Refactor, added ec2 instance connect endpoint and added example for bootstrap routing (#2)

* refactored and added ec2 instance connect endpoint

* adjusted simple example

* added bootstrap routing example

* fmt

* docs update

Author: ishuar

.config/header.md

@@ -54,15 +54,15 @@ managed within the footer file
 module "simple_vpc" {
 
   source  = "ishuar/vpc/aws"
-  version = "~> 1.0"
+  version = "~> 2.0"
 
-  prefix                  = "simple"
-  env                     = "dev"
-  region                  = eu-central-1
-  cidr_block              = "10.1.0.0/16"
+  prefix     = "simple"
+  env        = "dev"
+  region     = "eu-central-1"
+  cidr_block = "10.1.0.0/16"
 
   ## Subnets
-  public_subnet = [
+  public_subnets = [
     {
       name              = "subnet01"
       cidr_block        = "10.1.1.0/24"
@@ -71,10 +71,11 @@ module "simple_vpc" {
     # {
     #   name              = "subnet02"
     #   cidr_block        = "10.1.3.0/24"
+    #   availability_zone = "eu-central-1b"
     # }
   ]
 
-  private_subnet = [
+  private_subnets = [
     {
       name              = "subnet01"
       cidr_block        = "10.1.2.0/24"
@@ -83,6 +84,7 @@ module "simple_vpc" {
     # {
     #   name              = "subnet02"
     #   cidr_block        = "10.1.4.0/24"
+    #   availability_zone = "eu-central-1b"
     # }
   ]
 }
@@ -94,5 +96,6 @@ module "simple_vpc" {
 Examples are availabe in `examples` directory.
 
 - [simple](/example/simple)
+- [bootstrap-routing](/example/bootstrap-routing)
 
 ## Submodule

CHANGELOG.md

@@ -2,7 +2,30 @@
 
 All notable changes to this project will be documented in this file.
 
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v2.0.0]
+
+### Breaking
+
+Change in variable definitions, Update them as following.
+
+- From `public_subnet`  to `public_subnets`
+- From `private_subnet` to `private_subnets`
+- From `private_routes` to `private_subnet_routes`
+- From `public_routes`  to `public_subnet_routes`
+
+### Features
+
+- Default route to Internet gateway in public Subnets.
+- Optional Configurable custom routes in public subnets.
+- Optional EC2 Instance Connect Endpoint in the first private subnet.
+
+### Added
+
+- Example for VPC with bootstrap routing.
+- Update Docs
 ## [v1.0.0]
 
 ### Added

Makefile

@@ -1,4 +1,9 @@
-.Phony: docs validate
+.Phony: docs validate format fmt
 
 docs:
-	terraform-docs .
+	terraform-docs .
+
+format:
+	terraform fmt -recursive
+
+fmt:format

README.md

@@ -1,11 +1,9 @@
-
 locals {
-  enable_private_routing = var.create_private_route_table
-  route_to_igw           = length(var.public_subnet) > 0 && var.use_created_igw_for_public_routing
+  route_to_igw = length(var.public_subnets) > 0 && var.use_created_igw_for_public_routing
 }
 
 resource "aws_route_table" "private" {
-  count = local.enable_private_routing ? 1 : 0
+  count = var.create_private_route_table ? 1 : 0
 
   vpc_id = aws_vpc.this.id
   tags = merge(var.tags,
@@ -15,7 +13,7 @@ resource "aws_route_table" "private" {
 }
 
 resource "aws_route_table" "public" {
-  count = length(var.public_subnet) > 0 ? 1 : 0
+  count = length(var.public_subnets) > 0 ? 1 : 0
 
   vpc_id = aws_vpc.this.id
   tags = merge(var.tags,
@@ -25,7 +23,7 @@ resource "aws_route_table" "public" {
 }
 
 resource "aws_route" "private" {
-  for_each = local.enable_private_routing ? var.private_routes : {}
+  for_each = var.create_private_route_table ? var.private_subnet_routes : {}
 
   route_table_id             = aws_route_table.private[0].id
   destination_cidr_block     = each.value.destination_cidr_block
@@ -39,25 +37,35 @@ resource "aws_route" "private" {
   vpc_peering_connection_id  = each.value.vpc_peering_connection_id
 }
 
+resource "aws_route" "public_subnet_default_to_igw" {
+  count = local.route_to_igw ? 1 : 0
+
+  route_table_id         = aws_route_table.public[0].id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.this[0].id
+}
+
 resource "aws_route" "public" {
-  for_each = length(var.public_subnet) > 0 ? var.public_routes : {}
+  for_each = length(var.public_subnets) > 0 ? var.public_subnet_routes : {}
 
   route_table_id             = aws_route_table.public[0].id
   destination_cidr_block     = each.value.destination_cidr_block
   destination_prefix_list_id = each.value.destination_prefix_list_id
-  gateway_id                 = local.route_to_igw ? aws_internet_gateway.this[0].id : each.value.gateway_id
-  egress_only_gateway_id     = each.value.egress_only_gateway_id
+  network_interface_id       = each.value.network_interface_id
+  vpc_peering_connection_id  = each.value.vpc_peering_connection_id
+  transit_gateway_id         = each.value.transit_gateway_id
+  vpc_endpoint_id            = each.value.vpc_endpoint_id
+  carrier_gateway_id         = each.value.carrier_gateway_id
 }
 
 resource "aws_route_table_association" "private" {
-  for_each       = { for subnet in var.private_subnet : subnet.name => subnet if local.enable_private_routing }
+  for_each       = { for subnet in var.private_subnets : subnet.name => subnet if var.create_private_route_table }
   subnet_id      = aws_subnet.private_subnet[(each.value.name)].id
   route_table_id = aws_route_table.private[0].id
 }
 
 resource "aws_route_table_association" "public" {
-  for_each       = { for subnet in var.public_subnet : subnet.name => subnet if(length(var.public_subnet) > 0) }
+  for_each       = { for subnet in var.public_subnets : subnet.name => subnet if(length(var.public_subnets) > 0) }
   subnet_id      = aws_subnet.public_subnet[(each.value.name)].id
   route_table_id = aws_route_table.public[0].id
 }
-

bootstrap-routing.tf

@@ -0,0 +1,11 @@
+formatter: md
+header-from: "./.config/header.md"
+footer-from: "./.config/footer.md"
+output:
+  file: README.md
+  mode: replace
+  template: |-
+    {{ .Content }}
+sort:
+  enabled: true
+  by: required

examples/bootstrap-routing/.config/.terraform-docs.yml

@@ -0,0 +1,3 @@
+## License
+
+MIT License. See [LICENSE](https://github.com/ishuar/terraform-aws-vpc/blob/main/LICENSE) for full details.

examples/bootstrap-routing/.config/footer.md

@@ -0,0 +1,29 @@
+# Bootstrap Routing VPC
+
+Configuration in this directory creates following components
+
+- VPC
+- Public and Private Subnets as defined.
+- Nat Gateway and respective Elastic IP out of module scope.
+- Public and Private Route Tables.
+- Default route to internet Gateway for Public Subnets.
+- Default route to nat gateway in private subnets.
+
+Routing has to be adjusted as required.
+
+## Usage
+
+To run this example you need to execute:
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+## Destroying Resources
+
+To destroy the resources created by this Terraform configuration, run the following command.
+
+```bash
+terraform destroy -auto-approve # ignore "-auto-approve" if you don't want to autoapprove.
+```

examples/bootstrap-routing/.config/header.md

@@ -0,0 +1 @@
+include ../../Makefile