feat: Add variable type definitions on object types

README.md

@@ -84,8 +84,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_amazon_side_asn"></a> [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN. | `string` | `null` | no |
-| <a name="input_attachment_tags"></a> [attachment\_tags](#input\_attachment\_tags) | Additional tags for VPC attachments | `map(string)` | `{}` | no |
+| <a name="input_amazon_side_asn"></a> [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN | `string` | `null` | no |
 | <a name="input_create"></a> [create](#input\_create) | Controls if TGW should be created (it affects almost all resources) | `bool` | `true` | no |
 | <a name="input_create_flow_log"></a> [create\_flow\_log](#input\_create\_flow\_log) | Whether to create flow log resource(s) | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | Description of the EC2 Transit Gateway | `string` | `null` | no |
@@ -94,21 +93,20 @@ No modules.
 | <a name="input_enable_default_route_table_propagation"></a> [enable\_default\_route\_table\_propagation](#input\_enable\_default\_route\_table\_propagation) | Whether resource attachments automatically propagate routes to the default propagation route table | `bool` | `false` | no |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | Should be true to enable DNS support in the TGW | `bool` | `true` | no |
 | <a name="input_enable_multicast_support"></a> [enable\_multicast\_support](#input\_enable\_multicast\_support) | Whether multicast support is enabled | `bool` | `false` | no |
+| <a name="input_enable_ram_share"></a> [enable\_ram\_share](#input\_enable\_ram\_share) | Whether to share your transit gateway with other accounts | `bool` | `false` | no |
 | <a name="input_enable_vpn_ecmp_support"></a> [enable\_vpn\_ecmp\_support](#input\_enable\_vpn\_ecmp\_support) | Whether VPN Equal Cost Multipath Protocol support is enabled | `bool` | `true` | no |
-| <a name="input_flow_log_tags"></a> [flow\_log\_tags](#input\_flow\_log\_tags) | Additional tags for TGW or attachment flow logs | `map(string)` | `{}` | no |
-| <a name="input_flow_logs"></a> [flow\_logs](#input\_flow\_logs) | Flow Logs to create for Transit Gateway or attachments | `any` | `{}` | no |
+| <a name="input_flow_logs"></a> [flow\_logs](#input\_flow\_logs) | Flow Logs to create for Transit Gateway or attachments | <pre>map(object({<br/>    deliver_cross_account_role = optional(string)<br/>    destination_options = optional(object({<br/>      file_format                = optional(string, "parquet")<br/>      hive_compatible_partitions = optional(bool, false)<br/>      per_hour_partition         = optional(bool, true)<br/>    }))<br/>    iam_role_arn             = optional(string)<br/>    log_destination          = optional(string)<br/>    log_destination_type     = optional(string)<br/>    log_format               = optional(string)<br/>    max_aggregation_interval = optional(number, 30)<br/>    traffic_type             = optional(string, "ALL")<br/>    tags                     = optional(map(string), {})<br/><br/>    enable_transit_gateway = optional(bool, true)<br/>    # The following can be provided when `enable_transit_gateway` is `false`<br/>    vpc_attachment_key     = optional(string)<br/>    peering_attachment_key = optional(string)<br/>  }))</pre> | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |
-| <a name="input_peering_attachments"></a> [peering\_attachments](#input\_peering\_attachments) | Map of Transit Gateway peering attachments to create | `any` | `{}` | no |
-| <a name="input_ram_allow_external_principals"></a> [ram\_allow\_external\_principals](#input\_ram\_allow\_external\_principals) | Indicates whether principals outside your organization can be associated with a resource share. | `bool` | `false` | no |
+| <a name="input_peering_attachments"></a> [peering\_attachments](#input\_peering\_attachments) | Map of Transit Gateway peering attachments to create | <pre>map(object({<br/>    peer_account_id         = string<br/>    peer_region             = string<br/>    peer_transit_gateway_id = string<br/>    tags                    = optional(map(string), {})<br/><br/>    accept_peering_attachment = optional(bool, false)<br/>  }))</pre> | `{}` | no |
+| <a name="input_ram_allow_external_principals"></a> [ram\_allow\_external\_principals](#input\_ram\_allow\_external\_principals) | Indicates whether principals outside your organization can be associated with a resource share | `bool` | `false` | no |
 | <a name="input_ram_name"></a> [ram\_name](#input\_ram\_name) | The name of the resource share of TGW | `string` | `""` | no |
 | <a name="input_ram_principals"></a> [ram\_principals](#input\_ram\_principals) | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | `set(string)` | `[]` | no |
 | <a name="input_ram_tags"></a> [ram\_tags](#input\_ram\_tags) | Additional tags for the RAM | `map(string)` | `{}` | no |
-| <a name="input_share_tgw"></a> [share\_tgw](#input\_share\_tgw) | Whether to share your transit gateway with other accounts | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_tgw_tags"></a> [tgw\_tags](#input\_tgw\_tags) | Additional tags for the TGW | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_cidr_blocks"></a> [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6 | `list(string)` | `[]` | no |
-| <a name="input_vpc_attachments"></a> [vpc\_attachments](#input\_vpc\_attachments) | Map of VPC route table attachments to create | `any` | `{}` | no |
+| <a name="input_vpc_attachments"></a> [vpc\_attachments](#input\_vpc\_attachments) | Map of VPC route table attachments to create | <pre>map(object({<br/>    vpc_id                                          = string<br/>    subnet_ids                                      = list(string)<br/>    dns_support                                     = optional(bool, true)<br/>    ipv6_support                                    = optional(bool, false)<br/>    appliance_mode_support                          = optional(bool, false)<br/>    transit_gateway_default_route_table_association = optional(bool, false)<br/>    transit_gateway_default_route_table_propagation = optional(bool, false)<br/>    tags                                            = optional(map(string), {})<br/><br/>    accept_peering_attachment = optional(bool, false)<br/>  }))</pre> | `{}` | no |
 
