Allow passing existing subnet-group

[iaacautomation]

Is it possible to allow existing subnet-group to be passed? I think its not much of change just some more check. change in resource "aws_docdb_cluster" "default" {: db_subnet_group_name = join("", aws_docdb_subnet_group.default.*.name) to db_subnet_group_name = var.db_subnet_group ? va.db_subnet_group: join("", aws_docdb_subnet_group.default.*.name)

and change in resource "aws_docdb_subnet_group" "default" { count = var.enabled ? 1 : 0 to count = var.enabled && !var.db_subnet_group? 1 : 0

I would make a pull request but I still have no idea how. So just suggestions.

[haidargit]

@iaacautomation, this feature is already available in the module. So, we should be able to pass our existing subnet group.

currently, the value of join("", aws_docdb_subnet_group.default.*.name) https://github.com/cloudposse/terraform-aws-documentdb-cluster/blob/e498148e546652bd47521abf3b64c3c565f3dfa0/main.tf#L76

can be retrieved from the module resource aws_docdb_subnet_group.default.. https://github.com/cloudposse/terraform-aws-documentdb-cluster/blob/e498148e546652bd47521abf3b64c3c565f3dfa0/main.tf#L102

you can define your own subnet group through the variable subnet_ids, kindly check the example of the module 👍🏻 https://github.com/cloudposse/terraform-aws-documentdb-cluster/blob/e498148e546652bd47521abf3b64c3c565f3dfa0/examples/complete/main.tf#L48 in this context, the example of the module uses another cloudposse subnet module to generate the subnet resources. You can use that or define your own string value for the existing subnet resource in your AWS. https://github.com/cloudposse/terraform-aws-documentdb-cluster/blob/e498148e546652bd47521abf3b64c3c565f3dfa0/examples/complete/main.tf#L26

[haidargit]

subnet_ids = ["YourSubnetID"]

[ssamantasinghar]

So I tried this without making any changes to the module or in the module call file by just providing the subnet_ids and it is still trying to create the subnet. Here is the tfvars

subnet_ids = ["subnet-0123456789abcdef0", "subnet-abcdef01234567890"]

Below is the full tfvars

clusters = [
  {
    id                        = "cluster1"
    vpc_id                    = "vpc-0123456789abcdef0"
    availability_zones        = ["us-east-1a", "us-east-1b"]
    db_port                   = 27017
    master_username           = "admin"
    master_password           = "secret"
    retention_period          = 7
    preferred_backup_window   = "07:00-09:00"
    preferred_maintenance_window = "Mon:09:00-Mon:09:30"
    final_snapshot_identifier = "final-snapshot-cluster1"
    skip_final_snapshot       = false
    deletion_protection       = true
    apply_immediately         = true
    storage_encrypted         = true
    storage_type              = "standard"
    kms_key_id                = "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef"
    snapshot_identifier       = ""
    external_security_group_id_list = []
    subnet_ids                = ["subnet-0123456789abcdef0", "subnet-abcdef01234567890"]
    cluster_parameters        = [
      {
        name         = "parameter1"
        value        = "value1"
        apply_method = "immediate"
      }
    ]
    cluster_family            = "documentdb5.6"
    engine                    = "docdb"
    engine_version            = "5.6"
    enabled_cloudwatch_logs_exports = ["audit", "profiler"]
    allow_major_version_upgrade = true
    tags                      = {
      Name = "DocumentDB Cluster 1"
    }
    ssm_parameter_enabled     = true
    ssm_parameter_path_prefix = "/myapp/documentdb/"
    context                   = {
      env = "production"
    }
    cluster_size              = 3
    cluster_identifier        = "docdb-cluster-1"
  },
]

The plan is still proposing creation of all these resources which not all are needed

Terraform will perform the following actions:

  # module.documentdb["cluster1"].aws_docdb_cluster.default[0] will be created
  + resource "aws_docdb_cluster" "default" {
      + allow_major_version_upgrade     = true
      + apply_immediately               = true
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 7
      + cluster_identifier              = "docdb-cluster-1"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = "documentdb-cluster"
      + db_subnet_group_name            = "docdb-poc-subnet"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
          + "profiler",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = "5.6"
      + final_snapshot_identifier       = "documentdb-poc-cluster"
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef"
      + master_password                 = (sensitive value)
      + master_username                 = "admin"
      + port                            = 27017
      + preferred_backup_window         = "07:00-09:00"
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = false
      + storage_encrypted               = true
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[0] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-1"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[1] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-2"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_instance.default[2] will be created
  + resource "aws_docdb_cluster_instance" "default" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = (known after apply)
      + cluster_identifier              = (known after apply)
      + db_subnet_group_name            = (known after apply)
      + dbi_resource_id                 = (known after apply)
      + enable_performance_insights     = false
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + id                              = (known after apply)
      + identifier                      = "documentdb-poc-cluster-3"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.r4.large"
      + kms_key_id                      = (known after apply)
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "mon:09:00-mon:09:30"
      + promotion_tier                  = 0
      + publicly_accessible             = (known after apply)
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all                        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + writer                          = (known after apply)
    }

