Coalfire-CF/Coalfire-AWS-RAMPpak

Change the way we reference subnets from type(list) to type(map)

Closed this issue · 1 comments

Is your feature request related to a problem? Please describe.

Referencing subnets which are of the list type is cumbersome. For example, in the current AWS codebase we have subnets configured as lists and one would reference them like this: subnet[0].

This several downsides to this method:

  1. Difficulty in finding out what the purpose of the subnet is for.
  2. Decreased efficiency in referencing subnets. The developer needs to know what each subnet index is for.
  3. PR reviewers cannot easily determine that the correct subnet is used.

Describe the solution you'd like

I suggest using a type(map) for subnets IDs and CIDRs moving forward. This is done by referencing subnets like this:

subnet["siem"] or subnet["dmz"]

My proposed change will create two outputs of type(map) from in the Coalfire-CF/terraform-aws-vpc-nfw module. One mapping subnet names to cidr's and another mapping subnet names to subnet id's.

This has four advantages:

  1. Developers clearly can see what the subnet's purpose is for.
  2. Increased efficiency in referencing subnets for instances, databases, and other could services.
  3. PR reviewers can quickly determine if the correct subnet is used.
  4. Maintain a complete list of subnets and their Cidr's in one variable created from the subnets.tf file. This file uses the hashicorp/subnets/cidr module.

Describe alternatives you've considered

N/A

Additional context

The following Modules will need updated in addition to Coalfire-AWS-RAMPpak:

Code Updates

  • Some outputs will turn into maps
  • Modules need updated to reference the map value

Example code calling subnet:

module.vpc.tgw_subnets["client-app-tgw-1a"]

This issue results in breaks in the transit gateway process.