Add VPC handling (#32)

* Initial fixes

* Small unnecesary printing fixes

* small tweak in bitops incoming

* Remove wiping of bitops_extra_env_vars

* Fixing env-merger

* Initial commit - debugging subnets fetching

* Fixing typo

* fixing indexes

* Testing #2

* Missing id

* fixing typo

* Forcing subnet for vpc

* Clearing out output bugging message

* Moving files

* Fixes

* typo

* Outputs deps fix

* fixing index

* random_int fix

* Debugging 1

* Fixes

* Fix typo

* debugg

* trying a failing one

* tonumber

* +dep

* debugging

* adding debugg outputs

* fixing expected value

* Cleanup

* Cleanup + moving secret manager get

* Fix expected empty value

* Code cleanup

* Adding lifecycle block to keys in sm

* Removing ugly sed command

* adding random back again

* Missing var

* Fixing efs zone issue

* Fixing efs zone mapping issue #2
Fixing output prints

* Fixing ec2_zone_mapping

* Typo in var name

* Debug EFS+VPC

* Choosing the default subnet for the VPC

* adding debugs to main

* Missing mapping of values

* Debugging summary

* Changing VPC logic

* Debugging

* typo

* Debugging 2

* Debugging 3

* fix subnet issues

* typo in resource

* breaking loop

* Fixing cycle

* typo fix

* typo fix 2

* Adding subnet def'n

* wrong conditional location

* typos fix

* Fixes

* Fixing ELB Subnet/VPC/AZ

* Fixing VPC Id in security group

* Missing file in commit

* Chaging attribute name

* Commenting out AZ from ELB

* Trying to get rid of dep loop

* changing conditional order

* Changing region per zone

* Fixing AZ conditional creation

* Changing az logic #2

* Debug #55

* Trying to break loops

* Break the look #2

* Fixing zones loop

* Missing index

* fixing outputs

* Playing with EC2 AZ's

* commenting out dep

* Cross-fixing

* changing set substract

* slice sort fix

* set

* Changed az approach again

* cleanup

* Retrying indexes

* Typo in var name

* Fixing README

* Fixing az index to ec2

* Adding comment in readme, fixing outputs

* Output fixing

* Fixing summary

* Missing "

* Deboug outputs cleanup

* Debugging EFS DNS URL

* Debug 2

* Huge EFS Changes

* Fixing some ()

* Really, another '

* Fixes to vars typos and indexes

* cidr != cidr_block

* removing breaking unnecesary output

* Fixing string to list

* Testing different approach

* Missing index

* Approach #2

* typo

* Escaping var

* region-namme doesn't exists

* Adding a validation

* Validation fix

* Removing filtering for only one VPC per ZAZ

* Adding EFS deps

* Fixing and filtering

* Cleanup

* fix

* Changing to ID

* Clearer passthrough

* Adding try

* Adding VPC def'n as target

* Making main only a target

* Making all vpc's targets

* Adding subnets?

* removing for_each

* Fixing azs

* removing count

* Fixing unnecesary count

* typo

* target vpcs and subnets

* Cleanups

* Adding dep

* typo

* option 2

* Module VPC to run first

* Adding allow-sg to aurora

* Adding missing files in commit

* dupe cleanup

* Adding missing mapping var

* fixing data source name

* Changing aurora VPC

* Fixing SG

* Cleanup and vpc target dependant

* Adding timeout and lifecycle to aurora sg

* Adding aurora db lifecycle tag

* Rollback

* Cleanup

* Cleanup

README.md

@@ -53,11 +53,13 @@ jobs:
 1. [AWS Specific](#aws-specific)
 1. [Secrets and Environment Variables](#secrets-and-environment-variables-inputs)
 1. [EC2](#ec2-inputs)
+1. [VPC](#vpc-inputs)
 1. [Certificates](#certificate-inputs)
 1. [Load Balancer](#load-balancer-inputs)
 1. [EFS](#efs-inputs)
 1. [Amazon Aurora Inputs](#aurora-inputs)
 1. [Docker](#docker-inputs)
+1. [EKS](#eks-inputs)
 
 The following inputs can be used as `step.with` keys
 <br/>
@@ -146,6 +148,19 @@ The following inputs can be used as `step.with` keys
 <hr/>
 <br/>
 
