From cc4e9ca66a33fb3acb3e7bda5d227d144094a215 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Sun, 23 Jun 2019 14:56:40 +0300 Subject: [PATCH 1/2] Add tags to VPC Endpoints - terraform 0.11.x --- README.md | 1 + main.tf | 40 ++++++++++++++++++++++++++++++++++++++++ variables.tf | 9 +++++++-- 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c72818a2e..2c6636096 100644 --- a/README.md +++ b/README.md @@ -377,6 +377,7 @@ Sometimes it is handy to have public access to Redshift clusters (for example if | ssmmessages\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint | list | `[]` | no | | ssmmessages\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | list | `[]` | no | | tags | A map of tags to add to all resources | map | `{}` | no | +| vpc\_endpoint\_tags | Additional tags for the VPC Endpoints | map | `{}` | no | | vpc\_tags | Additional tags for the VPC | map | `{}` | no | | vpn\_gateway\_id | ID of VPN Gateway to attach to the VPC | string | `""` | no | | vpn\_gateway\_tags | Additional tags for the VPN gateway | map | `{}` | no | diff --git a/main.tf b/main.tf index 03e9c42da..c3039347e 100644 --- a/main.tf +++ b/main.tf @@ -602,6 +602,8 @@ resource "aws_vpc_endpoint" "s3" { vpc_id = "${local.vpc_id}" service_name = "${data.aws_vpc_endpoint_service.s3.service_name}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } resource "aws_vpc_endpoint_route_table_association" "private_s3" { @@ -639,6 +641,8 @@ resource "aws_vpc_endpoint" "dynamodb" { vpc_id = "${local.vpc_id}" service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" { @@ -681,6 +685,8 @@ resource "aws_vpc_endpoint" "sqs" { security_group_ids = ["${var.sqs_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.sqs_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -702,6 +708,8 @@ resource "aws_vpc_endpoint" "ssm" { security_group_ids = ["${var.ssm_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ############################### @@ -723,6 +731,8 @@ resource "aws_vpc_endpoint" "ssmmessages" { security_group_ids = ["${var.ssmmessages_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -744,6 +754,8 @@ resource "aws_vpc_endpoint" "ec2" { security_group_ids = ["${var.ec2_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ############################### @@ -765,6 +777,8 @@ resource "aws_vpc_endpoint" "ec2messages" { security_group_ids = ["${var.ec2messages_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ########################### @@ -786,6 +800,8 @@ resource "aws_vpc_endpoint" "ecr_api" { security_group_ids = ["${var.ecr_api_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ########################### @@ -807,6 +823,8 @@ resource "aws_vpc_endpoint" "ecr_dkr" { security_group_ids = ["${var.ecr_dkr_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -828,6 +846,8 @@ resource "aws_vpc_endpoint" "apigw" { security_group_ids = ["${var.apigw_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -849,6 +869,8 @@ resource "aws_vpc_endpoint" "kms" { security_group_ids = ["${var.kms_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -870,6 +892,8 @@ resource "aws_vpc_endpoint" "ecs" { security_group_ids = ["${var.ecs_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -891,6 +915,8 @@ resource "aws_vpc_endpoint" "ecs_agent" { security_group_ids = ["${var.ecs_agent_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_agent_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -912,6 +938,8 @@ resource "aws_vpc_endpoint" "ecs_telemetry" { security_group_ids = ["${var.ecs_telemetry_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_telemetry_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -933,6 +961,8 @@ resource "aws_vpc_endpoint" "elasticloadbalancing" { security_group_ids = ["${var.elasticloadbalancing_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.elasticloadbalancing_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -954,6 +984,8 @@ resource "aws_vpc_endpoint" "sns" { security_group_ids = ["${var.sns_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.sns_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -975,6 +1007,8 @@ resource "aws_vpc_endpoint" "logs" { security_group_ids = ["${var.logs_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.logs_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -996,6 +1030,8 @@ resource "aws_vpc_endpoint" "cloudtrail" { security_group_ids = ["${var.cloudtrail_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.cloudtrail_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -1017,6 +1053,8 @@ resource "aws_vpc_endpoint" "monitoring" { security_group_ids = ["${var.monitoring_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.monitoring_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ####################### @@ -1038,6 +1076,8 @@ resource "aws_vpc_endpoint" "events" { security_group_ids = ["${var.events_endpoint_security_group_ids}"] subnet_ids = ["${coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.events_endpoint_private_dns_enabled}" + + tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ########################## diff --git a/variables.tf b/variables.tf index 523d028c2..d2f1591a7 100644 --- a/variables.tf +++ b/variables.tf @@ -709,6 +709,11 @@ variable "vpn_gateway_tags" { default = {} } +variable "vpc_endpoint_tags" { + description = "Additional tags for the VPC Endpoints" + default = {} +} + variable "enable_dhcp_options" { description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type" default = false @@ -827,7 +832,7 @@ variable "default_network_acl_ingress" { to_port = 0 protocol = "-1" cidr_block = "0.0.0.0/0" - }, + }, { rule_no = 101 action = "allow" @@ -849,7 +854,7 @@ variable "default_network_acl_egress" { to_port = 0 protocol = "-1" cidr_block = "0.0.0.0/0" - }, + }, { rule_no = 101 action = "allow" From fe9c0ae60e3d00a7f156f7dd68d23d77777e2fe2 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Fri, 19 Jul 2019 18:46:34 +0300 Subject: [PATCH 2/2] centralize vpce tag param --- main.tf | 43 ++++++++++++++++++++++--------------------- variables.tf | 4 ++-- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/main.tf b/main.tf index c3039347e..95cc5bdba 100644 --- a/main.tf +++ b/main.tf @@ -7,7 +7,8 @@ locals { nat_gateway_count = "${var.single_nat_gateway ? 