search

pulumi / pulumi

Pulumi - Infrastructure as Code in any programming language 🚀
https://www.pulumi.com
Apache License 2.0
21.31k stars 1.1k forks source link

Converting Terraform project with many modules #13193

Open williamsbdev opened 1 year ago

williamsbdev commented 1 year ago

What happened?

I ran the command twice and got what I believe to be a network hiccup error the first time, and then some output requesting that I submit a bug report.

Expected Behavior

I expected pulumi convert --from terraform --language typescript --out tf-to-pulumi to generate Pulumi code given the terraform code I have.

Steps to reproduce

First run (I believe this to be a network hiccup error):

pulumi convert --from terraform --language typescript --out tf-to-pulumi
Converting from terraform...
Downloading provider: terraform
Downloading provider: random
error: <nil>: Error accessing remote module registry; Failed to retrieve available versions for registry.terraform.io/terraform-aws-modules/vpc/aws: failed to request discovery document: Get "https://registry.terraform.io/.well-known/terraform.json": net/http: TLS handshake timeout
error: conversion failed

Second run:

pulumi convert --from terraform --language typescript --out tf-to-pulumi
Converting from terraform...
Downloading provider: null
Downloading provider: archive
Downloading provider: tls
Downloading provider: datadog
warning: /$HOME/<path>/infrastructure/provider.tf:19,1-15: Failed to evaluate provider config; Could not evaluate expression for aws:region
warning: /$HOME/<path>/infrastructure/provider.tf:35,1-19: Failed to evaluate provider config; Could not evaluate expression for datadog:api_key
warning: /$HOME/<path>/infrastructure/provider.tf:35,1-19: Failed to evaluate provider config; Could not evaluate expression for datadog:app_key
Converting to nodejs...
================================================================================
The Pulumi CLI encountered a code generation error. This is a bug!
We would appreciate a report: https://github.com/pulumi/pulumi/issues/
Please provide all of the below text in your report.
================================================================================
Pulumi Version:   v3.72.1
error: main.pp:0,0-28,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/main.pp:34,1-44,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/keepweb.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/keepweb.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s), and 4 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/main.pp:34,1-44,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/keepweb.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/keepweb.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1592229396/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s), and 4 other diagnostic(s)
error: could not generate output program
pulumi convert --from terraform --language typescript --out tf-to-pulumi  65.07s user 5.78s system 124% cpu 56.968 total

Output of pulumi about

pulumi about
CLI
Version      3.72.1
Go Version   go1.20.5
Go Compiler  gc

Host
OS       darwin
Version  13.0.1
Arch     arm64

Backend
Name           williamsbdev
URL            s3://<s3-bucket-name>/
User           brandonwilliams
Organizations

Additional context

I believe that I saw two other issues that closely relate: #13191 and #13173.

I saw in #13173 that the pulumi plugin ls output was requested. Here is that information:

pulumi plugin ls
NAME        KIND       VERSION  SIZE    INSTALLED       LAST USED
archive     resource   0.0.1    34 MB   8 minutes ago   8 minutes ago
aws         resource   5.41.0   542 MB  2 weeks ago     2 weeks ago
aws         resource   5.30.0   504 MB  3 months ago    3 months ago
aws         resource   5.9.1    391 MB  7 months ago    7 months ago
aws         resource   5.1.2    388 MB  7 months ago    6 months ago
awsx        resource   1.0.2    92 MB   3 months ago    3 months ago
cloudflare  resource   5.2.1    44 MB   2 weeks ago     1 week ago
command     resource   0.7.2    31 MB   8 minutes ago   8 minutes ago
datadog     resource   4.19.0   66 MB   8 minutes ago   8 minutes ago
docker      resource   3.6.1    38 MB   3 months ago    3 months ago
github      resource   4.11.0   44 MB   6 months ago    6 months ago
null        resource   0.0.1    34 MB   8 minutes ago   8 minutes ago
random      resource   4.13.2   34 MB   10 minutes ago  10 minutes ago
std         resource   1.4.0    25 MB   8 minutes ago   8 minutes ago
terraform   converter  1.0.3    58 MB   10 minutes ago  10 minutes ago
tls         resource   4.10.0   34 MB   8 minutes ago   8 minutes ago

TOTAL plugin cache size: 2.4 GB

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Zaid-Ajaj commented 1 year ago

Hi there @williamsbdev thanks for taking the time to file the issue! We are trying to fix as many convert issues as possible.

The issue seems to happen because there is an iteration that doesn't typecheck correctly.

{root}/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number

It would be great if you could share a snippet of the code to help us debug the problem. The error above is referring to a file called main.pp which contains PCL code that is our intermediate language. From PCL, we convert to the final target language.

You can get the full PCL program if you try converting to it:

pulumi convert --from terraform --language pcl --out tf-to-pulumi

If you can share the snippets from which the errors are appearing, we can try to figure out the underlying problem.

williamsbdev commented 1 year ago

@Zaid-Ajaj - Thanks for the reply! Here is the output from the run as you suggested:

pulumi convert --from terraform --language pcl --out tf-to-pulumi
Converting from terraform...
warning: /$HOME/<path>/infrastructure/provider.tf:19,1-15: Failed to evaluate provider config; Could not evaluate expression for aws:region
warning: /$HOME/<path>/infrastructure/provider.tf:35,1-19: Failed to evaluate provider config; Could not evaluate expression for datadog:api_key
warning: /$HOME/<path>/infrastructure/provider.tf:35,1-19: Failed to evaluate provider config; Could not evaluate expression for datadog:app_key
Converting to pcl...
================================================================================
The Pulumi CLI encountered a code generation error. This is a bug!
We would appreciate a report: https://github.com/pulumi/pulumi/issues/
Please provide all of the below text in your report.
================================================================================
Pulumi Version:   v3.72.1
error: main.pp:0,0-27,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/main.pp:34,1-44,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/project.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/project.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s), and 1 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/main.pp:34,1-44,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/project.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/project.pp:0,0-32,2: /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s); /var/folders/5g/cx7qqrgd601cmhcsxk7n0kdc0000gn/T/pulumi-convert1125193082/modules/vpc/vpc_5.0.0/main.pp:84,5-115: cannot iterate over a value of type number; , and 26 other diagnostic(s), and 2 other diagnostic(s), and 1 other diagnostic(s)
warning: A new version of Pulumi is available. To upgrade from version '3.72.1' to '3.72.2', run
   $ brew update && brew upgrade pulumi
or visit https://pulumi.com/docs/install/ for manual instructions and release notes.
error: could not generate output program
pulumi convert --from terraform --language pcl --out tf-to-pulumi  63.48s user 5.33s system 106% cpu 1:04.48 total

