feat(vpc): support region parameter for aws v6

posquit0 · posquit0 · commit c5f50fa4b83a · 2025-10-26T00:58:59.000+09:00
diff --git a/modules/vpc/README.md b/modules/vpc/README.md
diff --git a/modules/vpc/defaults.tf b/modules/vpc/defaults.tf
@@ -5,6 +5,8 @@
 # INFO: Not supported attributes
 # - `subnet_ids`
 resource "aws_default_network_acl" "this" {
+  region = var.region
+
   default_network_acl_id = aws_vpc.this.default_network_acl_id
 
   dynamic "ingress" {
@@ -128,6 +130,8 @@ resource "aws_default_network_acl" "this" {
 ###################################################
 
 # resource "aws_default_route_table" "this" {
+#   region = var.region
+#
 #   default_route_table_id = aws_vpc.this.default_route_table_id
 #
 #   tags = merge(
@@ -145,6 +149,8 @@ resource "aws_default_network_acl" "this" {
 ###################################################
 
 resource "aws_default_security_group" "this" {
+  region = var.region
+
   vpc_id = aws_vpc.this.id
 
   dynamic "ingress" {
diff --git a/modules/vpc/dhcp-options.tf b/modules/vpc/dhcp-options.tf
@@ -1,7 +1,9 @@
-data "aws_region" "this" {}
+data "aws_region" "this" {
+  region = var.region
+}
 
 locals {
-  region = data.aws_region.this.name
+  region = data.aws_region.this.region
 
   default_dhcp_options_domain_name = (local.region != "us-east-1"
     ? "${local.region}.compute.internal"
@@ -17,6 +19,8 @@ locals {
 resource "aws_vpc_dhcp_options" "this" {
   count = var.dhcp_options.enabled ? 1 : 0
 
+  region = var.region
+
   domain_name = (length(compact([var.dhcp_options.domain_name])) > 0
     ? var.dhcp_options.domain_name
     : local.default_dhcp_options_domain_name
@@ -43,6 +47,8 @@ resource "aws_vpc_dhcp_options" "this" {
 resource "aws_vpc_dhcp_options_association" "this" {
   count = var.dhcp_options.enabled ? 1 : 0
 
+  region = aws_vpc.this.region
+
   vpc_id          = aws_vpc.this.id
   dhcp_options_id = aws_vpc_dhcp_options.this[0].id
 }
diff --git a/modules/vpc/gateways.tf b/modules/vpc/gateways.tf
@@ -2,11 +2,13 @@
 # Internet Gateway
 ###################################################
 
-# INFO: Not supported attributes
+# INFO: Use a separate resource
 # - `vpc_id`
 resource "aws_internet_gateway" "this" {
   count = var.internet_gateway.enabled ? 1 : 0
 
+  region = var.region
+
   tags = merge(
     {
       "Name" = coalesce(var.internet_gateway.name, local.metadata.name)
@@ -19,6 +21,8 @@ resource "aws_internet_gateway" "this" {
 resource "aws_internet_gateway_attachment" "this" {
   count = var.internet_gateway.enabled ? 1 : 0
 
+  region = aws_vpc.this.region
+
   vpc_id              = aws_vpc.this.id
   internet_gateway_id = aws_internet_gateway.this[0].id
 }
@@ -31,6 +35,8 @@ resource "aws_internet_gateway_attachment" "this" {
 resource "aws_egress_only_internet_gateway" "this" {
   count = var.egress_only_internet_gateway.enabled ? 1 : 0
 
+  region = var.region
+
   vpc_id = aws_vpc.this.id
 
   tags = merge(
@@ -54,12 +60,15 @@ resource "aws_egress_only_internet_gateway" "this" {
 # Virtual Private Gateway
 ###################################################
 
-# INFO: Not supported attributes
+# INFO: Use a separate resource
 # - `vpc_id`
+# INFO: Not supported attributes
 # - `availability_zone`
 resource "aws_vpn_gateway" "this" {
   count = var.vpn_gateway.enabled ? 1 : 0
 
+  region = var.region
+
   amazon_side_asn = var.vpn_gateway.asn
 
   tags = merge(
@@ -74,6 +83,8 @@ resource "aws_vpn_gateway" "this" {
 resource "aws_vpn_gateway_attachment" "this" {
   count = var.vpn_gateway.enabled ? 1 : 0
 
