From 4a7678d37246ca07630c2c19d9fc4dd873cee2b5 Mon Sep 17 00:00:00 2001
From: DayneD89 <dayned89@gmail.com>
Date: Mon, 6 Sep 2021 14:15:38 +0100
Subject: [PATCH] feat: Added ability to pass different subnets for fargate and
 the cluster (#1527)

---
 README.md                | 1 +
 examples/fargate/main.tf | 3 ++-
 fargate.tf               | 2 +-
 variables.tf             | 6 ++++++
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 082b6e4..06b05eb 100644
--- a/README.md
+++ b/README.md
@@ -247,6 +247,7 @@ Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraf
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Whether to create OpenID Connect Provider for EKS to enable IRSA | `bool` | `false` | no |
 | <a name="input_fargate_pod_execution_role_name"></a> [fargate\_pod\_execution\_role\_name](#input\_fargate\_pod\_execution\_role\_name) | The IAM Role that provides permissions for the EKS Fargate Profile. | `string` | `null` | no |
 | <a name="input_fargate_profiles"></a> [fargate\_profiles](#input\_fargate\_profiles) | Fargate profiles to create. See `fargate_profile` keys section in fargate submodule's README.md for more details | `any` | `{}` | no |
+| <a name="input_fargate_subnets"></a> [fargate\_subnets](#input\_fargate\_subnets) | A list of subnets to place fargate workers within (if different from subnets). | `list(string)` | `[]` | no |
 | <a name="input_iam_path"></a> [iam\_path](#input\_iam\_path) | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no |
 | <a name="input_kubeconfig_aws_authenticator_additional_args"></a> [kubeconfig\_aws\_authenticator\_additional\_args](#input\_kubeconfig\_aws\_authenticator\_additional\_args) | Any additional arguments to pass to the authenticator such as the role to assume. e.g. ["-r", "MyEksRole"]. | `list(string)` | `[]` | no |
 | <a name="input_kubeconfig_aws_authenticator_command"></a> [kubeconfig\_aws\_authenticator\_command](#input\_kubeconfig\_aws\_authenticator\_command) | Command to use to fetch AWS EKS credentials. | `string` | `"aws-iam-authenticator"` | no |
diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
index 0697a58..254793f 100644
--- a/examples/fargate/main.tf
+++ b/examples/fargate/main.tf
@@ -61,7 +61,8 @@ module "eks" {
   source          = "../.."
   cluster_name    = local.cluster_name
   cluster_version = "1.20"
-  subnets         = module.vpc.private_subnets
+  subnets         = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]]
+  fargate_subnets = [module.vpc.private_subnets[2]]
 
   tags = {
     Environment = "test"
diff --git a/fargate.tf b/fargate.tf
index 413c582..f48aa34 100644
--- a/fargate.tf
+++ b/fargate.tf
@@ -8,7 +8,7 @@ module "fargate" {
   permissions_boundary              = var.permissions_boundary
   iam_path                          = var.iam_path
   iam_policy_arn_prefix             = local.policy_arn_prefix
-  subnets                           = var.subnets
+  subnets                           = coalescelist(var.fargate_subnets, var.subnets)
   tags                              = var.tags
 
   # Hack to ensure ordering of resource creation.
diff --git a/variables.tf b/variables.tf
index b2019fa..9b94c99 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,6 +87,12 @@ variable "map_users" {
   default = []
 }
 
+variable "fargate_subnets" {
+  description = "A list of subnets to place fargate workers within (if different from subnets)."
+  type        = list(string)
+  default     = []
+}
+
 variable "subnets" {
   description = "A list of subnets to place the EKS cluster and workers within."
   type        = list(string)