diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 837f4598..626bd79c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.99.0
+ rev: v1.99.5
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index da248237..11d93952 100644
--- a/README.md
+++ b/README.md
@@ -579,6 +579,7 @@ No modules.
| [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no |
| [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no |
| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |
+| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
| [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
| [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
index 618aa2c1..83b32c1a 100644
--- a/main.tf
+++ b/main.tf
@@ -28,6 +28,8 @@ locals {
resource "aws_vpc" "this" {
count = local.create_vpc ? 1 : 0
+ region = var.region
+
cidr_block = var.use_ipam_pool ? null : var.cidr
ipv4_ipam_pool_id = var.ipv4_ipam_pool_id
ipv4_netmask_length = var.ipv4_netmask_length
@@ -53,6 +55,8 @@ resource "aws_vpc" "this" {
resource "aws_vpc_ipv4_cidr_block_association" "this" {
count = local.create_vpc && length(var.secondary_cidr_blocks) > 0 ? length(var.secondary_cidr_blocks) : 0
+ region = var.region
+
# Do not turn this into `local.vpc_id`
vpc_id = aws_vpc.this[0].id
@@ -62,12 +66,16 @@ resource "aws_vpc_ipv4_cidr_block_association" "this" {
resource "aws_vpc_block_public_access_options" "this" {
count = local.create_vpc && length(keys(var.vpc_block_public_access_options)) > 0 ? 1 : 0
+ region = var.region
+
internet_gateway_block_mode = try(var.vpc_block_public_access_options["internet_gateway_block_mode"], null)
}
resource "aws_vpc_block_public_access_exclusion" "this" {
for_each = { for k, v in var.vpc_block_public_access_exclusions : k => v if local.create_vpc }
+ region = var.region
+
vpc_id = try(each.value.exclude_vpc, false) ? local.vpc_id : null
subnet_id = try(each.value.exclude_subnet, false) ? lookup(
@@ -99,6 +107,8 @@ resource "aws_vpc_block_public_access_exclusion" "this" {
resource "aws_vpc_dhcp_options" "this" {
count = local.create_vpc && var.enable_dhcp_options ? 1 : 0
+ region = var.region
+
domain_name = var.dhcp_options_domain_name
domain_name_servers = var.dhcp_options_domain_name_servers
ntp_servers = var.dhcp_options_ntp_servers
@@ -116,6 +126,8 @@ resource "aws_vpc_dhcp_options" "this" {
resource "aws_vpc_dhcp_options_association" "this" {
count = local.create_vpc && var.enable_dhcp_options ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
dhcp_options_id = aws_vpc_dhcp_options.this[0].id
}
@@ -131,6 +143,8 @@ locals {
resource "aws_subnet" "public" {
count = local.create_public_subnets && (!var.one_nat_gateway_per_az || local.len_public_subnets >= length(var.azs)) ? local.len_public_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.public_subnet_ipv6_native ? true : var.public_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -164,6 +178,8 @@ locals {
resource "aws_route_table" "public" {
count = local.create_public_subnets ? local.num_public_route_tables : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -181,6 +197,8 @@ resource "aws_route_table" "public" {
resource "aws_route_table_association" "public" {
count = local.create_public_subnets ? local.len_public_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.public[*].id, count.index)
route_table_id = element(aws_route_table.public[*].id, var.create_multiple_public_route_tables ? count.index : 0)
}
@@ -188,6 +206,8 @@ resource "aws_route_table_association" "public" {
resource "aws_route" "public_internet_gateway" {
count = local.create_public_subnets && var.create_igw ? local.num_public_route_tables : 0
+ region = var.region
+
route_table_id = aws_route_table.public[count.index].id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.this[0].id
@@ -200,6 +220,8 @@ resource "aws_route" "public_internet_gateway" {