 ## Outputs
 

main.tf

@@ -47,36 +47,34 @@ resource "aws_ec2_tag" "this" {
 resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
   for_each = { for k, v in var.vpc_attachments : k => v if var.create }
 
-  transit_gateway_id = var.create ? aws_ec2_transit_gateway.this[0].id : each.value.tgw_id
+  transit_gateway_id = aws_ec2_transit_gateway.this[0].id
   vpc_id             = each.value.vpc_id
   subnet_ids         = each.value.subnet_ids
 
-  dns_support                                     = try(each.value.dns_support, true) ? "enable" : "disable"
-  ipv6_support                                    = try(each.value.ipv6_support, false) ? "enable" : "disable"
-  appliance_mode_support                          = try(each.value.appliance_mode_support, false) ? "enable" : "disable"
-  transit_gateway_default_route_table_association = try(each.value.transit_gateway_default_route_table_association, false)
-  transit_gateway_default_route_table_propagation = try(each.value.transit_gateway_default_route_table_propagation, false)
+  dns_support                                     = each.value.dns_support ? "enable" : "disable"
+  ipv6_support                                    = each.value.ipv6_support ? "enable" : "disable"
+  appliance_mode_support                          = each.value.appliance_mode_support ? "enable" : "disable"
+  transit_gateway_default_route_table_association = each.value.transit_gateway_default_route_table_association
+  transit_gateway_default_route_table_propagation = each.value.transit_gateway_default_route_table_propagation
 
   tags = merge(
     var.tags,
     { Name = each.key },
-    var.attachment_tags,
-    try(each.value.tags, {}),
+    each.value.tags,
   )
 }
 
 resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "this" {
-  for_each = { for k, v in var.vpc_attachments : k => v if var.create && try(v.accept_peering_attachment, false) }
+  for_each = { for k, v in var.vpc_attachments : k => v if var.create && v.accept_peering_attachment }
 
   transit_gateway_attachment_id                   = aws_ec2_transit_gateway_vpc_attachment.this[0]
-  transit_gateway_default_route_table_association = try(each.value.transit_gateway_default_route_table_association, false)
-  transit_gateway_default_route_table_propagation = try(each.value.transit_gateway_default_route_table_propagation, false)
+  transit_gateway_default_route_table_association = each.value.transit_gateway_default_route_table_association
+  transit_gateway_default_route_table_propagation = each.value.transit_gateway_default_route_table_propagation
 
   tags = merge(
     var.tags,
     { Name = each.key },
-    var.attachment_tags,
-    try(each.value.tags, {}),
+    each.value.tags,
   )
 }
 
