Merge pull request #174 from pablo19sc/main

Fixing var.azs & examples updates

Author: pablo19sc

contributing.md

@@ -1,85 +1,40 @@
-# Developer Documentation
+# Contributing Guidelines
 
-## Outputs Methodology
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
 
-This module organizes outputs by creating output collections of grouped entire resources. The benefit of this is that, most likely, attributes users want access to are already present without having to create new `output {}` for each possible attribute. The [potential] downside is that you will have to extract it yourself using HCL logic. See the [outputs.tf](https://github.com/aws-ia/terraform-aws-vpc/outputs.tf) for examples.
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
 
-Our naming convetion attempts to make the output content clear. `route_table_attributes_by_type_by_az` is a nested map of route table resource attributes grouped by their subnet type then by the az.  Example:
-```terraform
-route_table_attributes_by_type_by_az = {
-  "private" = {
-    "us-east-1a" = {
-      "id" = "rtb-0e77040c0598df003"
-      "route_table_id" = "rtb-0e77040c0598df003"
-      "tags" = tolist([
-        {
-          "key" = "Name"
-          "value" = "private-us-east-1a"
-        },
-      ])
-      "vpc_id" = "vpc-033e054f49409592a"
-    }
-    "us-east-1b" = {
-      ...
-    }
-  "public" = { ... }
-```
 
-## Adding new subnet types
+## Reporting Bugs/Feature Requests
 
-*Note: All subnet types **MUST** accept both `cidrs` and `netmask` arguments.*
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
-1. Updates to variables.tf
+When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-    1. Add new to `subnets` key variable validation:
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
 
-        ```terraform
-        validation {
-          error_message = "Only valid key values \"public\", \"private\", or \"transit_gateway\"."
-          condition = length(setsubtract(keys(var.subnets), [
-            "public",
-            "private",
-            "transit_gateway",
-            "<new type here>"
-          ])) == 0
-        }
-        ```
 
-    1. Specify keys allowed in new variable type map. Copy an existing one and edit the keys to match what you expect users to input:
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-        ```terraform
-        # All var.subnets.public valid keys
-        validation {
-          error_message = "Invalid key in public subnets. Valid options include: \"cidrs\", \"netmask\", \"name_prefix\", \"nat_gateway_configuration\", \"tags\"."
-          condition = length(setsubtract(keys(try(var.subnets.public, {})), [
-              "cidrs",
-              "netmask",
-              "name_prefix",
-              "nat_gateway_configuration",
-              "tags"
-          ])) == 0
-        }
-        ```
+1. You are working against the latest source on the *master* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
-   1. Include in description:
+To send us a pull request, please:
 