resource "aws_route" "public_internet_gateway_ipv6" {
count = local.create_public_subnets && var.create_igw && var.enable_ipv6 ? local.num_public_route_tables : 0
+ region = var.region
+
route_table_id = aws_route_table.public[count.index].id
destination_ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.this[0].id
@@ -212,6 +234,8 @@ resource "aws_route" "public_internet_gateway_ipv6" {
resource "aws_network_acl" "public" {
count = local.create_public_subnets && var.public_dedicated_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.public[*].id
@@ -225,6 +249,8 @@ resource "aws_network_acl" "public" {
resource "aws_network_acl_rule" "public_inbound" {
count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.public[0].id
egress = false
@@ -242,6 +268,8 @@ resource "aws_network_acl_rule" "public_inbound" {
resource "aws_network_acl_rule" "public_outbound" {
count = local.create_public_subnets && var.public_dedicated_network_acl ? length(var.public_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.public[0].id
egress = true
@@ -267,6 +295,8 @@ locals {
resource "aws_subnet" "private" {
count = local.create_private_subnets ? local.len_private_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.private_subnet_ipv6_native ? true : var.private_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -296,6 +326,8 @@ resource "aws_subnet" "private" {
resource "aws_route_table" "private" {
count = local.create_private_subnets && local.max_subnet_length > 0 ? local.nat_gateway_count : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -313,6 +345,8 @@ resource "aws_route_table" "private" {
resource "aws_route_table_association" "private" {
count = local.create_private_subnets ? local.len_private_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.private[*].id, count.index)
route_table_id = element(
aws_route_table.private[*].id,
@@ -331,6 +365,8 @@ locals {
resource "aws_network_acl" "private" {
count = local.create_private_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.private[*].id
@@ -344,6 +380,8 @@ resource "aws_network_acl" "private" {
resource "aws_network_acl_rule" "private_inbound" {
count = local.create_private_network_acl ? length(var.private_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.private[0].id
egress = false
@@ -361,6 +399,8 @@ resource "aws_network_acl_rule" "private_inbound" {
resource "aws_network_acl_rule" "private_outbound" {
count = local.create_private_network_acl ? length(var.private_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.private[0].id
egress = true
@@ -387,6 +427,8 @@ locals {
resource "aws_subnet" "database" {
count = local.create_database_subnets ? local.len_database_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.database_subnet_ipv6_native ? true : var.database_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -414,6 +456,8 @@ resource "aws_subnet" "database" {
resource "aws_db_subnet_group" "database" {
count = local.create_database_subnets && var.create_database_subnet_group ? 1 : 0
+ region = var.region
+
name = lower(coalesce(var.database_subnet_group_name, var.name))
description = "Database subnet group for ${var.name}"
subnet_ids = aws_subnet.database[*].id
@@ -430,6 +474,8 @@ resource "aws_db_subnet_group" "database" {
resource "aws_route_table" "database" {
count = local.create_database_route_table ? var.single_nat_gateway || var.create_database_internet_gateway_route ? 1 : local.len_database_subnets : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -447,6 +493,8 @@ resource "aws_route_table" "database" {
resource "aws_route_table_association" "database" {
count = local.create_database_subnets ? local.len_database_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.database[*].id, count.index)
route_table_id = element(
coalescelist(aws_route_table.database[*].id, aws_route_table.private[*].id),