+#### **VPC Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_vpc_create` | Boolean | Define if a VPC should be created |
+| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |
+| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
+| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.10.110.0/24`|
+| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `<none>`. |
+| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `aws_default_region+<random>` value. If a list is defined, the first zone will be the one used for the EC2 instance. |
+| `aws_vpc_id` | String | AWS VPC ID. Accepts `vpc-###` values. |
+| `aws_vpc_subnet_id` | String | AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one) |
+<hr/>
+<br/>
 
 #### **Certificate Inputs**
 | Name             | Type    | Description                        |
@@ -179,14 +194,14 @@ The following inputs can be used as `step.with` keys
 |------------------|---------|------------------------------------|
 | `aws_efs_create` | Boolean | Toggle to indicate whether to create and EFS and mount it to the ec2 as a part of the provisioning. Note: The EFS will be managed by the stack and will be destroyed along with the stack |
 | `aws_efs_create_ha` | Boolean | Toggle to indicate whether the EFS resource should be highly available (target mounts in all available zones within region) |
-| `aws_efs_mount_id` | String | ID of existing EFS. |
-| `aws_efs_mount_security_group_id` | String | ID of the primary security group used by the existing EFS. |
+| `aws_efs_fs_id` | String | ID of existing EFS. |
+| `aws_efs_vpc_id` | String | ID of the VPC for the EFS mount target. If aws_efs_create_ha is set to true, will create one mount target per subnet available in the VPC. If not, will create one in an automated selected region. |
+| `aws_efs_subnet_ids` | String | ID (or ID's) of the subnet for the EFS mount target. (Comma separated string.) |
 | `aws_efs_security_group_name` | String | The name of the EFS security group. Defaults to `SG for ${aws_resource_identifier} - EFS`. |
 | `aws_efs_create_replica` | Boolean | Toggle to indiciate whether a read-only replica should be created for the EFS primary file system |
+| `aws_efs_replication_destination` | String | AWS Region to target for replication. |
 | `aws_efs_enable_backup_policy` | Boolean | Toggle to indiciate whether the EFS should have a backup policy |
-| `aws_efs_zone_mapping` | JSON | Zone Mapping in the form of `{\"<availabillity zone>\":{\"subnet_id\":\"subnet-abc123\", \"security_groups\":\[\"sg-abc123\"\]} }` |
 | `aws_efs_transition_to_inactive` | String | Indicates how long it takes to transition files to the IA storage class. |
-| `aws_efs_replication_destination` | String | AWS Region to target for replication. |
 | `aws_efs_mount_target` | String | Directory path in efs to mount directory to. Default is `/`. |
 | `aws_efs_ec2_mount_point` | String | The aws_efs_ec2_mount_point input represents the folder path within the EC2 instance to the data directory. Default is `/user/ubuntu/<application_repo>/data`. Additionally this value is loaded into the docker-compose `.env` file as `HOST_DIR`. |
 <hr/>
@@ -224,6 +239,35 @@ The following inputs can be used as `step.with` keys
 | `docker_efs_mount_target` | String | Directory path within docker env to mount directory to. Default is `/data`|
 <hr/>
 <br/>
+
+#### **EKS Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_eks_create` | Boolean | Define if an EKS cluster should be created |
+| `aws_eks_region` | String | Define the region where EKS cluster should be created. Defaults to `us-east-1`. |
+| `aws_eks_security_group_name_master` | String | Define the security group name master. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Master`. |
+| `aws_eks_security_group_name_worker` | String | Define the security group name worker. Defaults to `SG for ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} - ${aws_eks_environment} - EKS Worker`. |
+| `aws_eks_environment` | String | Specify the eks environment name. Defaults to `env` |
+| `aws_eks_stackname` | String | Specify the eks stack name for your environment. Defaults to `eks-stack`.  |
+| `aws_eks_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |
+| `aws_eks_workstation_cidr` | String | Comma separated list of remote public CIDRs blocks to add it to Worker nodes security groups. |
+| `aws_eks_availability_zones` | String | Comma separated list of availability zones. Defaults to `us-east-1a,us-east-1b`.  |
+| `aws_eks_private_subnets` | String | Comma separated list of private subnets. Defaults to `10.0.1.0/24,10.0.2.0/24`. |
+| `aws_eks_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.0.101.0/24,10.0.102.0/24`|
+| `aws_eks_cluster_name` | String | Specify the k8s cluster name. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}-cluster` |
+| `aws_eks_cluster_log_types` | String | Comma separated list of cluster log type. See [this AWS doc](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html). Defaults to `none`. |
+| `aws_eks_cluster_version` | String | Specify the k8s cluster version. Defaults to `1.27` |
+| `aws_eks_instance_type` | String | Define the EC2 instance type. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. Defaults to `t3a.medium`. |
+| `aws_eks_instance_ami_id` | String | AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version. |
+| `aws_eks_instance_user_data_file` | String | Relative path in the repo for a user provided script to be executed with the EC2 Instance creation. See note. |
+| `aws_eks_ec2_key_pair` | String | Enter an existing ec2 key pair name for worker nodes. If none, will create one. |
+| `aws_eks_store_keypair_sm` | Boolean | If true, will store the newly created keys in Secret Manager. |
+| `aws_eks_desired_capacity` | String | Enter the desired capacity for the worker nodes. Defaults to `2`. |
+| `aws_eks_max_size` | String | Enter the max_size for the worker nodes. Defaults to `4`. |
+| `aws_eks_min_size` | String | Enter the min_size for the worker nodes. Defaults to `2`. |
+| `input_helm_charts` | String | Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files. |
+<hr/>
+<br/>
 <br/>
 
