From d0d5ae282301787d9e758555931d41ed7c09e56c Mon Sep 17 00:00:00 2001 From: Felipe Carvalho Cruxen Date: Mon, 30 Sep 2024 15:47:24 -0300 Subject: [PATCH 1/4] added custom destination for nat --- main.tf | 8 ++++---- variables.tf | 11 ++++++++++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 50628fb..d6efa83 100644 --- a/main.tf +++ b/main.tf @@ -62,10 +62,10 @@ resource "aws_network_interface" "main" { } resource "aws_route" "main" { - for_each = var.update_route_tables || var.update_route_table ? merge(var.route_tables_ids, var.route_table_id != null ? { RESERVED_FKC_NAT = var.route_table_id } : {}) : {} - + depends_on = [] + for_each = var.update_route_table ? var.route_tables_ids : {} route_table_id = each.value - destination_cidr_block = "0.0.0.0/0" + destination_cidr_block = var.destination_cidr_block network_interface_id = aws_network_interface.main.id } @@ -80,4 +80,4 @@ resource "aws_ssm_parameter" "cloudwatch_agent_config" { METRICS_NAMESPACE = var.cloudwatch_agent_configuration.namespace METRICS_ENDPOINT_OVERRIDE = var.cloudwatch_agent_configuration.endpoint_override }) -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index ccb61ca..f9f42f3 100644 --- a/variables.tf +++ b/variables.tf @@ -153,8 +153,17 @@ variable "ssh_cidr_blocks" { } } +variable "destination_cidr_block" { + type = string + default = "0.0.0.0/0" + validation { + condition = can(cidrsubnet(var.destination_cidr_block, 0, 0)) + error_message = "The value must be a valid CIDR block in CIDR notation (e.g., '192.168.0.0/16')." + } +} + variable "tags" { description = "Tags to apply to resources created within the module" type = map(string) default = {} -} \ No newline at end of file +} From 2110a740d5cc75ddc0c632d30edfd2a2372aab56 Mon Sep 17 00:00:00 2001 From: Felipe Carvalho Cruxen Date: Wed, 20 Nov 2024 19:34:48 -0300 Subject: [PATCH 2/4] multiple dst nat routes --- main.tf | 20 ++++++++++++++++---- variables.tf | 10 +++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/main.tf b/main.tf index d6efa83..838f2d2 100644 --- a/main.tf +++ b/main.tf @@ -4,6 +4,16 @@ locals { cwagent_param_arn = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? var.cloudwatch_agent_configuration_param_arn : aws_ssm_parameter.cloudwatch_agent_config[0].arn : null cwagent_param_name = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? split("/", data.aws_arn.ssm_param[0].resource)[1] : aws_ssm_parameter.cloudwatch_agent_config[0].name : null security_groups = concat(var.use_default_security_group ? [aws_security_group.main.id] : [], var.additional_security_group_ids) + route_table_ids = var.update_route_table ? var.route_tables_ids : [] + + route_entries = [ + for rt_id in local.route_table_ids : [ + for cidr in var.destination_cidr_blocks : { + route_table_id = rt_id + destination_cidr_block = cidr + } + ] + ] } data "aws_region" "current" {} @@ -62,10 +72,12 @@ resource "aws_network_interface" "main" { } resource "aws_route" "main" { - depends_on = [] - for_each = var.update_route_table ? var.route_tables_ids : {} - route_table_id = each.value - destination_cidr_block = var.destination_cidr_block + for_each = { + for idx, route in local.route_entries : + "${route.route_table_id}_${replace(route.destination_cidr_block, "/", "-")}" => route + } + route_table_id = each.value.route_table_id + destination_cidr_block = each.value.destination_cidr_block network_interface_id = aws_network_interface.main.id } diff --git a/variables.tf b/variables.tf index f9f42f3..b451ef1 100644 --- a/variables.tf +++ b/variables.tf @@ -153,12 +153,12 @@ variable "ssh_cidr_blocks" { } } -variable "destination_cidr_block" { - type = string - default = "0.0.0.0/0" +variable "destination_cidr_blocks" { + type = list(string) + default = ["0.0.0.0/0"] validation { - condition = can(cidrsubnet(var.destination_cidr_block, 0, 0)) - error_message = "The value must be a valid CIDR block in CIDR notation (e.g., '192.168.0.0/16')." + condition = all([for cidr in var.destination_cidr_blocks : can(cidrsubnet(cidr, 0, 0))]) + error_message = "Each item must be a valid CIDR block in CIDR notation (e.g., '192.168.0.0/16')." } } From 9b2e703e77cdd3ad7a48b0dc1adf003d528aa54d Mon Sep 17 00:00:00 2001 From: fcruxen Date: Wed, 20 Nov 2024 21:20:06 -0300 Subject: [PATCH 3/4] Update main.tf --- main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 838f2d2..46a080a 100644 --- a/main.tf +++ b/main.tf @@ -4,16 +4,17 @@ locals { cwagent_param_arn = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? var.cloudwatch_agent_configuration_param_arn : aws_ssm_parameter.cloudwatch_agent_config[0].arn : null cwagent_param_name = var.use_cloudwatch_agent ? var.cloudwatch_agent_configuration_param_arn != null ? split("/", data.aws_arn.ssm_param[0].resource)[1] : aws_ssm_parameter.cloudwatch_agent_config[0].name : null security_groups = concat(var.use_default_security_group ? [aws_security_group.main.id] : [], var.additional_security_group_ids) - route_table_ids = var.update_route_table ? var.route_tables_ids : [] + route_table_ids = var.update_route_table ? var.route_tables_ids : {} - route_entries = [ + route_entries = flatten([ for rt_id in local.route_table_ids : [ for cidr in var.destination_cidr_blocks : { route_table_id = rt_id destination_cidr_block = cidr } ] - ] + ]) + } data "aws_region" "current" {} From bf44e2e5c493b94a0afada2112beee36b75e6442 Mon Sep 17 00:00:00 2001 From: fcruxen Date: Wed, 20 Nov 2024 21:20:36 -0300 Subject: [PATCH 4/4] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index b451ef1..933b931 100644 --- a/variables.tf +++ b/variables.tf @@ -157,7 +157,7 @@ variable "destination_cidr_blocks" { type = list(string) default = ["0.0.0.0/0"] validation { - condition = all([for cidr in var.destination_cidr_blocks : can(cidrsubnet(cidr, 0, 0))]) + condition = length([for cidr in var.destination_cidr_blocks : cidr if can(cidrsubnet(cidr, 0, 0))]) == length(var.destination_cidr_blocks) error_message = "Each item must be a valid CIDR block in CIDR notation (e.g., '192.168.0.0/16')." } }