  # module.documentdb["cluster1"].aws_docdb_cluster_parameter_group.default[0] will be created
  + resource "aws_docdb_cluster_parameter_group" "default" {
      + arn         = (known after apply)
      + description = "DB cluster parameter group"
      + family      = "documentdb5.6"
      + id          = (known after apply)
      + name        = "documentdb-cluster"
      + name_prefix = (known after apply)
      + tags        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all    = {
          + "Name" = "DocumentDB Cluster 1"
        }

      + parameter {
          + apply_method = "immediate"
          + name         = "parameter1"
          + value        = "value1"
        }
    }

  # module.documentdb["cluster1"].aws_docdb_subnet_group.default[0] will be created
  + resource "aws_docdb_subnet_group" "default" {
      + arn         = (known after apply)
      + description = "Allowed subnets for DB cluster instances"
      + id          = (known after apply)
      + name        = "docdb-poc-subnet"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0123456789abcdef0",
          + "subnet-abcdef01234567890",
        ]
      + tags        = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all    = {
          + "Name" = "DocumentDB Cluster 1"
        }
    }

  # module.documentdb["cluster1"].aws_security_group.default[0] will be created
  + resource "aws_security_group" "default" {
      + arn                    = (known after apply)
      + description            = "Security Group for DocumentDB cluster"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + tags_all               = {
          + "Name" = "DocumentDB Cluster 1"
        }
      + vpc_id                 = "vpc-0123456789abcdef0"
    }

  # module.documentdb["cluster1"].aws_security_group_rule.egress[0] will be created
  + resource "aws_security_group_rule" "egress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "Allow outbound traffic from CIDR blocks"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"
    }

  # module.subnets.aws_network_acl.private[0] will be created
  + resource "aws_network_acl" "private" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Attributes" = "private"
          + "Name"       = "private"
        }
      + tags_all   = {
          + "Attributes" = "private"
          + "Name"       = "private"
        }
      + vpc_id     = (known after apply)
    }

  # module.subnets.aws_network_acl.public[0] will be created
  + resource "aws_network_acl" "public" {
      + arn        = (known after apply)
      + egress     = (known after apply)
      + id         = (known after apply)
      + ingress    = (known after apply)
      + owner_id   = (known after apply)
      + subnet_ids = (known after apply)
      + tags       = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + tags_all   = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + vpc_id     = (known after apply)
    }

  # module.subnets.aws_network_acl_rule.private4_egress[0] will be created
  + resource "aws_network_acl_rule" "private4_egress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.private4_ingress[0] will be created
  + resource "aws_network_acl_rule" "private4_ingress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.public4_egress[0] will be created
  + resource "aws_network_acl_rule" "public4_egress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = true
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_network_acl_rule.public4_ingress[0] will be created
  + resource "aws_network_acl_rule" "public4_ingress" {
      + cidr_block     = "0.0.0.0/0"
      + egress         = false
      + from_port      = 0
      + id             = (known after apply)
      + network_acl_id = (known after apply)
      + protocol       = "-1"
      + rule_action    = "allow"
      + rule_number    = 100
      + to_port        = 0
    }

  # module.subnets.aws_route.public[0] will be created
  + resource "aws_route" "public" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = (known after apply)
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + tags_all         = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table.private[1] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + tags_all         = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table.public[0] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + tags_all         = {
          + "Attributes" = "public"
          + "Name"       = "public"
        }
      + vpc_id           = (known after apply)
    }

  # module.subnets.aws_route_table_association.private[0] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.private[1] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.subnets.aws_subnet.private[0] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + tags_all                                       = {
          + "Attributes" = "private"
          + "Name"       = "private-use1a"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.private[1] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + tags_all                                       = {
          + "Attributes" = "private"
          + "Name"       = "private-use1b"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "public"
          + "Name"       = "public-use1a"
        }
      + tags_all                                       = {
          + "Attributes" = "public"
          + "Name"       = "public-use1a"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.subnets.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "172.15.20.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = "ip-name"
      + tags                                           = {
          + "Attributes" = "public"
          + "Name"       = "public-use1b"
        }
      + tags_all                                       = {
          + "Attributes" = "public"
          + "Name"       = "public-use1b"
        }
      + vpc_id                                         = (known after apply)

      + timeouts {}
    }

  # module.vpc.aws_default_security_group.default[0] will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "-default"
        }
      + tags_all               = {
          + "Name" = "-default"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_internet_gateway.default[0] will be created
  + resource "aws_internet_gateway" "default" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags_all = (known after apply)
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_vpc.default[0] will be created
  + resource "aws_vpc" "default" {
      + arn                                  = (known after apply)
      + assign_generated_ipv6_cidr_block     = true
      + cidr_block                           = "170.20.30.0/20"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = false
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags_all                             = (known after apply)
    }

Plan: 29 to add, 0 to change, 0 to destroy.

Please suggest if I am missing any changes

[ssamantasinghar]

please ignore! I was able to figure out myself and yes subnet_ids worked like a charm