Skip to content

Instantly share code, notes, and snippets.

@brandonpollack23

brandonpollack23/generated.ts

Created December 12, 2024 05:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save brandonpollack23/80a7864abfe8fd0ba3e2a484aa9b7a80 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save brandonpollack23/80a7864abfe8fd0ba3e2a484aa9b7a80 to your computer and use it in GitHub Desktop.
Download ZIP
pulumi convert generated output for aws vpc provider
Raw
generated.ts
```ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
function notImplemented(message: string) {
throw new Error(message);
}
function singleOrNone<T>(elements: pulumi.Input<T>[]): pulumi.Input<T> {
if (elements.length != 1) {
throw new Error("singleOrNone expected input list to have a single element");
}
return elements[0];
}
export = async () => {
const config = new pulumi.Config();
// Controls if VPC should be created (it affects almost all resources)
const createVpc = config.getBoolean("createVpc") || true;
// Name to be used on all the resources as identifier
const name = config.get("name") || "";
// (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id`
const cidr = config.get("cidr") || "10.0.0.0/16";
// List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool
const secondaryCidrBlocks = config.getObject<Array<string>>("secondaryCidrBlocks") || [];
// A tenancy option for instances launched into the VPC
const instanceTenancy = config.get("instanceTenancy") || "default";
// A list of availability zones names or ids in the region
const azs = config.getObject<Array<string>>("azs") || [];
// Should be true to enable DNS hostnames in the VPC
const enableDnsHostnames = config.getBoolean("enableDnsHostnames") || true;
// Should be true to enable DNS support in the VPC
const enableDnsSupport = config.getBoolean("enableDnsSupport") || true;
// Determines whether network address usage metrics are enabled for the VPC
const enableNetworkAddressUsageMetrics = config.getBoolean("enableNetworkAddressUsageMetrics");
// Determines whether IPAM pool is used for CIDR allocation
const useIpamPool = config.getBoolean("useIpamPool") || false;
// (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR
const ipv4IpamPoolId = config.get("ipv4IpamPoolId");
// (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id
const ipv4NetmaskLength = config.getNumber("ipv4NetmaskLength");
// Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block
const enableIpv6 = config.getBoolean("enableIpv6") || false;
// (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using `ipv6_netmask_length`
const ipv6Cidr = config.get("ipv6Cidr");
// (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with `assign_generated_ipv6_cidr_block`
const ipv6IpamPoolId = config.get("ipv6IpamPoolId");
// (Optional) Netmask length to request from IPAM Pool. Conflicts with `ipv6_cidr_block`. This can be omitted if IPAM pool as a `allocation_default_netmask_length` set. Valid values: `56`
const ipv6NetmaskLength = config.getNumber("ipv6NetmaskLength");
// By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones
const ipv6CidrBlockNetworkBorderGroup = config.get("ipv6CidrBlockNetworkBorderGroup");
// Additional tags for the VPC
const vpcTags = config.getObject<Record<string, string>>("vpcTags") || {};
// A map of tags to add to all resources
const tags = config.getObject<Record<string, string>>("tags") || {};
// Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type
const enableDhcpOptions = config.getBoolean("enableDhcpOptions") || false;
// Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)
const dhcpOptionsDomainName = config.get("dhcpOptionsDomainName") || "";
// Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)
const dhcpOptionsDomainNameServers = config.getObject<Array<string>>("dhcpOptionsDomainNameServers") || ["AmazonProvidedDNS"];
// Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)
const dhcpOptionsNtpServers = config.getObject<Array<string>>("dhcpOptionsNtpServers") || [];
// Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)
const dhcpOptionsNetbiosNameServers = config.getObject<Array<string>>("dhcpOptionsNetbiosNameServers") || [];
// Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)
const dhcpOptionsNetbiosNodeType = config.get("dhcpOptionsNetbiosNodeType") || "";
// How frequently, in seconds, a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal (requires enable_dhcp_options set to true)
const dhcpOptionsIpv6AddressPreferredLeaseTime = config.getNumber("dhcpOptionsIpv6AddressPreferredLeaseTime");
// Additional tags for the DHCP option set (requires enable_dhcp_options set to true)
const dhcpOptionsTags = config.getObject<Record<string, string>>("dhcpOptionsTags") || {};
// A list of public subnets inside the VPC
const publicSubnets = config.getObject<Array<string>>("publicSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const publicSubnetAssignIpv6AddressOnCreation = config.getBoolean("publicSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const publicSubnetEnableDns64 = config.getBoolean("publicSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const publicSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("publicSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const publicSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("publicSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Indicates whether to create a separate route table for each public subnet. Default: `false`
const createMultiplePublicRouteTables = config.getBoolean("createMultiplePublicRouteTables") || false;
// Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const publicSubnetIpv6Prefixes = config.getObject<Array<string>>("publicSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const publicSubnetIpv6Native = config.getBoolean("publicSubnetIpv6Native") || false;
// Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is `false`
const mapPublicIpOnLaunch = config.getBoolean("mapPublicIpOnLaunch") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const publicSubnetPrivateDnsHostnameTypeOnLaunch = config.get("publicSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated
const publicSubnetNames = config.getObject<Array<string>>("publicSubnetNames") || [];
// Suffix to append to public subnets name
const publicSubnetSuffix = config.get("publicSubnetSuffix") || "public";
// Additional tags for the public subnets
const publicSubnetTags = config.getObject<Record<string, string>>("publicSubnetTags") || {};
// Additional tags for the public subnets where the primary key is the AZ
const publicSubnetTagsPerAz = config.getObject<Record<string, Record<string, string>>>("publicSubnetTagsPerAz") || {};
// Additional tags for the public route tables
const publicRouteTableTags = config.getObject<Record<string, string>>("publicRouteTableTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for public subnets
const publicDedicatedNetworkAcl = config.getBoolean("publicDedicatedNetworkAcl") || false;
// Public subnets inbound network ACLs
const publicInboundAclRules = config.getObject<Array<Record<string, string>>>("publicInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Public subnets outbound network ACLs
const publicOutboundAclRules = config.getObject<Array<Record<string, string>>>("publicOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the public subnets network ACL
const publicAclTags = config.getObject<Record<string, string>>("publicAclTags") || {};
// A list of private subnets inside the VPC
const privateSubnets = config.getObject<Array<string>>("privateSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const privateSubnetAssignIpv6AddressOnCreation = config.getBoolean("privateSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const privateSubnetEnableDns64 = config.getBoolean("privateSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const privateSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("privateSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const privateSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("privateSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const privateSubnetIpv6Prefixes = config.getObject<Array<string>>("privateSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const privateSubnetIpv6Native = config.getBoolean("privateSubnetIpv6Native") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const privateSubnetPrivateDnsHostnameTypeOnLaunch = config.get("privateSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated
const privateSubnetNames = config.getObject<Array<string>>("privateSubnetNames") || [];
// Suffix to append to private subnets name
const privateSubnetSuffix = config.get("privateSubnetSuffix") || "private";
// Controls if a nat gateway route should be created to give internet access to the private subnets
const createPrivateNatGatewayRoute = config.getBoolean("createPrivateNatGatewayRoute") || true;
// Additional tags for the private subnets
const privateSubnetTags = config.getObject<Record<string, string>>("privateSubnetTags") || {};
// Additional tags for the private subnets where the primary key is the AZ
const privateSubnetTagsPerAz = config.getObject<Record<string, Record<string, string>>>("privateSubnetTagsPerAz") || {};
// Additional tags for the private route tables
const privateRouteTableTags = config.getObject<Record<string, string>>("privateRouteTableTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for private subnets
const privateDedicatedNetworkAcl = config.getBoolean("privateDedicatedNetworkAcl") || false;
// Private subnets inbound network ACLs
const privateInboundAclRules = config.getObject<Array<Record<string, string>>>("privateInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Private subnets outbound network ACLs
const privateOutboundAclRules = config.getObject<Array<Record<string, string>>>("privateOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the private subnets network ACL
const privateAclTags = config.getObject<Record<string, string>>("privateAclTags") || {};
// A list of database subnets inside the VPC
const databaseSubnets = config.getObject<Array<string>>("databaseSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const databaseSubnetAssignIpv6AddressOnCreation = config.getBoolean("databaseSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const databaseSubnetEnableDns64 = config.getBoolean("databaseSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const databaseSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("databaseSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const databaseSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("databaseSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const databaseSubnetIpv6Prefixes = config.getObject<Array<string>>("databaseSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const databaseSubnetIpv6Native = config.getBoolean("databaseSubnetIpv6Native") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const databaseSubnetPrivateDnsHostnameTypeOnLaunch = config.get("databaseSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated
const databaseSubnetNames = config.getObject<Array<string>>("databaseSubnetNames") || [];
// Suffix to append to database subnets name
const databaseSubnetSuffix = config.get("databaseSubnetSuffix") || "db";
// Controls if separate route table for database should be created
const createDatabaseSubnetRouteTable = config.getBoolean("createDatabaseSubnetRouteTable") || false;
// Controls if an internet gateway route for public database access should be created
const createDatabaseInternetGatewayRoute = config.getBoolean("createDatabaseInternetGatewayRoute") || false;
// Controls if a nat gateway route should be created to give internet access to the database subnets
const createDatabaseNatGatewayRoute = config.getBoolean("createDatabaseNatGatewayRoute") || false;
// Additional tags for the database route tables
const databaseRouteTableTags = config.getObject<Record<string, string>>("databaseRouteTableTags") || {};
// Additional tags for the database subnets
const databaseSubnetTags = config.getObject<Record<string, string>>("databaseSubnetTags") || {};
// Controls if database subnet group should be created (n.b. database_subnets must also be set)
