Merge pull request #139 from drewmullen/fix-tgwattachment-tags

Catch and rescue tag merge when no tags set for TGW

.pre-commit-config.yaml

@@ -7,6 +7,6 @@ repos:
   - repo: https://github.com/aws-ia/pre-commit-configs
     # To update run:
     # pre-commit autoupdate --freeze
-    rev: 0733cc52fa0fc8809c727fee4fccb324ceb994d0  # frozen: v1.6.0
+    rev: b3e647e360f04623c6c582c12245fc92e20cc2e8  # frozen: v1.6.3
     hooks:
       - id: aws-ia-meta-hook

examples/public_private_flow_logs/README.md

@@ -23,6 +23,7 @@ At this point, only cloud-watch logs are support, pending: https://github.com/aw
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | ../.. | n/a |
+| <a name="module_vpc2"></a> [vpc2](#module\_vpc2) | ../.. | n/a |
 
 ## Resources
 
@@ -34,8 +35,7 @@ At this point, only cloud-watch logs are support, pending: https://github.com/aw
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | KMS Key ID | `string` | `null` | no |
-| <a name="input_vpc_flow_logs"></a> [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". | <pre>object({<br>    log_destination = optional(string)<br>    iam_role_arn    = optional(string)<br>    kms_key_id      = optional(string)<br><br>    log_destination_type = string<br>    retention_in_days    = optional(number)<br>    tags                 = optional(map(string))<br>    traffic_type         = optional(string)<br>    destination_options = optional(object({<br>      file_format                = optional(string)<br>      hive_compatible_partitions = optional(bool)<br>      per_hour_partition         = optional(bool)<br>    }))<br>  })</pre> | <pre>{<br>  "kms_key_id": null,<br>  "log_destination_type": "cloud-watch-logs",<br>  "retention_in_days": 180<br>}</pre> | no |
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region. | `string` | `"eu-west-1"` | no |
 
 ## Outputs
 

examples/public_private_flow_logs/outputs.tf

@@ -1,24 +1,24 @@
 
 output "private_subnets" {
   description = "Map of private subnet attributes grouped by az."
-  value       = module.vpc1.private_subnet_attributes_by_az
+  value       = module.vpc.private_subnet_attributes_by_az
 }
 
 ## Used for Testing, do not delete
 
 output "public_subnets_tags_length" {
   description = "Count of public subnet tags for a single az."
-  value       = length(module.vpc1.public_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags)
+  value       = length(module.vpc.public_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags)
 }
 
 output "private_subnets_tags_length" {
   description = "Count of private subnet tags for a single az."
-  value       = length(module.vpc1.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags)
+  value       = length(module.vpc.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags)
 }
 
 output "log_name" {
   description = "Name of the flow log."
-  value       = module.vpc1.flow_log_attributes.tags["Name"]
+  value       = module.vpc.flow_log_attributes.tags["Name"]
 }
 
 output "vpc_attributes" {

main.tf

@@ -423,7 +423,7 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "tgw" {
   tags = merge(
     { Name = "${var.name}-vpc_attachment" },
     module.tags.tags_aws,
-    module.subnet_tags["transit_gateway"].tags_aws
+    try(module.subnet_tags["transit_gateway"].tags_aws, {})
   )
 }
 
@@ -490,7 +490,7 @@ resource "aws_networkmanager_vpc_attachment" "cwan" {
   tags = merge(
     { Name = "${var.name}-vpc_attachment" },
     module.tags.tags_aws,
-    module.subnet_tags["core_network"].tags_aws
+    try(module.subnet_tags["core_network"].tags_aws, {})
   )
 }
 

tests/examples_cloud_wan.tftest.hcl

@@ -1,6 +1,6 @@
 run "validate" {
-    command = apply
-    module {
-        source = "./examples/cloud_wan"
-    }
+  command = apply
+  module {
+    source = "./examples/cloud_wan"
+  }
 }

tests/examples_ipam.tftest.hcl

@@ -1,13 +1,13 @@
 run "ipam_setup" {
-    command = apply
-    module {
-        source = "./tests/hcl_fixtures/ipam_base"
-    }
+  command = apply
+  module {
+    source = "./tests/hcl_fixtures/ipam_base"
+  }
 }
 
 run "validate_ipam_vpc" {
-    command = apply
-    module {
-        source = "./examples/ipam"
-    }
+  command = apply
+  module {
+    source = "./examples/ipam"
+  }
 }

tests/examples_ipv6.tftest.hcl

@@ -1,6 +1,6 @@
 run "validate" {
-    command = apply
-    module {
-        source = "./examples/ipv6"
-    }
+  command = apply
+  module {
+    source = "./examples/ipv6"
+  }
 }

