variable "cidr" { default = "10.0.0.0/16" } variable "environment" {} variable "az_count" { default = 3 } locals { azs = slice(data.aws_availability_zones.available.names, 0, var.az_count) public_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i)] private_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i + 10)] } data "aws_availability_zones" "available" { state = "available" } resource "aws_vpc" "main" { cidr_block = var.cidr enable_dns_hostnames = true enable_dns_support = true tags = { Name = "nexus-${var.environment}", Environment = var.environment } } # Flow logs — added after security review flagged their absence resource "aws_flow_log" "main" { vpc_id = aws_vpc.main.id traffic_type = "ALL" iam_role_arn = aws_iam_role.flow_log.arn log_destination = aws_cloudwatch_log_group.flow_log.arn }