From 0e9310a50b5c29521466b2ccfd8123b194f4b107 Mon Sep 17 00:00:00 2001
From: Joseph Sykes <joseph.c.sykes@outlook.com>
Date: Fri, 4 Aug 2023 09:13:18 +0100
Subject: [PATCH 01/10] Update vpc resource names inline with issue #89.

---
 modules/aws/vpc/main.tf   | 44 +++++++++++++++++++--------------------
 modules/aws/vpc/output.tf |  6 +++---
 2 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/modules/aws/vpc/main.tf b/modules/aws/vpc/main.tf
index 4341c98..866c597 100644
--- a/modules/aws/vpc/main.tf
+++ b/modules/aws/vpc/main.tf
@@ -13,23 +13,23 @@ terraform {
   }
 }
 
-resource "aws_flow_log" "flow_log" {
-  iam_role_arn    = aws_iam_role.iam_role[0].arn
-  log_destination = aws_cloudwatch_log_group.log_group[0].arn
+resource "aws_flow_log" "this" {
+  iam_role_arn    = aws_iam_role.this[0].arn
+  log_destination = aws_cloudwatch_log_group.this[0].arn
   traffic_type    = var.vpc_flow_logs_traffic_type
-  vpc_id          = aws_vpc.vpc.id
+  vpc_id          = aws_vpc.this.id
   count           = var.enable_vpc_flow_logs ? 1 : 0
 }
 
 resource "random_uuid" "log_group_guid_identifier" {
 }
 
-resource "aws_cloudwatch_log_group" "log_group" {
+resource "aws_cloudwatch_log_group" "this" {
   name  = "${var.project_name}-vpc-flow-logs-${random_uuid.log_group_guid_identifier.result}"
   count = var.enable_vpc_flow_logs ? 1 : 0
 }
 
-resource "aws_iam_role" "iam_role" {
+resource "aws_iam_role" "this" {
   name  = "${var.project_name}-vpc-logs-iam"
   count = var.enable_vpc_flow_logs ? 1 : 0
 
@@ -50,9 +50,9 @@ resource "aws_iam_role" "iam_role" {
 EOF
 }
 
-resource "aws_iam_role_policy" "iam_role_policy" {
+resource "aws_iam_role_policy" "this" {
   name   = "${var.project_name}-vpc-iam-logs-policy"
-  role   = aws_iam_role.iam_role[0].id
+  role   = aws_iam_role.this[0].id
   count  = var.enable_vpc_flow_logs ? 1 : 0
   policy = <<EOF
 {
@@ -74,7 +74,7 @@ EOF
 }
 
 
-resource "aws_vpc" "vpc" {
+resource "aws_vpc" "this" {
   cidr_block           = var.vpc_cidr
   enable_dns_support   = var.enable_dns_support
   enable_dns_hostnames = var.enable_dns_hostnames
@@ -85,9 +85,9 @@ resource "aws_vpc" "vpc" {
   }
 }
 
-resource "aws_subnet" "public_subnets" {
+resource "aws_subnet" "public" {
   count             = length(local.public_subnet_cidrs)
-  vpc_id            = aws_vpc.vpc.id
+  vpc_id            = aws_vpc.this.id
   cidr_block        = element(local.public_subnet_cidrs, count.index)
   availability_zone = element(local.az_zones, count.index)
 
@@ -98,9 +98,9 @@ resource "aws_subnet" "public_subnets" {
   }
 }
 
-resource "aws_subnet" "private_subnets" {
+resource "aws_subnet" "private" {
   count             = length(local.private_subnet_cidrs)
-  vpc_id            = aws_vpc.vpc.id
+  vpc_id            = aws_vpc.this.id
   cidr_block        = element(local.private_subnet_cidrs, count.index)
   availability_zone = element(local.az_zones, count.index)
 
