feat: Add enhanced region support

[nightspotlight]

Description

• added region input variable (see Enhanced Region Support)
• updated docs

Motivation and Context

This change will allow to simplify multi-region deployments of VPC resources. No longer need to maintain different provider aliases, one can simply pass region = "value" when calling the module. Example:

locals {
  regions = toset(["us-east-1", "us-west-2", "eu-west-1"])
}

module "vpc" {
  for_each = local.regions

  source = "terraform-aws-modules/vpc/aws"

  region = each.value

  name = "vpc-${each.value}"
}

Closes #1209.
Closes #1236.

Breaking Changes

None

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects
• I have executed pre-commit run -a on my pull request

[nightspotlight]

@antonbabenko , @bryantbiggs , ☝️😊

[nightspotlight]

This doesn't work…

│ Error: reading EC2 VPC Endpoint Services: couldn't find resource
│ 
│   with module.endpoints["emea"].data.aws_vpc_endpoint_service.this["secretsmanager"],
│   on .terraform/modules/endpoints/modules/vpc-endpoints/main.tf line 11, in data "aws_vpc_endpoint_service" "this":
│   11: data "aws_vpc_endpoint_service" "this" {

[nightspotlight]

The vpc_endpoint_service data source doesn't support the region parameter in v6.4.0. So it seems like it's going to the provider-set region, and so it's unable to find the service endpoint from a different region.

I just found the list of non-region-aware resources, and the aws_vpc_endpoint_service data source is one of them… 😟 https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/enhanced-region-support#non%E2%80%93region-aware-resources

[nightspotlight]

So I was able to get it to work but had to alter the endpoints map a little and had to add a new input variable in the module.

Before:

  endpoints = {
    s3 = {
      service = "s3"
      # …
    }
  }

After:

  enable_service_endpoint_lookup = false
  endpoints = {
    s3 = {
      service_endpoint = "com.amazonaws.${each.value.aws_region}.s3"
      service_region   = each.value.aws_region
      # …
    }
  }

The enable_service_endpoint_lookup switch effectively disables the aws_vpc_endpoint_service data source (default is enabled).

I need to work out and add some example scripts.

[nightspotlight]

I updated examples and readmes

[matheuscscp]

Looking forward to seeing this through 🙏

[antonszbx]

@nightspotlight looking forward to it ❤️, afaik only example scripts are missing for usage? (for new endpoints)

[nightspotlight]

@nightspotlight looking forward to it ❤️, afaik only example scripts are missing for usage? (for new endpoints)

hey, I've been using my fork in my project but without the endpoints part.

I updated examples and readme, I hope it gets reviewed soon.

[antonszbx]

@bryantbiggs @antonbabenko ✌️

[bryantbiggs]

we don't need an example for this

[bryantbiggs]

remove this change, use service_regions = var.region != null ? [var.region] : null instead

[bryantbiggs]

remove these changes

[bryantbiggs]

remove

[bryantbiggs]

remove

[antonbabenko]

This PR is included in version 6.1.0 🎉

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.