@@ -457,6 +505,8 @@ resource "aws_route_table_association" "database" {
resource "aws_route" "database_internet_gateway" {
count = local.create_database_route_table && var.create_igw && var.create_database_internet_gateway_route && !var.create_database_nat_gateway_route ? 1 : 0
+ region = var.region
+
route_table_id = aws_route_table.database[0].id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.this[0].id
@@ -469,6 +519,8 @@ resource "aws_route" "database_internet_gateway" {
resource "aws_route" "database_nat_gateway" {
count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0
+ region = var.region
+
route_table_id = element(aws_route_table.database[*].id, count.index)
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
@@ -481,6 +533,8 @@ resource "aws_route" "database_nat_gateway" {
resource "aws_route" "database_dns64_nat_gateway" {
count = local.create_database_route_table && !var.create_database_internet_gateway_route && var.create_database_nat_gateway_route && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? var.single_nat_gateway ? 1 : local.len_database_subnets : 0
+ region = var.region
+
route_table_id = element(aws_route_table.database[*].id, count.index)
destination_ipv6_cidr_block = "64:ff9b::/96"
nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
@@ -493,6 +547,8 @@ resource "aws_route" "database_dns64_nat_gateway" {
resource "aws_route" "database_ipv6_egress" {
count = local.create_database_route_table && var.create_egress_only_igw && var.enable_ipv6 && var.create_database_internet_gateway_route ? 1 : 0
+ region = var.region
+
route_table_id = aws_route_table.database[0].id
destination_ipv6_cidr_block = "::/0"
egress_only_gateway_id = aws_egress_only_internet_gateway.this[0].id
@@ -513,6 +569,8 @@ locals {
resource "aws_network_acl" "database" {
count = local.create_database_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.database[*].id
@@ -526,6 +584,8 @@ resource "aws_network_acl" "database" {
resource "aws_network_acl_rule" "database_inbound" {
count = local.create_database_network_acl ? length(var.database_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.database[0].id
egress = false
@@ -543,6 +603,8 @@ resource "aws_network_acl_rule" "database_inbound" {
resource "aws_network_acl_rule" "database_outbound" {
count = local.create_database_network_acl ? length(var.database_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.database[0].id
egress = true
@@ -569,6 +631,8 @@ locals {
resource "aws_subnet" "redshift" {
count = local.create_redshift_subnets ? local.len_redshift_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.redshift_subnet_ipv6_native ? true : var.redshift_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -596,6 +660,8 @@ resource "aws_subnet" "redshift" {
resource "aws_redshift_subnet_group" "redshift" {
count = local.create_redshift_subnets && var.create_redshift_subnet_group ? 1 : 0
+ region = var.region
+
name = lower(coalesce(var.redshift_subnet_group_name, var.name))
description = "Redshift subnet group for ${var.name}"
subnet_ids = aws_subnet.redshift[*].id
@@ -610,6 +676,8 @@ resource "aws_redshift_subnet_group" "redshift" {
resource "aws_route_table" "redshift" {
count = local.create_redshift_route_table ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -622,6 +690,8 @@ resource "aws_route_table" "redshift" {
resource "aws_route_table_association" "redshift" {
count = local.create_redshift_subnets && !var.enable_public_redshift ? local.len_redshift_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.redshift[*].id, count.index)
route_table_id = element(
coalescelist(aws_route_table.redshift[*].id, aws_route_table.private[*].id),
@@ -632,6 +702,8 @@ resource "aws_route_table_association" "redshift" {
resource "aws_route_table_association" "redshift_public" {