The modules/vpc/vpc_5.0.0/main.pp looks like this (which I believe is the terraform-aws-modules/vpc/aws:

lenPublicSubnets = invoke("std:index:max", {
  input = [length(publicSubnets), length(publicSubnetIpv6Prefixes)]
}).result
lenPrivateSubnets = invoke("std:index:max", {
  input = [length(privateSubnets), length(privateSubnetIpv6Prefixes)]
}).result
lenDatabaseSubnets = invoke("std:index:max", {
  input = [length(databaseSubnets), length(databaseSubnetIpv6Prefixes)]
}).result
lenElasticacheSubnets = invoke("std:index:max", {
  input = [length(elasticacheSubnets), length(elasticacheSubnetIpv6Prefixes)]
}).result
lenRedshiftSubnets = invoke("std:index:max", {
  input = [length(redshiftSubnets), length(redshiftSubnetIpv6Prefixes)]
}).result
lenIntraSubnets = invoke("std:index:max", {
  input = [length(intraSubnets), length(intraSubnetIpv6Prefixes)]
}).result
lenOutpostSubnets = invoke("std:index:max", {
  input = [length(outpostSubnets), length(outpostSubnetIpv6Prefixes)]
}).result
maxSubnetLength = invoke("std:index:max", {
  input = [lenPrivateSubnets, lenPublicSubnets, lenIntraSubnets, lenElasticacheSubnets, lenDatabaseSubnets, lenRedshiftSubnets]
}).result

# Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free!
vpcId       = notImplemented("try(aws_vpc_ipv4_cidr_block_association.this[0].vpc_id,aws_vpc.this[0].id,\"\")")
mycreateVpc = createVpc && putinKhuylo
################################################################################
# VPC
################################################################################

resource "this" "aws:ec2/vpc:Vpc" {
  options {
    range = mycreateVpc ? 1 : 0
  }
  cidrBlock                        = useIpamPool ? null : cidr
  ipv4IpamPoolId                   = ipv4IpamPoolId
  ipv4NetmaskLength                = ipv4NetmaskLength
  assignGeneratedIpv6CidrBlock     = enableIpv6 && !useIpamPool ? true : null
  ipv6CidrBlock                    = ipv6Cidr
  ipv6IpamPoolId                   = ipv6IpamPoolId
  ipv6NetmaskLength                = ipv6NetmaskLength
  ipv6CidrBlockNetworkBorderGroup  = ipv6CidrBlockNetworkBorderGroup
  instanceTenancy                  = instanceTenancy
  enableDnsHostnames               = enableDnsHostnames
  enableDnsSupport                 = enableDnsSupport
  enableNetworkAddressUsageMetrics = enableNetworkAddressUsageMetrics
  tags                             = notImplemented("merge(\n{\"Name\"=var.name},\nvar.tags,\nvar.vpc_tags,\n)")

}
resource "thisResource" "aws:ec2/vpcIpv4CidrBlockAssociation:VpcIpv4CidrBlockAssociation" {
  options {
    range = mycreateVpc && length(secondaryCidrBlocks) > 0 ? length(secondaryCidrBlocks) : 0
  }
  vpcId     = this[0].id
  cidrBlock = notImplemented("element(var.secondary_cidr_blocks,count.index)")
}
################################################################################
# DHCP Options Set
################################################################################

resource "thisResource2" "aws:ec2/vpcDhcpOptions:VpcDhcpOptions" {
  options {
    range = mycreateVpc && enableDhcpOptions ? 1 : 0
  }
  domainName         = dhcpOptionsDomainName
  domainNameServers  = dhcpOptionsDomainNameServers
  ntpServers         = dhcpOptionsNtpServers
  netbiosNameServers = dhcpOptionsNetbiosNameServers
  netbiosNodeType    = dhcpOptionsNetbiosNodeType
  tags               = notImplemented("merge(\n{\"Name\"=var.name},\nvar.tags,\nvar.dhcp_options_tags,\n)")

}
resource "thisResource3" "aws:ec2/vpcDhcpOptionsAssociation:VpcDhcpOptionsAssociation" {
  options {
    range = mycreateVpc && enableDhcpOptions ? 1 : 0
  }
  vpcId         = vpcId
  dhcpOptionsId = thisResource2[0].id
}
createPublicSubnets = mycreateVpc && lenPublicSubnets > 0
resource "public" "aws:ec2/subnet:Subnet" {
  options {
    range = createPublicSubnets && (!oneNatGatewayPerAz || lenPublicSubnets >= length(azs)) ? lenPublicSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && publicSubnetIpv6Native ? true : publicSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = publicSubnetIpv6Native ? null : notImplemented("element(concat(var.public_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && publicSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && publicSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !publicSubnetIpv6Native && publicSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(publicSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = publicSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && publicSubnetIpv6Native
  mapPublicIpOnLaunch            = mapPublicIpOnLaunch
  privateDnsHostnameTypeOnLaunch = publicSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.public_subnet_names[count.index],\nformat(\"$${var.name}-$${var.public_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.public_subnet_tags,\nlookup(var.public_subnet_tags_per_az,element(var.azs,count.index),{})\n)")

}
resource "publicResource" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createPublicSubnets ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.public_subnet_suffix}\"},\nvar.tags,\nvar.public_route_table_tags,\n)")

}
resource "publicResource2" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createPublicSubnets ? lenPublicSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.public[*].id,count.index)")
  routeTableId = publicResource[0].id
}
resource "publicInternetGateway" "aws:ec2/route:Route" {
  options {
    range = createPublicSubnets && createIgw ? 1 : 0
  }
  routeTableId         = publicResource[0].id
  destinationCidrBlock = "0.0.0.0/0"
  gatewayId            = thisResource4[0].id
}
resource "publicInternetGatewayIpv6" "aws:ec2/route:Route" {
  options {
    range = createPublicSubnets && createIgw && enableIpv6 ? 1 : 0
  }
  routeTableId             = publicResource[0].id
  destinationIpv6CidrBlock = "::/0"
  gatewayId                = thisResource4[0].id
}
################################################################################
# Public Network ACLs
################################################################################

resource "publicResource3" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createPublicSubnets && publicDedicatedNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = public[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.public_subnet_suffix}\"},\nvar.tags,\nvar.public_acl_tags,\n)")