@@ -111,9 +111,9 @@ resource "aws_subnet" "private_subnets" {
   }
 }
 
-resource "aws_internet_gateway" "ig" {
+resource "aws_internet_gateway" "this" {
   count  = length(local.public_subnet_cidrs) > 0 ? 1 : 0
-  vpc_id = aws_vpc.vpc.id
+  vpc_id = aws_vpc.this.id
 
   tags = {
     Name  = "${var.project_name}-vpc-ig"
@@ -121,18 +121,18 @@ resource "aws_internet_gateway" "ig" {
   }
 }
 
-resource "aws_route_table" "route_table" {
+resource "aws_route_table" "this" {
   count  = length(local.public_subnet_cidrs) > 0 ? 1 : 0
-  vpc_id = aws_vpc.vpc.id
+  vpc_id = aws_vpc.this.id
 
   route {
     cidr_block = var.ig_cidr
-    gateway_id = aws_internet_gateway.ig[0].id
+    gateway_id = aws_internet_gateway.this[0].id
   }
 
   route {
     ipv6_cidr_block = var.ig_ipv6_cidr
-    gateway_id      = aws_internet_gateway.ig[0].id
+    gateway_id      = aws_internet_gateway.this[0].id
   }
 
   tags = {
@@ -141,8 +141,8 @@ resource "aws_route_table" "route_table" {
   }
 }
 
-resource "aws_route_table_association" "public_subnet_rt_asso" {
+resource "aws_route_table_association" "public" {
   count          = length(local.public_subnet_cidrs)
-  subnet_id      = element(aws_subnet.public_subnets[*].id, count.index)
-  route_table_id = aws_route_table.route_table[0].id
+  subnet_id      = element(aws_subnet.public[*].id, count.index)
+  route_table_id = aws_route_table.this[0].id
 }
diff --git a/modules/aws/vpc/output.tf b/modules/aws/vpc/output.tf
index a83f598..f047d23 100644
--- a/modules/aws/vpc/output.tf
+++ b/modules/aws/vpc/output.tf
@@ -1,15 +1,15 @@
 output "vpc_id" {
-  value       = aws_vpc.vpc.id
+  value       = aws_vpc.this.id
   description = "The ID of the VPC that has been created. This output is of type `list(string)`."
 }
 
 output "public_subnet_ids" {
-  value       = aws_subnet.public_subnets[*].id
+  value       = aws_subnet.public[*].id
   description = "A list of the public subnet IDs that have been created. This output is of type `list(string)`."
 }
 
 output "private_subnet_ids" {
-  value       = aws_subnet.private_subnets[*].id
+  value       = aws_subnet.private[*].id
   description = "A list of the private subnet IDs that have been created. This output is of type `list(string)`."
 }
 

From c41b327c7014fba2c1c86a84e21f83b406f069df Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 4 Aug 2023 08:15:31 +0000
Subject: [PATCH 02/10] terraform-docs: automated action

---
 modules/aws/vpc/README.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index 982bb6a..9228fdc 100644
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -31,16 +31,16 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_flow_log.flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
-| [aws_iam_role.iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.iam_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_internet_gateway.ig](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
-| [aws_route_table.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
-| [aws_route_table_association.public_subnet_rt_asso](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
-| [aws_subnet.private_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
-| [aws_subnet.public_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
-| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
+| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
+| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
+| [aws_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
+| [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
 | [random_uuid.log_group_guid_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 

From c47bbee7c4e049844c69403a3877fcf9c8aa72f0 Mon Sep 17 00:00:00 2001
From: Kris Bloe <orangelumpycustard@gmail.com>
Date: Thu, 24 Aug 2023 16:24:04 +0100
Subject: [PATCH 03/10] Update main.tf