const createDatabaseSubnetGroup = config.getBoolean("createDatabaseSubnetGroup") || true;
// Name of database subnet group
const databaseSubnetGroupName = config.get("databaseSubnetGroupName");
// Additional tags for the database subnet group
const databaseSubnetGroupTags = config.getObject<Record<string, string>>("databaseSubnetGroupTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for database subnets
const databaseDedicatedNetworkAcl = config.getBoolean("databaseDedicatedNetworkAcl") || false;
// Database subnets inbound network ACL rules
const databaseInboundAclRules = config.getObject<Array<Record<string, string>>>("databaseInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Database subnets outbound network ACL rules
const databaseOutboundAclRules = config.getObject<Array<Record<string, string>>>("databaseOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the database subnets network ACL
const databaseAclTags = config.getObject<Record<string, string>>("databaseAclTags") || {};
// A list of redshift subnets inside the VPC
const redshiftSubnets = config.getObject<Array<string>>("redshiftSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const redshiftSubnetAssignIpv6AddressOnCreation = config.getBoolean("redshiftSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const redshiftSubnetEnableDns64 = config.getBoolean("redshiftSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const redshiftSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("redshiftSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const redshiftSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("redshiftSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const redshiftSubnetIpv6Prefixes = config.getObject<Array<string>>("redshiftSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const redshiftSubnetIpv6Native = config.getBoolean("redshiftSubnetIpv6Native") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const redshiftSubnetPrivateDnsHostnameTypeOnLaunch = config.get("redshiftSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated
const redshiftSubnetNames = config.getObject<Array<string>>("redshiftSubnetNames") || [];
// Suffix to append to redshift subnets name
const redshiftSubnetSuffix = config.get("redshiftSubnetSuffix") || "redshift";
// Controls if redshift should have public routing table
const enablePublicRedshift = config.getBoolean("enablePublicRedshift") || false;
// Controls if separate route table for redshift should be created
const createRedshiftSubnetRouteTable = config.getBoolean("createRedshiftSubnetRouteTable") || false;
// Additional tags for the redshift route tables
const redshiftRouteTableTags = config.getObject<Record<string, string>>("redshiftRouteTableTags") || {};
// Additional tags for the redshift subnets
const redshiftSubnetTags = config.getObject<Record<string, string>>("redshiftSubnetTags") || {};
// Controls if redshift subnet group should be created
const createRedshiftSubnetGroup = config.getBoolean("createRedshiftSubnetGroup") || true;
// Name of redshift subnet group
const redshiftSubnetGroupName = config.get("redshiftSubnetGroupName");
// Additional tags for the redshift subnet group
const redshiftSubnetGroupTags = config.getObject<Record<string, string>>("redshiftSubnetGroupTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for redshift subnets
const redshiftDedicatedNetworkAcl = config.getBoolean("redshiftDedicatedNetworkAcl") || false;
// Redshift subnets inbound network ACL rules
const redshiftInboundAclRules = config.getObject<Array<Record<string, string>>>("redshiftInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Redshift subnets outbound network ACL rules
const redshiftOutboundAclRules = config.getObject<Array<Record<string, string>>>("redshiftOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the redshift subnets network ACL
const redshiftAclTags = config.getObject<Record<string, string>>("redshiftAclTags") || {};
// A list of elasticache subnets inside the VPC
const elasticacheSubnets = config.getObject<Array<string>>("elasticacheSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const elasticacheSubnetAssignIpv6AddressOnCreation = config.getBoolean("elasticacheSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const elasticacheSubnetEnableDns64 = config.getBoolean("elasticacheSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const elasticacheSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("elasticacheSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const elasticacheSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("elasticacheSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const elasticacheSubnetIpv6Prefixes = config.getObject<Array<string>>("elasticacheSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const elasticacheSubnetIpv6Native = config.getBoolean("elasticacheSubnetIpv6Native") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const elasticacheSubnetPrivateDnsHostnameTypeOnLaunch = config.get("elasticacheSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated
const elasticacheSubnetNames = config.getObject<Array<string>>("elasticacheSubnetNames") || [];
// Suffix to append to elasticache subnets name
const elasticacheSubnetSuffix = config.get("elasticacheSubnetSuffix") || "elasticache";
// Additional tags for the elasticache subnets
const elasticacheSubnetTags = config.getObject<Record<string, string>>("elasticacheSubnetTags") || {};
// Controls if separate route table for elasticache should be created
const createElasticacheSubnetRouteTable = config.getBoolean("createElasticacheSubnetRouteTable") || false;
// Additional tags for the elasticache route tables
const elasticacheRouteTableTags = config.getObject<Record<string, string>>("elasticacheRouteTableTags") || {};
// Controls if elasticache subnet group should be created
const createElasticacheSubnetGroup = config.getBoolean("createElasticacheSubnetGroup") || true;
// Name of elasticache subnet group
const elasticacheSubnetGroupName = config.get("elasticacheSubnetGroupName");
// Additional tags for the elasticache subnet group
const elasticacheSubnetGroupTags = config.getObject<Record<string, string>>("elasticacheSubnetGroupTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets
const elasticacheDedicatedNetworkAcl = config.getBoolean("elasticacheDedicatedNetworkAcl") || false;
// Elasticache subnets inbound network ACL rules
const elasticacheInboundAclRules = config.getObject<Array<Record<string, string>>>("elasticacheInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Elasticache subnets outbound network ACL rules
const elasticacheOutboundAclRules = config.getObject<Array<Record<string, string>>>("elasticacheOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the elasticache subnets network ACL
const elasticacheAclTags = config.getObject<Record<string, string>>("elasticacheAclTags") || {};
// A list of intra subnets inside the VPC
const intraSubnets = config.getObject<Array<string>>("intraSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const intraSubnetAssignIpv6AddressOnCreation = config.getBoolean("intraSubnetAssignIpv6AddressOnCreation") || false;
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const intraSubnetEnableDns64 = config.getBoolean("intraSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const intraSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("intraSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const intraSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("intraSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Indicates whether to create a separate route table for each intra subnet. Default: `false`
const createMultipleIntraRouteTables = config.getBoolean("createMultipleIntraRouteTables") || false;
// Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const intraSubnetIpv6Prefixes = config.getObject<Array<string>>("intraSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const intraSubnetIpv6Native = config.getBoolean("intraSubnetIpv6Native") || false;
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const intraSubnetPrivateDnsHostnameTypeOnLaunch = config.get("intraSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated
const intraSubnetNames = config.getObject<Array<string>>("intraSubnetNames") || [];
// Suffix to append to intra subnets name
const intraSubnetSuffix = config.get("intraSubnetSuffix") || "intra";
// Additional tags for the intra subnets
const intraSubnetTags = config.getObject<Record<string, string>>("intraSubnetTags") || {};
// Additional tags for the intra route tables
const intraRouteTableTags = config.getObject<Record<string, string>>("intraRouteTableTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for intra subnets
const intraDedicatedNetworkAcl = config.getBoolean("intraDedicatedNetworkAcl") || false;
// Intra subnets inbound network ACLs
const intraInboundAclRules = config.getObject<Array<Record<string, string>>>("intraInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Intra subnets outbound network ACLs
const intraOutboundAclRules = config.getObject<Array<Record<string, string>>>("intraOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the intra subnets network ACL
const intraAclTags = config.getObject<Record<string, string>>("intraAclTags") || {};
// A list of outpost subnets inside the VPC
const outpostSubnets = config.getObject<Array<string>>("outpostSubnets") || [];
// Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`
const outpostSubnetAssignIpv6AddressOnCreation = config.getBoolean("outpostSubnetAssignIpv6AddressOnCreation") || false;
// AZ where Outpost is anchored
const outpostAz = config.get("outpostAz");
// The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured
const customerOwnedIpv4Pool = config.get("customerOwnedIpv4Pool");
// Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`
const outpostSubnetEnableDns64 = config.getBoolean("outpostSubnetEnableDns64") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`
const outpostSubnetEnableResourceNameDnsAaaaRecordOnLaunch = config.getBoolean("outpostSubnetEnableResourceNameDnsAaaaRecordOnLaunch") || true;
// Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`
const outpostSubnetEnableResourceNameDnsARecordOnLaunch = config.getBoolean("outpostSubnetEnableResourceNameDnsARecordOnLaunch") || false;
// Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list
const outpostSubnetIpv6Prefixes = config.getObject<Array<string>>("outpostSubnetIpv6Prefixes") || [];
// Indicates whether to create an IPv6-only subnet. Default: `false`
const outpostSubnetIpv6Native = config.getBoolean("outpostSubnetIpv6Native") || false;
// Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`
const mapCustomerOwnedIpOnLaunch = config.getBoolean("mapCustomerOwnedIpOnLaunch") || false;
// ARN of Outpost you want to create a subnet in
const outpostArn = config.get("outpostArn");
// The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`
const outpostSubnetPrivateDnsHostnameTypeOnLaunch = config.get("outpostSubnetPrivateDnsHostnameTypeOnLaunch");
// Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated
const outpostSubnetNames = config.getObject<Array<string>>("outpostSubnetNames") || [];
// Suffix to append to outpost subnets name
const outpostSubnetSuffix = config.get("outpostSubnetSuffix") || "outpost";
// Additional tags for the outpost subnets
const outpostSubnetTags = config.getObject<Record<string, string>>("outpostSubnetTags") || {};
// Whether to use dedicated network ACL (not default) and custom rules for outpost subnets
const outpostDedicatedNetworkAcl = config.getBoolean("outpostDedicatedNetworkAcl") || false;
// Outpost subnets inbound network ACLs
const outpostInboundAclRules = config.getObject<Array<Record<string, string>>>("outpostInboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Outpost subnets outbound network ACLs
const outpostOutboundAclRules = config.getObject<Array<Record<string, string>>>("outpostOutboundAclRules") || [{
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_action: "allow",
rule_number: "100",
to_port: "0",
}];
// Additional tags for the outpost subnets network ACL
const outpostAclTags = config.getObject<Record<string, string>>("outpostAclTags") || {};
