index 96d03b1..962db97 100644
--- a/main.tf
+++ b/main.tf
@@ -48,20 +48,29 @@ data "aws_route_tables" "acceptor" {
tags = var.acceptor_route_table_tags
}
+locals {
+ requestor_cidr_blocks = module.this.enabled ? tolist(setsubtract([
+ for k, v in data.aws_vpc.requestor.0.cidr_block_associations : v.cidr_block
+ ], var.requestor_ignore_cidrs)) : []
+ acceptor_cidr_blocks = module.this.enabled ? tolist(setsubtract([
+ for k, v in data.aws_vpc.acceptor.0.cidr_block_associations : v.cidr_block
+ ], var.acceptor_ignore_cidrs)) : []
+}
+
# Create routes from requestor to acceptor
resource "aws_route" "requestor" {
- count = module.this.enabled ? length(distinct(sort(data.aws_route_tables.requestor.0.ids))) * length(data.aws_vpc.acceptor.0.cidr_block_associations) : 0
- route_table_id = element(distinct(sort(data.aws_route_tables.requestor.0.ids)), ceil(count.index / length(data.aws_vpc.acceptor.0.cidr_block_associations)))
- destination_cidr_block = data.aws_vpc.acceptor.0.cidr_block_associations[count.index % length(data.aws_vpc.acceptor.0.cidr_block_associations)]["cidr_block"]
+ count = module.this.enabled ? length(distinct(sort(data.aws_route_tables.requestor.0.ids))) * length(local.acceptor_cidr_blocks) : 0
+ route_table_id = element(distinct(sort(data.aws_route_tables.requestor.0.ids)), ceil(count.index / length(local.acceptor_cidr_blocks)))
+ destination_cidr_block = local.acceptor_cidr_blocks[count.index % length(local.acceptor_cidr_blocks)]
vpc_peering_connection_id = join("", aws_vpc_peering_connection.default.*.id)
depends_on = [data.aws_route_tables.requestor, aws_vpc_peering_connection.default]
}
# Create routes from acceptor to requestor
resource "aws_route" "acceptor" {
- count = module.this.enabled ? length(distinct(sort(data.aws_route_tables.acceptor.0.ids))) * length(data.aws_vpc.requestor.0.cidr_block_associations) : 0
- route_table_id = element(distinct(sort(data.aws_route_tables.acceptor.0.ids)), ceil(count.index / length(data.aws_vpc.requestor.0.cidr_block_associations)))
- destination_cidr_block = data.aws_vpc.requestor.0.cidr_block_associations[count.index % length(data.aws_vpc.requestor.0.cidr_block_associations)]["cidr_block"]
+ count = module.this.enabled ? length(distinct(sort(data.aws_route_tables.acceptor.0.ids))) * length(local.requestor_cidr_blocks) : 0
+ route_table_id = element(distinct(sort(data.aws_route_tables.acceptor.0.ids)), ceil(count.index / length(local.requestor_cidr_blocks)))
+ destination_cidr_block = local.requestor_cidr_blocks[count.index % length(local.requestor_cidr_blocks)]
vpc_peering_connection_id = join("", aws_vpc_peering_connection.default.*.id)
depends_on = [data.aws_route_tables.acceptor, aws_vpc_peering_connection.default]
}
diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go
index 96b80fc..f2389a6 100644
--- a/test/src/examples_complete_test.go
+++ b/test/src/examples_complete_test.go
@@ -51,6 +51,11 @@ func TestExamplesComplete(t *testing.T) {
// Verify we're getting back the outputs we expect
assert.Equal(t, "172.16.0.0/16", requestorVpcCidr)
+ // Run `terraform output` to get the value of an output variable
+ requestorVpcAdditionalCidrs := terraform.OutputList(t, terraformOptions, "requestor_vpc_additional_cidrs")
+ // Verify we're getting back the outputs we expect
+ assert.Equal(t, []string{"100.64.0.0/16"}, requestorVpcAdditionalCidrs)
+
// Run `terraform output` to get the value of an output variable
requestorPrivateSubnetCidrs := terraform.OutputList(t, terraformOptions, "requestor_private_subnet_cidrs")
// Verify we're getting back the outputs we expect
@@ -61,6 +66,11 @@ func TestExamplesComplete(t *testing.T) {
// Verify we're getting back the outputs we expect
assert.Equal(t, []string{"172.16.96.0/19", "172.16.128.0/19"}, requestorPublicSubnetCidrs)
+ // Run `terraform output` to get the value of an output variable
+ requestorAdditionalSubnetCidrs := terraform.OutputList(t, terraformOptions, "requestor_additional_subnet_cidrs")
+ // Verify we're getting back the outputs we expect
+ assert.Equal(t, []string{"100.64.0.0/18", "100.64.64.0/18"}, requestorAdditionalSubnetCidrs)
+
// Run `terraform output` to get the value of an output variable
acceptorVpcCidr := terraform.Output(t, terraformOptions, "acceptor_vpc_cidr")
// Verify we're getting back the outputs we expect
diff --git a/variables.tf b/variables.tf
index 6e9fb64..c53135b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -69,3 +69,15 @@ variable "delete_timeout" {
description = "VPC peering connection delete timeout. For more details, see https://www.terraform.io/docs/configuration/resources.html#operation-timeouts"
default = "5m"
}
+
+variable "requestor_ignore_cidrs" {
+ type = list(string)
+ description = "A list of CIDR blocks from the requestor VPC to ignore"
+ default = []
+}
+
+variable "acceptor_ignore_cidrs" {
+ type = list(string)
+ description = "A list of CIDR blocks from the acceptor VPC to ignore"
+ default = []
+}