count = local.create_redshift_subnets && var.enable_public_redshift ? local.len_redshift_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.redshift[*].id, count.index)
route_table_id = element(
coalescelist(aws_route_table.redshift[*].id, aws_route_table.public[*].id),
@@ -650,6 +722,8 @@ locals {
resource "aws_network_acl" "redshift" {
count = local.create_redshift_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.redshift[*].id
@@ -663,6 +737,8 @@ resource "aws_network_acl" "redshift" {
resource "aws_network_acl_rule" "redshift_inbound" {
count = local.create_redshift_network_acl ? length(var.redshift_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.redshift[0].id
egress = false
@@ -680,6 +756,8 @@ resource "aws_network_acl_rule" "redshift_inbound" {
resource "aws_network_acl_rule" "redshift_outbound" {
count = local.create_redshift_network_acl ? length(var.redshift_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.redshift[0].id
egress = true
@@ -706,6 +784,8 @@ locals {
resource "aws_subnet" "elasticache" {
count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.elasticache_subnet_ipv6_native ? true : var.elasticache_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -733,6 +813,8 @@ resource "aws_subnet" "elasticache" {
resource "aws_elasticache_subnet_group" "elasticache" {
count = local.create_elasticache_subnets && var.create_elasticache_subnet_group ? 1 : 0
+ region = var.region
+
name = coalesce(var.elasticache_subnet_group_name, var.name)
description = "ElastiCache subnet group for ${var.name}"
subnet_ids = aws_subnet.elasticache[*].id
@@ -747,6 +829,8 @@ resource "aws_elasticache_subnet_group" "elasticache" {
resource "aws_route_table" "elasticache" {
count = local.create_elasticache_route_table ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -759,6 +843,8 @@ resource "aws_route_table" "elasticache" {
resource "aws_route_table_association" "elasticache" {
count = local.create_elasticache_subnets ? local.len_elasticache_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.elasticache[*].id, count.index)
route_table_id = element(
coalescelist(
@@ -780,6 +866,8 @@ locals {
resource "aws_network_acl" "elasticache" {
count = local.create_elasticache_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.elasticache[*].id
@@ -793,6 +881,8 @@ resource "aws_network_acl" "elasticache" {
resource "aws_network_acl_rule" "elasticache_inbound" {
count = local.create_elasticache_network_acl ? length(var.elasticache_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.elasticache[0].id
egress = false
@@ -810,6 +900,8 @@ resource "aws_network_acl_rule" "elasticache_inbound" {
resource "aws_network_acl_rule" "elasticache_outbound" {
count = local.create_elasticache_network_acl ? length(var.elasticache_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.elasticache[0].id
egress = true
@@ -835,6 +927,8 @@ locals {
resource "aws_subnet" "intra" {
count = local.create_intra_subnets ? local.len_intra_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.intra_subnet_ipv6_native ? true : var.intra_subnet_assign_ipv6_address_on_creation
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
@@ -866,6 +960,8 @@ locals {
resource "aws_route_table" "intra" {
count = local.create_intra_subnets ? local.num_intra_route_tables : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -883,6 +979,8 @@ resource "aws_route_table" "intra" {
resource "aws_route_table_association" "intra" {
count = local.create_intra_subnets ? local.len_intra_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.intra[*].id, count.index)
route_table_id = element(aws_route_table.intra[*].id, var.create_multiple_intra_route_tables ? count.index : 0)
}
@@ -898,6 +996,8 @@ locals {
resource "aws_network_acl" "intra" {
count = local.create_intra_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.intra[*].id
