Hi folks, I just wanted to share some thoughts that I think could be improvement opportunities for this module.
Naming Convention
I see the name devnet being used in several places, but it would be better if we avoid this domain-specific name, and rename some variables like the following, for example:
devnet_id => vpc_iddevnet_vpc_block => vpc_cidr_blockdevnet_public_subnet => public_subnet_idsdevnet_private_subnet => private_subnet_idsdevnet_key_value => ssh_public_key
The ssm module is actually creating iam roles and policies, and some policies are for ssm, which makes the naming a little bit confusing.
Other examples:
zones: This is a GCP concept, please consider calling it azs or avaliability_zones on AWS
network_acl: Network ACLs is an AWS subnet concept, in this module, it's used to allow inbound rules on the security groups. Please consider calling it allowed_cidr_blocks, ingress_cidr_blocks, or allowed_ingress_cidr_blocks
Resources creation
Instead of creating things like the VPC, a good idea is to create an example following the standard we can find in the community modules, like on this RDS module for example, in which they create the VPC separately from the database and show how to use the output from the vpc module as the input for the rds module. In this case, you don't need to maintain the networking module yourself.
Hi folks, I just wanted to share some thoughts that I think could be improvement opportunities for this module.
Naming Convention
I see the name
devnet
being used in several places, but it would be better if we avoid this domain-specific name, and rename some variables like the following, for example:devnet_id
=>vpc_id
devnet_vpc_block
=>vpc_cidr_block
devnet_public_subnet
=>public_subnet_ids
devnet_private_subnet
=>private_subnet_ids
devnet_key_value
=>ssh_public_key
The
ssm
module is actually creatingiam
roles and policies, and some policies are forssm
, which makes the naming a little bit confusing.Other examples:
zones
: This is a GCP concept, please consider calling itazs
oravaliability_zones
on AWSnetwork_acl
: Network ACLs is an AWS subnet concept, in this module, it's used to allow inbound rules on the security groups. Please consider calling itallowed_cidr_blocks
,ingress_cidr_blocks
, orallowed_ingress_cidr_blocks
Resources creation
Instead of creating things like the VPC, a good idea is to create an example following the standard we can find in the community modules, like on this RDS module for example, in which they create the VPC separately from the database and show how to use the output from the vpc module as the input for the rds module. In this case, you don't need to maintain the networking module yourself.