+  region = aws_vpc.this.region
+
   vpc_id         = aws_vpc.this.id
   vpn_gateway_id = aws_vpn_gateway.this[0].id
 }
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -29,6 +29,8 @@ locals {
 ###################################################
 
 resource "aws_vpc" "this" {
+  region = var.region
+
   ## IPv4 CIDR Blocks
   cidr_block = (var.ipv4_cidrs[0].type == "MANUAL"
     ? var.ipv4_cidrs[0].cidr
@@ -45,7 +47,6 @@ resource "aws_vpc" "this" {
 
 
   ## IPv6 CIDR Blocks
-  # TODO: Want to manage IPv6 CIDRs with `aws_vpc_ipv6_cidr_block_association` resource. But, there are unsupported featrues yet.
   assign_generated_ipv6_cidr_block = (local.ipv6_enabled
     ? (var.ipv6_cidrs[0].type == "AMAZON"
       ? true
@@ -108,6 +109,8 @@ resource "aws_vpc" "this" {
 resource "aws_vpc_ipv4_cidr_block_association" "this" {
   count = length(var.ipv4_cidrs) > 0 ? length(var.ipv4_cidrs) - 1 : 0
 
+  region = aws_vpc.this.region
+
   vpc_id = aws_vpc.this.id
   cidr_block = (var.ipv4_cidrs[count.index + 1].type == "MANUAL"
     ? var.ipv4_cidrs[count.index + 1].cidr
@@ -123,18 +126,26 @@ resource "aws_vpc_ipv4_cidr_block_association" "this" {
   )
 }
 
+# INFO: Not supported attributes
+# - `ipv6_pool`
 resource "aws_vpc_ipv6_cidr_block_association" "this" {
-  count = length(var.ipv6_cidrs) > 0 ? length(var.ipv6_cidrs) - 1 : 0
+  count = local.ipv6_enabled ? length(var.ipv6_cidrs) - 1 : 0
+
+  region = aws_vpc.this.region
 
   vpc_id = aws_vpc.this.id
-  ipv6_cidr_block = (var.ipv6_cidrs[count.index + 1].type == "IPAM_POOL"
-    ? var.ipv6_cidrs[count.index + 1].ipam_pool.cidr
+  assign_generated_ipv6_cidr_block = (var.ipv6_cidrs[count.index + 1].type == "AMAZON"
+    ? true
     : null
   )
   ipv6_ipam_pool_id = (var.ipv6_cidrs[count.index + 1].type == "IPAM_POOL"
     ? var.ipv6_cidrs[count.index + 1].ipam_pool.id
     : null
   )
+  ipv6_cidr_block = (var.ipv6_cidrs[count.index + 1].type == "IPAM_POOL"
+    ? var.ipv6_cidrs[count.index + 1].ipam_pool.cidr
+    : null
+  )
   ipv6_netmask_length = (var.ipv6_cidrs[count.index + 1].type == "IPAM_POOL"
     ? var.ipv6_cidrs[count.index + 1].ipam_pool.netmask_length
     : null
diff --git a/modules/vpc/outputs.tf b/modules/vpc/outputs.tf
@@ -1,9 +1,14 @@
+output "region" {
+  description = "The AWS region this module resources resides in."
+  value       = aws_vpc.this.region
+}
+
 output "name" {
   description = "The name of the VPC."
   value       = var.name
 }
 
-output "owner" {
+output "owner_id" {
   description = "The ID of the AWS account that owns the VPC."
   value       = aws_vpc.this.owner_id
 }
@@ -139,14 +144,14 @@ output "dns_resolution_enabled" {
   value       = aws_vpc.this.enable_dns_support
 }
 
-output "dns_dnssec_validation_enabled" {
-  description = "Whether or not the VPC has Route53 DNSSEC validation support."
-  value       = var.dns_dnssec_validation_enabled
-}
-
-output "dns_dnssec_validation_id" {
-  description = "The ID of a configuration for DNSSEC validation."
-  value       = one(aws_route53_resolver_dnssec_config.this[*].id)
+output "dnssec_validation" {
+  description = "The configuration for Route53 DNSSEC validation for the VPC."
+  value = {
+    enabled = var.dnssec_validation.enabled
+    id      = one(aws_route53_resolver_dnssec_config.this[*].id)
+    arn     = one(aws_route53_resolver_dnssec_config.this[*].arn)
+    status  = one(aws_route53_resolver_dnssec_config.this[*].status)
+  }
 }
 
 output "private_hosted_zones" {
@@ -162,9 +167,9 @@ output "default_network_acl" {
     `owner` - The ID of the AWS account that owns the default Network ACL.
   EOF
   value = {
-    id    = aws_vpc.this.default_network_acl_id
-    arn   = aws_default_network_acl.this.arn
-    owner = aws_default_network_acl.this.owner_id
+    id       = aws_vpc.this.default_network_acl_id
+    arn      = aws_default_network_acl.this.arn
+    owner_id = aws_default_network_acl.this.owner_id
   }
 }
 