Initial changes... more name changes to come.
---
 modules/aws/vpc/main.tf | 54 +++++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/modules/aws/vpc/main.tf b/modules/aws/vpc/main.tf
index 866c597..cd4cc11 100644
--- a/modules/aws/vpc/main.tf
+++ b/modules/aws/vpc/main.tf
@@ -4,35 +4,37 @@ terraform {
   required_providers {
     random = {
       source  = "hashicorp/random"
-      version = ">= 3.4.3"
+      version = ">= 3.5.1"
     }
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.0"
+      version = ">= 5.13.1"
     }
   }
 }
 
 resource "aws_flow_log" "this" {
-  iam_role_arn    = aws_iam_role.this[0].arn
-  log_destination = aws_cloudwatch_log_group.this[0].arn
+  count = var.enable_vpc_flow_logs ? 1 : 0
+
+  iam_role_arn    = aws_iam_role.vpc_flow_logs[0].arn
+  log_destination = aws_cloudwatch_log_group.vpc_flow_logs[0].arn
   traffic_type    = var.vpc_flow_logs_traffic_type
   vpc_id          = aws_vpc.this.id
-  count           = var.enable_vpc_flow_logs ? 1 : 0
 }
 
-resource "random_uuid" "log_group_guid_identifier" {
-}
+resource "random_uuid" "log_group_guid_identifier" {}
 
-resource "aws_cloudwatch_log_group" "this" {
-  name  = "${var.project_name}-vpc-flow-logs-${random_uuid.log_group_guid_identifier.result}"
+resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
   count = var.enable_vpc_flow_logs ? 1 : 0
+
+  name = "clg-${var.project_name}-${local.aws_region_short}-vpc_flow_logs_${replace(random_uuid.log_group_guid_identifier.result, "-", "_")}"
 }
 
-resource "aws_iam_role" "this" {
-  name  = "${var.project_name}-vpc-logs-iam"
+resource "aws_iam_role" "vpc_flow_logs" {
   count = var.enable_vpc_flow_logs ? 1 : 0
 
+  name = "${var.project_name}-vpc-logs-iam"
+
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -50,10 +52,12 @@ resource "aws_iam_role" "this" {
 EOF
 }
 
-resource "aws_iam_role_policy" "this" {
-  name   = "${var.project_name}-vpc-iam-logs-policy"
-  role   = aws_iam_role.this[0].id
-  count  = var.enable_vpc_flow_logs ? 1 : 0
+resource "aws_iam_role_policy" "vpc_flow_logs" {
+  count = var.enable_vpc_flow_logs ? 1 : 0
+
+  name = "${var.project_name}-vpc-iam-logs-policy"
+  role = aws_iam_role.vpc_flow_logs[0].id
+
   policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -73,7 +77,6 @@ resource "aws_iam_role_policy" "this" {
 EOF
 }
 
-
 resource "aws_vpc" "this" {
   cidr_block           = var.vpc_cidr
   enable_dns_support   = var.enable_dns_support
@@ -86,7 +89,8 @@ resource "aws_vpc" "this" {
 }
 
 resource "aws_subnet" "public" {
-  count             = length(local.public_subnet_cidrs)
+  count = length(local.public_subnet_cidrs)
+
   vpc_id            = aws_vpc.this.id
   cidr_block        = element(local.public_subnet_cidrs, count.index)
   availability_zone = element(local.az_zones, count.index)
@@ -99,7 +103,8 @@ resource "aws_subnet" "public" {
 }
 
 resource "aws_subnet" "private" {
-  count             = length(local.private_subnet_cidrs)
+  count = length(local.private_subnet_cidrs)
+
   vpc_id            = aws_vpc.this.id
   cidr_block        = element(local.private_subnet_cidrs, count.index)
   availability_zone = element(local.az_zones, count.index)
@@ -112,7 +117,8 @@ resource "aws_subnet" "private" {
 }
 
 resource "aws_internet_gateway" "this" {
-  count  = length(local.public_subnet_cidrs) > 0 ? 1 : 0
+  count = length(local.public_subnet_cidrs) > 0 ? 1 : 0
+
   vpc_id = aws_vpc.this.id
 
   tags = {
@@ -121,8 +127,9 @@ resource "aws_internet_gateway" "this" {
   }
 }
 
-resource "aws_route_table" "this" {
-  count  = length(local.public_subnet_cidrs) > 0 ? 1 : 0
+resource "aws_route_table" "public" {
+  count = length(local.public_subnet_cidrs) > 0 ? 1 : 0
+
   vpc_id = aws_vpc.this.id
 
   route {
@@ -142,7 +149,8 @@ resource "aws_route_table" "this" {
 }
 
 resource "aws_route_table_association" "public" {
-  count          = length(local.public_subnet_cidrs)
+  count = length(local.public_subnet_cidrs)
+
   subnet_id      = element(aws_subnet.public[*].id, count.index)
-  route_table_id = aws_route_table.this[0].id
+  route_table_id = aws_route_table.public[0].id
 }

