Unable to define a Name tag on the aws_vpc_block_public_access_exclusion resource

[garym-krrv]

Description

Module 5.19.0 introduced the new feature of configuring aws_vpc_block_public_access_exclusion. However, the module does not allow you to set a name for each exclusion. It only takes var.tags into the resource. We need to be able to set the Name tag independantly

If your request is for a new feature, please use the Feature request template.

• ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]: 5.19.0

• Terraform version: 1.5.7

• Provider version(s): 5.86.1

Reproduction Code [Required]

module "vpc_main" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.19.0"

  name = "test"
  cidr = "172.16.16.0/20"

  azs              = local.azs
  public_subnets   = [for no_of_azs, v in local.azs : cidrsubnet("172.16.16.0/20", 5, no_of_azs)]
  private_subnets  = [for no_of_azs, v in local.azs : cidrsubnet("172.16.16.0/20", 5, no_of_azs + 3)]
  database_subnets = [for no_of_azs, v in local.azs : cidrsubnet("172.16.16.0/20", 5, no_of_azs + 6)]

  enable_nat_gateway                 = true
  enable_vpn_gateway                 = false
  propagate_private_route_tables_vgw = true

  create_database_subnet_group = true

  vpc_block_public_access_options = {
    internet_gateway_block_mode = "block-bidirectional"
  }

  vpc_block_public_access_exclusions = {
    for i, subnet in module.vpc_main.public_subnets :
    "exclude_subnet_public_${i}" => {
      exclude_subnet                  = true
      subnet_index                    = i
      subnet_type                     = "public"
      internet_gateway_exclusion_mode = "allow-bidirectional"
    }
  }

  default_network_acl_ingress = [
    {
      action     = "allow"
      cidr_block = "0.0.0.0/0"
      from_port  = 0
      icmp_code  = 0
      icmp_type  = 0
      protocol   = "-1"
      rule_no    = 100
      to_port    = 0
    },
    {
      action     = "deny"
      cidr_block = "0.0.0.0/0"
      from_port  = 22
      icmp_code  = 0
      icmp_type  = 0
      protocol   = "6"
      rule_no    = 90
      to_port    = 22
    },
    {
      action     = "deny"
      cidr_block = "0.0.0.0/0"
      from_port  = 3389
      icmp_code  = 0
      icmp_type  = 0
      protocol   = "6"
      rule_no    = 95
      to_port    = 3389
    }
  ]
}

Expected behavior

To be able to pass in a Name Tag into the module to set on the AWS resource

Actual behavior

Unable to pass Name Tag

Additional context

Issue is on line 89 of main.tf tags = var.tags
It does not account for adding a Name Tag as does the rest of the module

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[garym-krrv]

This is not stale. Pending PR approval

[garym-krrv]

Still not stale and requires approval

[antonbabenko]

This issue has been resolved in version 5.20.0 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.