Add optional var for VPC ARN

README.md

@@ -391,6 +391,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 | <a name="input_vpc_enable_dns_support"></a> [vpc\_enable\_dns\_support](#input\_vpc\_enable\_dns\_support) | Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. | `bool` | `true` | no |
 | <a name="input_vpc_flow_logs"></a> [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". By default creates flow logs to `cloudwatch`. Variable overrides null value types for some keys, defined in defaults.tf. | <pre>object({<br>    name_override   = optional(string, "")<br>    log_destination = optional(string)<br>    iam_role_arn    = optional(string)<br>    kms_key_id      = optional(string)<br><br>    log_destination_type = string<br>    retention_in_days    = optional(number)<br>    tags                 = optional(map(string))<br>    traffic_type         = optional(string, "ALL")<br>    destination_options = optional(object({<br>      file_format                = optional(string, "plain-text")<br>      hive_compatible_partitions = optional(bool, false)<br>      per_hour_partition         = optional(bool, false)<br>    }))<br>  })</pre> | <pre>{<br>  "log_destination_type": "none"<br>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to use if not creating VPC. | `string` | `null` | no |
+| <a name="input_vpc_arn"></a> [vpc\_arn](#input\_vpc\_arn) | VPC ARN to use if not creating VPC. | `string` | `null` | no |
 | <a name="input_vpc_instance_tenancy"></a> [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The allowed tenancy of instances launched into the VPC. | `string` | `"default"` | no |
 | <a name="input_vpc_ipv4_ipam_pool_id"></a> [vpc\_ipv4\_ipam\_pool\_id](#input\_vpc\_ipv4\_ipam\_pool\_id) | Set to use IPAM to get an IPv4 CIDR block. | `string` | `null` | no |
 | <a name="input_vpc_ipv4_netmask_length"></a> [vpc\_ipv4\_netmask\_length](#input\_vpc\_ipv4\_netmask\_length) | Set to use IPAM to get an IPv4 CIDR block using a specified netmask. Must be set with var.vpc\_ipv4\_ipam\_pool\_id. | `string` | `null` | no |

data.tf

@@ -90,6 +90,7 @@ locals {
   # - create flow logs
 
   vpc        = var.create_vpc ? aws_vpc.main[0] : data.aws_vpc.main[0]
+  vpc_arn    = var.vpc_arn == null || length(var.vpc_arn) <= 0 ? local.vpc.arn : var.vpc_arn
   cidr_block = var.cidr_block == null ? local.vpc.cidr_block : var.cidr_block
 
   create_flow_logs = (var.vpc_flow_logs == null || var.vpc_flow_logs.log_destination_type == "none") ? false : true

examples/secondary_cidr/main.tf

@@ -30,6 +30,7 @@ module "secondary" {
 
   vpc_secondary_cidr = true
   vpc_id             = data.aws_vpc.selected.id
+  vpc_arn            = data.aws_vpc.selected.arn
 
   vpc_secondary_cidr_natgw = {
     "${data.aws_region.current.name}a" = {

main.tf

@@ -480,7 +480,7 @@ resource "aws_networkmanager_vpc_attachment" "cwan" {
 
   core_network_id = var.core_network.id
   subnet_arns     = values(aws_subnet.cwan)[*].arn
-  vpc_arn         = local.vpc.arn
+  vpc_arn         = local.vpc_arn
 
   options {
     ipv6_support           = local.cwan_dualstack ? true : false

variables.tf

@@ -15,6 +15,12 @@ variable "vpc_id" {
   type        = string
 }
 
+variable "vpc_arn" {
+  description = "VPC ARN to use if not creating VPC."
+  default     = null
+  type        = string
+}
+
 variable "create_vpc" {
   description = "Determines whether to create the VPC or not; defaults to enabling the creation."
   default     = true