// Controls if an Internet Gateway is created for public subnets and the related routes that connect them
const createIgw = config.getBoolean("createIgw") || true;
// Controls if an Egress Only Internet Gateway is created and its related routes
const createEgressOnlyIgw = config.getBoolean("createEgressOnlyIgw") || true;
// Additional tags for the internet gateway
const igwTags = config.getObject<Record<string, string>>("igwTags") || {};
// Should be true if you want to provision NAT Gateways for each of your private networks
const enableNatGateway = config.getBoolean("enableNatGateway") || false;
// Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route
const natGatewayDestinationCidrBlock = config.get("natGatewayDestinationCidrBlock") || "0.0.0.0/0";
// Should be true if you want to provision a single shared NAT Gateway across all of your private networks
const singleNatGateway = config.getBoolean("singleNatGateway") || false;
// Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`
const oneNatGatewayPerAz = config.getBoolean("oneNatGatewayPerAz") || false;
// Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable
const reuseNatIps = config.getBoolean("reuseNatIps") || false;
// List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)
const externalNatIpIds = config.getObject<Array<string>>("externalNatIpIds") || [];
// List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)
const externalNatIps = config.getObject<Array<string>>("externalNatIps") || [];
// Additional tags for the NAT gateways
const natGatewayTags = config.getObject<Record<string, string>>("natGatewayTags") || {};
// Additional tags for the NAT EIP
const natEipTags = config.getObject<Record<string, string>>("natEipTags") || {};
// Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)
const customerGateways = config.getObject<Record<string, Record<string, any>>>("customerGateways") || {};
// Additional tags for the Customer Gateway
const customerGatewayTags = config.getObject<Record<string, string>>("customerGatewayTags") || {};
// Should be true if you want to create a new VPN Gateway resource and attach it to the VPC
const enableVpnGateway = config.getBoolean("enableVpnGateway") || false;
// ID of VPN Gateway to attach to the VPC
const vpnGatewayId = config.get("vpnGatewayId") || "";
// The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN
const amazonSideAsn = config.get("amazonSideAsn") || "64512";
// The Availability Zone for the VPN Gateway
const vpnGatewayAz = config.get("vpnGatewayAz");
// Should be true if you want route table propagation
const propagateIntraRouteTablesVgw = config.getBoolean("propagateIntraRouteTablesVgw") || false;
// Should be true if you want route table propagation
const propagatePrivateRouteTablesVgw = config.getBoolean("propagatePrivateRouteTablesVgw") || false;
// Should be true if you want route table propagation
const propagatePublicRouteTablesVgw = config.getBoolean("propagatePublicRouteTablesVgw") || false;
// Additional tags for the VPN gateway
const vpnGatewayTags = config.getObject<Record<string, string>>("vpnGatewayTags") || {};
// Should be true to adopt and manage Default VPC
const manageDefaultVpc = config.getBoolean("manageDefaultVpc") || false;
// Name to be used on the Default VPC
const defaultVpcName = config.get("defaultVpcName");
// Should be true to enable DNS support in the Default VPC
const defaultVpcEnableDnsSupport = config.getBoolean("defaultVpcEnableDnsSupport") || true;
// Should be true to enable DNS hostnames in the Default VPC
const defaultVpcEnableDnsHostnames = config.getBoolean("defaultVpcEnableDnsHostnames") || true;
// Additional tags for the Default VPC
const defaultVpcTags = config.getObject<Record<string, string>>("defaultVpcTags") || {};
// Should be true to adopt and manage default security group
const manageDefaultSecurityGroup = config.getBoolean("manageDefaultSecurityGroup") || true;
// Name to be used on the default security group
const defaultSecurityGroupName = config.get("defaultSecurityGroupName");
// List of maps of ingress rules to set on the default security group
const defaultSecurityGroupIngress = config.getObject<Array<Record<string, string>>>("defaultSecurityGroupIngress") || [];
// List of maps of egress rules to set on the default security group
const defaultSecurityGroupEgress = config.getObject<Array<Record<string, string>>>("defaultSecurityGroupEgress") || [];
// Additional tags for the default security group
const defaultSecurityGroupTags = config.getObject<Record<string, string>>("defaultSecurityGroupTags") || {};
// Should be true to adopt and manage Default Network ACL
const manageDefaultNetworkAcl = config.getBoolean("manageDefaultNetworkAcl") || true;
// Name to be used on the Default Network ACL
const defaultNetworkAclName = config.get("defaultNetworkAclName");
// List of maps of ingress rules to set on the Default Network ACL
const defaultNetworkAclIngress = config.getObject<Array<Record<string, string>>>("defaultNetworkAclIngress") || [
{
action: "allow",
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_no: "100",
to_port: "0",
},
{
action: "allow",
from_port: "0",
ipv6_cidr_block: "::/0",
protocol: "-1",
rule_no: "101",
to_port: "0",
},
];
// List of maps of egress rules to set on the Default Network ACL
const defaultNetworkAclEgress = config.getObject<Array<Record<string, string>>>("defaultNetworkAclEgress") || [
{
action: "allow",
cidr_block: "0.0.0.0/0",
from_port: "0",
protocol: "-1",
rule_no: "100",
to_port: "0",
},
{
action: "allow",
from_port: "0",
ipv6_cidr_block: "::/0",
protocol: "-1",
rule_no: "101",
to_port: "0",
},
];
// Additional tags for the Default Network ACL
const defaultNetworkAclTags = config.getObject<Record<string, string>>("defaultNetworkAclTags") || {};
// Should be true to manage default route table
const manageDefaultRouteTable = config.getBoolean("manageDefaultRouteTable") || true;
// Name to be used on the default route table
const defaultRouteTableName = config.get("defaultRouteTableName");
// List of virtual gateways for propagation
const defaultRouteTablePropagatingVgws = config.getObject<Array<string>>("defaultRouteTablePropagatingVgws") || [];
// Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route
const defaultRouteTableRoutes = config.getObject<Array<Record<string, string>>>("defaultRouteTableRoutes") || [];
// Additional tags for the default route table
const defaultRouteTableTags = config.getObject<Record<string, string>>("defaultRouteTableTags") || {};
// Whether or not to enable VPC Flow Logs
const enableFlowLog = config.getBoolean("enableFlowLog") || false;
// Name to use on the VPC Flow Log IAM role created
const vpcFlowLogIamRoleName = config.get("vpcFlowLogIamRoleName") || "vpc-flow-log-role";
// Determines whether the IAM role name (`vpc_flow_log_iam_role_name_name`) is used as a prefix
const vpcFlowLogIamRoleUseNamePrefix = config.getBoolean("vpcFlowLogIamRoleUseNamePrefix") || true;
// The ARN of the Permissions Boundary for the VPC Flow Log IAM Role
const vpcFlowLogPermissionsBoundary = config.get("vpcFlowLogPermissionsBoundary");
// Name of the IAM policy
const vpcFlowLogIamPolicyName = config.get("vpcFlowLogIamPolicyName") || "vpc-flow-log-to-cloudwatch";
// Determines whether the name of the IAM policy (`vpc_flow_log_iam_policy_name`) is used as a prefix
const vpcFlowLogIamPolicyUseNamePrefix = config.getBoolean("vpcFlowLogIamPolicyUseNamePrefix") || true;
// The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds
const flowLogMaxAggregationInterval = config.getNumber("flowLogMaxAggregationInterval") || 600;
// The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL
const flowLogTrafficType = config.get("flowLogTrafficType") || "ALL";
// Type of flow log destination. Can be s3, kinesis-data-firehose or cloud-watch-logs
const flowLogDestinationType = config.get("flowLogDestinationType") || "cloud-watch-logs";
// The fields to include in the flow log record, in the order in which they should appear
const flowLogLogFormat = config.get("flowLogLogFormat");
// The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided
const flowLogDestinationArn = config.get("flowLogDestinationArn") || "";
// (Optional) ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
const flowLogDeliverCrossAccountRole = config.get("flowLogDeliverCrossAccountRole");
// (Optional) The format for the flow log. Valid values: `plain-text`, `parquet`
const flowLogFileFormat = config.get("flowLogFileFormat");
// (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3
const flowLogHiveCompatiblePartitions = config.getBoolean("flowLogHiveCompatiblePartitions") || false;
// (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries
const flowLogPerHourPartition = config.getBoolean("flowLogPerHourPartition") || false;
// Additional tags for the VPC Flow Logs
const vpcFlowLogTags = config.getObject<Record<string, string>>("vpcFlowLogTags") || {};
// Whether to create CloudWatch log group for VPC Flow Logs
const createFlowLogCloudwatchLogGroup = config.getBoolean("createFlowLogCloudwatchLogGroup") || false;
// Whether to create IAM role for VPC Flow Logs
const createFlowLogCloudwatchIamRole = config.getBoolean("createFlowLogCloudwatchIamRole") || false;
// Additional conditions of the CloudWatch role assumption policy
const flowLogCloudwatchIamRoleConditions = config.getObject<Array<{test?: string, values?: Array<string>, variable?: string}>>("flowLogCloudwatchIamRoleConditions") || [];
// The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided
const flowLogCloudwatchIamRoleArn = config.get("flowLogCloudwatchIamRoleArn") || "";
// Specifies the name prefix of CloudWatch Log Group for VPC flow logs
const flowLogCloudwatchLogGroupNamePrefix = config.get("flowLogCloudwatchLogGroupNamePrefix") || "/aws/vpc-flow-log/";
// Specifies the name suffix of CloudWatch Log Group for VPC flow logs
const flowLogCloudwatchLogGroupNameSuffix = config.get("flowLogCloudwatchLogGroupNameSuffix") || "";
// Specifies the number of days you want to retain log events in the specified log group for VPC flow logs
const flowLogCloudwatchLogGroupRetentionInDays = config.getNumber("flowLogCloudwatchLogGroupRetentionInDays");
// The ARN of the KMS Key to use when encrypting log data for VPC flow logs
const flowLogCloudwatchLogGroupKmsKeyId = config.get("flowLogCloudwatchLogGroupKmsKeyId");
// Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state
const flowLogCloudwatchLogGroupSkipDestroy = config.getBoolean("flowLogCloudwatchLogGroupSkipDestroy") || false;
// Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS
const flowLogCloudwatchLogGroupClass = config.get("flowLogCloudwatchLogGroupClass");
// Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!
const putinKhuylo = config.getBoolean("putinKhuylo") || true;
const lenPublicSubnets = std.maxOutput({
input: [
publicSubnets.length,
publicSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenPrivateSubnets = std.maxOutput({
input: [
privateSubnets.length,
privateSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenDatabaseSubnets = std.maxOutput({
input: [
databaseSubnets.length,
databaseSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenElasticacheSubnets = std.maxOutput({
input: [
elasticacheSubnets.length,
elasticacheSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenRedshiftSubnets = std.maxOutput({
input: [
redshiftSubnets.length,
redshiftSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenIntraSubnets = std.maxOutput({
input: [
intraSubnets.length,
intraSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const lenOutpostSubnets = std.maxOutput({
input: [
outpostSubnets.length,
outpostSubnetIpv6Prefixes.length,
],
}).apply(invoke => invoke.result);
const maxSubnetLength = std.maxOutput({
input: [
lenPrivateSubnets,
lenPublicSubnets,
lenElasticacheSubnets,
lenDatabaseSubnets,
lenRedshiftSubnets,
],
}).apply(invoke => invoke.result);
// Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
const vpcId = notImplemented("try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id,aws_vpc.this[0].id,\"\")");
const myCreateVpc = createVpc && putinKhuylo;
//###############################################################################
// VPC
//###############################################################################