}
resource "publicInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createPublicSubnets && publicDedicatedNetworkAcl ? length(publicInboundAclRules) : 0
  }
  networkAclId  = publicResource3[0].id
  egress        = false
  ruleNumber    = publicInboundAclRules[range.value]["rule_number"]
  ruleAction    = publicInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = publicInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.public_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "publicOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createPublicSubnets && publicDedicatedNetworkAcl ? length(publicOutboundAclRules) : 0
  }
  networkAclId  = publicResource3[0].id
  egress        = true
  ruleNumber    = publicOutboundAclRules[range.value]["rule_number"]
  ruleAction    = publicOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = publicOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.public_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createPrivateSubnets = mycreateVpc && lenPrivateSubnets > 0
resource "private" "aws:ec2/subnet:Subnet" {
  options {
    range = createPrivateSubnets ? lenPrivateSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && privateSubnetIpv6Native ? true : privateSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = privateSubnetIpv6Native ? null : notImplemented("element(concat(var.private_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && privateSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && privateSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !privateSubnetIpv6Native && privateSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(privateSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = privateSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && privateSubnetIpv6Native
  privateDnsHostnameTypeOnLaunch = privateSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.private_subnet_names[count.index],\nformat(\"$${var.name}-$${var.private_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.private_subnet_tags,\nlookup(var.private_subnet_tags_per_az,element(var.azs,count.index),{})\n)")

}
# There are as many routing tables as the number of NAT gateways
resource "privateResource" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createPrivateSubnets && maxSubnetLength > 0 ? natGatewayCount : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\n\"Name\"=var.single_nat_gateway?\"$${var.name}-$${var.private_subnet_suffix}\":format(\n\"$${var.name}-$${var.private_subnet_suffix}-%s\",\nelement(var.azs,count.index),\n)\n},\nvar.tags,\nvar.private_route_table_tags,\n)")

}
resource "privateResource2" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createPrivateSubnets ? lenPrivateSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.private[*].id,count.index)")
  routeTableId = notImplemented("element(\naws_route_table.private[*].id,\nvar.single_nat_gateway?0:count.index,\n)")

}
createPrivateNetworkAcl = createPrivateSubnets && privateDedicatedNetworkAcl
resource "privateResource3" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createPrivateNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = private[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.private_subnet_suffix}\"},\nvar.tags,\nvar.private_acl_tags,\n)")

}
resource "privateInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createPrivateNetworkAcl ? length(privateInboundAclRules) : 0
  }
  networkAclId  = privateResource3[0].id
  egress        = false
  ruleNumber    = privateInboundAclRules[range.value]["rule_number"]
  ruleAction    = privateInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = privateInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.private_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "privateOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createPrivateNetworkAcl ? length(privateOutboundAclRules) : 0
  }
  networkAclId  = privateResource3[0].id
  egress        = true
  ruleNumber    = privateOutboundAclRules[range.value]["rule_number"]
  ruleAction    = privateOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = privateOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.private_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createDatabaseSubnets    = mycreateVpc && lenDatabaseSubnets > 0
createDatabaseRouteTable = createDatabaseSubnets && createDatabaseSubnetRouteTable
resource "database" "aws:ec2/subnet:Subnet" {
  options {
    range = createDatabaseSubnets ? lenDatabaseSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && databaseSubnetIpv6Native ? true : databaseSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = databaseSubnetIpv6Native ? null : notImplemented("element(concat(var.database_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && databaseSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && databaseSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !databaseSubnetIpv6Native && databaseSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(databaseSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = databaseSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && databaseSubnetIpv6Native
  privateDnsHostnameTypeOnLaunch = databaseSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.database_subnet_names[count.index],\nformat(\"$${var.name}-$${var.database_subnet_suffix}-%s\",element(var.azs,count.index),)\n)\n},\nvar.tags,\nvar.database_subnet_tags,\n)")

}
resource "databaseResource" "aws:rds/subnetGroup:SubnetGroup" {
  options {
    range = createDatabaseSubnets && createDatabaseSubnetGroup ? 1 : 0
  }
  name = invoke("std:index:lower", {
    input = notImplemented("coalesce(var.database_subnet_group_name,var.name)")
  }).result
  description = "Database subnet group for ${name}"
  subnetIds   = database[*].id
  tags        = notImplemented("merge(\n{\n\"Name\"=lower(coalesce(var.database_subnet_group_name,var.name))\n},\nvar.tags,\nvar.database_subnet_group_tags,\n)")

}
resource "databaseResource2" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createDatabaseRouteTable ? singleNatGateway || createDatabaseInternetGatewayRoute ? 1 : lenDatabaseSubnets : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\n\"Name\"=var.single_nat_gateway||var.create_database_internet_gateway_route?\"$${var.name}-$${var.database_subnet_suffix}\":format(\n\"$${var.name}-$${var.database_subnet_suffix}-%s\",\nelement(var.azs,count.index),\n)\n},\nvar.tags,\nvar.database_route_table_tags,\n)")

}
resource "databaseResource3" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createDatabaseSubnets ? lenDatabaseSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.database[*].id,count.index)")
  routeTableId = notImplemented("element(\ncoalescelist(aws_route_table.database[*].id,aws_route_table.private[*].id),\nvar.create_database_subnet_route_table?var.single_nat_gateway||var.create_database_internet_gateway_route?0:count.index:count.index,\n)")