 ## Note about resource identifiers

action.yaml

@@ -165,7 +165,33 @@ inputs:
   aws_ec2_user_data_replace_on_change:
     description: 'If user_data file changes, instance will stop and start. Hence public IP will change. Defaults to true.'
     required: false
-
+
+  # AWS VPC Inputs
+  aws_vpc_create:
+    description: 'Define if a VPC should be created'
+    required: false
+  aws_vpc_name:
+    description: 'Set a specific name for the VPC'
+    required: false
+  aws_vpc_cidr_block:
+    description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
+    required: false
+  aws_vpc_public_subnets:
+    description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
+    required: false
+  aws_vpc_private_subnets:
+    description: 'Comma separated list of private subnets. If none, none will be created.'
+    required: false
+  aws_vpc_availability_zones:
+    description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
+    required: false
+  aws_vpc_id:
+    description: 'AWS VPC ID. Accepts `vpc-###` values.'
+    required: false
+  aws_vpc_subnet_id:
+    description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
+    required: false
+
   # AWS Route53 Domains abd Certificates
   aws_r53_enable:
     description: 'Enables the usage of Route53 to manage DNS records.'
@@ -221,30 +247,29 @@ inputs:
   aws_efs_create_ha:
     description: 'Toggle to indicate whether the EFS resource should be highly available (target mounts in all available zones within region)'
     required: false
-  aws_efs_mount_id:
+  aws_efs_fs_id:
     description: 'ID of existing EFS'
     required: false
-  aws_efs_mount_security_group_id:
-    description: 'ID of the primary security group used by the existing EFS'
+  aws_efs_vpc_id:
+    description: 'ID of the VPC for the EFS mount target. If aws_efs_create_ha is set to true, will create one mount target per subnet available in the VPC. If not, will pick one.'
     required: false
+  aws_efs_subnet_ids:
+    description: 'ID or IDs of the subnet for the EFS mount target.'
   aws_efs_security_group_name:
     description:  'The name of the EFS security group'
     required: false
   aws_efs_create_replica:
     description: 'Toggle to indiciate whether a read-only replica should be created for the EFS primary file system'
     required: false
+  aws_efs_replication_destination:
+    description: 'AWS Region to target for replication'
+    required: false
   aws_efs_enable_backup_policy:
     description: 'Toggle to indiciate whether the EFS should have a backup policy, default is false'
     required: false
-  aws_efs_zone_mapping:
-    description: 'Information on Zone Mapping can be found in the [README.md](README.md#efs-zone-mapping)'
-    required: false
   aws_efs_transition_to_inactive:
     description: 'Indicates how long it takes to transition files to the IA storage class.'
     required: false
-  aws_efs_replication_destination:
-    description: 'AWS Region to target for replication'
-    required: false
   aws_efs_mount_target: 
     description: 'Directory path in the EFS volume to mount directory to. Default is /.'
     required: false
@@ -391,6 +416,9 @@ outputs:
   vm_url:
     description: "The URL of the generated app"
     value: ${{ steps.deploy.outputs.vm_url }}
+  ec2_url:
+    description: "The URL of the generated ec2 instance"
+    value: ${{ steps.deploy.outputs.instance_public_dns }}
 
 runs:
   using: 'composite'
@@ -466,6 +494,16 @@ runs:
         AWS_EC2_USER_DATA_FILE: ${{ inputs.aws_ec2_user_data_file }}
         AWS_EC2_USER_DATA_REPLACE_ON_CHANGE: ${{ inputs.aws_ec2_user_data_replace_on_change }}
 
