Simplifies, differentiates, and consolidates the VPC Variables

VPC modules now use a consolidated `vpc_info` map.

To be tagged v0.8.0

base/security_vpc/main.tf

@@ -1,15 +1,16 @@
 locals {
   azs = slice(data.aws_availability_zones.available.names,0,2)
   subnets = [
-    cidrsubnet(var.security_vpc_cidr,3,0),
-    cidrsubnet(var.security_vpc_cidr,3,1),
-    cidrsubnet(var.security_vpc_cidr,3,2),
-    cidrsubnet(var.security_vpc_cidr,3,3),
-    cidrsubnet(var.security_vpc_cidr,3,4),
-    cidrsubnet(var.security_vpc_cidr,3,5),
-    cidrsubnet(var.security_vpc_cidr,3,6),
-    cidrsubnet(var.security_vpc_cidr,3,7),
+    cidrsubnet(var.vpc_info["cidr"],3,0),
+    cidrsubnet(var.vpc_info["cidr"],3,1),
+    cidrsubnet(var.vpc_info["cidr"],3,2),
+    cidrsubnet(var.vpc_info["cidr"],3,3),
+    cidrsubnet(var.vpc_info["cidr"],3,4),
+    cidrsubnet(var.vpc_info["cidr"],3,5),
+    cidrsubnet(var.vpc_info["cidr"],3,6),
+    cidrsubnet(var.vpc_info["cidr"],3,7),
   ]
+  vpc_name = "${ var.vpc_info["name"] }-${ var.account_name }"
 }
 
 data "aws_availability_zones" "available" {
@@ -19,8 +20,8 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
   version = "~> v2.0"
-  name = "security_vpc_${var.aws_partition_alias}_${var.environment}"
-  cidr = var.security_vpc_cidr
+  name = local.vpc_name
+  cidr = var.vpc_info["cidr"]
 
   azs = local.azs
 
@@ -29,17 +30,13 @@ module "vpc" {
     local.subnets[0],
     local.subnets[1],
   ]
-  private_subnet_tags = {
-    "Name" = "FW private (private)"
-  }
+  private_subnet_tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 
   public_subnets = [ 
     local.subnets[4],
     local.subnets[5]
   ]
-  public_subnet_tags = {
-    "Name" = "FW Untrusted (Public)"
-  }
+  public_subnet_tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 
   enable_nat_gateway = false
   enable_vpn_gateway = false
@@ -55,7 +52,7 @@ module "vpc" {
 
   dhcp_options_domain_name = var.dns_info["private"]["zone"]
 
-  tags = merge(var.standard_tags, var.tags)
+  tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 }
 
 resource "aws_flow_log" "flowlogs" {
@@ -64,7 +61,7 @@ resource "aws_flow_log" "flowlogs" {
 
   traffic_type    = "REJECT" # ALL is very noisy, and CIS only requires rejects.
   vpc_id          = module.vpc.vpc_id
-  tags            = merge(var.standard_tags, var.tags)
+  tags            = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 }
 
 resource "aws_subnet" "mgmt" {
@@ -74,9 +71,7 @@ resource "aws_subnet" "mgmt" {
   cidr_block = local.subnets[6 + count.index]
   availability_zone = local.azs[count.index]
 
-  tags = {
-    Name = "FW Management (Public)"
-  }
+  tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 }
 
 resource "aws_route_table_association" "mgmt-to-internet" {
@@ -94,7 +89,5 @@ resource "aws_subnet" "standalone_tgw" {
   cidr_block = local.subnets[2 + count.index]
   availability_zone = local.azs[count.index]
 
-  tags = {
-    Name = "Standalone TGW"
-  }
+  tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 }

base/security_vpc/vars.tf

@@ -1,8 +1,3 @@
-variable "security_vpc_cidr" {
-  description = "The CIDR Block for the security VPC"
-  type        = string
-}
-
 variable "tags" {
   description = "Tags to add to the resource (in addition to global standard tags)"
   type        = map
@@ -15,12 +10,14 @@ variable "tags" {
 # ----------------------------------
 # Below this line are variables inherited from higher levels, so they
 # do not need to be explicitly passed to this module.
+variable "vpc_info" { type = map }
 variable "is_legacy" { type = bool }
 variable "standard_tags" { type = map }
 variable "dns_info" { type = map }
 variable "aws_account_id" { type = string }
 variable "aws_region" { type = string }
 variable "environment" { type = string }
+variable "account_name" { type = string }
 variable "aws_partition" { type = string }
 variable "aws_partition_alias" { type = string }
 variable "trusted_ips" { type = list }

base/standard_vpc/main.tf

@@ -1,3 +1,7 @@
+locals {
+  vpc_name = "${ var.vpc_info["name"] }-${ var.account_name }"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
@@ -5,15 +9,15 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
   version = "~> v2.0"
-  name = "${var.name}"
-  cidr = "${var.cidr}"
+  name = "${local.vpc_name}"
+  cidr = "${var.vpc_info["cidr"]}"
 
   azs = slice(data.aws_availability_zones.available.names,0,3)
 
   private_subnets = [
-      "${cidrsubnet(var.cidr,3,0)}",
-      "${cidrsubnet(var.cidr,3,1)}",
-      "${cidrsubnet(var.cidr,3,2)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,0)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,1)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,2)}",
   ]
 
   # Potentially, we could route all accounts through the transit gateway to
@@ -24,9 +28,9 @@ module "vpc" {
   # or a /24 for each subnet (seems wasteful).
   #public_subnets = [ ]
   public_subnets = [ 
-      "${cidrsubnet(var.cidr,3,4)}",
-      "${cidrsubnet(var.cidr,3,5)}",
-      "${cidrsubnet(var.cidr,3,6)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,4)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,5)}",
+      "${cidrsubnet(var.vpc_info["cidr"],3,6)}",
   ]
 
   enable_nat_gateway = false
@@ -51,11 +55,11 @@ module "vpc" {
   dhcp_options_ntp_servers = [ "169.254.169.123" ]
   dhcp_options_tags = merge(var.standard_tags, var.tags)
 
-  tags = merge(var.standard_tags, var.tags)
+  tags = merge(var.standard_tags, var.tags, { "Purpose" = var.vpc_info["purpose"] })
 
   nat_eip_tags = {
     "eip_type" = "natgw"
-    Name = var.name
+    Name = local.vpc_name
   }
 }
 

base/standard_vpc/vars.tf

@@ -1,11 +1,6 @@
-variable "cidr" {
-  description = "The CIDR Block for the VPC"
-  type        = string
-}
-
-variable "name" {
-  description = "The name for the VPC"
-  type        = string
+variable "vpc_info" {
+  description = "A map of information about the VPC to create. Must contain `name` and `cidr`."
+  type = map
 }
 
 variable "tags" {
@@ -15,6 +10,7 @@ variable "tags" {
 }
 
 # Inherited
+variable "account_name" { type = string }
 variable "trusted_ips" { type = list(string) }
 variable "dns_servers" { type = list(string) }
 variable "dns_info" { type = map }