}
resource "databaseInternetGateway" "aws:ec2/route:Route" {
  options {
    range = createDatabaseRouteTable && createIgw && createDatabaseInternetGatewayRoute && !createDatabaseNatGatewayRoute ? 1 : 0
  }
  routeTableId         = databaseResource2[0].id
  destinationCidrBlock = "0.0.0.0/0"
  gatewayId            = thisResource4[0].id
}
resource "databaseNatGateway" "aws:ec2/route:Route" {
  options {
    range = createDatabaseRouteTable && !createDatabaseInternetGatewayRoute && createDatabaseNatGatewayRoute && enableNatGateway ? singleNatGateway ? 1 : lenDatabaseSubnets : 0
  }
  routeTableId         = notImplemented("element(aws_route_table.database[*].id,count.index)")
  destinationCidrBlock = "0.0.0.0/0"
  natGatewayId         = notImplemented("element(aws_nat_gateway.this[*].id,count.index)")
}
resource "databaseDns64NatGateway" "aws:ec2/route:Route" {
  options {
    range = createDatabaseRouteTable && !createDatabaseInternetGatewayRoute && createDatabaseNatGatewayRoute && enableNatGateway && enableIpv6 && privateSubnetEnableDns64 ? singleNatGateway ? 1 : lenDatabaseSubnets : 0
  }
  routeTableId             = notImplemented("element(aws_route_table.database[*].id,count.index)")
  destinationIpv6CidrBlock = "64:ff9b::/96"
  natGatewayId             = notImplemented("element(aws_nat_gateway.this[*].id,count.index)")
}
resource "databaseIpv6Egress" "aws:ec2/route:Route" {
  options {
    range = createDatabaseRouteTable && createEgressOnlyIgw && enableIpv6 && createDatabaseInternetGatewayRoute ? 1 : 0
  }
  routeTableId             = databaseResource2[0].id
  destinationIpv6CidrBlock = "::/0"
  egressOnlyGatewayId      = thisResource5[0].id
}
createDatabaseNetworkAcl = createDatabaseSubnets && databaseDedicatedNetworkAcl
resource "databaseResource4" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createDatabaseNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = database[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.database_subnet_suffix}\"},\nvar.tags,\nvar.database_acl_tags,\n)")

}
resource "databaseInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createDatabaseNetworkAcl ? length(databaseInboundAclRules) : 0
  }
  networkAclId  = databaseResource4[0].id
  egress        = false
  ruleNumber    = databaseInboundAclRules[range.value]["rule_number"]
  ruleAction    = databaseInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = databaseInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.database_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "databaseOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createDatabaseNetworkAcl ? length(databaseOutboundAclRules) : 0
  }
  networkAclId  = databaseResource4[0].id
  egress        = true
  ruleNumber    = databaseOutboundAclRules[range.value]["rule_number"]
  ruleAction    = databaseOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = databaseOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.database_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createRedshiftSubnets    = mycreateVpc && lenRedshiftSubnets > 0
createRedshiftRouteTable = createRedshiftSubnets && createRedshiftSubnetRouteTable
resource "redshift" "aws:ec2/subnet:Subnet" {
  options {
    range = createRedshiftSubnets ? lenRedshiftSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && redshiftSubnetIpv6Native ? true : redshiftSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = redshiftSubnetIpv6Native ? null : notImplemented("element(concat(var.redshift_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && redshiftSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && redshiftSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !redshiftSubnetIpv6Native && redshiftSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(redshiftSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = redshiftSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && redshiftSubnetIpv6Native
  privateDnsHostnameTypeOnLaunch = redshiftSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.redshift_subnet_names[count.index],\nformat(\"$${var.name}-$${var.redshift_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.redshift_subnet_tags,\n)")

}
resource "redshiftResource" "aws:redshift/subnetGroup:SubnetGroup" {
  options {
    range = createRedshiftSubnets && createRedshiftSubnetGroup ? 1 : 0
  }
  name = invoke("std:index:lower", {
    input = notImplemented("coalesce(var.redshift_subnet_group_name,var.name)")
  }).result
  description = "Redshift subnet group for ${name}"
  subnetIds   = redshift[*].id
  tags        = notImplemented("merge(\n{\"Name\"=coalesce(var.redshift_subnet_group_name,var.name)},\nvar.tags,\nvar.redshift_subnet_group_tags,\n)")

}
resource "redshiftResource2" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createRedshiftRouteTable ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.redshift_subnet_suffix}\"},\nvar.tags,\nvar.redshift_route_table_tags,\n)")

}
resource "redshiftResource3" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createRedshiftSubnets && !enablePublicRedshift ? lenRedshiftSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.redshift[*].id,count.index)")
  routeTableId = notImplemented("element(\ncoalescelist(aws_route_table.redshift[*].id,aws_route_table.private[*].id),\nvar.single_nat_gateway||var.create_redshift_subnet_route_table?0:count.index,\n)")

}
resource "redshiftPublic" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createRedshiftSubnets && enablePublicRedshift ? lenRedshiftSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.redshift[*].id,count.index)")
  routeTableId = notImplemented("element(\ncoalescelist(aws_route_table.redshift[*].id,aws_route_table.public[*].id),\nvar.single_nat_gateway||var.create_redshift_subnet_route_table?0:count.index,\n)")

}
createRedshiftNetworkAcl = createRedshiftSubnets && redshiftDedicatedNetworkAcl
resource "redshiftResource4" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createRedshiftNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = redshift[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.redshift_subnet_suffix}\"},\nvar.tags,\nvar.redshift_acl_tags,\n)")

}
resource "redshiftInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createRedshiftNetworkAcl ? length(redshiftInboundAclRules) : 0
  }
  networkAclId  = redshiftResource4[0].id
  egress        = false
  ruleNumber    = redshiftInboundAclRules[range.value]["rule_number"]
  ruleAction    = redshiftInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = redshiftInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.redshift_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "redshiftOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createRedshiftNetworkAcl ? length(redshiftOutboundAclRules) : 0
  }
  networkAclId  = redshiftResource4[0].id
  egress        = true
  ruleNumber    = redshiftOutboundAclRules[range.value]["rule_number"]
  ruleAction    = redshiftOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = redshiftOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.redshift_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createElasticacheSubnets    = mycreateVpc && lenElasticacheSubnets > 0
createElasticacheRouteTable = createElasticacheSubnets && createElasticacheSubnetRouteTable
resource "elasticache" "aws:ec2/subnet:Subnet" {
  options {
    range = createElasticacheSubnets ? lenElasticacheSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && elasticacheSubnetIpv6Native ? true : elasticacheSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = elasticacheSubnetIpv6Native ? null : notImplemented("element(concat(var.elasticache_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && elasticacheSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && elasticacheSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !elasticacheSubnetIpv6Native && elasticacheSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(elasticacheSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = elasticacheSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && elasticacheSubnetIpv6Native
  privateDnsHostnameTypeOnLaunch = elasticacheSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.elasticache_subnet_names[count.index],\nformat(\"$${var.name}-$${var.elasticache_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.elasticache_subnet_tags,\n)")