const _this: aws.ec2.Vpc[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc ? 1 : 0); range.value++) {
_this.push(new aws.ec2.Vpc(`this-${range.value}`, {
cidrBlock: useIpamPool ? undefined : cidr,
ipv4IpamPoolId: ipv4IpamPoolId,
ipv4NetmaskLength: ipv4NetmaskLength,
assignGeneratedIpv6CidrBlock: enableIpv6 && !useIpamPool ? true : undefined,
ipv6CidrBlock: ipv6Cidr,
ipv6IpamPoolId: ipv6IpamPoolId,
ipv6NetmaskLength: ipv6NetmaskLength,
ipv6CidrBlockNetworkBorderGroup: ipv6CidrBlockNetworkBorderGroup,
instanceTenancy: instanceTenancy,
enableDnsHostnames: enableDnsHostnames,
enableDnsSupport: enableDnsSupport,
enableNetworkAddressUsageMetrics: enableNetworkAddressUsageMetrics,
tags: notImplemented(`merge(
{"Name"=var.name},
var.tags,
var.vpc_tags,
)`),
}));
}
const thisVpcIpv4CidrBlockAssociation: aws.ec2.VpcIpv4CidrBlockAssociation[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && secondaryCidrBlocks.length > 0 ? secondaryCidrBlocks.length : 0); range.value++) {
thisVpcIpv4CidrBlockAssociation.push(new aws.ec2.VpcIpv4CidrBlockAssociation(`this-${range.value}`, {
vpcId: _this[0].id,
cidrBlock: secondaryCidrBlocks[range.value],
}));
}
//###############################################################################
// DHCP Options Set
//###############################################################################
const thisVpcDhcpOptions: aws.ec2.VpcDhcpOptions[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && enableDhcpOptions ? 1 : 0); range.value++) {
thisVpcDhcpOptions.push(new aws.ec2.VpcDhcpOptions(`this-${range.value}`, {
domainName: dhcpOptionsDomainName,
domainNameServers: dhcpOptionsDomainNameServers,
ntpServers: dhcpOptionsNtpServers,
netbiosNameServers: dhcpOptionsNetbiosNameServers,
netbiosNodeType: dhcpOptionsNetbiosNodeType,
ipv6AddressPreferredLeaseTime: dhcpOptionsIpv6AddressPreferredLeaseTime,
tags: notImplemented(`merge(
{"Name"=var.name},
var.tags,
var.dhcp_options_tags,
)`),
}));
}
const thisVpcDhcpOptionsAssociation: aws.ec2.VpcDhcpOptionsAssociation[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && enableDhcpOptions ? 1 : 0); range.value++) {
thisVpcDhcpOptionsAssociation.push(new aws.ec2.VpcDhcpOptionsAssociation(`this-${range.value}`, {
vpcId: vpcId,
dhcpOptionsId: thisVpcDhcpOptions[0].id,
}));
}
const createPublicSubnets = myCreateVpc && lenPublicSubnets > 0;
const _public: aws.ec2.Subnet[] = [];
(createPublicSubnets && (!oneNatGatewayPerAz || lenPublicSubnets >= azs.length) ? lenPublicSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
_public.push(new aws.ec2.Subnet(`public-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && publicSubnetIpv6Native ? true : publicSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: publicSubnetIpv6Native ? undefined : std.concatOutput({
input: [
publicSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && publicSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && publicSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !publicSubnetIpv6Native && publicSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && publicSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: publicSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && publicSubnetIpv6Native,
mapPublicIpOnLaunch: mapPublicIpOnLaunch,
privateDnsHostnameTypeOnLaunch: publicSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.public_subnet_names[count.index],
format("\${var.name}-\${var.public_subnet_suffix}-%s",element(var.azs,count.index))
)
},
var.tags,
var.public_subnet_tags,
lookup(var.public_subnet_tags_per_az,element(var.azs,count.index),{})
)`),
}));
}
});
const numPublicRouteTables = createMultiplePublicRouteTables ? lenPublicSubnets : 1;
const publicRouteTable: aws.ec2.RouteTable[] = [];
(createPublicSubnets ? numPublicRouteTables : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
publicRouteTable.push(new aws.ec2.RouteTable(`public-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{
"Name"=var.create_multiple_public_route_tables?format(
"\${var.name}-\${var.public_subnet_suffix}-%s",
element(var.azs,count.index),
):"\${var.name}-\${var.public_subnet_suffix}"
},
var.tags,
var.public_route_table_tags,
)`),
}));
}
});
const publicRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createPublicSubnets ? lenPublicSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
publicRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`public-${range.value}`, {
subnetId: _public.map(__item => __item.id)[range.value],
routeTableId: publicRouteTable.map(__item => __item.id)[createMultiplePublicRouteTables ? range.value : 0],
}));
}
});
//###############################################################################
// Internet Gateway
//###############################################################################
const thisInternetGateway: aws.ec2.InternetGateway[] = [];
(createPublicSubnets && createIgw ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
thisInternetGateway.push(new aws.ec2.InternetGateway(`this-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{"Name"=var.name},
var.tags,
var.igw_tags,
)`),
}));
}
});
const publicInternetGateway: aws.ec2.Route[] = [];
numPublicRouteTables.apply(numPublicRouteTables => {
for (const range = {value: 0}; range.value < (createPublicSubnets && createIgw ? numPublicRouteTables : 0); range.value++) {
publicInternetGateway.push(new aws.ec2.Route(`public_internet_gateway-${range.value}`, {
routeTableId: publicRouteTable[range.value].id,
destinationCidrBlock: "0.0.0.0/0",
gatewayId: thisInternetGateway[0].id,
}));
}
});
const publicInternetGatewayIpv6: aws.ec2.Route[] = [];
numPublicRouteTables.apply(numPublicRouteTables => {
for (const range = {value: 0}; range.value < (createPublicSubnets && createIgw && enableIpv6 ? numPublicRouteTables : 0); range.value++) {
publicInternetGatewayIpv6.push(new aws.ec2.Route(`public_internet_gateway_ipv6-${range.value}`, {
routeTableId: publicRouteTable[range.value].id,
destinationIpv6CidrBlock: "::/0",
gatewayId: thisInternetGateway[0].id,
}));
}
});
//###############################################################################
// Public Network ACLs
//###############################################################################
const publicNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createPublicSubnets && publicDedicatedNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
publicNetworkAcl.push(new aws.ec2.NetworkAcl(`public-${range.value}`, {
vpcId: vpcId,
subnetIds: _public.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.public_subnet_suffix}"},
var.tags,
var.public_acl_tags,
)`),
}));
}
});
const publicInbound: aws.ec2.NetworkAclRule[] = [];
(createPublicSubnets && publicDedicatedNetworkAcl ? publicInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
publicInbound.push(new aws.ec2.NetworkAclRule(`public_inbound-${range.value}`, {
networkAclId: publicNetworkAcl[0].id,
egress: false,
ruleNumber: publicInboundAclRules[range.value].rule_number,
ruleAction: publicInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: publicInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const publicOutbound: aws.ec2.NetworkAclRule[] = [];
(createPublicSubnets && publicDedicatedNetworkAcl ? publicOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
publicOutbound.push(new aws.ec2.NetworkAclRule(`public_outbound-${range.value}`, {
networkAclId: publicNetworkAcl[0].id,
egress: true,
ruleNumber: publicOutboundAclRules[range.value].rule_number,
ruleAction: publicOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: publicOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createPrivateSubnets = myCreateVpc && lenPrivateSubnets > 0;
const _private: aws.ec2.Subnet[] = [];
(createPrivateSubnets ? lenPrivateSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
_private.push(new aws.ec2.Subnet(`private-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && privateSubnetIpv6Native ? true : privateSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: privateSubnetIpv6Native ? undefined : std.concatOutput({
input: [
privateSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && privateSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && privateSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !privateSubnetIpv6Native && privateSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && privateSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: privateSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && privateSubnetIpv6Native,
privateDnsHostnameTypeOnLaunch: privateSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.private_subnet_names[count.index],
format("\${var.name}-\${var.private_subnet_suffix}-%s",element(var.azs,count.index))
)
},
var.tags,
var.private_subnet_tags,
lookup(var.private_subnet_tags_per_az,element(var.azs,count.index),{})
)`),
}));
}
});
const natGatewayCount = singleNatGateway ? 1 : oneNatGatewayPerAz ? azs.length : maxSubnetLength;
// There are as many routing tables as the number of NAT gateways
const privateRouteTable: aws.ec2.RouteTable[] = [];
natGatewayCount.apply(natGatewayCount => {
for (const range = {value: 0}; range.value < (createPrivateSubnets && maxSubnetLength > 0 ? natGatewayCount : 0); range.value++) {
privateRouteTable.push(new aws.ec2.RouteTable(`private-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{
"Name"=var.single_nat_gateway?"\${var.name}-\${var.private_subnet_suffix}":format(
"\${var.name}-\${var.private_subnet_suffix}-%s",
element(var.azs,count.index),
)
},
var.tags,
var.private_route_table_tags,
)`),
}));
}
});
const privateRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createPrivateSubnets ? lenPrivateSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`private-${range.value}`, {
subnetId: _private.map(__item => __item.id)[range.value],
routeTableId: privateRouteTable.map(__item => __item.id)[singleNatGateway ? 0 : range.value],
}));
}
});
const createPrivateNetworkAcl = createPrivateSubnets && privateDedicatedNetworkAcl;
const privateNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createPrivateNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateNetworkAcl.push(new aws.ec2.NetworkAcl(`private-${range.value}`, {
vpcId: vpcId,
subnetIds: _private.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.private_subnet_suffix}"},
var.tags,
var.private_acl_tags,
)`),
}));
}
});
const privateInbound: aws.ec2.NetworkAclRule[] = [];
(createPrivateNetworkAcl ? privateInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateInbound.push(new aws.ec2.NetworkAclRule(`private_inbound-${range.value}`, {
networkAclId: privateNetworkAcl[0].id,
egress: false,
ruleNumber: privateInboundAclRules[range.value].rule_number,
ruleAction: privateInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: privateInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const privateOutbound: aws.ec2.NetworkAclRule[] = [];
(createPrivateNetworkAcl ? privateOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateOutbound.push(new aws.ec2.NetworkAclRule(`private_outbound-${range.value}`, {
networkAclId: privateNetworkAcl[0].id,
egress: true,
ruleNumber: privateOutboundAclRules[range.value].rule_number,
ruleAction: privateOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: privateOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createDatabaseSubnets = myCreateVpc && lenDatabaseSubnets > 0;
const createDatabaseRouteTable = createDatabaseSubnets && createDatabaseSubnetRouteTable;
const database: aws.ec2.Subnet[] = [];
(createDatabaseSubnets ? lenDatabaseSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
database.push(new aws.ec2.Subnet(`database-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && databaseSubnetIpv6Native ? true : databaseSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: databaseSubnetIpv6Native ? undefined : std.concatOutput({
input: [
databaseSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && databaseSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && databaseSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !databaseSubnetIpv6Native && databaseSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && databaseSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: databaseSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && databaseSubnetIpv6Native,
