NEW: code revised

vpc-subnets/vpc.tf

@@ -1,7 +1,7 @@
 data "aws_availability_zones" "available" {}
 
 locals {
-  subnet_start = cidrsubnets(var.vpc-cidr,4,4) 
+  subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
 }
 
 module "random" {
@@ -10,21 +10,44 @@ module "random" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "2.6.0"
+  version = "2.47.0"
 
   name                 = "demo-vpc-${module.random.number}"
   cidr                 = var.vpc-cidr
   azs                  = data.aws_availability_zones.available.names
-  private_subnets 	= cidrsubnets(local.subnet_start[0], 4,4)
-  public_subnets 	= cidrsubnets(local.subnet_start[1], 4,4)
+  private_subnets      = cidrsubnets(local.subnet_start[0], 4, 4)
+  public_subnets       = cidrsubnets(local.subnet_start[1], 4, 4)
   enable_nat_gateway   = false
   single_nat_gateway   = true
   enable_dns_hostnames = true
 
-  tags = var.default-tags
+  # this is kinda slow
+  #  enable_ssm_endpoint              = true
+  #  ssm_endpoint_private_dns_enabled = true
+  #  ssm_endpoint_security_group_ids  = [aws_security_group.endpoint-sg.id]
+  #  ssm_endpoint_subnet_ids          = module.vpc.public_subnets
+
+  tags = local.default-tags
 
 }
 
-output "vpc_id" {
-  value = module.vpc.vpc_id
+resource "aws_security_group" "endpoint-sg" {
+  name   = "endpoint-sg"
+  vpc_id = module.vpc.vpc_id
+  ingress {
+    description = "Allow within VPC"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [module.vpc.vpc_cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = local.default-tags
 }
+
+