From 1d1671c3c33283e2ecf9bb8e962dca9d9a098fa0 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Fri, 10 Apr 2020 12:38:16 +0300 Subject: [PATCH 1/3] add flow logs max agg interval --- examples/complete-vpc/README.md | 4 ---- examples/complete-vpc/main.tf | 1 + examples/ipv6/README.md | 4 ---- examples/issue-108-route-already-exists/README.md | 4 ---- .../issue-44-asymmetric-private-subnets/README.md | 4 ---- examples/issue-46-no-private-subnets/README.md | 4 ---- examples/manage-default-vpc/README.md | 4 ---- examples/network-acls/README.md | 4 ---- examples/secondary-cidr-blocks/README.md | 4 ---- examples/simple-vpc/README.md | 4 ---- examples/test_fixture/README.md | 6 +----- examples/vpc-flow-logs/README.md | 4 ---- examples/vpc-flow-logs/cloud-watch-logs.tf | 1 + .../vpc-separate-private-route-tables/README.md | 4 ---- variables.tf | 6 ++++++ versions.tf | 2 +- vpc-flow-logs.tf | 13 +++++++------ 17 files changed, 17 insertions(+), 56 deletions(-) diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index 34b4b9e8e..b3834c2d9 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -17,10 +17,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers | Name | Version | diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf index d5057b8b1..e178eb629 100644 --- a/examples/complete-vpc/main.tf +++ b/examples/complete-vpc/main.tf @@ -110,6 +110,7 @@ module "vpc" { enable_flow_log = true create_flow_log_cloudwatch_log_group = true create_flow_log_cloudwatch_iam_role = true + flow_log_max_aggregation_interval = 60 tags = { Owner = "user" diff --git a/examples/ipv6/README.md b/examples/ipv6/README.md index 9d012ebf5..9530ab5c0 100644 --- a/examples/ipv6/README.md +++ b/examples/ipv6/README.md @@ -15,10 +15,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers | Name | Version | diff --git a/examples/issue-108-route-already-exists/README.md b/examples/issue-108-route-already-exists/README.md index fcff3a059..bf87248d7 100644 --- a/examples/issue-108-route-already-exists/README.md +++ b/examples/issue-108-route-already-exists/README.md @@ -19,10 +19,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/issue-44-asymmetric-private-subnets/README.md b/examples/issue-44-asymmetric-private-subnets/README.md index 8d4ec8055..2c89cb58d 100644 --- a/examples/issue-44-asymmetric-private-subnets/README.md +++ b/examples/issue-44-asymmetric-private-subnets/README.md @@ -17,10 +17,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/issue-46-no-private-subnets/README.md b/examples/issue-46-no-private-subnets/README.md index 07e8345fa..d31d3b559 100644 --- a/examples/issue-46-no-private-subnets/README.md +++ b/examples/issue-46-no-private-subnets/README.md @@ -17,10 +17,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index 8a5536c4a..c371deba4 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -17,10 +17,6 @@ $ terraform apply Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md index eee08e771..a8902245d 100644 --- a/examples/network-acls/README.md +++ b/examples/network-acls/README.md @@ -19,10 +19,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 6a6ff1a67..9464baea3 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -17,10 +17,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index 98670b9ef..e70f173b8 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -21,10 +21,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers | Name | Version | diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index 622b06ce8..a9e421a6b 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -21,10 +21,6 @@ Finished in 4.25 seconds (files took 2.75 seconds to load) This will destroy any existing test resources, create the resources afresh, run the tests, report back, and destroy the resources. -## Requirements - -No requirements. - ## Providers | Name | Version | @@ -34,7 +30,7 @@ No requirements. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +|------|-------------|------|---------|:-----:| | region | n/a | `string` | `"eu-west-1"` | no | ## Outputs diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md index 1b74fc296..c09064c97 100644 --- a/examples/vpc-flow-logs/README.md +++ b/examples/vpc-flow-logs/README.md @@ -19,10 +19,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers | Name | Version | diff --git a/examples/vpc-flow-logs/cloud-watch-logs.tf b/examples/vpc-flow-logs/cloud-watch-logs.tf index cbfb02c3b..3ceed5b83 100644 --- a/examples/vpc-flow-logs/cloud-watch-logs.tf +++ b/examples/vpc-flow-logs/cloud-watch-logs.tf @@ -15,6 +15,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" { enable_flow_log = true create_flow_log_cloudwatch_log_group = true create_flow_log_cloudwatch_iam_role = true + flow_log_max_aggregation_interval = 60 vpc_flow_log_tags = { Name = "vpc-flow-logs-cloudwatch-logs-default" diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md index 6d8182325..66b11e5cd 100644 --- a/examples/vpc-separate-private-route-tables/README.md +++ b/examples/vpc-separate-private-route-tables/README.md @@ -17,10 +17,6 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. -## Requirements - -No requirements. - ## Providers No provider. diff --git a/variables.tf b/variables.tf index e2c60ed10..9cd35d073 100644 --- a/variables.tf +++ b/variables.tf @@ -2318,3 +2318,9 @@ variable "flow_log_cloudwatch_log_group_kms_key_id" { type = string default = null } + +variable "flow_log_max_aggregation_interval" { + description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds." + type = number + default = 600 +} diff --git a/versions.tf b/versions.tf index 1aceb7ab9..0d628ebcf 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.6, < 0.14" required_providers { - aws = "~> 2.53" + aws = "~> 2.57" } } diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf index c1d502eb3..a47ead5e5 100644 --- a/vpc-flow-logs.tf +++ b/vpc-flow-logs.tf @@ -15,12 +15,13 @@ locals { resource "aws_flow_log" "this" { count = local.enable_flow_log ? 1 : 0 - log_destination_type = var.flow_log_destination_type - log_destination = local.flow_log_destination_arn - log_format = var.flow_log_log_format - iam_role_arn = local.flow_log_iam_role_arn - traffic_type = var.flow_log_traffic_type - vpc_id = local.vpc_id + log_destination_type = var.flow_log_destination_type + log_destination = local.flow_log_destination_arn + log_format = var.flow_log_log_format + iam_role_arn = local.flow_log_iam_role_arn + traffic_type = var.flow_log_traffic_type + vpc_id = local.vpc_id + max_aggregation_interval = var.flow_log_max_aggregation_interval tags = merge(var.tags, var.vpc_flow_log_tags) } From 5b481046791f1911357d61cf3510d474615b4468 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Sat, 20 Jun 2020 11:44:58 +0300 Subject: [PATCH 2/3] add external_nat_ips variable to deal with empty `nat_public_ips` output --- examples/complete-vpc/README.md | 4 ++++ examples/ipv6/README.md | 4 ++++ examples/issue-108-route-already-exists/README.md | 4 ++++ examples/issue-44-asymmetric-private-subnets/README.md | 4 ++++ examples/issue-46-no-private-subnets/README.md | 4 ++++ examples/manage-default-vpc/README.md | 4 ++++ examples/network-acls/README.md | 4 ++++ examples/secondary-cidr-blocks/README.md | 4 ++++ examples/simple-vpc/README.md | 4 ++++ examples/test_fixture/README.md | 6 +++++- examples/vpc-flow-logs/README.md | 4 ++++ examples/vpc-separate-private-route-tables/README.md | 4 ++++ 12 files changed, 49 insertions(+), 1 deletion(-) diff --git a/examples/complete-vpc/README.md b/examples/complete-vpc/README.md index b3834c2d9..34b4b9e8e 100644 --- a/examples/complete-vpc/README.md +++ b/examples/complete-vpc/README.md @@ -17,6 +17,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers | Name | Version | diff --git a/examples/ipv6/README.md b/examples/ipv6/README.md index 9530ab5c0..9d012ebf5 100644 --- a/examples/ipv6/README.md +++ b/examples/ipv6/README.md @@ -15,6 +15,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers | Name | Version | diff --git a/examples/issue-108-route-already-exists/README.md b/examples/issue-108-route-already-exists/README.md index bf87248d7..fcff3a059 100644 --- a/examples/issue-108-route-already-exists/README.md +++ b/examples/issue-108-route-already-exists/README.md @@ -19,6 +19,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/issue-44-asymmetric-private-subnets/README.md b/examples/issue-44-asymmetric-private-subnets/README.md index 2c89cb58d..8d4ec8055 100644 --- a/examples/issue-44-asymmetric-private-subnets/README.md +++ b/examples/issue-44-asymmetric-private-subnets/README.md @@ -17,6 +17,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/issue-46-no-private-subnets/README.md b/examples/issue-46-no-private-subnets/README.md index d31d3b559..07e8345fa 100644 --- a/examples/issue-46-no-private-subnets/README.md +++ b/examples/issue-46-no-private-subnets/README.md @@ -17,6 +17,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/manage-default-vpc/README.md b/examples/manage-default-vpc/README.md index c371deba4..8a5536c4a 100644 --- a/examples/manage-default-vpc/README.md +++ b/examples/manage-default-vpc/README.md @@ -17,6 +17,10 @@ $ terraform apply Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/network-acls/README.md b/examples/network-acls/README.md index a8902245d..eee08e771 100644 --- a/examples/network-acls/README.md +++ b/examples/network-acls/README.md @@ -19,6 +19,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/secondary-cidr-blocks/README.md b/examples/secondary-cidr-blocks/README.md index 9464baea3..6a6ff1a67 100644 --- a/examples/secondary-cidr-blocks/README.md +++ b/examples/secondary-cidr-blocks/README.md @@ -17,6 +17,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. diff --git a/examples/simple-vpc/README.md b/examples/simple-vpc/README.md index e70f173b8..98670b9ef 100644 --- a/examples/simple-vpc/README.md +++ b/examples/simple-vpc/README.md @@ -21,6 +21,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers | Name | Version | diff --git a/examples/test_fixture/README.md b/examples/test_fixture/README.md index a9e421a6b..622b06ce8 100644 --- a/examples/test_fixture/README.md +++ b/examples/test_fixture/README.md @@ -21,6 +21,10 @@ Finished in 4.25 seconds (files took 2.75 seconds to load) This will destroy any existing test resources, create the resources afresh, run the tests, report back, and destroy the resources. +## Requirements + +No requirements. + ## Providers | Name | Version | @@ -30,7 +34,7 @@ This will destroy any existing test resources, create the resources afresh, run ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:-----:| +|------|-------------|------|---------|:--------:| | region | n/a | `string` | `"eu-west-1"` | no | ## Outputs diff --git a/examples/vpc-flow-logs/README.md b/examples/vpc-flow-logs/README.md index c09064c97..1b74fc296 100644 --- a/examples/vpc-flow-logs/README.md +++ b/examples/vpc-flow-logs/README.md @@ -19,6 +19,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers | Name | Version | diff --git a/examples/vpc-separate-private-route-tables/README.md b/examples/vpc-separate-private-route-tables/README.md index 66b11e5cd..6d8182325 100644 --- a/examples/vpc-separate-private-route-tables/README.md +++ b/examples/vpc-separate-private-route-tables/README.md @@ -17,6 +17,10 @@ $ terraform apply Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources. +## Requirements + +No requirements. + ## Providers No provider. From 553d1d7658e606d2de7ad4c95ec5628d92416c14 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Sat, 20 Jun 2020 11:51:48 +0300 Subject: [PATCH 3/3] docs --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 78323ef29..7a69cbafe 100644 --- a/README.md +++ b/README.md @@ -224,14 +224,14 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | Name | Version | |------|---------| -| terraform | ~> 0.12.6 | -| aws | ~> 2.53 | +| terraform | >= 0.12.6, < 0.14 | +| aws | ~> 2.57 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.53 | +| aws | ~> 2.57 | ## Inputs @@ -460,6 +460,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway | flow\_log\_destination\_arn | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no | | flow\_log\_destination\_type | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no | | flow\_log\_log\_format | The fields to include in the flow log record, in the order in which they should appear. | `string` | `null` | no | +| flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no | | flow\_log\_traffic\_type | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no | | git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | `bool` | `false` | no | | git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | `list` | `[]` | no |