tofu/aws: bugfix: correct vpc creation logic (#66)

Signed-off-by: Silvio Moioli <silvio@moioli.net>
2025-05-30 19:18:37 +02:00 · 2025-05-30 19:18:37 +02:00 · 0eeff27aea
parent 7a0b4186e6
commit 0eeff27aea
3 changed files with 7 additions and 7 deletions
--- a/tofu/modules/aws/network/data.tf
+++ b/tofu/modules/aws/network/data.tf
@ -29,7 +29,7 @@ data "aws_subnet" "public" {
 }
 data "aws_subnet" "private" {
-  count = local.create_vpc ? 0 : 1
+  count = !local.create_vpc ? 1 : 0
  vpc_id = one(data.aws_vpc.existing[*].id)
  availability_zone = var.availability_zone
@ -40,7 +40,7 @@ data "aws_subnet" "private" {
 }
 data "aws_subnet" "secondary_private" {
-  count = local.create_vpc && var.secondary_availability_zone != null ? 0 : 1
+  count = !local.create_vpc && var.secondary_availability_zone != null ? 1 : 0
  vpc_id = one(data.aws_vpc.existing[*].id)
  availability_zone = var.secondary_availability_zone
--- a/tofu/modules/aws/network/main.tf
+++ b/tofu/modules/aws/network/main.tf
@ -19,7 +19,7 @@ locals {
  public_subnet_id = coalesce(one(aws_subnet.public[*].id), one(data.aws_subnet.public[*].id))
  private_subnet_id = coalesce(one(aws_subnet.private[*].id), one(data.aws_subnet.private[*].id))
-  secondary_private_subnet_id = coalesce(one(aws_subnet.secondary_private[*].id), one(data.aws_subnet.secondary_private[*].id))
+  secondary_private_subnet_id = (local.create_vpc && var.secondary_availability_zone != null) ? aws_subnet.secondary_private[0].id : (!local.create_vpc && var.secondary_availability_zone != null) ? data.aws_subnet.secondary_private[0].id : null
  create_vpc = var.existing_vpc_name == null
 }
@ -147,8 +147,8 @@ resource "aws_route_table_association" "private" {
 }
 resource "aws_route_table_association" "secondary_private" {
-  count          = var.secondary_availability_zone != null ? 1 : 0
+  count          = local.create_vpc && var.secondary_availability_zone != null ? 1 : 0
-  subnet_id      = aws_subnet.secondary_private[0].id
+  subnet_id      = local.secondary_private_subnet_id
  route_table_id = aws_route_table.private.id
 }
@ -259,7 +259,7 @@ module "bastion" {
    availability_zone : var.availability_zone,
    public_subnet_id : local.public_subnet_id
    private_subnet_id : local.private_subnet_id
-    secondary_private_subnet_id : var.secondary_availability_zone != null ? aws_subnet.secondary_private[0].id : null
+    secondary_private_subnet_id : local.secondary_private_subnet_id
    public_security_group_id : aws_security_group.public.id
    private_security_group_id : aws_security_group.private.id
    ssh_key_name : aws_key_pair.key_pair.key_name
--- a/tofu/modules/aws/network/outputs.tf
+++ b/tofu/modules/aws/network/outputs.tf
@ -3,7 +3,7 @@ output "config" {
    availability_zone : var.availability_zone,
    public_subnet_id : local.public_subnet_id,
    private_subnet_id : local.private_subnet_id,
-    secondary_private_subnet_id : var.secondary_availability_zone != null ? local.secondary_private_subnet_id : null,
+    secondary_private_subnet_id : local.secondary_private_subnet_id,
    public_security_group_id : aws_security_group.public.id,
    private_security_group_id : aws_security_group.private.id,
    ssh_key_name : aws_key_pair.key_pair.key_name,