-      ```terraform
-        **private subnet type options:**
-          - All shared keys above
-          - `connect_to_public_natgw`  = (Optional|bool) <>
-      ```
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
 
-2. Write configuration code
-
-*Note: each for_each loop must account for if a user does not want to create the particular subnet type. Follow examples from other subnet types in main.tf*
-
-    * Create new `aws_subnet`
-    * Create new `aws_route_table`
-    * Create new `aws_route_table_association`
-    * Consider and create appropriate `aws_route`
-
-
-3. Create appropriate outputs
-
-    1. `output "<new subnet type>_subnet_attributes_by_az"`
-    1. add new type to `route_table_attributes_by_type_by_az`
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).

examples/advanced/.header.md

@@ -0,0 +1,11 @@
+# VPC module - Example: Advanced VPC
+
+This example builds an Amazon VPC with advanced functionality:
+
+* IPv4-only VPC.
+    * NAT gateway configured only in 1 AZ.
+* 4 VPC subnets - 1 public (dual-stack), 3 private (IPv4-only, dual-stack, and IPv6-only)
+    * Subnet CIDRs calculated to optimize IPv4 adress space (variable `optimize_subnet_cidr_ranges`)
+* Flow logs enabled (destination Amazon S3)
+* Secondary IPv4 CIDR block.
+* Routing - egress traffic through NAT gateways in private subnets (check also the configuration on NAT gateway routing when building the subnets with secondary CIDR block).

examples/advanced/README.md

@@ -0,0 +1,45 @@
+<!-- BEGIN_TF_DOCS -->
+# VPC module - Example: Advanced VPC
+
+This example builds an Amazon VPC with advanced functionality:
+
+* IPv4-only VPC.
+    * NAT gateway configured only in 1 AZ.
+* 4 VPC subnets - 1 public (dual-stack), 3 private (IPv4-only, dual-stack, and IPv6-only)
+    * Subnet CIDRs calculated to optimize IPv4 adress space (variable `optimize_subnet_cidr_ranges`)
+* Flow logs enabled (destination Amazon S3)
+* Secondary IPv4 CIDR block.
+* Routing - egress traffic through NAT gateways in private subnets (check also the configuration on NAT gateway routing when building the subnets with secondary CIDR block).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_secondary_cidr_block"></a> [secondary\_cidr\_block](#module\_secondary\_cidr\_block) | ../.. | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region. | `string` | `"eu-west-1"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/advanced/main.tf

@@ -0,0 +1,54 @@
+
+locals {
+  azs = ["eu-west-1a", "eu-west-1c"]
+}
+
+# ---------- AMAZON VPC ----------
+module "vpc" {
+  source = "../.."
+
+  name       = "advanced-example-vpc"
+  cidr_block = "10.0.0.0/16"
+  azs        = local.azs
+
+  optimize_subnet_cidr_ranges = true
+
+  subnets = {
+    public = {
+      netmask                   = 28
+      nat_gateway_configuration = "single_az"
+    }
+    private        = { netmask = 24 }
+    database       = { netmask = 27 }
+    infrastructure = { netmask = 28 }
+  }
+
+  vpc_flow_logs = {
+    log_destination_type = "s3"
+    destination_options = {
+      file_format = "parquet"
+    }
+  }
+}
+
+# ---------- VPC SECONDARY CIDR ----------
+module "secondary_cidr_block" {
+  source = "../.."
+
+  name               = "advanced-example-secondary-cidr"
+  vpc_id             = module.vpc.vpc_attributes.id
+  create_vpc         = false
+  vpc_secondary_cidr = true
+
+  cidr_block = "10.100.0.0/16"
+  azs        = [local.azs[0]]
+
+  vpc_secondary_cidr_natgw = { for k, v in module.vpc.nat_gateway_attributes_by_az : k => { id = v.id } }
+
+  subnets = {
+    private_secondary_cidr = {
+      netmask                 = 28
+      connect_to_public_natgw = true
+    }
+  }
+}

examples/ipv6/outputs.tf renamed to examples/advanced/outputs.tf

@@ -1,7 +1,7 @@
 
 variable "aws_region" {
-  description = "AWS Region."
   type        = string
+  description = "AWS Region."
 
-  default = "eu-west-2"
+  default = "eu-west-1"
 }

examples/provide_specific_azs/providers.tf renamed to examples/advanced/providers.tf

@@ -0,0 +1,12 @@
+# VPC module - Example: Basic VPC
+
+This example builds an Amazon VPC with basic functionality:
+
+* Dual-stack VPC (IPv4 & IPv6)
+    * Egress-only Internet gateway configured.
+* 4 VPC subnets - 1 public (dual-stack), 3 private (IPv4-only, dual-stack, and IPv6-only)
+    * NAT gateways placed in all the public subnets.
+* Flow logs enabled (destination Amazon CloudWatch)
+* Routing:
+    * IPv4 egress enabled in public subnets (through Internet gateway) and private subnets (through NAT gateways)
+    * IPv6 egress enabled in private subnets (through Egress-only Internet gateway)

examples/ipv6/variables.tf renamed to examples/advanced/variables.tf

@@ -0,0 +1,45 @@
+<!-- BEGIN_TF_DOCS -->
+# VPC module - Example: Basic VPC
+
+This example builds an Amazon VPC with basic functionality:
+
+* Dual-stack VPC (IPv4 & IPv6)
+    * Egress-only Internet gateway configured.
+* 4 VPC subnets - 1 public (dual-stack), 3 private (IPv4-only, dual-stack, and IPv6-only)
+    * NAT gateways placed in all the public subnets.
+* Flow logs enabled (destination Amazon CloudWatch)
+* Routing:
+    * IPv4 egress enabled in public subnets (through Internet gateway) and private subnets (through NAT gateways)
+    * IPv6 egress enabled in private subnets (through Egress-only Internet gateway)
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | ../.. | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region. | `string` | `"eu-west-1"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/basic/.header.md

@@ -1,34 +1,41 @@
 
-# VPC module
+# ---------- AMAZON VPC ----------
 module "vpc" {
   source = "../.."
 
-  name                                 = "vpc-ipv6-generated"
-  cidr_block                           = "10.0.0.0/16"
+  name       = "basic-example-vpc"
+  cidr_block = "10.0.0.0/16"
+  az_count   = 2
+
   vpc_assign_generated_ipv6_cidr_block = true
   vpc_egress_only_internet_gateway     = true
-  az_count                             = 2
 
   subnets = {
     public = {
       netmask                   = 24
       nat_gateway_configuration = "all_azs"
       assign_ipv6_cidr          = true
     }
-    ipv4 = {
+    private_ipv4_only = {
       netmask                 = 24
       connect_to_public_natgw = true
     }
-    dualstack = {
+    private_dualstack = {
       netmask                 = 24
       connect_to_public_natgw = true
       assign_ipv6_cidr        = true
       connect_to_eigw         = true
     }
-    ipv6 = {
-      ipv6_native      = true
+    private_ipv6_only = {
       assign_ipv6_cidr = true
+      ipv6_native      = true
       connect_to_eigw  = true
     }
   }
+
+  vpc_flow_logs = {
+    name_override        = "basic-vpc-flowlogs"
+    log_destination_type = "cloud-watch-logs"
+    retention_in_days    = 7
+  }
 }