Merge pull request #25 from jpeters-vmw/custom-controller-subnet

Custom Controller Subnet

Author: slarimore02

README.md

@@ -260,9 +260,10 @@ No modules.
 | <a name="input_create_iam"></a> [create\_iam](#input\_create\_iam) | Create IAM policy, roles, and instance profile for Avi AWS Full Access Cloud. If set to false the aws\_access\_key and aws\_secret\_key variables will be used for the Cloud configuration and all policy must be created as found in https://avinetworks.com/docs/latest/iam-role-setup-for-installation-into-aws/ | `bool` | `"true"` | no |
 | <a name="input_create_networking"></a> [create\_networking](#input\_create\_networking) | This variable controls the VPC and subnet creation for the AVI Controller. When set to false the custom-vpc-name and custom-subnetwork-name must be set. | `bool` | `"true"` | no |
 | <a name="input_custom_controller_name"></a> [custom\_controller\_name](#input\_custom\_controller\_name) | This field can be used to specify a custom controller name to replace the (prefix-avi-controller) standard name.  A numeric iterator will still be appended to the custom name (1,2,3) | `string` | `null` | no |
-| <a name="input_custom_subnet_ids"></a> [custom\_subnet\_ids](#input\_custom\_subnet\_ids) | This field can be used to specify a list of existing VPC Subnets for the controller and SEs. The create-networking variable must also be set to false for this network to be used. | `list(string)` | `null` | no |
+| <a name="input_custom_controller_subnet_ids"></a> [custom\_controller\_subnet\_ids](#input\_custom\_controller\_subnet\_ids) | This field can be used to specify a list of existing VPC Subnets for the Controllers.  The create-networking variable must also be set to false for this network to be used. | `list(string)` | `null` | no |
+| <a name="input_custom_subnet_ids"></a> [custom\_subnet\_ids](#input\_custom\_subnet\_ids) | This field can be used to specify a list of existing VPC Subnets for the SEs. The create-networking variable must also be set to false for this network to be used. | `list(string)` | `null` | no |
 | <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Custom tags added to AWS Resources created by the module | `map(string)` | `{}` | no |
-| <a name="input_custom_vpc_id"></a> [custom\_vpc\_id](#input\_custom\_vpc\_id) | This field can be used to specify an existing VPC for the controller and SEs. The create-networking variable must also be set to false for this network to be used. | `string` | `null` | no |
+| <a name="input_custom_vpc_id"></a> [custom\_vpc\_id](#input\_custom\_vpc\_id) | This field can be used to specify an existing VPC for the SEs. The create-networking variable must also be set to false for this network to be used. | `string` | `null` | no |
 | <a name="input_dns_search_domain"></a> [dns\_search\_domain](#input\_dns\_search\_domain) | The optional DNS search domain that will be used by the controller | `string` | `null` | no |
 | <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | The optional DNS servers that will be used for local DNS resolution by the controller. Example ["8.8.4.4", "8.8.8.8"] | `list(string)` | `null` | no |
 | <a name="input_email_config"></a> [email\_config](#input\_email\_config) | The Email settings that will be used for sending password reset information or for trigged alerts. The default setting will send emails directly from the Avi Controller | `object({ smtp_type = string, from_email = string, mail_server_name = string, mail_server_port = string, auth_username = string, auth_password = string })` | <pre>{<br>  "auth_password": "",<br>  "auth_username": "",<br>  "from_email": "admin@avicontroller.net",<br>  "mail_server_name": "localhost",<br>  "mail_server_port": "25",<br>  "smtp_type": "SMTP_LOCAL_HOST"<br>}</pre> | no |

ec2-avi.tf

@@ -51,6 +51,7 @@ locals {
   az_names = data.aws_availability_zones.azs.names
 }
 
+#tfsec:ignore:aws-ec2-enforce-http-token-imds
 resource "aws_instance" "avi_controller" {
   count = var.controller_ha ? 3 : 1
   ami   = data.aws_ami.avi.id
@@ -62,7 +63,7 @@ resource "aws_instance" "avi_controller" {
   }
   instance_type               = var.instance_type
   key_name                    = var.key_pair_name
-  subnet_id                   = var.create_networking ? aws_subnet.avi[count.index].id : var.custom_subnet_ids[count.index]
+  subnet_id                   = var.create_networking ? aws_subnet.avi[count.index].id : var.custom_controller_subnet_ids[count.index]
   vpc_security_group_ids      = var.create_firewall_rules ? [aws_security_group.avi_controller_sg[0].id] : var.firewall_controller_security_group_ids
   iam_instance_profile        = var.create_iam ? aws_iam_instance_profile.avi[0].id : null
   associate_public_ip_address = false

variables.tf

@@ -95,12 +95,17 @@ variable "avi_cidr_block" {
   default     = "10.255.0.0/16"
 }
 variable "custom_vpc_id" {
-  description = "This field can be used to specify an existing VPC for the controller and SEs. The create-networking variable must also be set to false for this network to be used."
+  description = "This field can be used to specify an existing VPC for the SEs. The create-networking variable must also be set to false for this network to be used."
   type        = string
   default     = null
 }
 variable "custom_subnet_ids" {
-  description = "This field can be used to specify a list of existing VPC Subnets for the controller and SEs. The create-networking variable must also be set to false for this network to be used."
+  description = "This field can be used to specify a list of existing VPC Subnets for the SEs. The create-networking variable must also be set to false for this network to be used."
+  type        = list(string)
+  default     = null
+}
+variable "custom_controller_subnet_ids" {
+  description = "This field can be used to specify a list of existing VPC Subnets for the Controllers.  The create-networking variable must also be set to false for this network to be used."
   type        = list(string)
   default     = null
 }