1 : (var.one_nat_gateway_per_az ? length(var.azs) : local.max_subnet_length)}" # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! - vpc_id = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}" + vpc_id = "${element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, aws_vpc.this.*.id, list("")), 0)}" + vpce_tags = "${merge(var.tags, var.vpc_endpoint_tags)}" } ###### @@ -603,7 +604,7 @@ resource "aws_vpc_endpoint" "s3" { vpc_id = "${local.vpc_id}" service_name = "${data.aws_vpc_endpoint_service.s3.service_name}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } resource "aws_vpc_endpoint_route_table_association" "private_s3" { @@ -642,7 +643,7 @@ resource "aws_vpc_endpoint" "dynamodb" { vpc_id = "${local.vpc_id}" service_name = "${data.aws_vpc_endpoint_service.dynamodb.service_name}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } resource "aws_vpc_endpoint_route_table_association" "private_dynamodb" { @@ -686,7 +687,7 @@ resource "aws_vpc_endpoint" "sqs" { subnet_ids = ["${coalescelist(var.sqs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.sqs_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -709,7 +710,7 @@ resource "aws_vpc_endpoint" "ssm" { subnet_ids = ["${coalescelist(var.ssm_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ############################### @@ -732,7 +733,7 @@ resource "aws_vpc_endpoint" "ssmmessages" { subnet_ids = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -755,7 +756,7 @@ resource "aws_vpc_endpoint" "ec2" { subnet_ids = ["${coalescelist(var.ec2_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ############################### @@ -778,7 +779,7 @@ resource "aws_vpc_endpoint" "ec2messages" { subnet_ids = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ########################### @@ -801,7 +802,7 @@ resource "aws_vpc_endpoint" "ecr_api" { subnet_ids = ["${coalescelist(var.ecr_api_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecr_api_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ########################### @@ -824,7 +825,7 @@ resource "aws_vpc_endpoint" "ecr_dkr" { subnet_ids = ["${coalescelist(var.ecr_dkr_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecr_dkr_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -847,7 +848,7 @@ resource "aws_vpc_endpoint" "apigw" { subnet_ids = ["${coalescelist(var.apigw_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.apigw_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -870,7 +871,7 @@ resource "aws_vpc_endpoint" "kms" { subnet_ids = ["${coalescelist(var.kms_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.kms_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -893,7 +894,7 @@ resource "aws_vpc_endpoint" "ecs" { subnet_ids = ["${coalescelist(var.ecs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -916,7 +917,7 @@ resource "aws_vpc_endpoint" "ecs_agent" { subnet_ids = ["${coalescelist(var.ecs_agent_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_agent_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -939,7 +940,7 @@ resource "aws_vpc_endpoint" "ecs_telemetry" { subnet_ids = ["${coalescelist(var.ecs_telemetry_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.ecs_telemetry_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -962,7 +963,7 @@ resource "aws_vpc_endpoint" "elasticloadbalancing" { subnet_ids = ["${coalescelist(var.elasticloadbalancing_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.elasticloadbalancing_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -985,7 +986,7 @@ resource "aws_vpc_endpoint" "sns" { subnet_ids = ["${coalescelist(var.sns_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.sns_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -1008,7 +1009,7 @@ resource "aws_vpc_endpoint" "logs" { subnet_ids = ["${coalescelist(var.logs_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.logs_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -1031,7 +1032,7 @@ resource "aws_vpc_endpoint" "cloudtrail" { subnet_ids = ["${coalescelist(var.cloudtrail_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.cloudtrail_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -1054,7 +1055,7 @@ resource "aws_vpc_endpoint" "monitoring" { subnet_ids = ["${coalescelist(var.monitoring_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.monitoring_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ####################### @@ -1077,7 +1078,7 @@ resource "aws_vpc_endpoint" "events" { subnet_ids = ["${coalescelist(var.events_endpoint_subnet_ids, aws_subnet.private.*.id)}"] private_dns_enabled = "${var.events_endpoint_private_dns_enabled}" - tags = "${merge(var.tags, var.vpc_endpoint_tags)}" + tags = "${local.vpce_tags}" } ########################## diff --git a/variables.tf b/variables.tf index d2f1591a7..69779f93e 100644 --- a/variables.tf +++ b/variables.tf @@ -832,7 +832,7 @@ variable "default_network_acl_ingress" { to_port = 0 protocol = "-1" cidr_block = "0.0.0.0/0" - }, + }, { rule_no = 101 action = "allow" @@ -854,7 +854,7 @@ variable "default_network_acl_egress" { to_port = 0 protocol = "-1" cidr_block = "0.0.0.0/0" - }, + }, { rule_no = 101 action = "allow"