From e72e35ec1881a3f3d0ec78fb0c314caba3799af8 Mon Sep 17 00:00:00 2001
From: Kris Bloe <kris.bloe@answerdigital.com>
Date: Wed, 30 Aug 2023 11:40:09 +0100
Subject: [PATCH 04/10] Update locals.tf

Added aws_region_short
---
 modules/aws/vpc/locals.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/aws/vpc/locals.tf b/modules/aws/vpc/locals.tf
index d9168df..8ef2d29 100644
--- a/modules/aws/vpc/locals.tf
+++ b/modules/aws/vpc/locals.tf
@@ -2,9 +2,9 @@ locals {
   num_az_zones = length(var.azs) == 0 ? length(data.aws_availability_zones.available.names) : length(var.azs)
 
   az_zones = length(var.azs) == 0 ? data.aws_availability_zones.available.names : var.azs
-}
 
-locals {
+  aws_region_short = replace(replace(replace(replace(replace(replace(replace(data.aws_region.current.name, "north", "n"), "south", "s"), "east", "e"), "west", "w"), "central", "c"), "gov", "g"), "-", "")
+
   public_subnet_cidrs = var.num_public_subnets == -1 ? [for i in range(1, local.num_az_zones + 1) : "10.0.${i}.0/24"] : [for i in range(1, var.num_public_subnets + 1) : "10.0.${i}.0/24"]
 
   private_subnet_cidrs = var.num_private_subnets == -1 ? [for i in range(1, local.num_az_zones + 1) : "10.0.10${i}.0/24"] : [for i in range(1, var.num_private_subnets + 1) : "10.0.10${i}.0/24"]

From 121a933c0f09bdc230b86f3ca5f536ca8b97f9a7 Mon Sep 17 00:00:00 2001
From: Kris Bloe <kris.bloe@answerdigital.com>
Date: Wed, 30 Aug 2023 11:40:40 +0100
Subject: [PATCH 05/10] Update data.tf

Added `data "aws_region" "current" {}`
---
 modules/aws/vpc/data.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/aws/vpc/data.tf b/modules/aws/vpc/data.tf
index 87d8f48..2ce02a4 100644
--- a/modules/aws/vpc/data.tf
+++ b/modules/aws/vpc/data.tf
@@ -1,3 +1,5 @@
 data "aws_availability_zones" "available" {
   state = "available"
 }
+
+data "aws_region" "current" {}

From c12366a801d5c0f4acd6ca3f57f99f0bf2381f0a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 30 Aug 2023 10:41:36 +0000
Subject: [PATCH 06/10] terraform-docs: automated action

---
 modules/aws/vpc/README.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index 9228fdc..8b719c8 100644
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -17,32 +17,33 @@ traffic, this is good from an auditing perspective, however you will be charged
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.4.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.13.1 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.5.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 3.4.3 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.13.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.5.1 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_cloudwatch_log_group.vpc_flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
-| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [aws_iam_role.vpc_flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.vpc_flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_internet_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
-| [aws_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
+| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
 | [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource |
 | [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
 | [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
 | [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
 | [random_uuid.log_group_guid_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 

From fa9b3809dd38ee21e416b6842395d163cfa9cc0b Mon Sep 17 00:00:00 2001
From: Kris Bloe <kris.bloe@answerdigital.com>
Date: Thu, 31 Aug 2023 11:46:58 +0100
Subject: [PATCH 07/10] Improving the names used