}
resource "elasticacheResource" "aws:elasticache/subnetGroup:SubnetGroup" {
  options {
    range = createElasticacheSubnets && createElasticacheSubnetGroup ? 1 : 0
  }
  name        = notImplemented("coalesce(var.elasticache_subnet_group_name,var.name)")
  description = "ElastiCache subnet group for ${name}"
  subnetIds   = elasticache[*].id
  tags        = notImplemented("merge(\n{\"Name\"=coalesce(var.elasticache_subnet_group_name,var.name)},\nvar.tags,\nvar.elasticache_subnet_group_tags,\n)")

}
resource "elasticacheResource2" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createElasticacheRouteTable ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.elasticache_subnet_suffix}\"},\nvar.tags,\nvar.elasticache_route_table_tags,\n)")

}
resource "elasticacheResource3" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createElasticacheSubnets ? lenElasticacheSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.elasticache[*].id,count.index)")
  routeTableId = notImplemented("element(\ncoalescelist(\naws_route_table.elasticache[*].id,\naws_route_table.private[*].id,\n),\nvar.single_nat_gateway||var.create_elasticache_subnet_route_table?0:count.index,\n)")

}
createElasticacheNetworkAcl = createElasticacheSubnets && elasticacheDedicatedNetworkAcl
resource "elasticacheResource4" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createElasticacheNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = elasticache[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.elasticache_subnet_suffix}\"},\nvar.tags,\nvar.elasticache_acl_tags,\n)")

}
resource "elasticacheInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createElasticacheNetworkAcl ? length(elasticacheInboundAclRules) : 0
  }
  networkAclId  = elasticacheResource4[0].id
  egress        = false
  ruleNumber    = elasticacheInboundAclRules[range.value]["rule_number"]
  ruleAction    = elasticacheInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = elasticacheInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.elasticache_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "elasticacheOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createElasticacheNetworkAcl ? length(elasticacheOutboundAclRules) : 0
  }
  networkAclId  = elasticacheResource4[0].id
  egress        = true
  ruleNumber    = elasticacheOutboundAclRules[range.value]["rule_number"]
  ruleAction    = elasticacheOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = elasticacheOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.elasticache_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createIntraSubnets = mycreateVpc && lenIntraSubnets > 0
resource "intra" "aws:ec2/subnet:Subnet" {
  options {
    range = createIntraSubnets ? lenIntraSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && intraSubnetIpv6Native ? true : intraSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = intraSubnetIpv6Native ? null : notImplemented("element(concat(var.intra_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && intraSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && intraSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !intraSubnetIpv6Native && intraSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(intraSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = intraSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && intraSubnetIpv6Native
  privateDnsHostnameTypeOnLaunch = intraSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.intra_subnet_names[count.index],\nformat(\"$${var.name}-$${var.intra_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.intra_subnet_tags,\n)")

}
resource "intraResource" "aws:ec2/routeTable:RouteTable" {
  options {
    range = createIntraSubnets ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.intra_subnet_suffix}\"},\nvar.tags,\nvar.intra_route_table_tags,\n)")

}
resource "intraResource2" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createIntraSubnets ? lenIntraSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.intra[*].id,count.index)")
  routeTableId = notImplemented("element(aws_route_table.intra[*].id,0)")
}
createIntraNetworkAcl = createIntraSubnets && intraDedicatedNetworkAcl
resource "intraResource3" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createIntraNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = intra[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.intra_subnet_suffix}\"},\nvar.tags,\nvar.intra_acl_tags,\n)")

}
resource "intraInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createIntraNetworkAcl ? length(intraInboundAclRules) : 0
  }
  networkAclId  = intraResource3[0].id
  egress        = false
  ruleNumber    = intraInboundAclRules[range.value]["rule_number"]
  ruleAction    = intraInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = intraInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.intra_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "intraOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createIntraNetworkAcl ? length(intraOutboundAclRules) : 0
  }
  networkAclId  = intraResource3[0].id
  egress        = true
  ruleNumber    = intraOutboundAclRules[range.value]["rule_number"]
  ruleAction    = intraOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = intraOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.intra_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
createOutpostSubnets = mycreateVpc && lenOutpostSubnets > 0
resource "outpost" "aws:ec2/subnet:Subnet" {
  options {
    range = createOutpostSubnets ? lenOutpostSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && outpostSubnetIpv6Native ? true : outpostSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = outpostAz
  cidrBlock                               = outpostSubnetIpv6Native ? null : notImplemented("element(concat(var.outpost_subnets,[\"\"]),count.index)")
  customerOwnedIpv4Pool                   = customerOwnedIpv4Pool
  enableDns64                             = enableIpv6 && outpostSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && outpostSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !outpostSubnetIpv6Native && outpostSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(outpostSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = outpostSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && outpostSubnetIpv6Native
  mapCustomerOwnedIpOnLaunch     = mapCustomerOwnedIpOnLaunch
  outpostArn                     = outpostArn
  privateDnsHostnameTypeOnLaunch = outpostSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.outpost_subnet_names[count.index],\nformat(\"$${var.name}-$${var.outpost_subnet_suffix}-%s\",var.outpost_az)\n)\n},\nvar.tags,\nvar.outpost_subnet_tags,\n)")

}
resource "outpostResource" "aws:ec2/routeTableAssociation:RouteTableAssociation" {
  options {
    range = createOutpostSubnets ? lenOutpostSubnets : 0
  }
  subnetId     = notImplemented("element(aws_subnet.outpost[*].id,count.index)")
  routeTableId = notImplemented("element(\naws_route_table.private[*].id,\nvar.single_nat_gateway?0:count.index,\n)")

}
createOutpostNetworkAcl = createOutpostSubnets && outpostDedicatedNetworkAcl
resource "outpostResource2" "aws:ec2/networkAcl:NetworkAcl" {
  options {
    range = createOutpostNetworkAcl ? 1 : 0
  }
  vpcId     = vpcId
  subnetIds = outpost[*].id
  tags      = notImplemented("merge(\n{\"Name\"=\"$${var.name}-$${var.outpost_subnet_suffix}\"},\nvar.tags,\nvar.outpost_acl_tags,\n)")