+        ## AWS VPC
+        AWS_VPC_CREATE: ${{ inputs.aws_vpc_create }}
+        AWS_VPC_NAME: ${{ inputs.aws_vpc_name }}
+        AWS_VPC_CIDR_BLOCK: ${{ inputs.aws_vpc_cidr_block }}
+        AWS_VPC_PUBLIC_SUBNETS: ${{ inputs.aws_vpc_public_subnets }}
+        AWS_VPC_PRIVATE_SUBNETS: ${{ inputs.aws_vpc_private_subnets }}
+        AWS_VPC_AVAILABILITY_ZONES: ${{ inputs.aws_vpc_availability_zones }}
+        AWS_VPC_ID: ${{ inputs.aws_vpc_id }}
+        AWS_VPC_SUBNET_ID: ${{ inputs.aws_vpc_subnet_id }}
+
         # AWS Route53 Domains abd Certificates
         AWS_R53_ENABLE: ${{ inputs.aws_r53_enable }}
         AWS_R53_DOMAIN_NAME: ${{ inputs.aws_r53_domain_name }}
@@ -488,14 +526,14 @@ runs:
         # AWS EFS
         AWS_EFS_CREATE: ${{ inputs.aws_efs_create }}
         AWS_EFS_CREATE_HA: ${{ inputs.aws_efs_create_ha }}
-        AWS_EFS_MOUNT_ID: ${{ inputs.aws_efs_mount_id }}
-        AWS_EFS_MOUNT_SECURITY_GROUP_ID: ${{ inputs.aws_efs_mount_security_group_id }}
+        AWS_EFS_FS_ID: ${{ inputs.aws_efs_fs_id }}
+        AWS_EFS_VPC_ID: ${{ inputs.aws_efs_vpc_id }}
+        AWS_EFS_SUBNET_IDS: ${{ inputs.aws_efs_subnet_ids }}
         AWS_EFS_SECURITY_GROUP_NAME: ${{ inputs.aws_efs_security_group_name }}
         AWS_EFS_CREATE_REPLICA: ${{ inputs.aws_efs_create_replica }}
+        AWS_EFS_REPLICATION_DESTINATION: ${{ inputs.aws_efs_replication_destination }}
         AWS_EFS_ENABLE_BACKUP_POLICY: ${{ inputs.aws_efs_enable_backup_policy }}
-        AWS_EFS_ZONE_MAPPING: ${{ inputs.aws_efs_zone_mapping }}
         AWS_EFS_TRANSITION_TO_INACTIVE: ${{ inputs.aws_efs_transition_to_inactive }}
-        AWS_EFS_REPLICATION_DESTINATION: ${{ inputs.aws_efs_replication_destination }}
         AWS_EFS_MOUNT_TARGET: ${{ inputs.aws_efs_mount_target }}
         AWS_EFS_EC2_MOUNT_POINT: ${{ inputs.aws_efs_ec2_mount_point }}
 
@@ -562,10 +600,13 @@ runs:
       env: 
         SUCCESS: ${{ job.status }} # success, failure, cancelled
         URL_OUTPUT: ${{ steps.deploy.outputs.vm_url }}
+        EC2_URL_OUTPUT: ${{ steps.deploy.outputs.ec2_url }}
         BITOPS_CODE_ONLY: ${{ inputs.bitops_code_only }}
         BITOPS_CODE_STORE: ${{ inputs.bitops_code_store }}
         TF_STACK_DESTROY: ${{ inputs.tf_stack_destroy }}
         TF_STATE_BUCKET_DESTROY: ${{ inputs.tf_state_bucket_destroy }}
+        AWS_EC2_PORT_LIST: ${{ inputs.aws_ec2_port_list }}
+        AWS_ELB_LISTEN_PORT: ${{ inputs.aws_elb_listen_port }}
       run: $GITHUB_ACTION_PATH/operations/_scripts/deploy/summary.sh
 
     # upload generated artifacts to GitHub if enabled

operations/_scripts/deploy/summary.sh

@@ -4,10 +4,13 @@
 ### coming into this we have env vars:
 # SUCCESS=${{ job.status }} # success, cancelled, failure
 # URL_OUTPUT=${{ steps.deploy.outputs.vm_url }}
+# EC2_URL_OUTPUT=${{ steps.deploy.outputs.ec2_url }}
 # BITOPS_CODE_ONLY
 # BITOPS_CODE_STORE
 # TF_STACK_DESTROY
 # TF_STATE_BUCKET_DESTROY
+# AWS_EC2_PORT_LIST
+# AWS_ELB_LISTEN_PORT
 