---
 modules/aws/vpc/README.md           |  8 +++---
 modules/aws/vpc/examples/example.tf |  2 +-
 modules/aws/vpc/main.tf             | 24 +++++++-----------
 modules/aws/vpc/output.tf           |  4 +--
 modules/aws/vpc/variables.tf        | 39 +++++++++++++++++++++++++++--
 5 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index 8b719c8..36a3b71 100644
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -49,7 +49,7 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your terraform project. | `list(string)` | `[]` | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your Terraform project. | `list(string)` | `[]` | no |
 | <a name="input_enable_dns_hostnames"></a> [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | This allows AWS DNS hostname support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | This allows AWS DNS support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_vpc_flow_logs"></a> [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Whether to enable VPC Flow Logs for this VPC, this has cost but is considered a security risk without | `bool` | n/a | yes |
@@ -74,7 +74,7 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 # Example Usage
 
-Below are examples of how you would call the `vpc` module in your terraform code.
+Below are examples of how you would call the `vpc` module in your Terraform code.
 
 In this example we show two ways the module can be used;
 the first uses the module to create a public and private subnet on each Availability Zone in your defined region,
@@ -84,14 +84,14 @@ and `eu-west-3` respectively.
 ```hcl
 module "vpc_subnet" {
   source               = "github.com/answerdigital/terraform-modules//modules/aws/vpc?ref=v2"
-  owner                = "joe_blogs"
+  owner                = "joe.blogs@answerdigital.com"
   project_name         = "example_project_name"
   enable_vpc_flow_logs = true
 }
 
 module "vpc_subnet" {
   source                     = "github.com/answerdigital/terraform-modules//modules/aws/vpc?ref=v2"
-  owner                      = "joe_blogs"
+  owner                      = "joe.blogs@answerdigital.com"
   project_name               = "example_project_name"
   azs                        = ["eu-west-1", "eu-west-3"]
   num_public_subnets         = 1
diff --git a/modules/aws/vpc/examples/example.tf b/modules/aws/vpc/examples/example.tf
index 587e320..e68a20e 100644
--- a/modules/aws/vpc/examples/example.tf
+++ b/modules/aws/vpc/examples/example.tf
@@ -1,6 +1,6 @@
 module "vpc_subnet" {
   source               = "../."
-  owner                = "joe_bloggs"
+  owner                = "joe.blogs@answerdigital.com"
   project_name         = "test_person_name"
   enable_vpc_flow_logs = true
 }
diff --git a/modules/aws/vpc/main.tf b/modules/aws/vpc/main.tf
index cd4cc11..dac9cbd 100644
--- a/modules/aws/vpc/main.tf
+++ b/modules/aws/vpc/main.tf
@@ -2,13 +2,9 @@ terraform {
   required_version = "~> 1.3"
 
   required_providers {
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 3.5.1"
-    }
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.13.1"
+      version = ">= 5.14.0"
     }
   }
 }
@@ -22,18 +18,16 @@ resource "aws_flow_log" "this" {
   vpc_id          = aws_vpc.this.id
 }
 
-resource "random_uuid" "log_group_guid_identifier" {}
-
 resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
   count = var.enable_vpc_flow_logs ? 1 : 0
 
-  name = "clg-${var.project_name}-${local.aws_region_short}-vpc_flow_logs_${replace(random_uuid.log_group_guid_identifier.result, "-", "_")}"
+  name = "${replace("AWS::Logs::LogGroup", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-vpc_flow_logs"
 }
 
 resource "aws_iam_role" "vpc_flow_logs" {
   count = var.enable_vpc_flow_logs ? 1 : 0
 
-  name = "${var.project_name}-vpc-logs-iam"
+  name = "${replace("AWS::IAM::Role", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-vpc_flow_logs"
 
   assume_role_policy = <<EOF
 {
@@ -55,7 +49,7 @@ EOF
 resource "aws_iam_role_policy" "vpc_flow_logs" {
   count = var.enable_vpc_flow_logs ? 1 : 0
 
-  name = "${var.project_name}-vpc-iam-logs-policy"
+  name = "${replace("AWS::IAM::RolePolicy", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-vpc_flow_logs"
   role = aws_iam_role.vpc_flow_logs[0].id
 
   policy = <<EOF
@@ -83,7 +77,7 @@ resource "aws_vpc" "this" {
   enable_dns_hostnames = var.enable_dns_hostnames
 
   tags = {
-    Name  = "${var.project_name}-vpc"
+    Name  = "${replace("AWS::EC2::VPC", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}"
     Owner = var.owner
   }
 }
@@ -96,7 +90,7 @@ resource "aws_subnet" "public" {
   availability_zone = element(local.az_zones, count.index)
 
   tags = {
-    Name  = "${var.project_name}-public-subnet-${count.index + 1}"
+    Name  = "${replace("AWS::EC2::Subnet", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-public_${count.index + 1}"
     Zone  = "Public"
     Owner = var.owner
   }
@@ -110,7 +104,7 @@ resource "aws_subnet" "private" {
   availability_zone = element(local.az_zones, count.index)
 
   tags = {
-    Name  = "${var.project_name}-private-subnet-${count.index + 1}"
