Support finding vpcs and subnets by tags

examples/vault-cluster-private/variables.tf

@@ -67,4 +67,4 @@ variable "consul_cluster_tag_key" {
 variable "vpc_id" {
   description = "The ID of the VPC to deploy into. Leave an empty string to use the Default VPC in this region."
   default     = ""
-}
+}

main.tf

@@ -30,10 +30,10 @@ terraform {
 # /_ci/publish-amis-in-new-account.md for more information.
 # ---------------------------------------------------------------------------------------------------------------------
 data "aws_ami" "vault_consul" {
-  most_recent      = true
+  most_recent = true
 
   # If we change the AWS Account in which test are run, update this value.
-  owners     = ["562637147889"]
+  owners = ["562637147889"]
 
   filter {
     name   = "virtualization-type"
@@ -135,10 +135,12 @@ module "vault_elb" {
 
   # In order to access Vault over HTTPS, we need a domain name that matches the TLS cert
   create_dns_entry = "${var.create_dns_entry}"
+
   # Terraform conditionals are not short-circuiting, so we use join as a workaround to avoid errors when the
   # aws_route53_zone data source isn't actually set: https://github.com/hashicorp/hil/issues/50
-  hosted_zone_id   = "${var.create_dns_entry ? join("", data.aws_route53_zone.selected.*.zone_id) : ""}"
-  domain_name      = "${var.vault_domain_name}"
+  hosted_zone_id = "${var.create_dns_entry ? join("", data.aws_route53_zone.selected.*.zone_id) : ""}"
+
+  domain_name = "${var.vault_domain_name}"
 }
 
 # Look up the Route 53 Hosted Zone by domain name
@@ -198,9 +200,11 @@ data "template_file" "user_data_consul" {
 # ---------------------------------------------------------------------------------------------------------------------
 
 data "aws_vpc" "default" {
-  default = true
+  default = "${var.use_default_vpc}"
+  tags    = "${var.vpc_tags}"
 }
 
 data "aws_subnet_ids" "default" {
   vpc_id = "${data.aws_vpc.default.id}"
+  tags   = "${var.subnet_tags}"
 }

modules/private-tls-cert/outputs.tf

@@ -9,4 +9,3 @@ output "public_key_file_path" {
 output "private_key_file_path" {
   value = "${var.private_key_file_path}"
 }
-

modules/vault-cluster/variables.tf

@@ -78,7 +78,8 @@ variable "cluster_tag_key" {
 
 variable "cluster_extra_tags" {
   description = "A list of additional tags to add to each Instance in the ASG. Each element in the list must be a map with the keys key, value, and propagate_at_launch"
-  type = "list"
+  type        = "list"
+
   #example: 
   # default = [
   #   {
@@ -170,4 +171,4 @@ variable "cluster_port" {
 variable "ssh_port" {
   description = "The port used for SSH connections"
   default     = 22
-}
+}

outputs.tf

@@ -64,4 +64,4 @@ output "ssh_key_name" {
 
 output "vault_cluster_size" {
   value = "${var.vault_cluster_size}"
-}
+}

variables.tf

@@ -13,7 +13,7 @@
 
 variable "ami_id" {
   description = "The ID of the AMI to run in the cluster. This should be an AMI built from the Packer template under examples/vault-consul-ami/vault-consul.json. If no AMI is specified, the template will 'just work' by using the example public AMIs. WARNING! Do not use the example AMIs in a production setting!"
-  default = ""
+  default     = ""
 }
 
 variable "create_dns_entry" {
@@ -37,6 +37,21 @@ variable "ssh_key_name" {
 # These parameters have reasonable defaults.
 # ---------------------------------------------------------------------------------------------------------------------
 
+variable "subnet_tags" {
+  description = "Tags used to find subnets for vault and consul servers"
+  default     = {}
+}
+
+variable "vpc_tags" {
+  description = "Tags used to find a vpc for building resources in"
+  default     = {}
+}
+
+variable "use_default_vpc" {
+  description = "Whether to use the default VPC - NOT recommended for production! - should more likely change this to false and use the vpc_tags to find your vpc"
+  default     = true
+}
+
 variable "aws_region" {
   description = "The AWS region to deploy into (e.g. us-east-1)."
   default     = "us-east-1"