feat: separate external public/private subnet ids

jochem725 · jochem725 · commit e9855554dffd · 2025-10-24T11:06:07.000+02:00
diff --git a/src/main.tf b/src/main.tf
@@ -1,9 +1,10 @@
 locals {
   enabled = module.this.enabled
 
-  external_vpc_id  = var.vpc_id != null ? { "ExternalVpcId" = var.vpc_id } : {}
-  networking_stack = var.networking_stack != null ? { "NetworkingStack" = var.networking_stack } : {}
-  subnet_ids       = var.subnet_ids != null ? { "ExternalVpcSubnetIds" = join(",", var.subnet_ids) } : {}
+  external_vpc_id         = var.vpc_id != null ? { "ExternalVpcId" = var.vpc_id } : {}
+  networking_stack        = var.networking_stack != null ? { "NetworkingStack" = var.networking_stack } : {}
+  subnet_ids              = concat(coalesce(var.public_subnet_ids, []), coalesce(var.private_subnet_ids, []))
+  external_vpc_subnet_ids = length(local.subnet_ids) > 0 ? { "ExternalVpcSubnetIds" = join(",", local.subnet_ids) } : {}
   // If var.security_group_id is provided, we use it. Otherwise, if we are using the external networking stack, we create one.
   external_security_group_id = var.security_group_id != null ? { "ExternalVpcSecurityGroupId" = var.security_group_id } : {}
   // If var.security_group_id is not provided and we are using the external networking stack, we create one.
@@ -14,7 +15,7 @@ locals {
     }, var.parameters
     , local.networking_stack
     , local.external_vpc_id
-    , local.subnet_ids
+    , local.external_vpc_subnet_ids
     , local.external_security_group_id
     , local.created_security_group_id
   )
@@ -70,7 +71,7 @@ module "iam_policy" {
   ]
 }
 
-// Typically when runs-on is installed, and we're using the embedded networking stack, we need a security group. 
+// Typically when runs-on is installed, and we're using the embedded networking stack, we need a security group.
 // This is a batties included optional feature.
 module "security_group" {
   source  = "cloudposse/security-group/aws"
diff --git a/src/variables.tf b/src/variables.tf
@@ -56,9 +56,16 @@ variable "vpc_id" {
   default     = null
 }
 
-variable "subnet_ids" {
+variable "public_subnet_ids" {
   type        = list(string)
-  description = "Subnet IDs"
+  description = "Public subnet IDs"
+  nullable    = true
+  default     = null
+}
+
+variable "private_subnet_ids" {
+  type        = list(string)
+  description = "Private subnet IDs"
   nullable    = true
   default     = null
 }
