terraform-ibm-modules
diff --git a/‎.secrets.baseline‎
Lines changed: 1 addition & 1 deletion b/‎.secrets.baseline‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 5 additions & 4 deletions b/‎README.md‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎common-dev-assets‎ b/‎common-dev-assets‎
diff --git a/‎examples/default/README.md‎
Lines changed: 11 additions & 0 deletions b/‎examples/default/README.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎examples/default/main.tf‎
Lines changed: 41 additions & 18 deletions b/‎examples/default/main.tf‎
Lines changed: 41 additions & 18 deletions
diff --git a/‎examples/default/variables.tf‎
Lines changed: 4 additions & 10 deletions b/‎examples/default/variables.tf‎
Lines changed: 4 additions & 10 deletions
diff --git a/‎examples/security-group/main.tf‎
Lines changed: 0 additions & 67 deletions b/‎examples/security-group/main.tf‎
Lines changed: 0 additions & 67 deletions
diff --git a/‎examples/security-group/outputs.tf‎
Lines changed: 0 additions & 3 deletions b/‎examples/security-group/outputs.tf‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎examples/security-group/provider.tf‎
Lines changed: 0 additions & 4 deletions b/‎examples/security-group/provider.tf‎
Lines changed: 0 additions & 4 deletions
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-04-05T23:33:26Z",
+  "generated_at": "2023-04-11T16:23:03Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
 
@@ -1,15 +1,16 @@
 # IBM Virtual Private Endpoints module
 
-[![Incubating (Not yet consumable)](https://img.shields.io/badge/status-Incubating%20(Not%20yet%20consumable)-red)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
+[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
 [![Build status](https://github.com/terraform-ibm-modules/terraform-ibm-vpe-module/actions/workflows/ci.yml/badge.svg)](https://github.com/terraform-ibm-modules/terraform-ibm-vpe-module/actions/workflows/ci.yml)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 [![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-vpe-module?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-vpe-module/releases/latest)
 
-You can use this module to create and configure virtual private endpoint gateways (https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway) for an IBM Cloud service.
+This module creates and configures virtual private endpoint gateways (https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway) for an IBM Cloud service.
 
 The module supports the following actions:
-- Create reserved IP addresses and endpoint gateways
+- Create virtual private endpoint gateways
+- Create reserved IP addresses
 - Attach endpoint gateways to reserved IP addresses
 
 ## Usage
@@ -68,7 +69,7 @@ You need the following permissions to run this module.
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
-- [Examples](examples)
+- [ End-to-end example](examples/default)
 <!-- END EXAMPLES HOOK -->
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
@@ -0,0 +1,11 @@
+# End-to-end example
+
+This example creates the following infrastructure:
+- A resource group, if one is not passed in.
+- A VPC, if one is not passed in.
+    - The VPC is created with three subnets across the three availability zones of the region that is passed as input.
+- A security group in the VPC.
+    - The security group is created with a single inbound rule that allows traffic from resources that are attached to the default VPC security group. This rule is added as an example.
+- Two virtual private endpoint (VPE) gateways. By default, one VPE to COS and another VPE to Key Protect are created. You can change the defaults by using the `service_endpoints` input.
+    - Each of the two virtual private endpoint gateways are attached to the three VPC subnets.
+    - The new security group is attached to the two VPE gateways.
@@ -9,28 +9,51 @@ module "resource_group" {
 }
 
 ##############################################################################
-
-##############################################################################
-# Locals
+# Create a VPC for this example using defaults from terraform-ibm-landing-zone-vpc
+# ( 3 subnets across the 3 AZs in the region )
 ##############################################################################
 
-locals {
-  # input variable validation
-  # tflint-ignore: terraform_unused_declarations
-  validate_vpc_inputs = var.vpc_id == null && !var.create_vpc ? tobool("var.create_vpc should be set to true if var.vpc_id is set to null") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_vpc_id_and_create_vpc_both_not_set_inputs = var.vpc_id != null && var.create_vpc ? tobool("var.vpc_id cannot be set whilst var.create_vpc is set to true") : true
-  vpc_instance_id                                    = var.vpc_id == null ? tolist(ibm_is_vpc.vpc[*].id)[0] : var.vpc_id
+module "vpc" {
+  count             = var.vpc_id != null ? 0 : 1
+  source            = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc.git?ref=v5.0.1"
+  resource_group_id = module.resource_group.resource_group_id
+  region            = var.region
+  prefix            = var.prefix
+  name              = var.vpc_name
+  tags              = var.resource_tags
 }
 