+    Name  = "${replace("AWS::EC2::Subnet", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-private_${count.index + 1}"
     Zone  = "Private"
     Owner = var.owner
   }
@@ -122,7 +116,7 @@ resource "aws_internet_gateway" "this" {
   vpc_id = aws_vpc.this.id
 
   tags = {
-    Name  = "${var.project_name}-vpc-ig"
+    Name  = "${replace("AWS::EC2::InternetGateway", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-${count.index + 1}"
     Owner = var.owner
   }
 }
@@ -143,7 +137,7 @@ resource "aws_route_table" "public" {
   }
 
   tags = {
-    Name  = "${var.project_name}-public-route-table"
+    Name  = "${replace("AWS::EC2::RouteTable", "::", "-")}-${var.project_name}-${var.environment}-${local.aws_region_short}-public_${count.index + 1}"
     Owner = var.owner
   }
 }
diff --git a/modules/aws/vpc/output.tf b/modules/aws/vpc/output.tf
index f047d23..cb1f88d 100644
--- a/modules/aws/vpc/output.tf
+++ b/modules/aws/vpc/output.tf
@@ -1,6 +1,6 @@
 output "vpc_id" {
   value       = aws_vpc.this.id
-  description = "The ID of the VPC that has been created. This output is of type `list(string)`."
+  description = "The ID of the VPC that has been created. This output is of type `string`."
 }
 
 output "public_subnet_ids" {
@@ -15,5 +15,5 @@ output "private_subnet_ids" {
 
 output "az_zones" {
   value       = local.az_zones
-  description = "A list of the Availability Zones that have been used. This output is of type `string`."
+  description = "A list of the Availability Zones that have been used. This output is of type `list(string)`."
 }
diff --git a/modules/aws/vpc/variables.tf b/modules/aws/vpc/variables.tf
index 03413bc..316d0bd 100644
--- a/modules/aws/vpc/variables.tf
+++ b/modules/aws/vpc/variables.tf
@@ -1,11 +1,31 @@
 variable "project_name" {
   type        = string
-  description = "This is used to label the VPC as \"`project_name`-vpc\"."
+  description = "The projects's name - can only contain alphanumeric/underscore chatracters."
+
+  validation {
+    condition     = can(regex("^[0-9A-Za-z_]+$", var.project_name))
+    error_message = "For the project_name value, only a-z, A-Z, 0-9 and _ are allowed."
+  }
+}
+
+variable "environment" {
+  type        = string
+  description = "The environment being deployed to - can only contain lower case letters."
+
+  validation {
+    condition     = can(regex("^[a-z]+$", var.environment))
+    error_message = "For the environment value, only a-z are allowed."
+  }
 }
 
 variable "owner" {
   type        = string
-  description = "This is used to identify AWS resources through its tags."
+  description = "The email address of the owner."
+
+  validation {
+    condition     = can(match("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.owner))
+    error_message = "Invalid email address format. Please provide a valid email address."
+  }
 }
 
 # VPC variables
@@ -13,6 +33,11 @@ variable "vpc_cidr" {
   type        = string
   description = "This specifies the CIDR block for the VPC."
   default     = "10.0.0.0/16"
+
+  validation {
+    condition     = can(cidrhost(var.vpc_cidr, 0))
+    error_message = "Must be valid IPv4 CIDR."
+  }
 }
 
 variable "enable_vpc_flow_logs" {
@@ -69,10 +94,20 @@ variable "ig_cidr" {
   type        = string
   description = "This specifies the CIDR block for the internet gateway."
   default     = "0.0.0.0/0"
+
+  validation {
+    condition     = can(cidrhost(var.ig_cidr, 0))
+    error_message = "Must be valid IPv4 CIDR."
+  }
 }
 
 variable "ig_ipv6_cidr" {
   type        = string
   description = "This specifies the IPV6 CIDR block for the internet gateway."
   default     = "::/0"
+
+  validation {
+    condition     = can(cidrhost(var.ig_ipv6_cidr, 0))
+    error_message = "Must be valid IPv6 CIDR."
+  }
 }

From d59c46213fa39bb1bbcb39d4b859ee1f658643e2 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 31 Aug 2023 10:48:33 +0000
Subject: [PATCH 08/10] terraform-docs: automated action

---
 modules/aws/vpc/README.md | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index 36a3b71..ac184f9 100644
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -17,15 +17,13 @@ traffic, this is good from an auditing perspective, however you will be charged
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.13.1 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.5.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.13.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 3.5.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
 
 ## Resources
 
@@ -41,7 +39,6 @@ traffic, this is good from an auditing perspective, however you will be charged
 | [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
 | [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
 | [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
-| [random_uuid.log_group_guid_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -49,16 +46,17 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your Terraform project. | `list(string)` | `[]` | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your terraform project. | `list(string)` | `[]` | no |