tests/examples_public_private.tftest.hcl

@@ -6,11 +6,11 @@ run "plan_validate_public_private_example_root" {
   }
 
   assert {
-    condition = length(module.vpc.public_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags) == 2
+    condition     = length(module.vpc.public_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags) == 2
     error_message = "Public subnet should have 2 tags total."
   }
   assert {
-    condition = length(module.vpc.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags) == 1
+    condition     = length(module.vpc.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags) == 1
     error_message = "Private subnets should have 1 tags total."
   }
 }
@@ -26,8 +26,8 @@ run "apply_validate_s3_flow_logs" {
       log_destination_type = "s3"
       kms_key_id           = null
       destination_options = {
-        file_format = "parquet"
-        per_hour_partition = false
+        file_format                = "parquet"
+        per_hour_partition         = false
         hive_compatible_partitions = false
       }
     }

tests/examples_secondary_cidr.tftest.hcl

@@ -1,19 +1,19 @@
 run "setup" {
-    command = apply
-    variables {
-        az_count = 1
-    }
-    module {
-        source = "./tests/hcl_fixtures/secondary_cidr_base"
-    }
+  command = apply
+  variables {
+    az_count = 1
+  }
+  module {
+    source = "./tests/hcl_fixtures/secondary_cidr_base"
+  }
 }
 
 run "validate" {
-    command = apply
-    variables {
-        az_count = 1
-    }
-    module {
-        source = "./examples/secondary_cidr"
-    }
+  command = apply
+  variables {
+    az_count = 1
+  }
+  module {
+    source = "./examples/secondary_cidr"
+  }
 }

tests/examples_transit_gateway.tftest.hcl

@@ -6,11 +6,11 @@ run "validate" {
   }
 
   assert {
-    condition = length(module.vpc.tgw_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags) == 2
+    condition     = length(module.vpc.tgw_subnet_attributes_by_az[data.aws_availability_zones.current.names[0]].tags) == 2
     error_message = "tgw subnet should have 2 tags total."
   }
   assert {
-    condition = length(module.vpc.private_subnet_attributes_by_az["private_dualstack/${data.aws_availability_zones.current.names[0]}"].tags) == 1
+    condition     = length(module.vpc.private_subnet_attributes_by_az["private_dualstack/${data.aws_availability_zones.current.names[0]}"].tags) == 1
     error_message = "tgw subnets should have 1 tags total."
   }
 }

tests/examples_vpc_lattice.tftest.hcl

@@ -1,6 +1,6 @@
 run "validate" {
-    command = apply
-    module {
-        source = "./examples/vpc_lattice"
-    }
+  command = apply
+  module {
+    source = "./examples/vpc_lattice"
+  }
 }

tests/nat_gw_routes.tftest.hcl

@@ -1,33 +1,33 @@
 run "validate_no_routes" {
-    command = apply
-    module {
-        source = "./tests/hcl_fixtures/nat_gw_routes"
-    }
-    variables {
-      nat_gateway_configuration = "none"
-      route_to_nw = false
-    }
+  command = apply
+  module {
+    source = "./tests/hcl_fixtures/nat_gw_routes"
+  }
+  variables {
+    nat_gateway_configuration = "none"
+    route_to_nw               = false
+  }
 
 }
 
 run "validate_single_nat_gw" {
-    command = apply
-    module {
-        source = "./tests/hcl_fixtures/nat_gw_routes"
-    }
-    variables {
-      nat_gateway_configuration = "single_az"
-      route_to_nw = true
-    }
+  command = apply
+  module {
+    source = "./tests/hcl_fixtures/nat_gw_routes"
+  }
+  variables {
+    nat_gateway_configuration = "single_az"
+    route_to_nw               = true
+  }
 }
 
 run "validate_many_nat_gw" {
-    command = apply
-    module {
-        source = "./tests/hcl_fixtures/nat_gw_routes"
-    }
-    variables {
-      nat_gateway_configuration = "all_azs"
-      route_to_nw = true
-    }
+  command = apply
+  module {
+    source = "./tests/hcl_fixtures/nat_gw_routes"
+  }
+  variables {
+    nat_gateway_configuration = "all_azs"
+    route_to_nw               = true
+  }
 }

variables.tf

@@ -48,16 +48,6 @@ variable "vpc_instance_tenancy" {
   type        = string
   description = "The allowed tenancy of instances launched into the VPC."
   default     = "default"
-
-  /*
-  Note:
-  Updating InstanceTenancy requires no replacement only if you are updating its value from "dedicated" to "default". Updating InstanceTenancy from "default" to "dedicated" requires replacement.
-  */
-
-  validation {
-    condition     = var.vpc_instance_tenancy == "default" || var.vpc_instance_tenancy == "dedicated"
-    error_message = "Invalid input, options: \"default\", or \"dedicated\"."
-  }
 }
 
 variable "vpc_ipv4_ipam_pool_id" {