#pr-reviews (2022-09)

what

• The new variable ‘amazon_side_asn’ was added to the module with a default value of 64512 (AWS default, preserving current behaviour). • Variable ‘amazon_side_asn’ is now provided as an argument to the ‘aws_ec2_transit_gateway.default’ resource. • Documentation updated accordingly.

why

• Allows the ASN of a transit gateway to be set, allowing the best practice of having multiple transit gateways used in the same deployment to have different ASNs (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html) • In cases where a user is importing their existing infrastructure so it is managed via terraform, specifying the existing ASN means that the existing transit gateway does not need to be destroyed and recreated

references

• closes #27

what

• Remove join splat on module.security_group_arn

why

• Fix conflict with using custom security group in associated_security_group_ids and argument create_security_group is false

references

• N/A

what

• Manages the default route table created alongside aws_vpc resource automatically.

why

• If not managed there are no identifying features about this resource which is confusing. • In our case we establish ownership via tags passed into this module, if no tags are present it is difficult to report on ownership

references

• Closes #109 • aws_default_route_table

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

what

• Manages the default route table created alongside aws_vpc resource automatically.

why

• If not managed there are no identifying features about this resource which is confusing. • In our case we establish ownership via tags passed into this module, if no tags are present it is difficult to report on ownership

references

• Closes #109 • aws_default_route_table

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

• #58 • closes #58

what

• This module creates a write endpoint by default. Creating a RDS proxy read endpoint will ensure underlying primary/master instance is excluded from the connections isolating DDLs & DMLs in addition, to providing and additional layer for just read based workload.

why

• Usecase involves a separate read proxy endpoint that isolates reads to the replicas & separate write proxy endpoint to the primary instance.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_proxy_endpoint • closes #10

what

• Adds a flag var.deny_users which, when disabled, will allow IAM users to assume team roles • Specific users can still be denied via var.denied_principal_arns

why

• The existing functionality denies all IAM users from assuming team roles • In legacy/specific situations it would be good to allow this

references

• None

(PR submitted on behalf of @Gowiem)

what

• Add new variable tenancy that allows user to configure instance tenancy (default (default), dedicated, or host)

why

• An organization that I work with has a security policy that requires use of dedicated tenancy. This PR adds the capability to do that when using this module.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#tenancy • Closes #139