add fargate_subnets variable

zimbatm · zimbatm · commit d606add8cfad · 2020-11-23T18:10:55.000+01:00
The EKS cluster can be provisioned with both private and public subnets.
But Fargate only accepts private ones.

This new variable allows to override the subnets to explicitly pass the
private subnets to Fargate and work around that issue.
diff --git a/README.md b/README.md
@@ -192,6 +192,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | enable\_irsa | Whether to create OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no |
 | fargate\_pod\_execution\_role\_name | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no |
 | fargate\_profiles | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no |
+| fargate\_subnets | A list of private subnets to use for Fargate. Defaults to the subnets var if empty. | `list(string)` | `[]` | no |
 | iam\_path | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no |
 | kubeconfig\_aws\_authenticator\_additional\_args | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no |
 | kubeconfig\_aws\_authenticator\_command | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no |
diff --git a/fargate.tf b/fargate.tf
@@ -7,7 +7,7 @@ module "fargate" {
   fargate_profiles                  = var.fargate_profiles
   iam_path                          = var.iam_path
   iam_policy_arn_prefix             = local.policy_arn_prefix
-  subnets                           = var.subnets
+  subnets                           = length(var.fargate_subnets) > 0 ? var.fargate_subnets : var.subnets
   tags                              = var.tags
 
   # Hack to ensure ordering of resource creation.
diff --git a/variables.tf b/variables.tf
@@ -356,6 +356,12 @@ variable "fargate_profiles" {
   default     = {}
 }
 
+variable "fargate_subnets" {
+  description = "A list of private subnets to use for Fargate. Defaults to the subnets var if empty."
+  type        = list(string)
+  default     = []
+}
+
 variable "create_fargate_pod_execution_role" {
   description = "Controls if the EKS Fargate pod execution IAM role should be created."
   type        = bool