 # Create an error code mechanism so we don't have to check the actual static text,
 # just which case we fell into
@@ -24,13 +27,42 @@
 # 9 - success, destroy infrastructure
 # 10 - cancelled
 
+# Function to process and return the result as a string
+function process_and_return() {
+  local url="$1"
+  local ports="$2"
+  IFS=',' read -ra port_array <<< "$ports"
+  result=""
+  for p in "${port_array[@]}"; do
+    result+="$url:$p\n"
+  done
+  echo -e "$result"
+}
+
+# Function to echo each line of a given variable
+echo_lines() {
+  local input="$1"
+  while IFS= read -r line; do
+    echo -e "$line" >> $GITHUB_STEP_SUMMARY
+  done <<< "$input"
+}
+
+# Process and store URL_OUTPUT:AWS_ELB_LISTEN_PORT in a variable
+output_elb=$(process_and_return "$URL_OUTPUT" "$AWS_ELB_LISTEN_PORT")
+# Given the case where there is no port specified for the ELB, pass the URL directly
+if [[ -z "$output_elb" ]]; then
+  output_elb="$URL_OUTPUT"
+fi
+final_output+="${output_elb}\n"
+# Process and store EC2_URL_OUTPUT:AWS_EC2_PORT_LIST in a variable
+output_ec2=$(process_and_return "$EC2_URL_OUTPUT" "$AWS_EC2_PORT_LIST")
+final_output+="${output_ec2}\n"
+
 SUMMARY_CODE=0
 
 if [[ $SUCCESS == 'success' ]]; then
   if [[ $URL_OUTPUT != '' ]]; then
-    result_string="## Deploy Complete! :rocket:
-    $URL_OUTPUT"
-
+    result_string="## Deploy Complete! :rocket:"
   elif [[ $BITOPS_CODE_ONLY == 'true' ]]; then
     if [[ $BITOPS_CODE_STORE == 'true' ]]; then
       SUMMARY_CODE=6
@@ -72,5 +104,11 @@ else
   If you consider this is a bug in the Github Action, please submit an issue to our repo."
 fi
 
-echo "$result_string" >> $GITHUB_STEP_SUMMARY
-echo "SUMMARY_CODE=$SUMMARY_CODE" >> $GITHUB_OUTPUT
+echo -e "$result_string" >> $GITHUB_STEP_SUMMARY
+if [[ $SUCCESS == 'success' ]]; then
+  if [[ $URL_OUTPUT != '' ]]; then
+    while IFS= read -r line; do
+      echo -e "$line" >> $GITHUB_STEP_SUMMARY
+    done <<< "$final_output"
+  fi
+fi

operations/_scripts/generate/generate_bitops_config.sh

@@ -77,7 +77,12 @@ if [ -n "$TF_TARGETS" ]; then
 fi
 # random_integer.az_select needs to be created before the "full stack" to avoid a potential state dependency locks
 targets="$targets
-    - random_integer.az_select"
+    - module.vpc.random_integer.az_select"
+# In the case VPC creation is enabled, as it's a needed resource for the whole stack, will trigger creation first.
+if [[ $(alpha_only "$AWS_VPC_CREATE") == true ]]; then
+targets="$targets
+    - module.vpc"
+fi
 targets_attribute="$targets_attribute $targets"
 
 #Will add the user_data file into the EC2 Terraform folder

operations/_scripts/generate/generate_vars_terraform.sh

@@ -130,6 +130,18 @@ if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]]; then
   aws_ec2_user_data_replace_on_change=$(generate_var aws_ec2_user_data_replace_on_change $AWS_EC2_USER_DATA_REPLACE_ON_CHANGE)
 fi
 
