Skip to content
This repository has been archived by the owner on Jan 25, 2023. It is now read-only.

Facilitate specifying non-default VPC (shamelessly ripped off from hashicorp/terraform-aws-consul) #26

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Facilitate specifying non-default VPC (shamelessly ripped off from hashicorp/terraform-aws-consul) #26

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3323a71
Add ability to specify VPC.
boldandbusted Nov 27, 2017
93339ed
Add non-default VPC support to vault-cluster-private example.
boldandbusted Nov 27, 2017
6eee689
Merge to preserve S3 persistent storage capability, hopefully.
boldandbusted Apr 12, 2018
c624968
Create IAM Instance Profile Role policy to allow Vault AWS Auth full …
boldandbusted Apr 12, 2018
e349cbf
Merge pull request #1 from boldandbusted/Add_reccomended_Vault_IAM_Po…
boldandbusted Apr 12, 2018
03d8194
Remove duplicate vpc_id variable; set default to false for new enable…
boldandbusted Apr 13, 2018
7257e89
Merge pull request #2 from boldandbusted/Add_reccomended_Vault_IAM_Po…
boldandbusted Apr 13, 2018
3eef292
Expose more variables from underlying modules.
boldandbusted Apr 13, 2018
209b96b
Merge pull request #3 from boldandbusted/Add_reccomended_Vault_IAM_Po…
boldandbusted Apr 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions examples/vault-cluster-private/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,10 @@ data "template_file" "user_data_consul" {
# ---------------------------------------------------------------------------------------------------------------------

data "aws_vpc" "default" {
default = true
default = "${var.vpc_id == "" ? true : false}"
id = "${var.vpc_id}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I'm worried what happens if id is set to an empty string. Does Terraform ignore it, or does it complain? Unfortunately, Terraform is inconsistent with how it treats empty vs omitted params, so I'm not sure if this will cause problems for people trying to use the default VPC. Did you try it that way?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, I didn't try it that way - good catch. I'd have to create a default VPC, which I'm not sure is a reversible process in a single AWS account.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html#create-default-vpc

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I'm not comfortable changing my present employer's setup to create and delete a default VPC, since it seems to indicate a bunch of other things are touched by that process (subnets, security groups, etc.), and I don't know the implications of that (or the effect on other Terraform users). Is there another way to test this, perhaps with a free-tier?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, create a brand new AWS account with the free tier and it'll have a default VPC built-in.

}

data "aws_subnet_ids" "default" {
vpc_id = "${data.aws_vpc.default.id}"
}
}
5 changes: 5 additions & 0 deletions examples/vault-cluster-private/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,8 @@ variable "force_destroy_s3_bucket" {
description = "If you set this to true, when you run terraform destroy, this tells Terraform to delete all the objects in the S3 bucket used for backend storage. You should NOT set this to true in production or you risk losing all your data! This property is only here so automated tests of this module can clean up after themselves."
default = false
}

variable "vpc_id" {
description = "The ID of the VPC in which the nodes will be deployed. Uses default VPC if not supplied."
default = ""
}
3 changes: 2 additions & 1 deletion main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,8 @@ data "template_file" "user_data_consul" {
# ---------------------------------------------------------------------------------------------------------------------

data "aws_vpc" "default" {
default = true
default = "${var.vpc_id == "" ? true : false}"
id = "${var.vpc_id}"
}

data "aws_subnet_ids" "default" {
Expand Down
5 changes: 5 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,3 +85,8 @@ variable "force_destroy_s3_bucket" {
description = "If you set this to true, when you run terraform destroy, this tells Terraform to delete all the objects in the S3 bucket used for backend storage. You should NOT set this to true in production or you risk losing all your data! This property is only here so automated tests of this module can clean up after themselves."
default = false
}

variable "vpc_id" {
description = "The ID of the VPC in which the nodes will be deployed. Uses default VPC if not supplied."
default = ""
}