Update variables definitions

Author: sebastianczech

README.md

@@ -472,8 +472,6 @@ No modules.
 | <a name="input_flow_log_traffic_type"></a> [flow\_log\_traffic\_type](#input\_flow\_log\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL | `string` | `"ALL"` | no |
 | <a name="input_igw_tags"></a> [igw\_tags](#input\_igw\_tags) | Additional tags for the internet gateway | `map(string)` | `{}` | no |
 | <a name="input_instance_tenancy"></a> [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
-| <a name="input_internet_gateway_block_enabled"></a> [internet\_gateway\_block\_enabled](#input\_internet\_gateway\_block\_enabled) | Enable AWS VPC Block Public Access Options. Default is `false` | `bool` | `false` | no |
-| <a name="input_internet_gateway_block_mode"></a> [internet\_gateway\_block\_mode](#input\_internet\_gateway\_block\_mode) | Block mode. Needs to be one of `block-bidirectional`, `block-ingress`, `off`. Default is `off` | `string` | `"off"` | no |
 | <a name="input_intra_acl_tags"></a> [intra\_acl\_tags](#input\_intra\_acl\_tags) | Additional tags for the intra subnets network ACL | `map(string)` | `{}` | no |
 | <a name="input_intra_dedicated_network_acl"></a> [intra\_dedicated\_network\_acl](#input\_intra\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for intra subnets | `bool` | `false` | no |
 | <a name="input_intra_inbound_acl_rules"></a> [intra\_inbound\_acl\_rules](#input\_intra\_inbound\_acl\_rules) | Intra subnets inbound network ACLs | `list(map(string))` | <pre>[<br/>  {<br/>    "cidr_block": "0.0.0.0/0",<br/>    "from_port": 0,<br/>    "protocol": "-1",<br/>    "rule_action": "allow",<br/>    "rule_number": 100,<br/>    "to_port": 0<br/>  }<br/>]</pre> | no |
@@ -586,6 +584,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_use_ipam_pool"></a> [use\_ipam\_pool](#input\_use\_ipam\_pool) | Determines whether IPAM pool is used for CIDR allocation | `bool` | `false` | no |
 | <a name="input_vpc_block_public_access_exclusions"></a> [vpc\_block\_public\_access\_exclusions](#input\_vpc\_block\_public\_access\_exclusions) | List of VPC Block Public Access Exclusions | `map(any)` | `{}` | no |
+| <a name="input_vpc_block_public_access_options"></a> [vpc\_block\_public\_access\_options](#input\_vpc\_block\_public\_access\_options) | Map of VPC Block Public Access Options | `map(string)` | `{}` | no |
 | <a name="input_vpc_flow_log_iam_policy_name"></a> [vpc\_flow\_log\_iam\_policy\_name](#input\_vpc\_flow\_log\_iam\_policy\_name) | Name of the IAM policy | `string` | `"vpc-flow-log-to-cloudwatch"` | no |
 | <a name="input_vpc_flow_log_iam_policy_use_name_prefix"></a> [vpc\_flow\_log\_iam\_policy\_use\_name\_prefix](#input\_vpc\_flow\_log\_iam\_policy\_use\_name\_prefix) | Determines whether the name of the IAM policy (`vpc_flow_log_iam_policy_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_vpc_flow_log_iam_role_name"></a> [vpc\_flow\_log\_iam\_role\_name](#input\_vpc\_flow\_log\_iam\_role\_name) | Name to use on the VPC Flow Log IAM role created | `string` | `"vpc-flow-log-role"` | no |

examples/block-public-access/README.md

@@ -73,13 +73,13 @@ aws ec2 --region eu-west-1 describe-vpc-block-public-access-exclusions --exclusi
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.46 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.79 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.46 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.79 |
 
 ## Modules
 

examples/block-public-access/main.tf

@@ -32,8 +32,9 @@ module "vpc" {
   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
 
   ### VPC Block Public Access Options
-  # internet_gateway_block_enabled = true
-  # internet_gateway_block_mode    = "block-bidirectional"
+  vpc_block_public_access_options = {
+    internet_gateway_block_mode = "block-bidirectional"
+  }
 
   ### VPC Block Public Access Exclusion at the VPC level
   # vpc_block_public_access_exclusions = {

main.tf

@@ -60,13 +60,13 @@ resource "aws_vpc_ipv4_cidr_block_association" "this" {
 }
 
 resource "aws_vpc_block_public_access_options" "this" {
-  count = local.create_vpc && length(keys(var.vpc_block_public_access_options)) ? 1 : 0
+  count = local.create_vpc && length(keys(var.vpc_block_public_access_options)) > 0 ? 1 : 0
 
   internet_gateway_block_mode = try(var.vpc_block_public_access_options["internet_gateway_block_mode"], null)
 }
 
 resource "aws_vpc_block_public_access_exclusion" "this" {
-  for_each = {for k, v in var.vpc_block_public_access_exclusions: k => v if local.create_vpc}
+  for_each = { for k, v in var.vpc_block_public_access_exclusions : k => v if local.create_vpc }
 
   vpc_id = lookup(each.value, "exclude_vpc", false) ? local.vpc_id : null
 

variables.tf

@@ -116,16 +116,10 @@ variable "tags" {
   default     = {}
 }
 
-variable "internet_gateway_block_enabled" {
-  description = "Enable AWS VPC Block Public Access Options. Default is `false`"
-  type        = bool
-  default     = false
-}
-
-variable "internet_gateway_block_mode" {
-  description = "Block mode. Needs to be one of `block-bidirectional`, `block-ingress`, `off`. Default is `off`"
-  type        = string
-  default     = "off"
+variable "vpc_block_public_access_options" {
+  description = "Map of VPC Block Public Access Options"
+  type        = map(string)
+  default     = {}
 }
 
 variable "vpc_block_public_access_exclusions" {