+#-- VPC Handling --# 
+if [[ $(alpha_only "$AWS_VPC_CREATE") == true ]]; then
+  aws_vpc_create=$(generate_var aws_vpc_create $AWS_VPC_CREATE)
+  aws_vpc_name=$(generate_var aws_vpc_name $AWS_VPC_NAME)
+  aws_vpc_cidr_block=$(generate_var aws_vpc_cidr_block $AWS_VPC_CIDR_BLOCK)
+  aws_vpc_public_subnets=$(generate_var aws_vpc_public_subnets $AWS_VPC_PUBLIC_SUBNETS)
+  aws_vpc_private_subnets=$(generate_var aws_vpc_private_subnets $AWS_VPC_PRIVATE_SUBNETS)
+  aws_vpc_availability_zones=$(generate_var aws_vpc_availability_zones $AWS_VPC_AVAILABILITY_ZONES)
+fi
+aws_vpc_id=$(generate_var aws_vpc_id $AWS_VPC_ID)
+aws_vpc_subnet_id=$(generate_var aws_vpc_subnet_id $AWS_VPC_SUBNET_ID)
+
 #-- AWS Route53 and certs --#
 if [[ $(alpha_only "$AWS_R53_ENABLE") == true ]]; then
   aws_r53_enable=$(generate_var aws_r53_enable $AWS_R53_ENABLE)
@@ -161,14 +173,14 @@ if [[ $(alpha_only "$AWS_EFS_ENABLE") == true ]]; then
   aws_efs_enable=$(generate_var aws_efs_enable $AWS_EFS_ENABLE)
   aws_efs_create=$(generate_var aws_efs_create $AWS_EFS_CREATE)
   aws_efs_create_ha=$(generate_var aws_efs_create_ha $AWS_EFS_CREATE_HA)
-  aws_efs_mount_id=$(generate_var aws_efs_mount_id $AWS_EFS_MOUNT_ID)
-  aws_efs_mount_security_group_id=$(generate_var aws_efs_mount_security_group_id $AWS_EFS_MOUNT_SECURITY_GROUP_ID)
+  aws_efs_fs_id=$(generate_var aws_efs_fs_id $AWS_EFS_FS_ID)
+  aws_efs_vpc_id=$(generate_var aws_efs_vpc_id $AWS_EFS_VPC_ID)
+  aws_efs_subnet_ids=$(generate_var aws_efs_subnet_ids $AWS_EFS_SUBNET_IDS)
   aws_efs_security_group_name=$(generate_var aws_efs_security_group_name $AWS_EFS_SECURITY_GROUP_NAME)
   aws_efs_create_replica=$(generate_var aws_efs_create_replica $AWS_EFS_CREATE_REPLICA)
+  aws_efs_replication_destination=$(generate_var aws_efs_replication_destination $AWS_EFS_REPLICATION_DESTINATION)
   aws_efs_enable_backup_policy=$(generate_var aws_efs_enable_backup_policy $AWS_EFS_ENABLE_BACKUP_POLICY)
-  aws_efs_zone_mapping=$(generate_var aws_efs_zone_mapping $AWS_EFS_ZONE_MAPPING)
   aws_efs_transition_to_inactive=$(generate_var aws_efs_transition_to_inactive $AWS_EFS_TRANSITION_TO_INACTIVE)
-  aws_efs_replication_destination=$(generate_var aws_efs_replication_destination $AWS_EFS_REPLICATION_DESTINATION)
   aws_efs_mount_target=$(generate_var aws_efs_mount_target $AWS_EFS_MOUNT_TARGET)
   aws_efs_ec2_mount_point=$(generate_var aws_efs_ec2_mount_point $AWS_EFS_EC2_MOUNT_POINT)
 fi
@@ -265,6 +277,16 @@ $aws_ec2_create_keypair_sm
 $aws_ec2_instance_public_ip
 $aws_ec2_user_data_replace_on_change
 
+#-- VPC --# 
+$aws_vpc_create
+$aws_vpc_name
+$aws_vpc_cidr_block
+$aws_vpc_public_subnets
+$aws_vpc_private_subnets
+$aws_vpc_availability_zones
+$aws_vpc_id
+$aws_vpc_subnet_id
+
 #-- R53 --#
 $aws_r53_enable
 $aws_r53_domain_name
@@ -288,14 +310,14 @@ $lb_access_bucket_name
 $aws_efs_enable
 $aws_efs_create
 $aws_efs_create_ha
-$aws_efs_mount_id
-$aws_efs_mount_security_group_id
+$aws_efs_fs_id
+$aws_efs_vpc_id
+$aws_efs_subnet_ids
 $aws_efs_security_group_name
 $aws_efs_create_replica
+$aws_efs_replication_destination
 $aws_efs_enable_backup_policy
-$aws_efs_zone_mapping
 $aws_efs_transition_to_inactive
-$aws_efs_replication_destination
 $aws_efs_mount_target
 $aws_efs_ec2_mount_point