@@ -911,6 +1011,8 @@ resource "aws_network_acl" "intra" {
resource "aws_network_acl_rule" "intra_inbound" {
count = local.create_intra_network_acl ? length(var.intra_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.intra[0].id
egress = false
@@ -928,6 +1030,8 @@ resource "aws_network_acl_rule" "intra_inbound" {
resource "aws_network_acl_rule" "intra_outbound" {
count = local.create_intra_network_acl ? length(var.intra_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.intra[0].id
egress = true
@@ -953,6 +1057,8 @@ locals {
resource "aws_subnet" "outpost" {
count = local.create_outpost_subnets ? local.len_outpost_subnets : 0
+ region = var.region
+
assign_ipv6_address_on_creation = var.enable_ipv6 && var.outpost_subnet_ipv6_native ? true : var.outpost_subnet_assign_ipv6_address_on_creation
availability_zone = var.outpost_az
cidr_block = var.outpost_subnet_ipv6_native ? null : element(concat(var.outpost_subnets, [""]), count.index)
@@ -982,6 +1088,8 @@ resource "aws_subnet" "outpost" {
resource "aws_route_table_association" "outpost" {
count = local.create_outpost_subnets ? local.len_outpost_subnets : 0
+ region = var.region
+
subnet_id = element(aws_subnet.outpost[*].id, count.index)
route_table_id = element(
aws_route_table.private[*].id,
@@ -1000,6 +1108,8 @@ locals {
resource "aws_network_acl" "outpost" {
count = local.create_outpost_network_acl ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
subnet_ids = aws_subnet.outpost[*].id
@@ -1013,6 +1123,8 @@ resource "aws_network_acl" "outpost" {
resource "aws_network_acl_rule" "outpost_inbound" {
count = local.create_outpost_network_acl ? length(var.outpost_inbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.outpost[0].id
egress = false
@@ -1030,6 +1142,8 @@ resource "aws_network_acl_rule" "outpost_inbound" {
resource "aws_network_acl_rule" "outpost_outbound" {
count = local.create_outpost_network_acl ? length(var.outpost_outbound_acl_rules) : 0
+ region = var.region
+
network_acl_id = aws_network_acl.outpost[0].id
egress = true
@@ -1051,6 +1165,8 @@ resource "aws_network_acl_rule" "outpost_outbound" {
resource "aws_internet_gateway" "this" {
count = local.create_public_subnets && var.create_igw ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -1063,6 +1179,8 @@ resource "aws_internet_gateway" "this" {
resource "aws_egress_only_internet_gateway" "this" {
count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.max_subnet_length > 0 ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
tags = merge(
@@ -1075,6 +1193,8 @@ resource "aws_egress_only_internet_gateway" "this" {
resource "aws_route" "private_ipv6_egress" {
count = local.create_vpc && var.create_egress_only_igw && var.enable_ipv6 && local.len_private_subnets > 0 ? local.nat_gateway_count : 0
+ region = var.region
+
route_table_id = element(aws_route_table.private[*].id, count.index)
destination_ipv6_cidr_block = "::/0"
egress_only_gateway_id = element(aws_egress_only_internet_gateway.this[*].id, 0)
@@ -1092,6 +1212,8 @@ locals {
resource "aws_eip" "nat" {
count = local.create_vpc && var.enable_nat_gateway && !var.reuse_nat_ips ? local.nat_gateway_count : 0
+ region = var.region
+
domain = "vpc"
tags = merge(
@@ -1111,6 +1233,8 @@ resource "aws_eip" "nat" {
resource "aws_nat_gateway" "this" {
count = local.create_vpc && var.enable_nat_gateway ? local.nat_gateway_count : 0
+ region = var.region
+
allocation_id = element(
local.nat_gateway_ips,
var.single_nat_gateway ? 0 : count.index,
@@ -1137,6 +1261,8 @@ resource "aws_nat_gateway" "this" {
resource "aws_route" "private_nat_gateway" {
count = local.create_vpc && var.enable_nat_gateway && var.create_private_nat_gateway_route ? local.nat_gateway_count : 0
+ region = var.region
+
route_table_id = element(aws_route_table.private[*].id, count.index)
destination_cidr_block = var.nat_gateway_destination_cidr_block
nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
@@ -1149,6 +1275,8 @@ resource "aws_route" "private_nat_gateway" {
resource "aws_route" "private_dns64_nat_gateway" {
count = local.create_vpc && var.enable_nat_gateway && var.enable_ipv6 && var.private_subnet_enable_dns64 ? local.nat_gateway_count : 0
+ region = var.region
+
route_table_id = element(aws_route_table.private[*].id, count.index)
destination_ipv6_cidr_block = "64:ff9b::/96"
nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index)
@@ -1165,6 +1293,8 @@ resource "aws_route" "private_dns64_nat_gateway" {
resource "aws_customer_gateway" "this" {
for_each = var.customer_gateways
+ region = var.region
+
bgp_asn = each.value["bgp_asn"]
ip_address = each.value["ip_address"]
device_name = lookup(each.value, "device_name", null)
@@ -1188,6 +1318,8 @@ resource "aws_customer_gateway" "this" {
resource "aws_vpn_gateway" "this" {
count = local.create_vpc && var.enable_vpn_gateway ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
amazon_side_asn = var.amazon_side_asn
availability_zone = var.vpn_gateway_az
@@ -1202,6 +1334,8 @@ resource "aws_vpn_gateway" "this" {
resource "aws_vpn_gateway_attachment" "this" {
count = var.vpn_gateway_id != "" ? 1 : 0
+ region = var.region
+
vpc_id = local.vpc_id
vpn_gateway_id = var.vpn_gateway_id
}
@@ -1209,6 +1343,8 @@ resource "aws_vpn_gateway_attachment" "this" {
resource "aws_vpn_gateway_route_propagation" "public" {
count = local.create_vpc && var.propagate_public_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0
+ region = var.region
+
route_table_id = element(aws_route_table.public[*].id, count.index)
vpn_gateway_id = element(
concat(
@@ -1222,6 +1358,8 @@ resource "aws_vpn_gateway_route_propagation" "public" {
resource "aws_vpn_gateway_route_propagation" "private" {
count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_private_subnets : 0
+ region = var.region
+
route_table_id = element(aws_route_table.private[*].id, count.index)
vpn_gateway_id = element(
concat(
@@ -1235,6 +1373,8 @@ resource "aws_vpn_gateway_route_propagation" "private" {
resource "aws_vpn_gateway_route_propagation" "intra" {
count = local.create_vpc && var.propagate_intra_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.len_intra_subnets : 0
+ region = var.region
+
route_table_id = element(aws_route_table.intra[*].id, count.index)
vpn_gateway_id = element(
concat(
@@ -1252,6 +1392,8 @@ resource "aws_vpn_gateway_route_propagation" "intra" {
resource "aws_default_vpc" "this" {
count = var.manage_default_vpc ? 1 : 0
+ region = var.region
+
enable_dns_support = var.default_vpc_enable_dns_support
enable_dns_hostnames = var.default_vpc_enable_dns_hostnames
@@ -1265,6 +1407,8 @@ resource "aws_default_vpc" "this" {
resource "aws_default_security_group" "this" {
count = local.create_vpc && var.manage_default_security_group ? 1 : 0
+ region = var.region
+
vpc_id = aws_vpc.this[0].id
dynamic "ingress" {
@@ -1311,6 +1455,8 @@ resource "aws_default_security_group" "this" {
resource "aws_default_network_acl" "this" {
count = local.create_vpc && var.manage_default_network_acl ? 1 : 0
+ region = var.region
+
default_network_acl_id = aws_vpc.this[0].default_network_acl_id
# subnet_ids is using lifecycle ignore_changes, so it is not necessary to list
@@ -1364,6 +1510,8 @@ resource "aws_default_network_acl" "this" {
resource "aws_default_route_table" "default" {
count = local.create_vpc && var.manage_default_route_table ? 1 : 0
+ region = var.region
+
default_route_table_id = aws_vpc.this[0].default_route_table_id
propagating_vgws = var.default_route_table_propagating_vgws
diff --git a/modules/vpc-endpoints/README.md b/modules/vpc-endpoints/README.md
index 5b734876..6e4f8894 100644
--- a/modules/vpc-endpoints/README.md
+++ b/modules/vpc-endpoints/README.md
@@ -94,7 +94,9 @@ No modules.
