diff --git a/README.md b/README.md
index e033aaf..ef8f857 100644
--- a/README.md
+++ b/README.md
@@ -217,7 +217,7 @@ Available targets:
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [assign\_generated\_ipv6\_cidr\_block](#input\_assign\_generated\_ipv6\_cidr\_block) | DEPRECATED, use `ipv6_enabled` instead: Whether to assign generated ipv6 cidr block to the VPC | `bool` | `null` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
-| [cidr\_block](#input\_cidr\_block) | IPv4 CIDR to assign to the VPC | `string` | n/a | yes |
+| [cidr\_block](#input\_cidr\_block) | The IPv4 CIDR block for the VPC.
Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
| [classiclink\_dns\_support\_enabled](#input\_classiclink\_dns\_support\_enabled) | A boolean flag to enable/disable ClassicLink DNS Support for the VPC | `bool` | `false` | no |
| [classiclink\_enabled](#input\_classiclink\_enabled) | A boolean flag to enable/disable ClassicLink for the VPC | `bool` | `false` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` |
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
}
| no |
@@ -237,6 +237,8 @@ Available targets:
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
| [internet\_gateway\_enabled](#input\_internet\_gateway\_enabled) | A boolean flag to enable/disable Internet Gateway creation | `bool` | `true` | no |
+| [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.
Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
+| [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | The netmask length of the IPv4 CIDR you want to allocate to this VPC. | `number` | `16` | no |
| [ipv6\_egress\_only\_internet\_gateway\_enabled](#input\_ipv6\_egress\_only\_internet\_gateway\_enabled) | A boolean flag to enable/disable IPv6 Egress-Only Internet Gateway creation | `bool` | `false` | no |
| [ipv6\_enabled](#input\_ipv6\_enabled) | If `true`, enable IPv6 and assign a generated CIDR block to the VPC | `bool` | `true` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
@@ -359,7 +361,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
## Copyright
-Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
diff --git a/docs/terraform.md b/docs/terraform.md
index a097c23..debcd5c 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -37,7 +37,7 @@
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [assign\_generated\_ipv6\_cidr\_block](#input\_assign\_generated\_ipv6\_cidr\_block) | DEPRECATED, use `ipv6_enabled` instead: Whether to assign generated ipv6 cidr block to the VPC | `bool` | `null` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
-| [cidr\_block](#input\_cidr\_block) | IPv4 CIDR to assign to the VPC | `string` | n/a | yes |
+| [cidr\_block](#input\_cidr\_block) | The IPv4 CIDR block for the VPC.
Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
| [classiclink\_dns\_support\_enabled](#input\_classiclink\_dns\_support\_enabled) | A boolean flag to enable/disable ClassicLink DNS Support for the VPC | `bool` | `false` | no |
| [classiclink\_enabled](#input\_classiclink\_enabled) | A boolean flag to enable/disable ClassicLink for the VPC | `bool` | `false` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
}
| no |
@@ -57,6 +57,8 @@
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
| [internet\_gateway\_enabled](#input\_internet\_gateway\_enabled) | A boolean flag to enable/disable Internet Gateway creation | `bool` | `true` | no |
+| [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.
Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
+| [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | The netmask length of the IPv4 CIDR you want to allocate to this VPC. | `number` | `16` | no |
| [ipv6\_egress\_only\_internet\_gateway\_enabled](#input\_ipv6\_egress\_only\_internet\_gateway\_enabled) | A boolean flag to enable/disable IPv6 Egress-Only Internet Gateway creation | `bool` | `false` | no |
| [ipv6\_enabled](#input\_ipv6\_enabled) | If `true`, enable IPv6 and assign a generated CIDR block to the VPC | `bool` | `true` | no |
| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 2c4dcfb..3589774 100644
--- a/main.tf
+++ b/main.tf
@@ -15,6 +15,8 @@ resource "aws_vpc" "default" {
#bridgecrew:skip=BC_AWS_LOGGING_9:VPC Flow Logs are meant to be enabled by terraform-aws-vpc-flow-logs-s3-bucket and/or terraform-aws-cloudwatch-flow-logs
cidr_block = var.cidr_block
+ ipv4_ipam_pool_id = var.ipv4_ipam_pool_id
+ ipv4_netmask_length = local.ipv4_netmask_length
instance_tenancy = var.instance_tenancy
enable_dns_hostnames = local.dns_hostnames_enabled
enable_dns_support = local.dns_support_enabled
diff --git a/variables.tf b/variables.tf
index 53a51ea..ed7435a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,7 +1,27 @@
variable "cidr_block" {
type = string
- description = "IPv4 CIDR to assign to the VPC"
+ description = <<-EOT
+ The IPv4 CIDR block for the VPC.
+ Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both.
+ EOT
+ default = null
+}
+
+variable "ipv4_ipam_pool_id" {
+ type = string
+ description = <<-EOT
+ The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.
+ Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both.
+ EOT
+ default = null
+}
+
+variable "ipv4_netmask_length" {
+ type = number
+ description = "The netmask length of the IPv4 CIDR you want to allocate to this VPC."
+ default = 16
}
+locals { ipv4_netmask_length = var.ipv4_ipam_pool_id != null ? var.ipv4_netmask_length : null }
variable "additional_cidr_blocks" {
type = list(string)