From d2b987da5d4a7f15ae1f86bb0bf1ae7d4ef555dc Mon Sep 17 00:00:00 2001
From: chandra <“Chandrashekar.reddy@sourcefuse.com”>
Date: Wed, 13 Nov 2024 19:01:56 +0530
Subject: [PATCH] corrections made for vpcflow
---
README.md | 2 +-
variables.tf | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index e72d5c0..b99eb60 100644
--- a/README.md
+++ b/README.md
@@ -225,7 +225,7 @@ locals {
| [subnet\_map](#input\_subnet\_map) | A map defining the configuration of subnets, their attributes, and associated resources.
Each subnet configuration can include the following details:
- **name**: Name of the subnet.
- **cidr\_block**: CIDR block for the subnet.
- **availability\_zone**: The availability zone where the subnet is located.
- **enable\_resource\_name\_dns\_a\_record\_on\_launch**: Enable or disable DNS A records for EC2 instances launched in this subnet (default: false).
- **enable\_resource\_name\_dns\_aaaa\_record\_on\_launch**: Enable or disable DNS AAAA records for EC2 instances launched in this subnet (default: false).
- **map\_public\_ip\_on\_launch**: Specify whether to auto-assign a public IP for instances in this subnet (default: false).
- **ipv6\_native**: Enable or disable native IPv6 support for the subnet (default: false).
- **assign\_ipv6\_address\_on\_creation**: Whether to automatically assign an IPv6 address to instances launched in the subnet (default: false).
- **ipv6\_cidr\_block**: The IPv6 CIDR block associated with the subnet (optional).
- **enable\_dns64**: Enable or disable DNS64 in the subnet (default: false).
- **nat\_gateway\_name**: Name of the NAT Gateway attached to the subnet (optional).
- **create\_nat\_gateway**: Specify whether to create a NAT Gateway for the subnet (default: true).
- **attach\_nat\_gateway**: Specify whether to attach an existing NAT Gateway to the subnet (default: false).
- **attach\_internet\_gateway**: Specify whether to attach an Internet Gateway to the subnet (default: false).
- **additional\_routes**: List of additional routes to be added to the subnet route table, typically to route traffic to other services like Transit Gateway. Each route includes:
- **type**: Type of resource (default: "transit-gateway").
- **id**: The ID of the route target (e.g., a Transit Gateway ID).
- **cidr\_block**: The destination CIDR block for the route.
- **destination\_ipv6\_cidr\_block**: The destination IPV6 CIDR block for the route. | map(object({
name = string
cidr_block = string
availability_zone = string
enable_resource_name_dns_a_record_on_launch = optional(bool, false)
enable_resource_name_dns_aaaa_record_on_launch = optional(bool, false)
map_public_ip_on_launch = optional(bool, false)
ipv6_native = optional(bool, false)
assign_ipv6_address_on_creation = optional(bool, false)
ipv6_cidr_block = optional(string, null)
enable_dns64 = optional(bool, false)
nat_gateway_name = optional(string, null)
create_nat_gateway = optional(bool, true)
attach_nat_gateway = optional(bool, false)
attach_internet_gateway = optional(bool, false)
additional_routes = optional(list(object({
type = optional(string, "transit-gateway") // possible values : network-interface ,transit-gateway, vpc-endpoint, vpc-peering-connection
id = string
destination_cidr_block = optional(string, null)
destination_ipv6_cidr_block = optional(string, null)
}
)), [])
})) | `null` | no |
| [tags](#input\_tags) | (optional) Tags for VPC resources | `map(string)` | `{}` | no |
| [vpc\_endpoint\_data](#input\_vpc\_endpoint\_data) | (optional) List of VPC endpoints to be created | list(object({
service = string
route_table_filter = optional(string, "private") // possible values 'private' and 'public'
policy_doc = optional(string, null)
private_dns_enabled = optional(bool, false)
security_group_ids = optional(list(string), [])
})) | `[]` | no |
-| [vpc\_flow\_log\_config](#input\_vpc\_flow\_log\_config) | If `s3_bucket_arn` is null, only CloudWatch logging is enabled by default. If `s3_bucket_arn` is provided, S3 logging is enabled. | object({
enable_vpc_flow_log = bool # Master switch to enable VPC flow logs
retention_in_days = number # Retention period for CloudWatch logs
s3_bucket_arn = string # S3 bucket ARN for VPC flow logs (enables S3 logging if specified)
}) | {
"enable_vpc_flow_log": true,
"retention_in_days": 7,
"s3_bucket_arn": null
} | no |
+| [vpc\_flow\_log\_config](#input\_vpc\_flow\_log\_config) | If `s3_bucket_arn` is null, only CloudWatch logging is enabled by default. If `s3_bucket_arn` is provided, S3 logging is enabled. | object({
enable_vpc_flow_log = bool
retention_in_days = number
s3_bucket_arn = string
}) | {
"enable_vpc_flow_log": true,
"retention_in_days": 7,
"s3_bucket_arn": null
} | no |
## Outputs
diff --git a/variables.tf b/variables.tf
index 1796f92..8fe8d2d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -186,9 +186,9 @@ variable "kms_config" {
variable "vpc_flow_log_config" {
description = "If `s3_bucket_arn` is null, only CloudWatch logging is enabled by default. If `s3_bucket_arn` is provided, S3 logging is enabled."
type = object({
- enable_vpc_flow_log = bool # Master switch to enable VPC flow logs
- retention_in_days = number # Retention period for CloudWatch logs
- s3_bucket_arn = string # S3 bucket ARN for VPC flow logs (enables S3 logging if specified)
+ enable_vpc_flow_log = bool
+ retention_in_days = number
+ s3_bucket_arn = string
})
default = {
enable_vpc_flow_log = true