Merge pull request #73 from f5devcentral/gwlb4

Gwlb4

.talismanrc

@@ -142,3 +142,5 @@ fileignoreconfig:
   checksum: fafd6af57c6f67439afaf5e9493fb8e393a4a2fbe30252944c644264871e88a8
 - filename: solutions/security/ingress-egress-inter-vpc-fw-gwlb/README.md
   checksum: 5ed655b3812b7993ac0a6d074abece9ab2fc99c58f843d11376e9c7c10422814
+- filename: modules/aws/terraform/gwlb-bigip-vpc/main.tf
+  checksum: 90999ce57eba4fafee5b4b64fb2102613594b09b76b8fbbfa00451aef6bf5cff

modules/aws/terraform/gwlb-bigip-vpc/README.md

@@ -41,7 +41,6 @@ No requirements.
 | allowedMgmtIps | n/a | `list` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | awsAz1 | will use a dynamic az if left empty | `any` | `null` | no |
 | awsAz2 | will use a dynamic az if left empty | `any` | `null` | no |
-| awsRegion | n/a | `string` | `"us-west-2"` | no |
 | bigipPassword | password for the bigip admin account | `any` | `null` | no |
 | buildSuffix | random build suffix for tagging | `string` | `"f5-dcec"` | no |
 | createGwlbEndpoint | Controls the creation of gwlb endpoints in the provided vpc, if true creates subnets and endpoints | `bool` | `false` | no |

modules/aws/terraform/gwlb-bigip-vpc/main.tf

@@ -4,15 +4,17 @@
 
 # VPCs
 
+data "aws_region" "current" {}
 data "aws_availability_zones" "available" {
   state = "available"
 }
 
 data "aws_caller_identity" "current" {}
 
 locals {
-  awsAz1 = var.awsAz1 != null ? var.awsAz1 : data.aws_availability_zones.available.names[0]
-  awsAz2 = var.awsAz2 != null ? var.awsAz1 : data.aws_availability_zones.available.names[1]
+  awsAz1    = var.awsAz1 != null ? var.awsAz1 : data.aws_availability_zones.available.names[0]
+  awsAz2    = var.awsAz2 != null ? var.awsAz1 : data.aws_availability_zones.available.names[1]
+  awsRegion = data.aws_region.current.name
 }
 resource "aws_vpc" "vpcGwlb" {
   cidr_block = var.vpcCidr
@@ -238,7 +240,7 @@ resource "aws_iam_role_policy" "BigIpPolicy" {
             "secretsmanager:UpdateSecretVersionStage"
         ],
         "Resource": [
-            "arn:aws:secretsmanager:${var.awsRegion}:${data.aws_caller_identity.current.account_id}:secret:*"
+            "arn:aws:secretsmanager:${local.awsRegion}:${data.aws_caller_identity.current.account_id}:secret:*"
         ]
     }
   ]

modules/aws/terraform/gwlb-bigip-vpc/outputs.tf

@@ -32,15 +32,15 @@ output "gwlbEndpointService" {
 }
 output "gwlbeAz1" {
   description = "Id of the GWLB endpoint in AZ1"
-  value       = aws_vpc_endpoint.vpcGwlbeAz1[0].id
+  value       = length(aws_vpc_endpoint.vpcGwlbeAz1) > 0 ? aws_vpc_endpoint.vpcGwlbeAz1[0].id : null
 }
 output "gwlbeAz2" {
   description = "Id of the GWLB endpoint in AZ2"
-  value       = aws_vpc_endpoint.vpcGwlbeAz2[0].id
+  value       = length(aws_vpc_endpoint.vpcGwlbeAz2) > 0 ? aws_vpc_endpoint.vpcGwlbeAz2[0].id : null
 }
 output "subnetGwlbeAz1" {
-  value = aws_subnet.subnetGwlbeAz1[0].id
+  value = length(aws_subnet.subnetGwlbeAz1) > 0 ? aws_subnet.subnetGwlbeAz1[0].id : null
 }
 output "subnetGwlbeAz2" {
-  value = aws_subnet.subnetGwlbeAz2[0].id
+  value = length(aws_subnet.subnetGwlbeAz2) > 0 ? aws_subnet.subnetGwlbeAz2[0].id : null
 }

modules/aws/terraform/gwlb-bigip-vpc/variables.tf

@@ -22,9 +22,6 @@ variable "awsAz2" {
   description = "will use a dynamic az if left empty"
   default     = null
 }
-variable "awsRegion" {
-  default = "us-west-2"
-}
 variable "keyName" {
   default = null
 }