@@ -89,14 +87,14 @@ resource "aws_ec2_transit_gateway_peering_attachment" "this" {
 
   peer_account_id         = each.value.peer_account_id
   peer_region             = each.value.peer_region
-  peer_transit_gateway_id = each.value.peer_tgw_id
+  peer_transit_gateway_id = each.value.peer_transit_gateway_id
   transit_gateway_id      = aws_ec2_transit_gateway.this[0].id
 
   tags = var.tags
 }
 
 resource "aws_ec2_transit_gateway_peering_attachment_accepter" "this" {
-  for_each = { for k, v in var.peering_attachments : k => v if var.create && try(v.accept_peering_attachment, false) }
+  for_each = { for k, v in var.peering_attachments : k => v if var.create && v.accept_peering_attachment }
 
   transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment.this[each.key].id
 
@@ -112,7 +110,7 @@ locals {
 }
 
 resource "aws_ram_resource_share" "this" {
-  count = var.create && var.share_tgw ? 1 : 0
+  count = var.create && var.enable_ram_share ? 1 : 0
 
   name                      = local.ram_name
   allow_external_principals = var.ram_allow_external_principals
@@ -125,14 +123,14 @@ resource "aws_ram_resource_share" "this" {
 }
 
 resource "aws_ram_resource_association" "this" {
-  count = var.create && var.share_tgw ? 1 : 0
+  count = var.create && var.enable_ram_share ? 1 : 0
 
   resource_arn       = aws_ec2_transit_gateway.this[0].arn
   resource_share_arn = aws_ram_resource_share.this[0].id
 }
 
 resource "aws_ram_principal_association" "this" {
-  for_each = { for k, v in var.ram_principals : k => v if var.create && var.share_tgw }
+  for_each = { for k, v in var.ram_principals : k => v if var.create && var.enable_ram_share }
 
   principal          = each.value
   resource_share_arn = aws_ram_resource_share.this[0].arn
@@ -145,35 +143,34 @@ resource "aws_ram_principal_association" "this" {
 resource "aws_flow_log" "this" {
   for_each = { for k, v in var.flow_logs : k => v if var.create && var.create_flow_log }
 
-  deliver_cross_account_role = try(each.value.deliver_cross_account_role, null)
+  deliver_cross_account_role = each.value.deliver_cross_account_role
 
   dynamic "destination_options" {
-    for_each = try([each.value.destination_options], [])
+    for_each = each.value.destination_options != null ? [each.value.destination_options] : []
 
     content {
-      file_format                = try(each.value.file_format, "parquet")
-      hive_compatible_partitions = try(each.value.hive_compatible_partitions, false)
-      per_hour_partition         = try(each.value.per_hour_partition, true)
+      file_format                = each.value.file_format
+      hive_compatible_partitions = each.value.hive_compatible_partitions
+      per_hour_partition         = each.value.per_hour_partition
     }
   }
 
-  iam_role_arn         = try(each.value.iam_role_arn, null)
-  log_destination      = try(each.value.log_destination, null)
-  log_destination_type = try(each.value.log_destination_type, null)
-  log_format           = try(each.value.log_format, null)
-  # When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
-  max_aggregation_interval = max(try(each.value.max_aggregation_interval, 30), 60)
+  iam_role_arn             = each.value.iam_role_arn
+  log_destination          = each.value.log_destination
+  log_destination_type     = each.value.log_destination_type
+  log_format               = each.value.log_format
+  max_aggregation_interval = max(each.value.max_aggregation_interval, 60)
 
