Currently, the aws_network module creates a new VPC on each apply. This behavior works well for most usecases, but is not ideal because the default VPC limit per account is 5. It would be ideal to be able to pass in a VPC ID or name in order to utilize an existing VPC, instead of forcing creation of a new VPC.
Suggestion: Add an optional input var for VPC ID and set a count on any and all relevant aws_network module resources/datasources. Alternatively, create a separate "byo" module to handle this usecase and set a count on both the aws_network and "byo" modules.
Notes:
AFAIK, If a VPC ID/Name is supplied, various resources no longer need to be created by tofu such as:
aws_nat_gateway
aws_internet_gateway
aws_route_table
aws_main_route_table_association
aws_vpc_dhcp_options and aws_vpc_dhcp_options_association (setting this on an existing VPC will likley fail anyway, and if not will have sideeffects for other users of the existing VPC)
A given VPC can have multiple subnets, route tables, NAT gateways
moio
commented
1 week ago
Currently, the
aws_networkmodule creates a new VPC on each apply. This behavior works well for most usecases, but is not ideal because the default VPC limit per account is 5. It would be ideal to be able to pass in a VPC ID or name in order to utilize an existing VPC, instead of forcing creation of a new VPC.Suggestion: Add an optional input var for VPC ID and set a
counton any and all relevantaws_networkmodule resources/datasources. Alternatively, create a separate "byo" module to handle this usecase and set a count on both theaws_networkand "byo" modules.Notes: