feat: Allow setting custom tags on aws_vpc_block_public_access_exclusion resource (#1170)

* Updated to allow Name tag creation of the BPA Resource

* fix: Use generic `tags` to set `Name` or other tag values

---------

Co-authored-by: Bryant Biggs <[email protected]>

Author: garym-krrv

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.2
+    rev: v1.99.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

examples/block-public-access/README.md

@@ -30,8 +30,8 @@ Currently only `internet_gateway_block_mode` is supported, for which valid value
 
 VPC block public access exclusions can be applied at the VPC level e.g.:
 
-```
-vpc_block_public_access_exclusions = {
+```hcl
+  vpc_block_public_access_exclusions = {
     exclude_vpc = {
         exclude_vpc                     = true
         internet_gateway_exclusion_mode = "allow-bidirectional"
@@ -41,8 +41,8 @@ vpc_block_public_access_exclusions = {
 
 or at the subnet level e.g.:
 
-```
-vpc_block_public_access_exclusions = {
+```hcl
+  vpc_block_public_access_exclusions = {
     exclude_subnet_private1 = {
         exclude_subnet                  = true
         subnet_type                     = "private"

examples/block-public-access/main.tf

@@ -31,34 +31,16 @@ module "vpc" {
   azs             = local.azs
   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
 
-  ### VPC Block Public Access Options
   vpc_block_public_access_options = {
     internet_gateway_block_mode = "block-bidirectional"
   }
 
-  ### VPC Block Public Access Exclusion at the VPC level
   vpc_block_public_access_exclusions = {
     exclude_vpc = {
       exclude_vpc                     = true
       internet_gateway_exclusion_mode = "allow-bidirectional"
     }
   }
 
-  ### VPC Block Public Access Exclusion at the subnet level
-  # vpc_block_public_access_exclusions = {
-  #   exclude_subnet_private1 = {
-  #     exclude_subnet                  = true
-  #     subnet_type                     = "private"
-  #     subnet_index                    = 1
-  #     internet_gateway_exclusion_mode = "allow-egress"
-  #   }
-  #   exclude_subnet_private2 = {
-  #     exclude_subnet                  = true
-  #     subnet_type                     = "private"
-  #     subnet_index                    = 2
-  #     internet_gateway_exclusion_mode = "allow-egress"
-  #   }
-  # }
-
   tags = local.tags
 }

main.tf

@@ -68,9 +68,9 @@ resource "aws_vpc_block_public_access_options" "this" {
 resource "aws_vpc_block_public_access_exclusion" "this" {
   for_each = { for k, v in var.vpc_block_public_access_exclusions : k => v if local.create_vpc }
 
-  vpc_id = lookup(each.value, "exclude_vpc", false) ? local.vpc_id : null
+  vpc_id = try(each.value.exclude_vpc, false) ? local.vpc_id : null
 
-  subnet_id = lookup(each.value, "exclude_subnet", false) ? lookup(
+  subnet_id = try(each.value.exclude_subnet, false) ? lookup(
     {
       private     = aws_subnet.private[*].id,
       public      = aws_subnet.public[*].id,
@@ -86,7 +86,10 @@ resource "aws_vpc_block_public_access_exclusion" "this" {
 
   internet_gateway_exclusion_mode = each.value.internet_gateway_exclusion_mode
 
-  tags = var.tags
+  tags = merge(
+    var.tags,
+    try(each.value.tags, {}),
+  )
 }
 
 ################################################################################