enahnacement: update timeouts, variables, and outputs for vpc-endpoints module

Author: kiranmane007

modules/vpc-endpoints/main.tf

@@ -63,9 +63,9 @@ resource "aws_vpc_endpoint" "this" {
   )
 
   timeouts {
-    create = try(var.timeouts.create, "10m")
-    update = try(var.timeouts.update, "10m")
-    delete = try(var.timeouts.delete, "10m")
+    create = var.timeouts.create
+    update = var.timeouts.update
+    delete = var.timeouts.delete
   }
 }
 
@@ -75,6 +75,8 @@ resource "aws_vpc_endpoint" "this" {
 
 resource "aws_security_group" "this" {
   count = var.create && var.create_security_group ? 1 : 0
+  # In future if need to support multiple security groups.
+  # for_each = var.create && var.create_security_group ? [1] : []
 
   name        = var.security_group_name
   name_prefix = var.security_group_name_prefix

modules/vpc-endpoints/outputs.tf

@@ -15,4 +15,5 @@ output "security_group_arn" {
 output "security_group_id" {
   description = "ID of the security group"
   value       = try(aws_security_group.this[0].id, null)
+  sensitive = true
 }

modules/vpc-endpoints/variables.tf

@@ -36,7 +36,11 @@ variable "tags" {
 
 variable "timeouts" {
   description = "Define maximum timeout for creating, updating, and deleting VPC endpoint resources"
-  type        = map(string)
+  type        = object({
+    create = optional(string, "10m")
+    update = optional(string, "10m")
+    delete = optional(string, "10m")
+  })
   default     = {}
 }
 
@@ -54,6 +58,11 @@ variable "security_group_name" {
   description = "Name to use on security group created. Conflicts with `security_group_name_prefix`"
   type        = string
   default     = null
+
+  validation {
+    condition = var.security_group_name == null || var.security_group_name_prefix == null
+    error_message = "only one of security_group_name or security_group_name_prefix can be set."
+    }
 }
 
 variable "security_group_name_prefix" {