 ##############################################################################
-# Create a VPC for this example
+# Demonstrate how to create a custom security group that is applied to the VPEs
+# This examples allow all workload associated with the default VPC security group
+# to interact with the VPEs
 ##############################################################################
-resource "ibm_is_vpc" "vpc" {
-  count          = var.create_vpc ? 1 : 0
-  name           = "${var.prefix}-${var.vpc_name}"
+
+data "ibm_is_vpc" "vpc" {
+  # Explicit depends as the vpc_name is known prior to VPC creation
+  depends_on = [
+    module.vpc
+  ]
+  name = var.vpc_id != null ? var.vpc_id : module.vpc[0].vpc_name
+}
+
+data "ibm_is_security_group" "default_sg" {
+  name = data.ibm_is_vpc.vpc.default_security_group_name
+}
+
+module "vpe_security_group" {
+  source                       = "git::https://github.com/terraform-ibm-modules/terraform-ibm-security-group.git?ref=v1.0.0"
+  security_group_name          = "${var.prefix}-vpe-sg"
+  add_ibm_cloud_internal_rules = false # No need for the internal ibm cloud rules for SG associated with VPEs
+
+  security_group_rules = [{
+    name      = "allow-all-default-sg-inbound"
+    direction = "inbound"
+    remote    = data.ibm_is_security_group.default_sg.id
+  }]
+
   resource_group = module.resource_group.resource_group_id
-  tags           = var.resource_tags
+  vpc_id         = var.vpc_id != null ? var.vpc_id : module.vpc[0].vpc_id
 }
 
 ##############################################################################
@@ -41,10 +64,10 @@ module "vpes" {
   region               = var.region
   prefix               = var.prefix
   vpc_name             = var.vpc_name
-  vpc_id               = local.vpc_instance_id
-  subnet_zone_list     = var.subnet_zone_list
+  vpc_id               = var.vpc_id != null ? var.vpc_id : module.vpc[0].vpc_id
+  subnet_zone_list     = var.vpc_id != null ? var.subnet_zone_list : module.vpc[0].subnet_zone_list
   resource_group_id    = module.resource_group.resource_group_id
-  security_group_ids   = var.security_group_ids
+  security_group_ids   = var.security_group_ids != null ? var.security_group_ids : [module.vpe_security_group.security_group_id]
   cloud_services       = var.cloud_services
   cloud_service_by_crn = var.cloud_service_by_crn
   service_endpoints    = var.service_endpoints
 
@@ -19,31 +19,25 @@ variable "prefix" {
 variable "resource_group" {
   type        = string
   description = "An existing resource group name to use for this example, if unset a new resource group will be created"
-  default     = "geretain-test-resources"
+  default     = null
 }
 
 ##############################################################################
 # VPC Variables
 ##############################################################################
 
 variable "vpc_name" {
-  description = "Name of the VPC where the Endpoint Gateways will be created. This value is used to dynamically generate VPE names."
+  description = "Name of the VPC where the Endpoint Gateways will be created. This value is used to dynamically generate VPE names. It is also used to create a VPC when the vpc_id input is set to null."
   type        = string
-  default     = "my-vpc-instance"
+  default     = "vpc-instance"
 }
 
 variable "vpc_id" {
-  description = "ID of the VPC where the Endpoint Gateways will be created"
+  description = "ID of the VPC where the Endpoint Gateways will be created. Creates a VPC if set to null."
   type        = string
   default     = null
 }
 
-variable "create_vpc" {
-  description = "Create a VPC instance."
-  type        = bool
-  default     = true
-}
-
 ##############################################################################
 
 ##############################################################################
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`"files": "go.sum\|^.secrets.baseline$",`
`4`	`4`	`"lines": null`
`5`	`5`	`},`
`6`		`- "generated_at": "2023-04-05T23:33:26Z",`
	`6`	`+ "generated_at": "2023-04-11T16:23:03Z",`
`7`	`7`	`"plugins_used": [`
`8`	`8`	`{`
`9`	`9`	`"name": "AWSKeyDetector"`