From a4f5d2fea3bd343dedf8de7abe7f6e3c1099f390 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=AA=20Lima?= <renebarbosafl@gmail.com>
Date: Tue, 27 Aug 2024 20:36:30 -0300
Subject: [PATCH] updating resolver-endpoints and example

---
 examples/complete/main.tf               | 12 ++++--------
 modules/resolver-endpoints/README.md    |  3 ++-
 modules/resolver-endpoints/main.tf      |  5 +++--
 modules/resolver-endpoints/variables.tf | 13 ++++++++-----
 4 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index ff35fc2..4fbdf72 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -300,14 +300,7 @@ module "inbound_resolver_endpoints" {
   direction = "INBOUND"
   protocols = ["Do53", "DoH"]
 
-  ip_address = [
-    {
-      subnet_id = module.vpc1.private_subnets[0]
-    },
-    {
-      subnet_id = module.vpc1.private_subnets[1]
-    }
-  ]
+  subnet_ids = slice(module.vpc1.private_subnets, 0, 2)
 
   vpc_id                     = module.vpc1.vpc_id
   security_group_name_prefix = "example1-sg-"
@@ -326,11 +319,14 @@ module "outbound_resolver_endpoints" {
   direction = "OUTBOUND"
   protocols = ["Do53", "DoH"]
 
+  # Using fixed IP addresses
   ip_address = [
     {
+      ip        = "10.0.0.35"
       subnet_id = module.vpc1.private_subnets[0]
     },
     {
+      ip        = "10.0.1.35"
       subnet_id = module.vpc1.private_subnets[1]
     }
   ]
diff --git a/modules/resolver-endpoints/README.md b/modules/resolver-endpoints/README.md
index ee5a46a..ece4f0e 100644
--- a/modules/resolver-endpoints/README.md
+++ b/modules/resolver-endpoints/README.md
@@ -34,7 +34,7 @@ No modules.
 | <a name="input_create"></a> [create](#input\_create) | Whether to create Route53 resolver endpoints | `bool` | `true` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Whether to create Security Groups for Route53 Resolver Endpoints | `bool` | `true` | no |
 | <a name="input_direction"></a> [direction](#input\_direction) | The resolver endpoint flow direction | `string` | `"INBOUND"` | no |
-| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | A list of IP addresses and subnets where Route53 resolver endpoints will be deployed | <pre>list(object({<br>    ip        = optional(string)<br>    subnet_id = string<br>  }))</pre> | `[]` | no |
+| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | A list of IP addresses and subnets where Route53 resolver endpoints will be deployed | `list(any)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | The resolver endpoint name | `string` | `null` | no |
 | <a name="input_protocols"></a> [protocols](#input\_protocols) | The resolver endpoint protocols | `list(string)` | `[]` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | The security group description | `string` | `null` | no |
@@ -44,6 +44,7 @@ No modules.
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name of the security group | `string` | `null` | no |
 | <a name="input_security_group_name_prefix"></a> [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | The prefix of the security group | `string` | `null` | no |
 | <a name="input_security_group_tags"></a> [security\_group\_tags](#input\_security\_group\_tags) | A map of tags for the security group | `map(string)` | `{}` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnets where Route53 resolver endpoints will be deployed | `list(any)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags for the Route53 resolver endpoint | `map(string)` | `{}` | no |
 | <a name="input_type"></a> [type](#input\_type) | The resolver endpoint IP type | `string` | `"IPV4"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID for all the Route53 Resolver Endpoints | `string` | `""` | no |
diff --git a/modules/resolver-endpoints/main.tf b/modules/resolver-endpoints/main.tf
index be67741..3910fca 100644
--- a/modules/resolver-endpoints/main.tf
+++ b/modules/resolver-endpoints/main.tf
@@ -1,5 +1,6 @@
 locals {
   security_group_ids = var.create && var.create_security_group ? [aws_security_group.this[0].id] : var.security_group_ids
+  subnet_ids         = var.create && length(var.subnet_ids) > 0 ? [for subnet in var.subnet_ids : { subnet_id = subnet }] : var.subnet_ids
 }
 
 resource "aws_route53_resolver_endpoint" "this" {
@@ -12,11 +13,11 @@ resource "aws_route53_resolver_endpoint" "this" {
   security_group_ids     = local.security_group_ids
 
   dynamic "ip_address" {
-    for_each = var.ip_address
+    for_each = length(var.ip_address) == 0 ? local.subnet_ids : var.ip_address
 
     content {
       ip        = lookup(ip_address.value, "ip", null)
-      subnet_id = ip_address.value.subnet_id
+      subnet_id = each.value.subnet_id
     }
   }
 
diff --git a/modules/resolver-endpoints/variables.tf b/modules/resolver-endpoints/variables.tf
index 808473f..c8cc7be 100644
--- a/modules/resolver-endpoints/variables.tf
+++ b/modules/resolver-endpoints/variables.tf
@@ -28,13 +28,16 @@ variable "type" {
   default     = "IPV4"
 }
 
+variable "subnet_ids" {
+  description = "A list of subnets where Route53 resolver endpoints will be deployed"
+  type        = list(any)
+  default     = []
+}
+
 variable "ip_address" {
   description = "A list of IP addresses and subnets where Route53 resolver endpoints will be deployed"
-  type = list(object({
-    ip        = optional(string)
-    subnet_id = string
-  }))
-  default = []
+  type        = list(any)
+  default     = []
 }
 
 variable "security_group_ids" {