 | <a name="input_enable_dns_hostnames"></a> [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | This allows AWS DNS hostname support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | This allows AWS DNS support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_vpc_flow_logs"></a> [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Whether to enable VPC Flow Logs for this VPC, this has cost but is considered a security risk without | `bool` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment being deployed to - can only contain lower case letters. | `string` | n/a | yes |
 | <a name="input_ig_cidr"></a> [ig\_cidr](#input\_ig\_cidr) | This specifies the CIDR block for the internet gateway. | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_ig_ipv6_cidr"></a> [ig\_ipv6\_cidr](#input\_ig\_ipv6\_cidr) | This specifies the IPV6 CIDR block for the internet gateway. | `string` | `"::/0"` | no |
 | <a name="input_num_private_subnets"></a> [num\_private\_subnets](#input\_num\_private\_subnets) | This is a number specifying how many private subnets you want. Setting this to its default value of `-1` will result in `x` private subnets where `x` is the number of Availability Zones. If the number of private subnets is greater than the number of Availability Zones the private subnets will be spread out evenly over the available AZs. The CIDR values used are of the form `10.0.{i}.0/24` where `i` starts at 101 and increases by 1 for each private subnet. | `number` | `-1` | no |
 | <a name="input_num_public_subnets"></a> [num\_public\_subnets](#input\_num\_public\_subnets) | This is a number specifying how many public subnets you want. Setting this to its default value of `-1` will result in `x` public subnets where `x` is the number of Availability Zones. If the number of public subnets is greater than the number of Availability Zones the public subnets will be spread out evenly over the available AZs. The CIDR values used are of the form `10.0.{i}.0/24` where `i` starts at 1 and increases by 1 for each public subnet. | `number` | `-1` | no |
-| <a name="input_owner"></a> [owner](#input\_owner) | This is used to identify AWS resources through its tags. | `string` | n/a | yes |
-| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | This is used to label the VPC as "`project_name`-vpc". | `string` | n/a | yes |
+| <a name="input_owner"></a> [owner](#input\_owner) | The email address of the owner. | `string` | n/a | yes |
+| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | The projects's name - can only contain alphanumeric/underscore chatracters. | `string` | n/a | yes |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | This specifies the CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vpc_flow_logs_traffic_type"></a> [vpc\_flow\_logs\_traffic\_type](#input\_vpc\_flow\_logs\_traffic\_type) | The Type of traffic to log, Requires vpc\_flow\_logs to be true | `string` | `"ALL"` | no |
 
@@ -66,10 +64,10 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 | Name | Description |
 |------|-------------|
-| <a name="output_az_zones"></a> [az\_zones](#output\_az\_zones) | A list of the Availability Zones that have been used. This output is of type `string`. |
+| <a name="output_az_zones"></a> [az\_zones](#output\_az\_zones) | A list of the Availability Zones that have been used. This output is of type `list(string)`. |
 | <a name="output_private_subnet_ids"></a> [private\_subnet\_ids](#output\_private\_subnet\_ids) | A list of the private subnet IDs that have been created. This output is of type `list(string)`. |
 | <a name="output_public_subnet_ids"></a> [public\_subnet\_ids](#output\_public\_subnet\_ids) | A list of the public subnet IDs that have been created. This output is of type `list(string)`. |
-| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC that has been created. This output is of type `list(string)`. |
+| <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC that has been created. This output is of type `string`. |
 <!-- END_TF_DOCS -->
 
 # Example Usage

From c2e8353f402964fdea3a7059f04901ef5d3ee888 Mon Sep 17 00:00:00 2001
From: Kris Bloe <kris.bloe@answerdigital.com>
Date: Thu, 31 Aug 2023 11:55:52 +0100
Subject: [PATCH 09/10] Just formatting

---
 .github/workflows/terraform.yml | 2 +-
 README.md                       | 2 +-
 modules/aws/vpc/variables.tf    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 1e9e00a..184cf42 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -131,7 +131,7 @@ jobs:
 
       - uses: stefanzweifel/git-auto-commit-action@v4
         with:
-          commit_message: Update dependabot terraform entries
+          commit_message: Update dependabot Terraform entries
           commit_author: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
           file_pattern: .github/dependabot.yml
           skip_checkout: true
diff --git a/README.md b/README.md
index 49f43af..6a653c4 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ The repo for Answer Digital shared Terraform modules.
 
 ## Using these modules
 
-You can use these modules in your own terraform projects as follows:
+You can use these modules in your own Terraform projects as follows:
 
