feat: Enhanced region support

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.99.0
+    rev: v1.99.5
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

README.md

@@ -579,6 +579,7 @@ No modules.
 | <a name="input_redshift_subnet_suffix"></a> [redshift\_subnet\_suffix](#input\_redshift\_subnet\_suffix) | Suffix to append to redshift subnets name | `string` | `"redshift"` | no |
 | <a name="input_redshift_subnet_tags"></a> [redshift\_subnet\_tags](#input\_redshift\_subnet\_tags) | Additional tags for the redshift subnets | `map(string)` | `{}` | no |
 | <a name="input_redshift_subnets"></a> [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_reuse_nat_ips"></a> [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
 | <a name="input_secondary_cidr_blocks"></a> [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
 | <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |

modules/vpc-endpoints/README.md

@@ -94,7 +94,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_create"></a> [create](#input\_create) | Determines whether resources will be created | `bool` | `true` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `false` | no |
+| <a name="input_enable_service_endpoint_lookup"></a> [enable\_service\_endpoint\_lookup](#input\_enable\_service\_endpoint\_lookup) | Determines whether to look up the service endpoint in the AWS API. If set to false, the `service_endpoint` attribute (usually in the form of `com.amazonaws.<region>.<service>`) must be provided in the `endpoints` map | `bool` | `true` | no |
 | <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | A map of interface and/or gateway endpoints containing their properties and configurations | `any` | `{}` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | Description of the security group created | `string` | `null` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | Default security group IDs to associate with the VPC endpoints | `list(string)` | `[]` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created. Conflicts with `security_group_name_prefix` | `string` | `null` | no |

modules/vpc-endpoints/main.tf

@@ -9,7 +9,7 @@ locals {
 }
 
 data "aws_vpc_endpoint_service" "this" {
-  for_each = local.endpoints
+  for_each = { for k, v in local.endpoints : k => v if var.enable_service_endpoint_lookup }
 
   service         = try(each.value.service, null)
   service_name    = try(each.value.service_name, null)
@@ -24,8 +24,10 @@ data "aws_vpc_endpoint_service" "this" {
 resource "aws_vpc_endpoint" "this" {
   for_each = local.endpoints
 
+  region = var.region
+
   vpc_id            = var.vpc_id
-  service_name      = try(each.value.service_endpoint, data.aws_vpc_endpoint_service.this[each.key].service_name)
+  service_name      = try(data.aws_vpc_endpoint_service.this[each.key].service_name, each.value.service_endpoint)
   service_region    = try(each.value.service_region, null)
   vpc_endpoint_type = try(each.value.service_type, "Interface")
   auto_accept       = try(each.value.auto_accept, null)
@@ -76,6 +78,8 @@ resource "aws_vpc_endpoint" "this" {
 resource "aws_security_group" "this" {
   count = var.create && var.create_security_group ? 1 : 0
 
+  region = var.region
+
   name        = var.security_group_name
   name_prefix = var.security_group_name_prefix
   description = var.security_group_description
@@ -95,6 +99,8 @@ resource "aws_security_group" "this" {
 resource "aws_security_group_rule" "this" {
   for_each = { for k, v in var.security_group_rules : k => v if var.create && var.create_security_group }
 
+  region = var.region
+
   # Required
   security_group_id = aws_security_group.this[0].id
   protocol          = try(each.value.protocol, "tcp")

modules/vpc-endpoints/variables.tf

@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "vpc_id" {
   description = "The ID of the VPC in which the endpoint will be used"
   type        = string
@@ -16,6 +22,12 @@ variable "endpoints" {
   default     = {}
 }
 
+variable "enable_service_endpoint_lookup" {
+  description = "Determines whether to look up the service endpoint in the AWS API. If set to false, the `service_endpoint` attribute (usually in the form of `com.amazonaws.<region>.<service>`) must be provided in the `endpoints` map"
+  type        = bool
+  default     = true
+}
+
 variable "security_group_ids" {
   description = "Default security group IDs to associate with the VPC endpoints"
   type        = list(string)

variables.tf

@@ -8,6 +8,12 @@ variable "create_vpc" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "name" {
   description = "Name to be used on all the resources as identifier"
   type        = string

vpc-flow-logs.tf

@@ -1,6 +1,8 @@
 data "aws_region" "current" {
   # Call this API only if create_vpc and enable_flow_log are true
   count = var.create_vpc && var.enable_flow_log ? 1 : 0
+
+  region = var.region
 }
 
 data "aws_caller_identity" "current" {
@@ -36,6 +38,8 @@ locals {
 resource "aws_flow_log" "this" {
   count = local.enable_flow_log ? 1 : 0
 
+  region = var.region
+
   log_destination_type       = var.flow_log_destination_type
   log_destination            = local.flow_log_destination_arn
   log_format                 = var.flow_log_log_format
@@ -65,6 +69,8 @@ resource "aws_flow_log" "this" {
 resource "aws_cloudwatch_log_group" "flow_log" {
   count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
 
+  region = var.region
+
   name              = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}"
   retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
   kms_key_id        = var.flow_log_cloudwatch_log_group_kms_key_id