}
resource "outpostInbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createOutpostNetworkAcl ? length(outpostInboundAclRules) : 0
  }
  networkAclId  = outpostResource2[0].id
  egress        = false
  ruleNumber    = outpostInboundAclRules[range.value]["rule_number"]
  ruleAction    = outpostInboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = outpostInboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.outpost_inbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
resource "outpostOutbound" "aws:ec2/networkAclRule:NetworkAclRule" {
  options {
    range = createOutpostNetworkAcl ? length(outpostOutboundAclRules) : 0
  }
  networkAclId  = outpostResource2[0].id
  egress        = true
  ruleNumber    = outpostOutboundAclRules[range.value]["rule_number"]
  ruleAction    = outpostOutboundAclRules[range.value]["rule_action"]
  fromPort      = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"from_port\",null)")
  toPort        = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"to_port\",null)")
  icmpCode      = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"icmp_code\",null)")
  icmpType      = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"icmp_type\",null)")
  protocol      = outpostOutboundAclRules[range.value]["protocol"]
  cidrBlock     = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"cidr_block\",null)")
  ipv6CidrBlock = notImplemented("lookup(var.outpost_outbound_acl_rules[count.index],\"ipv6_cidr_block\",null)")
}
################################################################################
# Internet Gateway
################################################################################

resource "thisResource4" "aws:ec2/internetGateway:InternetGateway" {
  options {
    range = createPublicSubnets && createIgw ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=var.name},\nvar.tags,\nvar.igw_tags,\n)")

}
resource "thisResource5" "aws:ec2/egressOnlyInternetGateway:EgressOnlyInternetGateway" {
  options {
    range = mycreateVpc && createEgressOnlyIgw && enableIpv6 && maxSubnetLength > 0 ? 1 : 0
  }
  vpcId = vpcId
  tags  = notImplemented("merge(\n{\"Name\"=var.name},\nvar.tags,\nvar.igw_tags,\n)")

}
resource "privateIpv6Egress" "aws:ec2/route:Route" {
  options {
    range = mycreateVpc && createEgressOnlyIgw && enableIpv6 ? lenPrivateSubnets : 0
  }
  routeTableId             = notImplemented("element(aws_route_table.private[*].id,count.index)")
  destinationIpv6CidrBlock = "::/0"
  egressOnlyGatewayId      = notImplemented("element(aws_egress_only_internet_gateway.this[*].id,0)")
}
natGatewayCount = singleNatGateway ? 1 : oneNatGatewayPerAz ? length(azs) : maxSubnetLength
natGatewayIps   = reuseNatIps ? externalNatIpIds : notImplemented("try(aws_eip.nat[*].id,[])")
resource "nat" "aws:ec2/eip:Eip" {
  options {
    range = mycreateVpc && enableNatGateway && !reuseNatIps ? natGatewayCount : 0
  }
  domain = "vpc"
  tags   = notImplemented("merge(\n{\n\"Name\"=format(\n\"$${var.name}-%s\",\nelement(var.azs,var.single_nat_gateway?0:count.index),\n)\n},\nvar.tags,\nvar.nat_eip_tags,\n)")

}
resource "thisResource6" "aws:ec2/natGateway:NatGateway" {
  options {
    range = mycreateVpc && enableNatGateway ? natGatewayCount : 0
  }
  allocationId = notImplemented("element(\nlocal.nat_gateway_ips,\nvar.single_nat_gateway?0:count.index,\n)")

  subnetId = notImplemented("element(\naws_subnet.public[*].id,\nvar.single_nat_gateway?0:count.index,\n)")

  tags = notImplemented("merge(\n{\n\"Name\"=format(\n\"$${var.name}-%s\",\nelement(var.azs,var.single_nat_gateway?0:count.index),\n)\n},\nvar.tags,\nvar.nat_gateway_tags,\n)")

}
resource "privateNatGateway" "aws:ec2/route:Route" {
  options {
    range = mycreateVpc && enableNatGateway ? natGatewayCount : 0
  }
  routeTableId         = notImplemented("element(aws_route_table.private[*].id,count.index)")
  destinationCidrBlock = natGatewayDestinationCidrBlock
  natGatewayId         = notImplemented("element(aws_nat_gateway.this[*].id,count.index)")
}
resource "privateDns64NatGateway" "aws:ec2/route:Route" {
  options {
    range = mycreateVpc && enableNatGateway && enableIpv6 && privateSubnetEnableDns64 ? natGatewayCount : 0
  }
  routeTableId             = notImplemented("element(aws_route_table.private[*].id,count.index)")
  destinationIpv6CidrBlock = "64:ff9b::/96"
  natGatewayId             = notImplemented("element(aws_nat_gateway.this[*].id,count.index)")
}
################################################################################
# Customer Gateways
################################################################################

resource "thisResource7" "aws:ec2/customerGateway:CustomerGateway" {
  options {
    range = customerGateways
  }
  bgpAsn     = range.value["bgp_asn"]
  ipAddress  = range.value["ip_address"]
  deviceName = notImplemented("lookup(each.value,\"device_name\",null)")
  type       = "ipsec.1"
  tags       = notImplemented("merge(\n{Name=\"$${var.name}-$${each.key}\"},\nvar.tags,\nvar.customer_gateway_tags,\n)")

}
################################################################################
# VPN Gateway
################################################################################

resource "thisResource8" "aws:ec2/vpnGateway:VpnGateway" {
  options {
    range = mycreateVpc && enableVpnGateway ? 1 : 0
  }
  vpcId            = vpcId
  amazonSideAsn    = amazonSideAsn
  availabilityZone = vpnGatewayAz
  tags             = notImplemented("merge(\n{\"Name\"=var.name},\nvar.tags,\nvar.vpn_gateway_tags,\n)")

}
resource "thisResource9" "aws:ec2/vpnGatewayAttachment:VpnGatewayAttachment" {
  options {
    range = vpnGatewayId != "" ? 1 : 0
  }
  vpcId        = vpcId
  vpnGatewayId = vpnGatewayId
}
resource "publicResource4" "aws:ec2/vpnGatewayRoutePropagation:VpnGatewayRoutePropagation" {
  options {
    range = mycreateVpc && propagatePublicRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? 1 : 0
  }
  routeTableId = notImplemented("element(aws_route_table.public[*].id,count.index)")
  vpnGatewayId = notImplemented("element(\nconcat(\naws_vpn_gateway.this[*].id,\naws_vpn_gateway_attachment.this[*].vpn_gateway_id,\n),\ncount.index,\n)")