@@ -190,7 +195,7 @@ output "default_security_group" {
   value = {
     id          = aws_vpc.this.default_security_group_id
     arn         = aws_default_security_group.this.arn
-    owner       = aws_default_security_group.this.owner_id
+    owner_id    = aws_default_security_group.this.owner_id
     name        = aws_default_security_group.this.name
     description = aws_default_security_group.this.description
   }
@@ -222,9 +227,9 @@ output "dhcp_options" {
   EOF
   value = (var.dhcp_options.enabled
     ? {
-      id    = one(aws_vpc_dhcp_options.this[*].id)
-      arn   = one(aws_vpc_dhcp_options.this[*].arn)
-      owner = one(aws_vpc_dhcp_options.this[*].owner_id)
+      id       = one(aws_vpc_dhcp_options.this[*].id)
+      arn      = one(aws_vpc_dhcp_options.this[*].arn)
+      owner_id = one(aws_vpc_dhcp_options.this[*].owner_id)
 
       domain_name                       = one(aws_vpc_dhcp_options.this[*].domain_name)
       domain_name_servers               = one(aws_vpc_dhcp_options.this[*].domain_name_servers)
@@ -246,9 +251,9 @@ output "internet_gateway" {
   EOF
   value = (var.internet_gateway.enabled
     ? {
-      id    = one(aws_internet_gateway.this[*].id)
-      arn   = one(aws_internet_gateway.this[*].arn)
-      owner = one(aws_internet_gateway.this[*].owner_id)
+      id       = one(aws_internet_gateway.this[*].id)
+      arn      = one(aws_internet_gateway.this[*].arn)
+      owner_id = one(aws_internet_gateway.this[*].owner_id)
     }
     : null
   )
diff --git a/modules/vpc/resource-group.tf b/modules/vpc/resource-group.tf
@@ -16,6 +16,8 @@ module "resource_group" {
 
   count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0
 
+  region = var.region
+
   name        = local.resource_group_name
   description = var.resource_group.description
 
diff --git a/modules/vpc/route53.tf b/modules/vpc/route53.tf
@@ -5,7 +5,9 @@
 resource "aws_route53_zone_association" "this" {
   for_each = toset(var.private_hosted_zones)
 
-  vpc_id  = aws_vpc.this.id
+  vpc_region = aws_vpc.this.region
+  vpc_id     = aws_vpc.this.id
+
   zone_id = each.value
 }
 
@@ -15,7 +17,9 @@ resource "aws_route53_zone_association" "this" {
 ###################################################
 
 resource "aws_route53_resolver_dnssec_config" "this" {
-  count = var.dns_dnssec_validation_enabled ? 1 : 0
+  count = var.dnssec_validation.enabled ? 1 : 0
+
+  region = var.region
 
   resource_id = aws_vpc.this.id
 }
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
@@ -1,3 +1,10 @@
+variable "region" {
+  description = "(Optional) The region in which to create the module resources. If not provided, the module resources will be created in the provider's configured region."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
 variable "name" {
   description = "(Required) Desired name for the VPC resources."
   type        = string
@@ -108,11 +115,16 @@ variable "dns_resolution_enabled" {
   nullable    = false
 }
 
-variable "dns_dnssec_validation_enabled" {
-  description = "(Optional) Should be true to enable Route53 DNSSEC validation in the VPC."
-  type        = bool
-  default     = false
-  nullable    = false
+variable "dnssec_validation" {
+  description = <<EOF
+  (Optional) A configuration for Route53 DNSSEC validation in the VPC. `dnssec_validation` as defined below.
+    (Optional) `enabled` - Whether to enable Route53 DNSSEC validation in the VPC. Defaults to `false`.
+  EOF
+  type = object({
+    enabled = optional(bool, false)
+  })
+  default  = {}
+  nullable = false
 }
 
 variable "private_hosted_zones" {
@@ -348,9 +360,6 @@ variable "module_tags_enabled" {
 # Resource Group
 ###################################################
 
-
-
-
 variable "resource_group" {
   description = <<EOF
   (Optional) A configurations of Resource Group for this module. `resource_group` as defined below.
diff --git a/modules/vpc/versions.tf b/modules/vpc/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.6"
+  required_version = ">= 1.12"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.46"
+      version = ">= 6.12"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 1.6"`
	`2`	`+ required_version = ">= 1.12"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 5.46"`
	`7`	`+ version = ">= 6.12"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`