|------|-------------|------|---------|:--------:|
| [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no |
| [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `false` | no |
+| [enable\_service\_endpoint\_lookup](#input\_enable\_service\_endpoint\_lookup) | Determines whether to look up the service endpoint in the AWS API. If set to false, the `service_endpoint` attribute (usually in the form of `com.amazonaws..`) must be provided in the `endpoints` map | `bool` | `true` | no |
| [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no |
+| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
| [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no |
| [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
| [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created. Conflicts with `security_group_name_prefix` | `string` | `null` | no |
diff --git a/modules/vpc-endpoints/main.tf b/modules/vpc-endpoints/main.tf
index 5e2d105b..dd3c645d 100644
--- a/modules/vpc-endpoints/main.tf
+++ b/modules/vpc-endpoints/main.tf
@@ -9,7 +9,7 @@ locals {
}
data "aws_vpc_endpoint_service" "this" {
- for_each = local.endpoints
+ for_each = { for k, v in local.endpoints : k => v if var.enable_service_endpoint_lookup }
service = try(each.value.service, null)
service_name = try(each.value.service_name, null)
@@ -24,8 +24,10 @@ data "aws_vpc_endpoint_service" "this" {
resource "aws_vpc_endpoint" "this" {
for_each = local.endpoints
+ region = var.region
+
vpc_id = var.vpc_id
- service_name = try(each.value.service_endpoint, data.aws_vpc_endpoint_service.this[each.key].service_name)
+ service_name = try(data.aws_vpc_endpoint_service.this[each.key].service_name, each.value.service_endpoint)
service_region = try(each.value.service_region, null)
vpc_endpoint_type = try(each.value.service_type, "Interface")
auto_accept = try(each.value.auto_accept, null)
@@ -76,6 +78,8 @@ resource "aws_vpc_endpoint" "this" {
resource "aws_security_group" "this" {
count = var.create && var.create_security_group ? 1 : 0
+ region = var.region
+
name = var.security_group_name
name_prefix = var.security_group_name_prefix
description = var.security_group_description
@@ -95,6 +99,8 @@ resource "aws_security_group" "this" {
resource "aws_security_group_rule" "this" {
for_each = { for k, v in var.security_group_rules : k => v if var.create && var.create_security_group }
+ region = var.region
+
# Required
security_group_id = aws_security_group.this[0].id
protocol = try(each.value.protocol, "tcp")
diff --git a/modules/vpc-endpoints/variables.tf b/modules/vpc-endpoints/variables.tf
index 30a747ab..2e1668d5 100644
--- a/modules/vpc-endpoints/variables.tf
+++ b/modules/vpc-endpoints/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
default = true
}
+variable "region" {
+ description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+ type = string
+ default = null
+}
+
variable "vpc_id" {
description = "The ID of the VPC in which the endpoint will be used"
type = string
@@ -16,6 +22,12 @@ variable "endpoints" {
default = {}
}
+variable "enable_service_endpoint_lookup" {
+ description = "Determines whether to look up the service endpoint in the AWS API. If set to false, the `service_endpoint` attribute (usually in the form of `com.amazonaws..`) must be provided in the `endpoints` map"
+ type = bool
+ default = true
+}
+
variable "security_group_ids" {
description = "Default security group IDs to associate with the VPC endpoints"
type = list(string)
diff --git a/variables.tf b/variables.tf
index d8338267..4451d150 100644
--- a/variables.tf
+++ b/variables.tf
@@ -8,6 +8,12 @@ variable "create_vpc" {
default = true
}
+variable "region" {
+ description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+ type = string
+ default = null
+}
+
variable "name" {
description = "Name to be used on all the resources as identifier"
type = string
diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index fc7ba90b..35529164 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -1,6 +1,8 @@
data "aws_region" "current" {
# Call this API only if create_vpc and enable_flow_log are true
count = var.create_vpc && var.enable_flow_log ? 1 : 0
+
+ region = var.region
}
data "aws_caller_identity" "current" {
@@ -36,6 +38,8 @@ locals {
resource "aws_flow_log" "this" {
count = local.enable_flow_log ? 1 : 0
+ region = var.region
+
log_destination_type = var.flow_log_destination_type
log_destination = local.flow_log_destination_arn
log_format = var.flow_log_log_format
@@ -65,6 +69,8 @@ resource "aws_flow_log" "this" {
resource "aws_cloudwatch_log_group" "flow_log" {
count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
+ region = var.region
+
name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}"
retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id