}
resource "privateResource4" "aws:ec2/vpnGatewayRoutePropagation:VpnGatewayRoutePropagation" {
  options {
    range = mycreateVpc && propagatePrivateRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? lenPrivateSubnets : 0
  }
  routeTableId = notImplemented("element(aws_route_table.private[*].id,count.index)")
  vpnGatewayId = notImplemented("element(\nconcat(\naws_vpn_gateway.this[*].id,\naws_vpn_gateway_attachment.this[*].vpn_gateway_id,\n),\ncount.index,\n)")

}
resource "intraResource4" "aws:ec2/vpnGatewayRoutePropagation:VpnGatewayRoutePropagation" {
  options {
    range = mycreateVpc && propagateIntraRouteTablesVgw && (enableVpnGateway || vpnGatewayId != "") ? lenIntraSubnets : 0
  }
  routeTableId = notImplemented("element(aws_route_table.intra[*].id,count.index)")
  vpnGatewayId = notImplemented("element(\nconcat(\naws_vpn_gateway.this[*].id,\naws_vpn_gateway_attachment.this[*].vpn_gateway_id,\n),\ncount.index,\n)")

}
################################################################################
# Default VPC
################################################################################

resource "thisResource10" "aws:ec2/defaultVpc:DefaultVpc" {
  options {
    range = manageDefaultVpc ? 1 : 0
  }
  enableDnsSupport   = defaultVpcEnableDnsSupport
  enableDnsHostnames = defaultVpcEnableDnsHostnames
  tags               = notImplemented("merge(\n{\"Name\"=coalesce(var.default_vpc_name,\"default\")},\nvar.tags,\nvar.default_vpc_tags,\n)")

}
resource "thisResource11" "aws:ec2/defaultSecurityGroup:DefaultSecurityGroup" {
  options {
    range = mycreateVpc && manageDefaultSecurityGroup ? 1 : 0
  }
  ingress = [for entry in entries(defaultSecurityGroupIngress) : {
    self           = notImplemented("lookup(ingress.value,\"self\",null)")
    cidrBlocks     = notImplemented("compact(split(\",\",lookup(ingress.value,\"cidr_blocks\",\"\")))")
    ipv6CidrBlocks = notImplemented("compact(split(\",\",lookup(ingress.value,\"ipv6_cidr_blocks\",\"\")))")
    prefixListIds  = notImplemented("compact(split(\",\",lookup(ingress.value,\"prefix_list_ids\",\"\")))")
    securityGroups = notImplemented("compact(split(\",\",lookup(ingress.value,\"security_groups\",\"\")))")
    description    = notImplemented("lookup(ingress.value,\"description\",null)")
    fromPort       = notImplemented("lookup(ingress.value,\"from_port\",0)")
    toPort         = notImplemented("lookup(ingress.value,\"to_port\",0)")
    protocol       = notImplemented("lookup(ingress.value,\"protocol\",\"-1\")")
  }]
  egress = [for entry in entries(defaultSecurityGroupEgress) : {
    self           = notImplemented("lookup(egress.value,\"self\",null)")
    cidrBlocks     = notImplemented("compact(split(\",\",lookup(egress.value,\"cidr_blocks\",\"\")))")
    ipv6CidrBlocks = notImplemented("compact(split(\",\",lookup(egress.value,\"ipv6_cidr_blocks\",\"\")))")
    prefixListIds  = notImplemented("compact(split(\",\",lookup(egress.value,\"prefix_list_ids\",\"\")))")
    securityGroups = notImplemented("compact(split(\",\",lookup(egress.value,\"security_groups\",\"\")))")
    description    = notImplemented("lookup(egress.value,\"description\",null)")
    fromPort       = notImplemented("lookup(egress.value,\"from_port\",0)")
    toPort         = notImplemented("lookup(egress.value,\"to_port\",0)")
    protocol       = notImplemented("lookup(egress.value,\"protocol\",\"-1\")")
  }]
  vpcId = this[0].id
  tags  = notImplemented("merge(\n{\"Name\"=coalesce(var.default_security_group_name,\"$${var.name}-default\")},\nvar.tags,\nvar.default_security_group_tags,\n)")

}
################################################################################
# Default Network ACLs
################################################################################

resource "thisResource12" "aws:ec2/defaultNetworkAcl:DefaultNetworkAcl" {
  options {
    range = mycreateVpc && manageDefaultNetworkAcl ? 1 : 0
  }
  ingress = [for entry in entries(defaultNetworkAclIngress) : {
    action        = entry.value.action
    cidrBlock     = notImplemented("lookup(ingress.value,\"cidr_block\",null)")
    fromPort      = entry.value.fromPort
    icmpCode      = notImplemented("lookup(ingress.value,\"icmp_code\",null)")
    icmpType      = notImplemented("lookup(ingress.value,\"icmp_type\",null)")
    ipv6CidrBlock = notImplemented("lookup(ingress.value,\"ipv6_cidr_block\",null)")
    protocol      = entry.value.protocol
    ruleNo        = entry.value.ruleNo
    toPort        = entry.value.toPort
  }]
  egress = [for entry in entries(defaultNetworkAclEgress) : {
    action        = entry.value.action
    cidrBlock     = notImplemented("lookup(egress.value,\"cidr_block\",null)")
    fromPort      = entry.value.fromPort
    icmpCode      = notImplemented("lookup(egress.value,\"icmp_code\",null)")
    icmpType      = notImplemented("lookup(egress.value,\"icmp_type\",null)")
    ipv6CidrBlock = notImplemented("lookup(egress.value,\"ipv6_cidr_block\",null)")
    protocol      = entry.value.protocol
    ruleNo        = entry.value.ruleNo
    toPort        = entry.value.toPort
  }]
  defaultNetworkAclId = this[0].defaultNetworkAclId
  subnetIds           = null
  tags                = notImplemented("merge(\n{\"Name\"=coalesce(var.default_network_acl_name,\"$${var.name}-default\")},\nvar.tags,\nvar.default_network_acl_tags,\n)")