privateDnsHostnameTypeOnLaunch: databaseSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.database_subnet_names[count.index],
format("\${var.name}-\${var.database_subnet_suffix}-%s",element(var.azs,count.index),)
)
},
var.tags,
var.database_subnet_tags,
)`),
}));
}
});
const databaseSubnetGroup: aws.rds.SubnetGroup[] = [];
(createDatabaseSubnets && createDatabaseSubnetGroup ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseSubnetGroup.push(new aws.rds.SubnetGroup(`database-${range.value}`, {
name: std.lowerOutput({
input: notImplemented("coalesce(var.database_subnet_group_name,var.name)"),
}).apply(invoke => invoke.result),
description: `Database subnet group for ${name}`,
subnetIds: database.map(__item => __item.id),
tags: notImplemented(`merge(
{
"Name"=lower(coalesce(var.database_subnet_group_name,var.name))
},
var.tags,
var.database_subnet_group_tags,
)`),
}));
}
});
const databaseRouteTable: aws.ec2.RouteTable[] = [];
(createDatabaseRouteTable ? singleNatGateway || createDatabaseInternetGatewayRoute ? 1 : lenDatabaseSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseRouteTable.push(new aws.ec2.RouteTable(`database-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{
"Name"=var.single_nat_gateway||var.create_database_internet_gateway_route?"\${var.name}-\${var.database_subnet_suffix}":format(
"\${var.name}-\${var.database_subnet_suffix}-%s",
element(var.azs,count.index),
)
},
var.tags,
var.database_route_table_tags,
)`),
}));
}
});
const databaseRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createDatabaseSubnets ? lenDatabaseSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`database-${range.value}`, {
subnetId: database.map(__item => __item.id)[range.value],
routeTableId: notImplemented("coalescelist(aws_route_table.database[*].id,aws_route_table.private[*].id)")[createDatabaseSubnetRouteTable ? singleNatGateway || createDatabaseInternetGatewayRoute ? 0 : range.value : range.value],
}));
}
});
const databaseInternetGateway: aws.ec2.Route[] = [];
(createDatabaseRouteTable && createIgw && createDatabaseInternetGatewayRoute && !createDatabaseNatGatewayRoute ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseInternetGateway.push(new aws.ec2.Route(`database_internet_gateway-${range.value}`, {
routeTableId: databaseRouteTable[0].id,
destinationCidrBlock: "0.0.0.0/0",
gatewayId: thisInternetGateway[0].id,
}));
}
});
const nat: aws.ec2.Eip[] = [];
(myCreateVpc && enableNatGateway && !reuseNatIps ? natGatewayCount : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
nat.push(new aws.ec2.Eip(`nat-${range.value}`, {
domain: "vpc",
tags: notImplemented(`merge(
{
"Name"=format(
"\${var.name}-%s",
element(var.azs,var.single_nat_gateway?0:count.index),
)
},
var.tags,
var.nat_eip_tags,
)`),
}, {
dependsOn: [thisInternetGateway],
}));
}
});
const natGatewayIps = reuseNatIps ? externalNatIpIds : nat.map(__item => __item.id);
const thisNatGateway: aws.ec2.NatGateway[] = [];
(myCreateVpc && enableNatGateway ? natGatewayCount : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
thisNatGateway.push(new aws.ec2.NatGateway(`this-${range.value}`, {
allocationId: natGatewayIps[singleNatGateway ? 0 : range.value],
subnetId: _public.map(__item => __item.id)[singleNatGateway ? 0 : range.value],
tags: notImplemented(`merge(
{
"Name"=format(
"\${var.name}-%s",
element(var.azs,var.single_nat_gateway?0:count.index),
)
},
var.tags,
var.nat_gateway_tags,
)`),
}, {
dependsOn: [thisInternetGateway],
}));
}
});
const databaseNatGateway: aws.ec2.Route[] = [];
(createDatabaseRouteTable && !createDatabaseInternetGatewayRoute && createDatabaseNatGatewayRoute && enableNatGateway ? singleNatGateway ? 1 : lenDatabaseSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseNatGateway.push(new aws.ec2.Route(`database_nat_gateway-${range.value}`, {
routeTableId: databaseRouteTable.map(__item => __item.id)[range.value],
destinationCidrBlock: "0.0.0.0/0",
natGatewayId: thisNatGateway.map(__item => __item.id)[range.value],
}));
}
});
const databaseDns64NatGateway: aws.ec2.Route[] = [];
(createDatabaseRouteTable && !createDatabaseInternetGatewayRoute && createDatabaseNatGatewayRoute && enableNatGateway && enableIpv6 && privateSubnetEnableDns64 ? singleNatGateway ? 1 : lenDatabaseSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseDns64NatGateway.push(new aws.ec2.Route(`database_dns64_nat_gateway-${range.value}`, {
routeTableId: databaseRouteTable.map(__item => __item.id)[range.value],
destinationIpv6CidrBlock: "64:ff9b::/96",
natGatewayId: thisNatGateway.map(__item => __item.id)[range.value],
}));
}
});
const thisEgressOnlyInternetGateway: aws.ec2.EgressOnlyInternetGateway[] = [];
(myCreateVpc && createEgressOnlyIgw && enableIpv6 && maxSubnetLength > 0 ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
thisEgressOnlyInternetGateway.push(new aws.ec2.EgressOnlyInternetGateway(`this-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{"Name"=var.name},
var.tags,
var.igw_tags,
)`),
}));
}
});
const databaseIpv6Egress: aws.ec2.Route[] = [];
(createDatabaseRouteTable && createEgressOnlyIgw && enableIpv6 && createDatabaseInternetGatewayRoute ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseIpv6Egress.push(new aws.ec2.Route(`database_ipv6_egress-${range.value}`, {
routeTableId: databaseRouteTable[0].id,
destinationIpv6CidrBlock: "::/0",
egressOnlyGatewayId: thisEgressOnlyInternetGateway[0].id,
}));
}
});
const createDatabaseNetworkAcl = createDatabaseSubnets && databaseDedicatedNetworkAcl;
const databaseNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createDatabaseNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseNetworkAcl.push(new aws.ec2.NetworkAcl(`database-${range.value}`, {
vpcId: vpcId,
subnetIds: database.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.database_subnet_suffix}"},
var.tags,
var.database_acl_tags,
)`),
}));
}
});
const databaseInbound: aws.ec2.NetworkAclRule[] = [];
(createDatabaseNetworkAcl ? databaseInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseInbound.push(new aws.ec2.NetworkAclRule(`database_inbound-${range.value}`, {
networkAclId: databaseNetworkAcl[0].id,
egress: false,
ruleNumber: databaseInboundAclRules[range.value].rule_number,
ruleAction: databaseInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: databaseInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const databaseOutbound: aws.ec2.NetworkAclRule[] = [];
(createDatabaseNetworkAcl ? databaseOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
databaseOutbound.push(new aws.ec2.NetworkAclRule(`database_outbound-${range.value}`, {
networkAclId: databaseNetworkAcl[0].id,
egress: true,
ruleNumber: databaseOutboundAclRules[range.value].rule_number,
ruleAction: databaseOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: databaseOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createRedshiftSubnets = myCreateVpc && lenRedshiftSubnets > 0;
const createRedshiftRouteTable = createRedshiftSubnets && createRedshiftSubnetRouteTable;
const redshift: aws.ec2.Subnet[] = [];
(createRedshiftSubnets ? lenRedshiftSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshift.push(new aws.ec2.Subnet(`redshift-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && redshiftSubnetIpv6Native ? true : redshiftSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: redshiftSubnetIpv6Native ? undefined : std.concatOutput({
input: [
redshiftSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && redshiftSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && redshiftSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !redshiftSubnetIpv6Native && redshiftSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && redshiftSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: redshiftSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && redshiftSubnetIpv6Native,
privateDnsHostnameTypeOnLaunch: redshiftSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.redshift_subnet_names[count.index],
format("\${var.name}-\${var.redshift_subnet_suffix}-%s",element(var.azs,count.index))
)
},
var.tags,
var.redshift_subnet_tags,
)`),
}));
}
});
const redshiftSubnetGroup: aws.redshift.SubnetGroup[] = [];
(createRedshiftSubnets && createRedshiftSubnetGroup ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftSubnetGroup.push(new aws.redshift.SubnetGroup(`redshift-${range.value}`, {
name: std.lowerOutput({
input: notImplemented("coalesce(var.redshift_subnet_group_name,var.name)"),
}).apply(invoke => invoke.result),
description: `Redshift subnet group for ${name}`,
subnetIds: redshift.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"=coalesce(var.redshift_subnet_group_name,var.name)},
var.tags,
var.redshift_subnet_group_tags,
)`),
}));
}
});
const redshiftRouteTable: aws.ec2.RouteTable[] = [];
(createRedshiftRouteTable ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftRouteTable.push(new aws.ec2.RouteTable(`redshift-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.redshift_subnet_suffix}"},
var.tags,
var.redshift_route_table_tags,
)`),
}));
}
});
const redshiftRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createRedshiftSubnets && !enablePublicRedshift ? lenRedshiftSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`redshift-${range.value}`, {
subnetId: redshift.map(__item => __item.id)[range.value],
routeTableId: notImplemented("coalescelist(aws_route_table.redshift[*].id,aws_route_table.private[*].id)")[singleNatGateway || createRedshiftSubnetRouteTable ? 0 : range.value],
}));
}
});
const redshiftPublic: aws.ec2.RouteTableAssociation[] = [];
(createRedshiftSubnets && enablePublicRedshift ? lenRedshiftSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftPublic.push(new aws.ec2.RouteTableAssociation(`redshift_public-${range.value}`, {
subnetId: redshift.map(__item => __item.id)[range.value],
routeTableId: notImplemented("coalescelist(aws_route_table.redshift[*].id,aws_route_table.public[*].id)")[singleNatGateway || createRedshiftSubnetRouteTable ? 0 : range.value],
}));
}
});
const createRedshiftNetworkAcl = createRedshiftSubnets && redshiftDedicatedNetworkAcl;
const redshiftNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createRedshiftNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftNetworkAcl.push(new aws.ec2.NetworkAcl(`redshift-${range.value}`, {
vpcId: vpcId,
subnetIds: redshift.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.redshift_subnet_suffix}"},
var.tags,
var.redshift_acl_tags,
)`),
}));
}
});
const redshiftInbound: aws.ec2.NetworkAclRule[] = [];
(createRedshiftNetworkAcl ? redshiftInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftInbound.push(new aws.ec2.NetworkAclRule(`redshift_inbound-${range.value}`, {
networkAclId: redshiftNetworkAcl[0].id,
egress: false,
ruleNumber: redshiftInboundAclRules[range.value].rule_number,
ruleAction: redshiftInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: redshiftInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const redshiftOutbound: aws.ec2.NetworkAclRule[] = [];
(createRedshiftNetworkAcl ? redshiftOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
redshiftOutbound.push(new aws.ec2.NetworkAclRule(`redshift_outbound-${range.value}`, {
networkAclId: redshiftNetworkAcl[0].id,
egress: true,
ruleNumber: redshiftOutboundAclRules[range.value].rule_number,
ruleAction: redshiftOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: redshiftOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createElasticacheSubnets = myCreateVpc && lenElasticacheSubnets > 0;
const createElasticacheRouteTable = createElasticacheSubnets && createElasticacheSubnetRouteTable;
const elasticache: aws.ec2.Subnet[] = [];
(createElasticacheSubnets ? lenElasticacheSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticache.push(new aws.ec2.Subnet(`elasticache-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && elasticacheSubnetIpv6Native ? true : elasticacheSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: elasticacheSubnetIpv6Native ? undefined : std.concatOutput({
input: [
elasticacheSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && elasticacheSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && elasticacheSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !elasticacheSubnetIpv6Native && elasticacheSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && elasticacheSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: elasticacheSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && elasticacheSubnetIpv6Native,