-  traffic_type       = try(each.value.traffic_type, "ALL")
-  transit_gateway_id = try(each.value.enable_transit_gateway, true) ? aws_ec2_transit_gateway.this[0].id : null
-  transit_gateway_attachment_id = try(each.value.enable_transit_gateway, true) ? null : try(
+  traffic_type       = each.value.traffic_type
+  transit_gateway_id = each.value.enable_transit_gateway ? aws_ec2_transit_gateway.this[0].id : null
+  transit_gateway_attachment_id = each.value.enable_transit_gateway ? null : try(
     aws_ec2_transit_gateway_vpc_attachment.this[each.value.vpc_attachment_key].id,
     aws_ec2_transit_gateway_peering_attachment.this[each.value.peering_attachment_key].id,
     null
   )
 
   tags = merge(
     var.tags,
-    var.flow_log_tags,
+    each.value.tags,
   )
 }

variables.tf

@@ -27,7 +27,7 @@ variable "description" {
 }
 
 variable "amazon_side_asn" {
-  description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN."
+  description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN"
   type        = string
   default     = null
 }
@@ -92,30 +92,42 @@ variable "tgw_tags" {
 
 variable "vpc_attachments" {
   description = "Map of VPC route table attachments to create"
-  type        = any
-  default     = {}
+  type = map(object({
+    vpc_id                                          = string
+    subnet_ids                                      = list(string)
+    dns_support                                     = optional(bool, true)
+    ipv6_support                                    = optional(bool, false)
+    appliance_mode_support                          = optional(bool, false)
+    transit_gateway_default_route_table_association = optional(bool, false)
+    transit_gateway_default_route_table_propagation = optional(bool, false)
+    tags                                            = optional(map(string), {})
+
+    accept_peering_attachment = optional(bool, false)
+  }))
+  default = {}
 }
 
 variable "peering_attachments" {
   description = "Map of Transit Gateway peering attachments to create"
-  type        = any
-  default     = {}
-}
+  type = map(object({
+    peer_account_id         = string
+    peer_region             = string
+    peer_transit_gateway_id = string
+    tags                    = optional(map(string), {})
 
-variable "attachment_tags" {
-  description = "Additional tags for VPC attachments"
-  type        = map(string)
-  default     = {}
+    accept_peering_attachment = optional(bool, false)
+  }))
+  default = {}
 }
 
 ################################################################################
 # Resource Access Manager
 ################################################################################
 
-variable "share_tgw" {
+variable "enable_ram_share" {
   description = "Whether to share your transit gateway with other accounts"
   type        = bool
-  default     = true
+  default     = false
 }
 
 variable "ram_name" {
@@ -125,7 +137,7 @@ variable "ram_name" {
 }
 
 variable "ram_allow_external_principals" {
-  description = "Indicates whether principals outside your organization can be associated with a resource share."
+  description = "Indicates whether principals outside your organization can be associated with a resource share"
   type        = bool
   default     = false
 }
@@ -154,12 +166,25 @@ variable "create_flow_log" {
 
 variable "flow_logs" {
   description = "Flow Logs to create for Transit Gateway or attachments"
-  type        = any
-  default     = {}
-}
-
-variable "flow_log_tags" {
-  description = "Additional tags for TGW or attachment flow logs"
-  type        = map(string)
-  default     = {}
+  type = map(object({
+    deliver_cross_account_role = optional(string)
+    destination_options = optional(object({
+      file_format                = optional(string, "parquet")
+      hive_compatible_partitions = optional(bool, false)
+      per_hour_partition         = optional(bool, true)
+    }))
+    iam_role_arn             = optional(string)
+    log_destination          = optional(string)
+    log_destination_type     = optional(string)
+    log_format               = optional(string)
+    max_aggregation_interval = optional(number, 30)
+    traffic_type             = optional(string, "ALL")
+    tags                     = optional(map(string), {})
+
+    enable_transit_gateway = optional(bool, true)
+    # The following can be provided when `enable_transit_gateway` is `false`
+    vpc_attachment_key     = optional(string)
+    peering_attachment_key = optional(string)
+  }))
+  default = {}
 }