EIP variable to list + doc + fmt

RaJiska · Nov 10, 2023 · ce82898 · ce82898
1 parent e21a21f
commit ce82898
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -64,6 +64,7 @@ No modules.
 | [aws_security_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_ami.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
@@ -73,6 +74,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami_id"></a> [ami\_id](#input\_ami\_id) | AMI to use for the NAT instance. Uses fck-nat latest AMI in the region if none provided | `string` | `null` | no |
 | <a name="input_ebs_root_volume_size"></a> [ebs\_root\_volume\_size](#input\_ebs\_root\_volume\_size) | Size of the EBS root volume in GB | `number` | `2` | no |
+| <a name="input_eip_allocation_ids"></a> [eip\_allocation\_ids](#input\_eip\_allocation\_ids) | EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation. | `list(string)` | `[]` | no |
 | <a name="input_encryption"></a> [encryption](#input\_encryption) | Whether or not to encrypt the EBS volume | `bool` | `true` | no |
 | <a name="input_ha_mode"></a> [ha\_mode](#input\_ha\_mode) | Whether or not high-availability mode should be enabled via autoscaling group | `bool` | `true` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Instance type to use for the NAT instance | `string` | `"t4g.micro"` | no |

diff --git a/ec2.tf b/ec2.tf
@@ -66,15 +66,15 @@ resource "aws_launch_template" "main" {
 
   user_data = base64encode(templatefile("${path.module}/templates/user_data.sh", {
     TERRAFORM_ENI_ID = aws_network_interface.main.id
-    TERRAFORM_EIP_ID = var.eip_allocation_id != null ? var.eip_allocation_id : ""
+    TERRAFORM_EIP_ID = length(var.eip_allocation_ids) != 0 ? var.eip_allocation_ids[0] : ""
   }))
 }
 
 resource "aws_instance" "main" {
   count = var.ha_mode ? 0 : 1
 
   launch_template {
-    id = aws_launch_template.main.id
+    id      = aws_launch_template.main.id
     version = "$Latest"
   }
 

diff --git a/iam.tf b/iam.tf
@@ -5,7 +5,7 @@ resource "aws_iam_instance_profile" "main" {
 
 data "aws_iam_policy_document" "main" {
   statement {
-    sid = "ManageNetworkInterface"
+    sid    = "ManageNetworkInterface"
     effect = "Allow"
     actions = [
       "ec2:AttachNetworkInterface",
@@ -15,33 +15,33 @@ data "aws_iam_policy_document" "main" {
       "*",
     ]
     condition {
-      test = "StringEquals"
+      test     = "StringEquals"
       variable = "ec2:ResourceTag/Name"
-      values = [var.name]
+      values   = [var.name]
     }
   }
 
   dynamic "statement" {
-    for_each = var.eip_allocation_id != null ? ["x"] : []
+    for_each = length(var.eip_allocation_ids) != 0 ? ["x"] : []
 
     content {
-      sid = "ManageEIPAllocation"
+      sid    = "ManageEIPAllocation"
       effect = "Allow"
       actions = [
         "ec2:AssociateAddress",
         "ec2:DisassociateAddress",
       ]
       resources = [
-        "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:elastic-ip/${var.eip_allocation_id}",
+        "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:elastic-ip/${var.eip_allocation_ids[0]}",
       ]
     }
   }
 
   dynamic "statement" {
-    for_each = var.eip_allocation_id != null ? ["x"] : []
+    for_each = length(var.eip_allocation_ids) != 0 ? ["x"] : []
 
     content {
-      sid = "ManageEIPNetworkInterface"
+      sid    = "ManageEIPNetworkInterface"
       effect = "Allow"
       actions = [
         "ec2:AssociateAddress",
@@ -51,9 +51,9 @@ data "aws_iam_policy_document" "main" {
         "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:network-interface/*"
       ]
       condition {
-        test = "StringEquals"
+        test     = "StringEquals"
         variable = "ec2:ResourceTag/Name"
-        values = [var.name]
+        values   = [var.name]
       }
     }
   }
@@ -77,7 +77,7 @@ resource "aws_iam_role" "main" {
   })
 
   inline_policy {
-    name = "Main"
+    name   = "Main"
     policy = data.aws_iam_policy_document.main.json
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -61,8 +61,8 @@ variable "ebs_root_volume_size" {
   default     = 2
 }
 
-variable "eip_allocation_id" {
-  description = "EIP allocation ID to use for the NAT instance. Automatically assign a public IP if none is provided"
-  type        = string
-  default     = null
-}
+variable "eip_allocation_ids" {
+  description = "EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation."
+  type        = list(string)
+  default     = []
+}