privateDnsHostnameTypeOnLaunch: elasticacheSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.elasticache_subnet_names[count.index],
format("\${var.name}-\${var.elasticache_subnet_suffix}-%s",element(var.azs,count.index))
)
},
var.tags,
var.elasticache_subnet_tags,
)`),
}));
}
});
const elasticacheSubnetGroup: aws.elasticache.SubnetGroup[] = [];
(createElasticacheSubnets && createElasticacheSubnetGroup ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheSubnetGroup.push(new aws.elasticache.SubnetGroup(`elasticache-${range.value}`, {
name: notImplemented("coalesce(var.elasticache_subnet_group_name,var.name)"),
description: `ElastiCache subnet group for ${name}`,
subnetIds: elasticache.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"=coalesce(var.elasticache_subnet_group_name,var.name)},
var.tags,
var.elasticache_subnet_group_tags,
)`),
}));
}
});
const elasticacheRouteTable: aws.ec2.RouteTable[] = [];
(createElasticacheRouteTable ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheRouteTable.push(new aws.ec2.RouteTable(`elasticache-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.elasticache_subnet_suffix}"},
var.tags,
var.elasticache_route_table_tags,
)`),
}));
}
});
const elasticacheRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createElasticacheSubnets ? lenElasticacheSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`elasticache-${range.value}`, {
subnetId: elasticache.map(__item => __item.id)[range.value],
routeTableId: notImplemented(`coalescelist(
aws_route_table.elasticache[*].id,
aws_route_table.private[*].id,
)`)[singleNatGateway || createElasticacheSubnetRouteTable ? 0 : range.value],
}));
}
});
const createElasticacheNetworkAcl = createElasticacheSubnets && elasticacheDedicatedNetworkAcl;
const elasticacheNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createElasticacheNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheNetworkAcl.push(new aws.ec2.NetworkAcl(`elasticache-${range.value}`, {
vpcId: vpcId,
subnetIds: elasticache.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.elasticache_subnet_suffix}"},
var.tags,
var.elasticache_acl_tags,
)`),
}));
}
});
const elasticacheInbound: aws.ec2.NetworkAclRule[] = [];
(createElasticacheNetworkAcl ? elasticacheInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheInbound.push(new aws.ec2.NetworkAclRule(`elasticache_inbound-${range.value}`, {
networkAclId: elasticacheNetworkAcl[0].id,
egress: false,
ruleNumber: elasticacheInboundAclRules[range.value].rule_number,
ruleAction: elasticacheInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: elasticacheInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const elasticacheOutbound: aws.ec2.NetworkAclRule[] = [];
(createElasticacheNetworkAcl ? elasticacheOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
elasticacheOutbound.push(new aws.ec2.NetworkAclRule(`elasticache_outbound-${range.value}`, {
networkAclId: elasticacheNetworkAcl[0].id,
egress: true,
ruleNumber: elasticacheOutboundAclRules[range.value].rule_number,
ruleAction: elasticacheOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: elasticacheOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createIntraSubnets = myCreateVpc && lenIntraSubnets > 0;
const intra: aws.ec2.Subnet[] = [];
(createIntraSubnets ? lenIntraSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intra.push(new aws.ec2.Subnet(`intra-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && intraSubnetIpv6Native ? true : intraSubnetAssignIpv6AddressOnCreation,
availabilityZone: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length > 0 ? azs[range.value] : undefined,
availabilityZoneId: notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))").length == 0 ? azs[range.value] : undefined,
cidrBlock: intraSubnetIpv6Native ? undefined : std.concatOutput({
input: [
intraSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
enableDns64: enableIpv6 && intraSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && intraSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !intraSubnetIpv6Native && intraSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && intraSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: intraSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && intraSubnetIpv6Native,
privateDnsHostnameTypeOnLaunch: intraSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.intra_subnet_names[count.index],
format("\${var.name}-\${var.intra_subnet_suffix}-%s",element(var.azs,count.index))
)
},
var.tags,
var.intra_subnet_tags,
)`),
}));
}
});
const numIntraRouteTables = createMultipleIntraRouteTables ? lenIntraSubnets : 1;
const intraRouteTable: aws.ec2.RouteTable[] = [];
(createIntraSubnets ? numIntraRouteTables : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraRouteTable.push(new aws.ec2.RouteTable(`intra-${range.value}`, {
vpcId: vpcId,
tags: notImplemented(`merge(
{
"Name"=var.create_multiple_intra_route_tables?format(
"\${var.name}-\${var.intra_subnet_suffix}-%s",
element(var.azs,count.index),
):"\${var.name}-\${var.intra_subnet_suffix}"
},
var.tags,
var.intra_route_table_tags,
)`),
}));
}
});
const intraRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createIntraSubnets ? lenIntraSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`intra-${range.value}`, {
subnetId: intra.map(__item => __item.id)[range.value],
routeTableId: intraRouteTable.map(__item => __item.id)[createMultipleIntraRouteTables ? range.value : 0],
}));
}
});
const createIntraNetworkAcl = createIntraSubnets && intraDedicatedNetworkAcl;
const intraNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createIntraNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraNetworkAcl.push(new aws.ec2.NetworkAcl(`intra-${range.value}`, {
vpcId: vpcId,
subnetIds: intra.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.intra_subnet_suffix}"},
var.tags,
var.intra_acl_tags,
)`),
}));
}
});
const intraInbound: aws.ec2.NetworkAclRule[] = [];
(createIntraNetworkAcl ? intraInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraInbound.push(new aws.ec2.NetworkAclRule(`intra_inbound-${range.value}`, {
networkAclId: intraNetworkAcl[0].id,
egress: false,
ruleNumber: intraInboundAclRules[range.value].rule_number,
ruleAction: intraInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: intraInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const intraOutbound: aws.ec2.NetworkAclRule[] = [];
(createIntraNetworkAcl ? intraOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraOutbound.push(new aws.ec2.NetworkAclRule(`intra_outbound-${range.value}`, {
networkAclId: intraNetworkAcl[0].id,
egress: true,
ruleNumber: intraOutboundAclRules[range.value].rule_number,
ruleAction: intraOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: intraOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const createOutpostSubnets = myCreateVpc && lenOutpostSubnets > 0;
const outpost: aws.ec2.Subnet[] = [];
(createOutpostSubnets ? lenOutpostSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
outpost.push(new aws.ec2.Subnet(`outpost-${range.value}`, {
assignIpv6AddressOnCreation: enableIpv6 && outpostSubnetIpv6Native ? true : outpostSubnetAssignIpv6AddressOnCreation,
availabilityZone: outpostAz,
cidrBlock: outpostSubnetIpv6Native ? undefined : std.concatOutput({
input: [
outpostSubnets,
[""],
],
}).apply(invoke => invoke.result[range.value]),
customerOwnedIpv4Pool: customerOwnedIpv4Pool,
enableDns64: enableIpv6 && outpostSubnetEnableDns64,
enableResourceNameDnsAaaaRecordOnLaunch: enableIpv6 && outpostSubnetEnableResourceNameDnsAaaaRecordOnLaunch,
enableResourceNameDnsARecordOnLaunch: !outpostSubnetIpv6Native && outpostSubnetEnableResourceNameDnsARecordOnLaunch,
ipv6CidrBlock: enableIpv6 && outpostSubnetIpv6Prefixes.length > 0 ? std.cidrsubnetOutput({
input: _this[0].ipv6CidrBlock,
newbits: 8,
netnum: outpostSubnetIpv6Prefixes[range.value],
}).apply(invoke => invoke.result) : undefined,
ipv6Native: enableIpv6 && outpostSubnetIpv6Native,
mapCustomerOwnedIpOnLaunch: mapCustomerOwnedIpOnLaunch,
outpostArn: outpostArn,
privateDnsHostnameTypeOnLaunch: outpostSubnetPrivateDnsHostnameTypeOnLaunch,
vpcId: vpcId,
tags: notImplemented(`merge(
{
Name=try(
var.outpost_subnet_names[count.index],
format("\${var.name}-\${var.outpost_subnet_suffix}-%s",var.outpost_az)
)
},
var.tags,
var.outpost_subnet_tags,
)`),
}));
}
});
const outpostRouteTableAssociation: aws.ec2.RouteTableAssociation[] = [];
(createOutpostSubnets ? lenOutpostSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
outpostRouteTableAssociation.push(new aws.ec2.RouteTableAssociation(`outpost-${range.value}`, {
subnetId: outpost.map(__item => __item.id)[range.value],
routeTableId: privateRouteTable.map(__item => __item.id)[singleNatGateway ? 0 : range.value],
}));
}
});
const createOutpostNetworkAcl = createOutpostSubnets && outpostDedicatedNetworkAcl;
const outpostNetworkAcl: aws.ec2.NetworkAcl[] = [];
(createOutpostNetworkAcl ? 1 : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
outpostNetworkAcl.push(new aws.ec2.NetworkAcl(`outpost-${range.value}`, {
vpcId: vpcId,
subnetIds: outpost.map(__item => __item.id),
tags: notImplemented(`merge(
{"Name"="\${var.name}-\${var.outpost_subnet_suffix}"},
var.tags,
var.outpost_acl_tags,
)`),
}));
}
});
const outpostInbound: aws.ec2.NetworkAclRule[] = [];
(createOutpostNetworkAcl ? outpostInboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
outpostInbound.push(new aws.ec2.NetworkAclRule(`outpost_inbound-${range.value}`, {
networkAclId: outpostNetworkAcl[0].id,
egress: false,
ruleNumber: outpostInboundAclRules[range.value].rule_number,
ruleAction: outpostInboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: outpostInboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const outpostOutbound: aws.ec2.NetworkAclRule[] = [];
(createOutpostNetworkAcl ? outpostOutboundAclRules.length : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
outpostOutbound.push(new aws.ec2.NetworkAclRule(`outpost_outbound-${range.value}`, {
networkAclId: outpostNetworkAcl[0].id,
egress: true,
ruleNumber: outpostOutboundAclRules[range.value].rule_number,
ruleAction: outpostOutboundAclRules[range.value].rule_action,
fromPort: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"from_port\",null)"),
toPort: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"to_port\",null)"),
icmpCode: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"icmp_code\",null)"),
icmpType: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"icmp_type\",null)"),
protocol: outpostOutboundAclRules[range.value].protocol,
cidrBlock: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"cidr_block\",null)"),
ipv6CidrBlock: notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)"),
}));
}
});
const privateIpv6Egress: aws.ec2.Route[] = [];
natGatewayCount.apply(natGatewayCount => {
for (const range = {value: 0}; range.value < (myCreateVpc && createEgressOnlyIgw && enableIpv6 && lenPrivateSubnets > 0 ? natGatewayCount : 0); range.value++) {
privateIpv6Egress.push(new aws.ec2.Route(`private_ipv6_egress-${range.value}`, {
routeTableId: privateRouteTable.map(__item => __item.id)[range.value],
destinationIpv6CidrBlock: "::/0",
egressOnlyGatewayId: thisEgressOnlyInternetGateway.map(__item => __item.id)[0],
}));
}
});
const privateNatGateway: aws.ec2.Route[] = [];
(myCreateVpc && enableNatGateway && createPrivateNatGatewayRoute ? natGatewayCount : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateNatGateway.push(new aws.ec2.Route(`private_nat_gateway-${range.value}`, {
routeTableId: privateRouteTable.map(__item => __item.id)[range.value],
destinationCidrBlock: natGatewayDestinationCidrBlock,
natGatewayId: thisNatGateway.map(__item => __item.id)[range.value],
}));
}
});
const privateDns64NatGateway: aws.ec2.Route[] = [];
(myCreateVpc && enableNatGateway && enableIpv6 && privateSubnetEnableDns64 ? natGatewayCount : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateDns64NatGateway.push(new aws.ec2.Route(`private_dns64_nat_gateway-${range.value}`, {
routeTableId: privateRouteTable.map(__item => __item.id)[range.value],
destinationIpv6CidrBlock: "64:ff9b::/96",