 ```hcl
 module "ec2_setup" {
diff --git a/modules/aws/vpc/variables.tf b/modules/aws/vpc/variables.tf
index 316d0bd..29c75d9 100644
--- a/modules/aws/vpc/variables.tf
+++ b/modules/aws/vpc/variables.tf
@@ -72,7 +72,7 @@ variable "enable_dns_hostnames" {
 # Availability Zone variables
 variable "azs" {
   type        = list(string)
-  description = "This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your terraform project."
+  description = "This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your Terraform project."
   default     = []
 }
 

From 025dc071db1cbb2f0aef425833ba16b9e7a69fa8 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 31 Aug 2023 10:56:53 +0000
Subject: [PATCH 10/10] terraform-docs: automated action

---
 modules/aws/vpc/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md
index ac184f9..88db2f8 100644
--- a/modules/aws/vpc/README.md
+++ b/modules/aws/vpc/README.md
@@ -46,7 +46,7 @@ traffic, this is good from an auditing perspective, however you will be charged
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your terraform project. | `list(string)` | `[]` | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | This is a list that specifies all the Availability Zones that will have public and private subnets in it. Defaulting this value to an empty list selects of all the Availability Zones in the region you specify when defining the provider in your Terraform project. | `list(string)` | `[]` | no |
 | <a name="input_enable_dns_hostnames"></a> [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | This allows AWS DNS hostname support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | This allows AWS DNS support to be switched on or off. | `bool` | `true` | no |
 | <a name="input_enable_vpc_flow_logs"></a> [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Whether to enable VPC Flow Logs for this VPC, this has cost but is considered a security risk without | `bool` | n/a | yes |