initial changes

locals.tf

@@ -31,6 +31,34 @@ locals {
   nfs_vm_subnet    = var.create_nfs_public_ip ? module.vpc.public_subnets[0] : module.vpc.private_subnets[0]
   nfs_vm_subnet_az = var.create_nfs_public_ip ? module.vpc.public_subnet_azs[0] : module.vpc.private_subnet_azs[0]
 
+  # Generate list of AZ where created subnets should be placed
+  # If not specified by the user replace with list of all AZs in a region
+  # If not enough regions provided, append with the list of all AZs in the region while retaining
+  # order of user provided list of regions
+  public_subnet_azs   = (
+  can(var.subnet_azs["public"]) ?
+    (length(var.subnet_azs["public"]) >= length(lookup(var.subnets, "public", [])) ?
+      var.subnet_azs["public"]
+      : distinct(concat(var.subnet_azs["public"], data.aws_availability_zones.available.names)))
+    : data.aws_availability_zones.available.names
+  )
+
+  private_subnet_azs   = (
+  can(var.subnet_azs["private"]) ?
+    (length(var.subnet_azs["private"]) >= length(lookup(var.subnets, "private", [])) ?
+      var.subnet_azs["private"]
+      : distinct(concat(var.subnet_azs["private"], data.aws_availability_zones.available.names)))
+    : data.aws_availability_zones.available.names
+  )
+
+  database_subnet_azs   = (
+  can(var.subnet_azs["database"]) ?
+    (length(var.subnet_azs["database"]) >= length(lookup(var.subnets, "database", [])) ?
+      var.subnet_azs["database"]
+      : distinct(concat(var.subnet_azs["database"], data.aws_availability_zones.available.names)))
+    : data.aws_availability_zones.available.names
+  )
+
   ssh_public_key = (var.create_jump_vm || var.storage_type == "standard"
     ? file(var.ssh_public_key)
     : null

main.tf

@@ -75,7 +75,9 @@ module "vpc" {
   region              = var.location
   security_group_id   = local.security_group_id
   cidr                = var.vpc_cidr
-  azs                 = data.aws_availability_zones.available.names
+  public_subnet_azs = local.public_subnet_azs
+  private_subnet_azs = local.private_subnet_azs
+  database_subnet_azs = local.database_subnet_azs
   existing_subnet_ids = var.subnet_ids
   subnets             = var.subnets
   existing_nat_id     = var.nat_id

modules/aws_vpc/main.tf

@@ -78,16 +78,16 @@ resource "aws_subnet" "public" {
   count                   = local.existing_public_subnets ? 0 : length(var.subnets["public"])
   vpc_id                  = local.vpc_id
   cidr_block              = element(var.subnets["public"], count.index)
-  availability_zone       = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
-  availability_zone_id    = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+  availability_zone       = length(regexall("^[a-z]{2}-", element(var.public_subnet_azs, count.index))) > 0 ? element(var.public_subnet_azs, count.index) : null
+  availability_zone_id    = length(regexall("^[a-z]{2}-", element(var.public_subnet_azs, count.index))) == 0 ? element(var.public_subnet_azs, count.index) : null
   map_public_ip_on_launch = var.map_public_ip_on_launch
 
   tags = merge(
     {
       "Name" = format(
         "%s-${var.public_subnet_suffix}-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.public_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -123,7 +123,7 @@ resource "aws_route_table" "public" {
       "Name" = format(
         "%s-${var.public_subnet_suffix}-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.public_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -173,15 +173,15 @@ resource "aws_subnet" "private" {
   count                = local.existing_private_subnets ? 0 : length(var.subnets["private"])
   vpc_id               = local.vpc_id
   cidr_block           = element(var.subnets["private"], count.index)
-  availability_zone    = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
-  availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+  availability_zone    = length(regexall("^[a-z]{2}-", element(var.private_subnet_azs, count.index))) > 0 ? element(var.private_subnet_azs, count.index) : null
+  availability_zone_id = length(regexall("^[a-z]{2}-", element(var.private_subnet_azs, count.index))) == 0 ? element(var.private_subnet_azs, count.index) : null
 
   tags = merge(
     {
       "Name" = format(
         "%s-${var.private_subnet_suffix}-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.private_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -203,7 +203,7 @@ resource "aws_route_table" "private" {
       "Name" = format(
         "%s-${var.private_subnet_suffix}-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.private_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -217,15 +217,15 @@ resource "aws_subnet" "database" {
   count                = local.existing_database_subnets ? 0 : length(var.subnets["database"])
   vpc_id               = local.vpc_id
   cidr_block           = element(var.subnets["database"], count.index)
-  availability_zone    = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
-  availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
+  availability_zone    = length(regexall("^[a-z]{2}-", element(var.database_subnet_azs, count.index))) > 0 ? element(var.database_subnet_azs, count.index) : null
+  availability_zone_id = length(regexall("^[a-z]{2}-", element(var.database_subnet_azs, count.index))) == 0 ? element(var.database_subnet_azs, count.index) : null
 
   tags = merge(
     {
       "Name" = format(
         "%s-${var.database_subnet_suffix}-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.database_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -257,7 +257,7 @@ resource "aws_eip" "nat" {
       "Name" = format(
         "%s-%s",
         var.name,
-        element(var.azs, count.index),
+        element(var.public_subnet_azs, count.index),
       )
     },
     var.tags,
@@ -280,7 +280,7 @@ resource "aws_nat_gateway" "nat_gateway" {
       "Name" = format(
         "%s-%s",
         var.name,
-        element(var.azs, 0),
+        element(var.public_subnet_azs, 0),
       )
     },
     var.tags,

modules/aws_vpc/variables.tf

@@ -1,12 +1,25 @@
 # Copyright © 2021-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-variable "azs" {
-  description = "A list of availability zones names or ids in the region"
+variable "public_subnet_azs" {
+  description = "A list of availability zones names or ids in the region for creating the public subnets"
   type        = list(string)
   default     = []
 }
 
+variable "private_subnet_azs" {
+  description = "A list of availability zones names or ids in the region for creating the private subnets"
+  type        = list(string)
+  default     = []
+}
+
+variable "database_subnet_azs" {
+  description = "A list of availability zones names or ids in the region for creating the database subnets"
+  type        = list(string)
+  default     = []
+}
+
+
 variable "vpc_id" {
   description = "Existing vpc id"
   type        = string

variables.tf

@@ -365,6 +365,19 @@ variable "subnets" {
   }
 }
 
+variable "subnet_azs" {
+  description = "AZs you want the subnets to created in - This variable is ignored when `subnet_ids` is set (AKA bring your own subnets)."
+  type        = map(list(string))
+  default     = {}
+  nullable    = false
+
+  # We only support configuring the AZs for the public, private, and database subnet
+  validation {
+    condition     =  var.subnet_azs == {}  || alltrue([for subnet in keys(var.subnet_azs) : contains(["public", "private", "database"], subnet)])
+    error_message = "ERROR: only public, private, and database are the only keys allowed in the subnet_azs map"
+  }
+}
+
 variable "security_group_id" {
   description = "Pre-existing Security Group id. Leave blank to have one created."
   type        = string