natGatewayId: thisNatGateway.map(__item => __item.id)[range.value],
}));
}
});
//###############################################################################
// Customer Gateways
//###############################################################################
const thisCustomerGateway: aws.ec2.CustomerGateway[] = [];
for (const range of Object.entries(customerGateways).map(([k, v]) => ({key: k, value: v}))) {
thisCustomerGateway.push(new aws.ec2.CustomerGateway(`this-${range.key}`, {
bgpAsn: range.value.bgp_asn,
ipAddress: range.value.ip_address,
deviceName: notImplemented("lookup(each.value,\"device_name\",null)"),
type: "ipsec.1",
tags: notImplemented(`merge(
{Name="\${var.name}-\${each.key}"},
var.tags,
var.customer_gateway_tags,
)`),
}));
}
//###############################################################################
// VPN Gateway
//###############################################################################
const thisVpnGateway: aws.ec2.VpnGateway[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && enableVpnGateway ? 1 : 0); range.value++) {
thisVpnGateway.push(new aws.ec2.VpnGateway(`this-${range.value}`, {
vpcId: vpcId,
amazonSideAsn: amazonSideAsn,
availabilityZone: vpnGatewayAz,
tags: notImplemented(`merge(
{"Name"=var.name},
var.tags,
var.vpn_gateway_tags,
)`),
}));
}
const thisVpnGatewayAttachment: aws.ec2.VpnGatewayAttachment[] = [];
for (const range = {value: 0}; range.value < (vpnGatewayId != "" ? 1 : 0); range.value++) {
thisVpnGatewayAttachment.push(new aws.ec2.VpnGatewayAttachment(`this-${range.value}`, {
vpcId: vpcId,
vpnGatewayId: vpnGatewayId,
}));
}
const publicVpnGatewayRoutePropagation: aws.ec2.VpnGatewayRoutePropagation[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && propagatePublicRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? 1 : 0); range.value++) {
publicVpnGatewayRoutePropagation.push(new aws.ec2.VpnGatewayRoutePropagation(`public-${range.value}`, {
routeTableId: publicRouteTable.map(__item => __item.id)[range.value],
vpnGatewayId: std.concatOutput({
input: [
thisVpnGateway.map(__item => __item.id),
thisVpnGatewayAttachment.map(__item => __item.vpnGatewayId),
],
}).apply(invoke => invoke.result[range.value]),
}));
}
const privateVpnGatewayRoutePropagation: aws.ec2.VpnGatewayRoutePropagation[] = [];
(myCreateVpc && propagatePrivateRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? lenPrivateSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
privateVpnGatewayRoutePropagation.push(new aws.ec2.VpnGatewayRoutePropagation(`private-${range.value}`, {
routeTableId: privateRouteTable.map(__item => __item.id)[range.value],
vpnGatewayId: std.concatOutput({
input: [
thisVpnGateway.map(__item => __item.id),
thisVpnGatewayAttachment.map(__item => __item.vpnGatewayId),
],
}).apply(invoke => invoke.result[range.value]),
}));
}
});
const intraVpnGatewayRoutePropagation: aws.ec2.VpnGatewayRoutePropagation[] = [];
(myCreateVpc && propagateIntraRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? lenIntraSubnets : 0).apply(rangeBody => {
for (const range = {value: 0}; range.value < rangeBody; range.value++) {
intraVpnGatewayRoutePropagation.push(new aws.ec2.VpnGatewayRoutePropagation(`intra-${range.value}`, {
routeTableId: intraRouteTable.map(__item => __item.id)[range.value],
vpnGatewayId: std.concatOutput({
input: [
thisVpnGateway.map(__item => __item.id),
thisVpnGatewayAttachment.map(__item => __item.vpnGatewayId),
],
}).apply(invoke => invoke.result[range.value]),
}));
}
});
//###############################################################################
// Default VPC
//###############################################################################
const thisDefaultVpc: aws.ec2.DefaultVpc[] = [];
for (const range = {value: 0}; range.value < (manageDefaultVpc ? 1 : 0); range.value++) {
thisDefaultVpc.push(new aws.ec2.DefaultVpc(`this-${range.value}`, {
enableDnsSupport: defaultVpcEnableDnsSupport,
enableDnsHostnames: defaultVpcEnableDnsHostnames,
tags: notImplemented(`merge(
{"Name"=coalesce(var.default_vpc_name,"default")},
var.tags,
var.default_vpc_tags,
)`),
}));
}
const thisDefaultSecurityGroup: aws.ec2.DefaultSecurityGroup[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && manageDefaultSecurityGroup ? 1 : 0); range.value++) {
thisDefaultSecurityGroup.push(new aws.ec2.DefaultSecurityGroup(`this-${range.value}`, {
ingress: defaultSecurityGroupIngress.map((v, k) => ({key: k, value: v})).map(entry => ({
self: notImplemented("lookup(ingress.value,\"self\",null)"),
cidrBlocks: notImplemented("compact(split(\",\",lookup(ingress.value,\"cidr_blocks\",\"\")))"),
ipv6CidrBlocks: notImplemented("compact(split(\",\",lookup(ingress.value,\"ipv6_cidr_blocks\",\"\")))"),
prefixListIds: notImplemented("compact(split(\",\",lookup(ingress.value,\"prefix_list_ids\",\"\")))"),
securityGroups: notImplemented("compact(split(\",\",lookup(ingress.value,\"security_groups\",\"\")))"),
description: notImplemented("lookup(ingress.value,\"description\",null)"),
fromPort: notImplemented("lookup(ingress.value,\"from_port\",0)"),
toPort: notImplemented("lookup(ingress.value,\"to_port\",0)"),
protocol: notImplemented("lookup(ingress.value,\"protocol\",\"-1\")"),
})),
egress: defaultSecurityGroupEgress.map((v, k) => ({key: k, value: v})).map(entry => ({
self: notImplemented("lookup(egress.value,\"self\",null)"),
cidrBlocks: notImplemented("compact(split(\",\",lookup(egress.value,\"cidr_blocks\",\"\")))"),
ipv6CidrBlocks: notImplemented("compact(split(\",\",lookup(egress.value,\"ipv6_cidr_blocks\",\"\")))"),
prefixListIds: notImplemented("compact(split(\",\",lookup(egress.value,\"prefix_list_ids\",\"\")))"),
securityGroups: notImplemented("compact(split(\",\",lookup(egress.value,\"security_groups\",\"\")))"),
description: notImplemented("lookup(egress.value,\"description\",null)"),
fromPort: notImplemented("lookup(egress.value,\"from_port\",0)"),
toPort: notImplemented("lookup(egress.value,\"to_port\",0)"),
protocol: notImplemented("lookup(egress.value,\"protocol\",\"-1\")"),
})),
vpcId: _this[0].id,
tags: notImplemented(`merge(
{"Name"=coalesce(var.default_security_group_name,"\${var.name}-default")},
var.tags,
var.default_security_group_tags,
)`),
}));
}
//###############################################################################
// Default Network ACLs
//###############################################################################
const thisDefaultNetworkAcl: aws.ec2.DefaultNetworkAcl[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && manageDefaultNetworkAcl ? 1 : 0); range.value++) {
thisDefaultNetworkAcl.push(new aws.ec2.DefaultNetworkAcl(`this-${range.value}`, {
ingress: defaultNetworkAclIngress.map((v, k) => ({key: k, value: v})).map(entry => ({
action: entry.value.action,
cidrBlock: notImplemented("lookup(ingress.value,\"cidr_block\",null)"),
fromPort: entry.value.fromPort,
icmpCode: notImplemented("lookup(ingress.value,\"icmp_code\",null)"),
icmpType: notImplemented("lookup(ingress.value,\"icmp_type\",null)"),
ipv6CidrBlock: notImplemented("lookup(ingress.value,\"ipv6_cidr_block\",null)"),
protocol: entry.value.protocol,
ruleNo: entry.value.ruleNo,
toPort: entry.value.toPort,
})),
egress: defaultNetworkAclEgress.map((v, k) => ({key: k, value: v})).map(entry => ({
action: entry.value.action,
cidrBlock: notImplemented("lookup(egress.value,\"cidr_block\",null)"),
fromPort: entry.value.fromPort,
icmpCode: notImplemented("lookup(egress.value,\"icmp_code\",null)"),
icmpType: notImplemented("lookup(egress.value,\"icmp_type\",null)"),
ipv6CidrBlock: notImplemented("lookup(egress.value,\"ipv6_cidr_block\",null)"),
protocol: entry.value.protocol,
ruleNo: entry.value.ruleNo,
toPort: entry.value.toPort,
})),
defaultNetworkAclId: _this[0].defaultNetworkAclId,
subnetIds: undefined,
tags: notImplemented(`merge(
{"Name"=coalesce(var.default_network_acl_name,"\${var.name}-default")},
var.tags,
var.default_network_acl_tags,
)`),
}));
}
//###############################################################################
// Default Route
//###############################################################################
const _default: aws.ec2.DefaultRouteTable[] = [];
for (const range = {value: 0}; range.value < (myCreateVpc && manageDefaultRouteTable ? 1 : 0); range.value++) {
_default.push(new aws.ec2.DefaultRouteTable(`default-${range.value}`, {
routes: defaultRouteTableRoutes.map((v, k) => ({key: k, value: v})).map(entry => ({
cidrBlock: entry.value.cidrBlock,
ipv6CidrBlock: notImplemented("lookup(route.value,\"ipv6_cidr_block\",null)"),
egressOnlyGatewayId: notImplemented("lookup(route.value,\"egress_only_gateway_id\",null)"),
gatewayId: notImplemented("lookup(route.value,\"gateway_id\",null)"),
instanceId: notImplemented("lookup(route.value,\"instance_id\",null)"),
natGatewayId: notImplemented("lookup(route.value,\"nat_gateway_id\",null)"),
networkInterfaceId: notImplemented("lookup(route.value,\"network_interface_id\",null)"),
transitGatewayId: notImplemented("lookup(route.value,\"transit_gateway_id\",null)"),
vpcEndpointId: notImplemented("lookup(route.value,\"vpc_endpoint_id\",null)"),
vpcPeeringConnectionId: notImplemented("lookup(route.value,\"vpc_peering_connection_id\",null)"),
})),
defaultRouteTableId: _this[0].defaultRouteTableId,
propagatingVgws: defaultRouteTablePropagatingVgws,
tags: notImplemented(`merge(
{"Name"=coalesce(var.default_route_table_name,"\${var.name}-default")},
var.tags,
var.default_route_table_tags,
)`),
}));
}
const current = (new Array(createVpc && enableFlowLog ? 1 : 0)).map((_, i) => i).map(__index => (aws.getRegionOutput({})));
const currentGetCallerIdentity = (new Array(createVpc && enableFlowLog ? 1 : 0)).map((_, i) => i).map(__index => (aws.getCallerIdentityOutput({})));
const currentGetPartition = (new Array(createVpc && enableFlowLog ? 1 : 0)).map((_, i) => i).map(__index => (aws.getPartitionOutput({})));
// Only create flow log if user selected to create a VPC as well
const myEnableFlowLog = createVpc && enableFlowLog;
const myCreateFlowLogCloudwatchIamRole = myEnableFlowLog && flowLogDestinationType != "s3" && createFlowLogCloudwatchIamRole;
const myCreateFlowLogCloudwatchLogGroup = myEnableFlowLog && flowLogDestinationType != "s3" && createFlowLogCloudwatchLogGroup;
const myFlowLogDestinationArn = myCreateFlowLogCloudwatchLogGroup ? notImplemented("try(aws_cloudwatch_log_group.flow_log[0].arn,null)") : flowLogDestinationArn;
const flowLogIamRoleArn = flowLogDestinationType != "s3" && myCreateFlowLogCloudwatchIamRole ? notImplemented("try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn,null)") : flowLogCloudwatchIamRoleArn;
const myFlowLogCloudwatchLogGroupNameSuffix = flowLogCloudwatchLogGroupNameSuffix == "" ? vpcId : flowLogCloudwatchLogGroupNameSuffix;
//###############################################################################
// Flow Log CloudWatch
//###############################################################################
const flowLog: aws.cloudwatch.LogGroup[] = [];
for (const range = {value: 0}; range.value < (myCreateFlowLogCloudwatchLogGroup ? 1 : 0); range.value++) {
flowLog.push(new aws.cloudwatch.LogGroup(`flow_log-${range.value}`, {
name: `${flowLogCloudwatchLogGroupNamePrefix}${myFlowLogCloudwatchLogGroupNameSuffix}`,
retentionInDays: flowLogCloudwatchLogGroupRetentionInDays,
kmsKeyId: flowLogCloudwatchLogGroupKmsKeyId,
skipDestroy: flowLogCloudwatchLogGroupSkipDestroy,
logGroupClass: flowLogCloudwatchLogGroupClass,
tags: notImplemented("merge(var.tags,var.vpc_flow_log_tags)"),
}));
}
const flowLogGroupArns = flowLog.map(logGroup => (`arn:${_arg0_.partition}:logs:${_arg1_.name}:${_arg2_.accountId}:log-group:${_arg3_}:*`));
//###############################################################################
// Flow Log
//###############################################################################
const thisFlowLog: aws.ec2.FlowLog[] = [];
for (const range = {value: 0}; range.value < (myEnableFlowLog ? 1 : 0); range.value++) {
thisFlowLog.push(new aws.ec2.FlowLog(`this-${range.value}`, {
destinationOptions: singleOrNone((flowLogDestinationType == "s3" ? [true] : []).map((v, k) => ({key: k, value: v})).map(entry => ({
fileFormat: flowLogFileFormat,
hiveCompatiblePartitions: flowLogHiveCompatiblePartitions,
perHourPartition: flowLogPerHourPartition,
}))),