}
################################################################################
# Default Route
################################################################################

resource "default" "aws:ec2/defaultRouteTable:DefaultRouteTable" {
  options {
    range = mycreateVpc && manageDefaultRouteTable ? 1 : 0
  }
  routes = [for entry in entries(defaultRouteTableRoutes) : {
    # One of the following destinations must be provided
    cidrBlock     = entry.value.cidrBlock
    ipv6CidrBlock = notImplemented("lookup(route.value,\"ipv6_cidr_block\",null)")
    # One of the following targets must be provided
    egressOnlyGatewayId    = notImplemented("lookup(route.value,\"egress_only_gateway_id\",null)")
    gatewayId              = notImplemented("lookup(route.value,\"gateway_id\",null)")
    instanceId             = notImplemented("lookup(route.value,\"instance_id\",null)")
    natGatewayId           = notImplemented("lookup(route.value,\"nat_gateway_id\",null)")
    networkInterfaceId     = notImplemented("lookup(route.value,\"network_interface_id\",null)")
    transitGatewayId       = notImplemented("lookup(route.value,\"transit_gateway_id\",null)")
    vpcEndpointId          = notImplemented("lookup(route.value,\"vpc_endpoint_id\",null)")
    vpcPeeringConnectionId = notImplemented("lookup(route.value,\"vpc_peering_connection_id\",null)")
  }]
  defaultRouteTableId = this[0].defaultRouteTableId
  propagatingVgws     = defaultRouteTablePropagatingVgws
  tags                = notImplemented("merge(\n{\"Name\"=coalesce(var.default_route_table_name,\"$${var.name}-default\")},\nvar.tags,\nvar.default_route_table_tags,\n)")

}
MitchellGerdisch commented 1 year ago

In case it helps, trying to convert https://github.com/terraform-aws-modules/terraform-aws-vpc throws the same sort of cannot iterate over a value of a type number errors.

error: main.pp:84,5-115: cannot iterate over a value of type number; 
error: main.pp:115,5-55: cannot iterate over a value of type number; 
error: main.pp:184,5-57: cannot iterate over a value of type number; 
error: main.pp:207,5-78: cannot iterate over a value of type number; 
error: main.pp:215,5-57: cannot iterate over a value of type number; 
error: main.pp:267,5-59: cannot iterate over a value of type number; 
error: main.pp:301,5-123: cannot iterate over a value of type number; 
error: main.pp:309,5-59: cannot iterate over a value of type number; 
error: main.pp:325,5-177: cannot iterate over a value of type number; 
error: main.pp:333,5-219: cannot iterate over a value of type number; 
error: main.pp:393,5-59: cannot iterate over a value of type number; 
error: main.pp:435,5-84: cannot iterate over a value of type number; 
error: main.pp:443,5-83: cannot iterate over a value of type number; 
error: main.pp:495,5-65: cannot iterate over a value of type number; 
error: main.pp:535,5-65: cannot iterate over a value of type number; 
error: main.pp:586,5-53: cannot iterate over a value of type number; 
error: main.pp:616,5-53: cannot iterate over a value of type number; 
error: main.pp:666,5-57: cannot iterate over a value of type number; 
error: main.pp:690,5-57: cannot iterate over a value of type number; 
error: main.pp:760,5-85: cannot iterate over a value of type number; 
error: main.pp:770,5-82: cannot iterate over a value of type number; 
warning: main.pp:772,3-9: unsupported attribute 'domain'; unsupported attribute 'domain'
error: main.pp:778,5-66: cannot iterate over a value of type number; 
error: main.pp:789,5-66: cannot iterate over a value of type number; 
error: main.pp:797,5-108: cannot iterate over a value of type number; 
error: main.pp:849,5-126: cannot iterate over a value of type number; 
error: main.pp:857,5-122: cannot iterate over a value of type number;

A couple of snippets of code from the lines identified in the error: Fwiw, all the lines identfied in the error messages point to the options line of the resource.

main.pp:84: Line 84 is the options line

resource "public" "aws:ec2/subnet:Subnet" {
  options {
    range = createPublicSubnets && (!oneNatGatewayPerAz || lenPublicSubnets >= length(azs)) ? lenPublicSubnets : 0
  }
  assignIpv6AddressOnCreation             = enableIpv6 && publicSubnetIpv6Native ? true : publicSubnetAssignIpv6AddressOnCreation
  availabilityZone                        = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) > 0 ? notImplemented("element(var.azs,count.index)") : null
  availabilityZoneId                      = length(notImplemented("regexall(\"^[a-z]{2}-\",element(var.azs,count.index))")) == 0 ? notImplemented("element(var.azs,count.index)") : null
  cidrBlock                               = publicSubnetIpv6Native ? null : notImplemented("element(concat(var.public_subnets,[\"\"]),count.index)")
  enableDns64                             = enableIpv6 && publicSubnetEnableDns64
  enableResourceNameDnsAaaaRecordOnLaunch = enableIpv6 && publicSubnetEnableResourceNameDnsAaaaRecordOnLaunch
  enableResourceNameDnsARecordOnLaunch    = !publicSubnetIpv6Native && publicSubnetEnableResourceNameDnsARecordOnLaunch
  ipv6CidrBlock = enableIpv6 && length(publicSubnetIpv6Prefixes) > 0 ? invoke("std:index:cidrsubnet", {
    input   = this[0].ipv6CidrBlock
    newbits = 8
    netnum  = publicSubnetIpv6Prefixes[range.value]
  }).result : null
  ipv6Native                     = enableIpv6 && publicSubnetIpv6Native
  mapPublicIpOnLaunch            = mapPublicIpOnLaunch
  privateDnsHostnameTypeOnLaunch = publicSubnetPrivateDnsHostnameTypeOnLaunch
  vpcId                          = vpcId
  tags                           = notImplemented("merge(\n{\nName=try(\nvar.public_subnet_names[count.index],\nformat(\"$${var.name}-$${var.public_subnet_suffix}-%s\",element(var.azs,count.index))\n)\n},\nvar.tags,\nvar.public_subnet_tags,\nlookup(var.public_subnet_tags_per_az,element(var.azs,count.index),{})\n)")

}

main.pp:770 line 770 is the options again (in fact all the errors point to the options line)

resource "nat" "aws:ec2/eip:Eip" {
  options {
    range = mycreateVpc && enableNatGateway && !reuseNatIps ? natGatewayCount : 0
  }
  domain = "vpc"
  tags   = notImplemented("merge(\n{\n\"Name\"=format(\n\"$${var.name}-%s\",\nelement(var.azs,var.single_nat_gateway?0:count.index),\n)\n},\nvar.tags,\nvar.nat_eip_tags,\n)")

}

pulumi about:

CLI          
Version      3.73.0
Go Version   go1.20.5
Go Compiler  gc

Host     
OS       darwin
Version  13.4.1
Arch     x86_64