v2.4.2

🚀 Enhancements

chore(deps): update terraform cloudposse/utils/aws to v1.4.0 (main) @renovate (#191)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	minor	1.3.0 -> 1.4.0

---

Release Notes

cloudposse/terraform-aws-utils (cloudposse/utils/aws)

v1.4.0

Compare Source

Add il-central-1 region @​jasonmk (#​31)

what

Add new Tel Aviv (il-central-1) region

why

Provide full coverage

references

Sync github @​max-lobur (#​27)

Rebuild github dir from the template

---

🤖 Automatic Updates

chore(deps): update terraform cloudposse/utils/aws to v1.4.0 (main) @renovate (#191)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	minor	1.3.0 -> 1.4.0

---

Release Notes

cloudposse/terraform-aws-utils (cloudposse/utils/aws)

v1.4.0

Compare Source

Add il-central-1 region @​jasonmk (#​31)

what

Add new Tel Aviv (il-central-1) region

why

Provide full coverage

references

Sync github @​max-lobur (#​27)

Rebuild github dir from the template

---

Update README.md and docs @cloudpossebot (#189)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v2.4.1

🚀 Enhancements

Add subnet ARNs to outputs @Nuru (#188)

what

• Add subnet ARNs to outputs

why

• Closes #171

v2.4.0

Update dependencies, remove deprecation, add NACL example @Nuru (#184)

Note

Dropping support for deprecated EC2-Classic

With this release, EIPs allocated for NAT ingress are allocated in the default domain. This most likely does not affect you, but for accounts created before 2013-12-04 (almost 10 years ago as of this writing), the default domain could be EC2-Classic rather than the current VPC. Previously this module forced the EIPs to be in the VPC domain, but the breaking changes between AWS Provider v4 and v5 make that difficult.

If you find yourself in the rare situation where the EIPs allocated by this module are in EC2-Classic but you want them in VPC, then create the EIPs outside of this module and supply them to this module via nat_elastic_ips.

Custom NACLs

This release includes an example (examples/nacls/) showing how to create custom NACLs in conjunction with this module. Note that by default, this module creates wide-open NACLs, and subnets can only have one NACL associated with them. If you try to add a NACL to a subnet without disabling the default NACLs, you may get a possibly confusing error like:

│ Error: creating EC2 Network ACL: creating EC2 Network ACL (acl-0376c5f12dd9d784d) Association: InvalidAssociationID.NotFound: The association ID 'aclassoc-0818d5a9e3876a2bb' does not exist

See hashicorp/terraform-provider-aws#31888

what

• Make appropriate inputs non-nullable (treat an input of null as meaning "default")
• Remove aws_eip vpc = true
• Update terraform cloudposse/utils/aws to v1.3.0 (Supersedes and closes #182)
• Add example of how to add custom NACLs to subnets created by this module (Supersedes and closes #176)
• Update tests and test framework

why

• Allow better, more consistent configuration
• Deprecated
• Include support for new AWS regions
• Encourage composition of modules and resources rather than aggregation of functionality into bloated modules (c.f. #176)
• Stay current with features, bug fixes, and security updates

references

• Terraform AWS Provider Version 5 Upgrade Guide: aws_eip
• Disallowing Null Input Values
• EC2 Classic

v2.3.0

tfsec ignores added/fixed @davenicoll (#177)

what

• Changed tfsec ignore comments to use the rule name, rather than deprecated IDs
• Added ignores to public and private so that tfsec passes the module without CRITICAL issues

why

• tfsec no longer supports #tfsec:ignore:AWS012 style comments
• False positives generated by this module have been ignored

Fix tflint @max-lobur (#180)

what

Fix tflint

why

Maintenance

Sync github @max-lobur (#179)

Rebuild github dir from the template

v2.2.0

• No changes

v2.1.0

Multiple subnets per AZ. Named subnets @aknysh (#174)

what

• Allow provisioning multiple subnets per AZ (the number of subnets per AZ is specified in the subnets_per_az_count variable). If subnets_per_az_count is set to 1 (default), it's backwards compatible with the previous functionality (one subnet of each type, private and public, per AZ)
• Allow named subnets (specified in the subnets_per_az_names variable)

why

• Multiple subnets per AZ are useful in many cases:
  • In a VPC, provision a dedicated subnet for services, backend and database
  • For AWS Network Firewall, a dedicated subnet in each AZ is required. When a Transit Gateway is used, we provision tgw subnet and firewall subnets in each AZ
• Named subnets are useful to easily find particular subnets IDs and route table IDs (both public and private) from the module outputs, e.g. to find all subnets and route tables for tgw, firewall, database, services, backend, etc.

test

Using the following settings:

availability_zones = ["us-east-2a", "us-east-2b"]
subnets_per_az_count = 3
subnets_per_az_names = ["services", "backend", "db"]

The outputs:

az_private_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-05cbce79950652f38",
    "rtb-03a545f25ef6ce3f9",
    "rtb-0ef8d1698f424e77b",
  ]
  "us-east-2b" = [
    "rtb-076348138f550ebab",
    "rtb-0bd3baf8916948c3f",
    "rtb-01533922e675db6b6",
  ]
}
az_private_subnets_map = {
  "us-east-2a" = [
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0393680d8ea3dd70f",
    "subnet-0a7c4b117b2105a69",
  ]
  "us-east-2b" = [
    "subnet-0f6d042c659cc1346",
    "subnet-06764c7316567eacc",
    "subnet-074fd7ad2b902bec2",
  ]
}
az_public_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
  "us-east-2b" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
}
az_public_subnets_map = {
  "us-east-2a" = [
    "subnet-05647fc1f31a30896",
    "subnet-03e27e41e0b818080",
    "subnet-04e5d57b1e2035c7c",
  ]
  "us-east-2b" = [
    "subnet-01cc440339718014e",
    "subnet-00155e6b64925ba51",
    "subnet-0a326693cfee8e68d",
  ]
}
named_private_route_table_ids_map = {
  "backend" = tolist([
    "rtb-03a545f25ef6ce3f9",
    "rtb-0bd3baf8916948c3f",
  ])
  "db" = tolist([
    "rtb-0ef8d1698f424e77b",
    "rtb-01533922e675db6b6",
  ])
  "services" = tolist([
    "rtb-05cbce79950652f38",
    "rtb-076348138f550ebab",
  ])
}
named_private_subnets_map = {
  "backend" = tolist([
    "subnet-0393680d8ea3dd70f",
    "subnet-06764c7316567eacc",
  ])
  "db" = tolist([
    "subnet-0a7c4b117b2105a69",
    "subnet-074fd7ad2b902bec2",
  ])
  "services" = tolist([
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0f6d042c659cc1346",
  ])
}
named_private_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-03a545f25ef6ce3f9"
      "subnet_id" = "subnet-0393680d8ea3dd70f"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0bd3baf8916948c3f"
      "subnet_id" = "subnet-06764c7316567eacc"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0ef8d1698f424e77b"
      "subnet_id" = "subnet-0a7c4b117b2105a69"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-01533922e675db6b6"
      "subnet_id" = "subnet-074fd7ad2b902bec2"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-05cbce79950652f38"
      "subnet_id" = "subnet-02c63d0c0c2f84bf5"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-076348138f550ebab"
      "subnet_id" = "subnet-0f6d042c659cc1346"
    },
  ]
}
named_public_route_table_ids_map = {
  "backend" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "db" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "services" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
}
named_public_subnets_map = {
  "backend" = tolist([
    "subnet-03e27e41e0b818080",
    "subnet-00155e6b64925ba51",
  ])
  "db" = tolist([
    "subnet-04e5d57b1e2035c7c",
    "subnet-0a326693cfee8e68d",
  ])
  "services" = tolist([
    "subnet-05647fc1f31a30896",
    "subnet-01cc440339718014e",
  ])
}
named_public_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-03e27e41e0b818080"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-00155e6b64925ba51"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-04e5d57b1e2035c7c"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-0a326693cfee8e68d"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-05647fc1f31a30896"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-01cc440339718014e"
    },
  ]
}
private_route_table_ids = [
  "rtb-05cbce79950652f38",
  "rtb-03a545f25ef6ce3f9",
  "rtb-0ef8d1698f424e77b",
  "rtb-076348138f550ebab",
  "rtb-0bd3baf8916948c3f",
  "rtb-01533922e675db6b6",
]
private_subnet_cidrs = tolist([
  "172.16.0.0/21",
  "172.16.8.0/21",
  "172.16.16.0/21",
  "172.16.24.0/21",
  "172.16.32.0/21",
  "172.16.40.0/21",
])
public_subnet_cidrs = tolist([
  "172.16.72.0/21",
  "172.16.80.0/21",
  "172.16.88.0/21",
  "172.16.96.0/21",
  "172.16.104.0/21",
  "172.16.112.0/21",
])

v2.0.4

🚀 Enhancements

chore(deps): update terraform cloudposse/utils/aws to v1.1.0 @renovate (#169)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	minor	1.0.0 -> 1.1.0

---

🤖 Automatic Updates

chore(deps): update terraform cloudposse/utils/aws to v1.1.0 @renovate (#169)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	minor	1.0.0 -> 1.1.0

---

v2.0.3

🚀 Enhancements

docs: update ipv4_cidr_block to a list @morremeyer (#167)

what

• Updates documentation for ipv4_cidr_block

why

• The current documentation is wrong

additional info

I tried to run make init && make readme to generate the README, however make readme fails with:

❯ make readme
* Package gomplate already installed
* Package terraform-docs already installed
make: gomplate: No such file or directory
make: *** [readme/build] Error 1

on my machine. (MacBook Pro, macOS Monterey 12.4)

v2.0.2

🤖 Automatic Updates

chore(deps): update terraform cloudposse/utils/aws to v1 @renovate (#164)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/utils/aws (source)	module	major	0.8.1 -> 1.0.0

---

v2.0.1

🐛 Bug Fixes

Fix public-only subnets @Nuru (#162)

what

• Fix configuration of public subnets when private subnets are not created

why

• Bug fix

Create public subnets only when `public_subnets_enabled` is `true` @triThirty (#163)

what

To check if create public subnet when set public_subnets_enabled false

why

Currently, when set set public_subnets_enabled false, module still creates public subnet, according to the logic of creating private subnet, there should be a check if public_subnets_enabled is false, not creating public subnet.

references

Slack thread: https://sweetops.slack.com/archives/CCT1E7JJY/p1652862041154429