logDestinationType: flowLogDestinationType,
logDestination: myFlowLogDestinationArn,
logFormat: flowLogLogFormat,
iamRoleArn: flowLogIamRoleArn,
deliverCrossAccountRole: flowLogDeliverCrossAccountRole,
trafficType: flowLogTrafficType,
vpcId: vpcId,
maxAggregationInterval: flowLogMaxAggregationInterval,
tags: notImplemented("merge(var.tags,var.vpc_flow_log_tags)"),
}));
}
const flowLogCloudwatchAssumeRole = (new Array(myCreateFlowLogCloudwatchIamRole ? 1 : 0)).map((_, i) => i).map(__index => (aws.iam.getPolicyDocumentOutput({
statements: [{
conditions: flowLogCloudwatchIamRoleConditions.map((v, k) => ({key: k, value: v})).map(entry => ({
test: entry.value.test,
variable: entry.value.variable,
values: entry.value.values,
})),
sid: "AWSVPCFlowLogsAssumeRole",
principals: [{
type: "Service",
identifiers: ["vpc-flow-logs.amazonaws.com"],
}],
effect: "Allow",
actions: ["sts:AssumeRole"],
}],
})));
const vpcFlowLogCloudwatchRole: aws.iam.Role[] = [];
for (const range = {value: 0}; range.value < (myCreateFlowLogCloudwatchIamRole ? 1 : 0); range.value++) {
vpcFlowLogCloudwatchRole.push(new aws.iam.Role(`vpc_flow_log_cloudwatch-${range.value}`, {
name: vpcFlowLogIamRoleUseNamePrefix ? undefined : vpcFlowLogIamRoleName,
namePrefix: vpcFlowLogIamRoleUseNamePrefix ? `${vpcFlowLogIamRoleName}-` : undefined,
assumeRolePolicy: flowLogCloudwatchAssumeRole[0].apply(flowLogCloudwatchAssumeRole => flowLogCloudwatchAssumeRole.json),
permissionsBoundary: vpcFlowLogPermissionsBoundary,
tags: notImplemented("merge(var.tags,var.vpc_flow_log_tags)"),
}));
}
const vpcFlowLogCloudwatch = (new Array(myCreateFlowLogCloudwatchIamRole ? 1 : 0)).map((_, i) => i).map(__index => (aws.iam.getPolicyDocumentOutput({
statements: [{
sid: "AWSVPCFlowLogsPushToCloudWatch",
effect: "Allow",
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
],
resources: flowLogGroupArns,
}],
})));
const vpcFlowLogCloudwatchPolicy: aws.iam.Policy[] = [];
for (const range = {value: 0}; range.value < (myCreateFlowLogCloudwatchIamRole ? 1 : 0); range.value++) {
vpcFlowLogCloudwatchPolicy.push(new aws.iam.Policy(`vpc_flow_log_cloudwatch-${range.value}`, {
name: vpcFlowLogIamPolicyUseNamePrefix ? undefined : vpcFlowLogIamPolicyName,
namePrefix: vpcFlowLogIamPolicyUseNamePrefix ? `${vpcFlowLogIamPolicyName}-` : undefined,
policy: vpcFlowLogCloudwatch[0].apply(vpcFlowLogCloudwatch => vpcFlowLogCloudwatch.json),
tags: notImplemented("merge(var.tags,var.vpc_flow_log_tags)"),
}));
}
const vpcFlowLogCloudwatchRolePolicyAttachment: aws.iam.RolePolicyAttachment[] = [];
for (const range = {value: 0}; range.value < (myCreateFlowLogCloudwatchIamRole ? 1 : 0); range.value++) {
vpcFlowLogCloudwatchRolePolicyAttachment.push(new aws.iam.RolePolicyAttachment(`vpc_flow_log_cloudwatch-${range.value}`, {
role: vpcFlowLogCloudwatchRole[0].name,
policyArn: vpcFlowLogCloudwatchPolicy[0].arn,
}));
}
const redshiftRouteTableIds = redshiftRouteTable.map(__item => __item.id);
const publicRouteTableIds = publicRouteTable.map(__item => __item.id);
const privateRouteTableIds = privateRouteTable.map(__item => __item.id);
return {
vpcId: notImplemented("try(aws_vpc.this[0].id,null)"),
vpcArn: notImplemented("try(aws_vpc.this[0].arn,null)"),
vpcCidrBlock: notImplemented("try(aws_vpc.this[0].cidr_block,null)"),
defaultSecurityGroupId: notImplemented("try(aws_vpc.this[0].default_security_group_id,null)"),
defaultNetworkAclId: notImplemented("try(aws_vpc.this[0].default_network_acl_id,null)"),
defaultRouteTableId: notImplemented("try(aws_vpc.this[0].default_route_table_id,null)"),
vpcInstanceTenancy: notImplemented("try(aws_vpc.this[0].instance_tenancy,null)"),
vpcEnableDnsSupport: notImplemented("try(aws_vpc.this[0].enable_dns_support,null)"),
vpcEnableDnsHostnames: notImplemented("try(aws_vpc.this[0].enable_dns_hostnames,null)"),
vpcMainRouteTableId: notImplemented("try(aws_vpc.this[0].main_route_table_id,null)"),
vpcIpv6AssociationId: notImplemented("try(aws_vpc.this[0].ipv6_association_id,null)"),
vpcIpv6CidrBlock: notImplemented("try(aws_vpc.this[0].ipv6_cidr_block,null)"),
vpcSecondaryCidrBlocks: notImplemented("compact(aws_vpc_ipv4_cidr_block_association.this[*].cidr_block)"),
vpcOwnerId: notImplemented("try(aws_vpc.this[0].owner_id,null)"),
dhcpOptionsId: notImplemented("try(aws_vpc_dhcp_options.this[0].id,null)"),
igwId: notImplemented("try(aws_internet_gateway.this[0].id,null)"),
igwArn: notImplemented("try(aws_internet_gateway.this[0].arn,null)"),
publicSubnetObjects: _public,
publicSubnets: _public.map(__item => __item.id),
publicSubnetArns: _public.map(__item => __item.arn),
publicSubnetsCidrBlocks: notImplemented("compact(aws_subnet.public[*].cidr_block)"),
publicSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.public[*].ipv6_cidr_block)"),
publicRouteTableIds: publicRouteTableIds,
publicInternetGatewayRouteId: notImplemented("try(aws_route.public_internet_gateway[0].id,null)"),
publicInternetGatewayIpv6RouteId: notImplemented("try(aws_route.public_internet_gateway_ipv6[0].id,null)"),
publicRouteTableAssociationIds: publicRouteTableAssociation.map(__item => __item.id),
publicNetworkAclId: notImplemented("try(aws_network_acl.public[0].id,null)"),
publicNetworkAclArn: notImplemented("try(aws_network_acl.public[0].arn,null)"),
privateSubnetObjects: _private,
privateSubnets: _private.map(__item => __item.id),
privateSubnetArns: _private.map(__item => __item.arn),
privateSubnetsCidrBlocks: notImplemented("compact(aws_subnet.private[*].cidr_block)"),
privateSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.private[*].ipv6_cidr_block)"),
privateRouteTableIds: privateRouteTableIds,
privateNatGatewayRouteIds: privateNatGateway.map(__item => __item.id),
privateIpv6EgressRouteIds: privateIpv6Egress.map(__item => __item.id),
privateRouteTableAssociationIds: privateRouteTableAssociation.map(__item => __item.id),
privateNetworkAclId: notImplemented("try(aws_network_acl.private[0].id,null)"),
privateNetworkAclArn: notImplemented("try(aws_network_acl.private[0].arn,null)"),
outpostSubnetObjects: outpost,
outpostSubnets: outpost.map(__item => __item.id),
outpostSubnetArns: outpost.map(__item => __item.arn),
outpostSubnetsCidrBlocks: notImplemented("compact(aws_subnet.outpost[*].cidr_block)"),
outpostSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.outpost[*].ipv6_cidr_block)"),
outpostNetworkAclId: notImplemented("try(aws_network_acl.outpost[0].id,null)"),
outpostNetworkAclArn: notImplemented("try(aws_network_acl.outpost[0].arn,null)"),
databaseSubnetObjects: database,
databaseSubnets: database.map(__item => __item.id),
databaseSubnetArns: database.map(__item => __item.arn),
databaseSubnetsCidrBlocks: notImplemented("compact(aws_subnet.database[*].cidr_block)"),
databaseSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.database[*].ipv6_cidr_block)"),
databaseSubnetGroup: notImplemented("try(aws_db_subnet_group.database[0].id,null)"),
databaseSubnetGroupName: notImplemented("try(aws_db_subnet_group.database[0].name,null)"),
databaseRouteTableIds: databaseRouteTable.map(__item => __item.id).length.apply(length => length > 0 ? databaseRouteTable.map(__item => __item.id) : privateRouteTable.map(__item => __item.id)),
databaseInternetGatewayRouteId: notImplemented("try(aws_route.database_internet_gateway[0].id,null)"),
databaseNatGatewayRouteIds: databaseNatGateway.map(__item => __item.id),
databaseIpv6EgressRouteId: notImplemented("try(aws_route.database_ipv6_egress[0].id,null)"),
databaseRouteTableAssociationIds: databaseRouteTableAssociation.map(__item => __item.id),
databaseNetworkAclId: notImplemented("try(aws_network_acl.database[0].id,null)"),
databaseNetworkAclArn: notImplemented("try(aws_network_acl.database[0].arn,null)"),
redshiftSubnetObjects: redshift,
redshiftSubnets: redshift.map(__item => __item.id),
redshiftSubnetArns: redshift.map(__item => __item.arn),
redshiftSubnetsCidrBlocks: notImplemented("compact(aws_subnet.redshift[*].cidr_block)"),
redshiftSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.redshift[*].ipv6_cidr_block)"),
redshiftSubnetGroup: notImplemented("try(aws_redshift_subnet_group.redshift[0].id,null)"),
redshiftRouteTableIds: redshiftRouteTableIds.length.apply(length => length > 0 ? redshiftRouteTableIds : enablePublicRedshift ? publicRouteTableIds : privateRouteTableIds),
redshiftRouteTableAssociationIds: redshiftRouteTableAssociation.map(__item => __item.id),
redshiftPublicRouteTableAssociationIds: redshiftPublic.map(__item => __item.id),
redshiftNetworkAclId: notImplemented("try(aws_network_acl.redshift[0].id,null)"),
redshiftNetworkAclArn: notImplemented("try(aws_network_acl.redshift[0].arn,null)"),
elasticacheSubnetObjects: elasticache,
elasticacheSubnets: elasticache.map(__item => __item.id),
elasticacheSubnetArns: elasticache.map(__item => __item.arn),
elasticacheSubnetsCidrBlocks: notImplemented("compact(aws_subnet.elasticache[*].cidr_block)"),
elasticacheSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.elasticache[*].ipv6_cidr_block)"),
elasticacheSubnetGroup: notImplemented("try(aws_elasticache_subnet_group.elasticache[0].id,null)"),
elasticacheSubnetGroupName: notImplemented("try(aws_elasticache_subnet_group.elasticache[0].name,null)"),
elasticacheRouteTableIds: notImplemented("try(coalescelist(aws_route_table.elasticache[*].id,local.private_route_table_ids),[])"),
elasticacheRouteTableAssociationIds: elasticacheRouteTableAssociation.map(__item => __item.id),
elasticacheNetworkAclId: notImplemented("try(aws_network_acl.elasticache[0].id,null)"),
elasticacheNetworkAclArn: notImplemented("try(aws_network_acl.elasticache[0].arn,null)"),
intraSubnetObjects: intra,
intraSubnets: intra.map(__item => __item.id),
intraSubnetArns: intra.map(__item => __item.arn),
intraSubnetsCidrBlocks: notImplemented("compact(aws_subnet.intra[*].cidr_block)"),
intraSubnetsIpv6CidrBlocks: notImplemented("compact(aws_subnet.intra[*].ipv6_cidr_block)"),
intraRouteTableIds: intraRouteTable.map(__item => __item.id),
intraRouteTableAssociationIds: intraRouteTableAssociation.map(__item => __item.id),
intraNetworkAclId: notImplemented("try(aws_network_acl.intra[0].id,null)"),
intraNetworkAclArn: notImplemented("try(aws_network_acl.intra[0].arn,null)"),
natIds: nat.map(__item => __item.id),
natPublicIps: reuseNatIps ? externalNatIps : nat.map(__item => __item.publicIp),
natgwIds: thisNatGateway.map(__item => __item.id),
natgwInterfaceIds: thisNatGateway.map(__item => __item.networkInterfaceId),
egressOnlyInternetGatewayId: notImplemented("try(aws_egress_only_internet_gateway.this[0].id,null)"),
cgwIds: thisCustomerGateway.map((v, k) => [k, v]).map(([k, v]) => (v.id)),
cgwArns: thisCustomerGateway.map((v, k) => [k, v]).map(([k, v]) => (v.arn)),
thisCustomerGateway: thisCustomerGateway,
vgwId: notImplemented("try(aws_vpn_gateway.this[0].id,aws_vpn_gateway_attachment.this[0].vpn_gateway_id,null)"),
vgwArn: notImplemented("try(aws_vpn_gateway.this[0].arn,null)"),
defaultVpcId: notImplemented("try(aws_default_vpc.this[0].id,null)"),
defaultVpcArn: notImplemented("try(aws_default_vpc.this[0].arn,null)"),
defaultVpcCidrBlock: notImplemented("try(aws_default_vpc.this[0].cidr_block,null)"),
defaultVpcDefaultSecurityGroupId: notImplemented("try(aws_default_vpc.this[0].default_security_group_id,null)"),
defaultVpcDefaultNetworkAclId: notImplemented("try(aws_default_vpc.this[0].default_network_acl_id,null)"),
defaultVpcDefaultRouteTableId: notImplemented("try(aws_default_vpc.this[0].default_route_table_id,null)"),
defaultVpcInstanceTenancy: notImplemented("try(aws_default_vpc.this[0].instance_tenancy,null)"),
defaultVpcEnableDnsSupport: notImplemented("try(aws_default_vpc.this[0].enable_dns_support,null)"),
defaultVpcEnableDnsHostnames: notImplemented("try(aws_default_vpc.this[0].enable_dns_hostnames,null)"),
defaultVpcMainRouteTableId: notImplemented("try(aws_default_vpc.this[0].main_route_table_id,null)"),
vpcFlowLogId: notImplemented("try(aws_flow_log.this[0].id,null)"),
vpcFlowLogDestinationArn: myFlowLogDestinationArn,
vpcFlowLogDestinationType: flowLogDestinationType,
vpcFlowLogCloudwatchIamRoleArn: flowLogIamRoleArn,
vpcFlowLogDeliverCrossAccountRole: notImplemented("try(aws_flow_log.this[0].deliver_cross_account_role,null)"),
azs: azs,
name: name,
};
}
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment