I ran into the same issue as https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/126 because there's nothing in the documentation making it clear that `create_database_subnet_group` only has an effect if you also specify `database_subnets`.

* add new endpoints

* merge change from master

* Add tags to VPC Endpoints

* Update variables.tf

add new line between variables

* centralize vpce tag param

* fix s3 tags

* Updated README

* Updated README

* Updated README

* AWS Glue VPC endpoint

* sagemaker notebook vpc endpoint

* correct service name for notebook endpoint

* added outputs kinesis

* added endpoints output glue, fix readme

* endpoint for STS

* endpoint for STS (variables)

* Added more VPC endpoints (Glue, STS, Sagemaker Notebook), and all missing outputs

* IPv6 support

Add variable "enable_ipv6" to allow enabling IPv6 support (resulting in
passing "assign_generated_ipv6_cidr_block" to aws_vpc.

Enabling IPv6 support further results in an Egress-only internet gateway
being provisioned and routing tables of subnets being adjusted.

Additional variables allow to choose the indices out of the /64 subnets
based on the assigned /56 range.

* Add example for IPv6 usage

* Remove redundant parameter assign_generated_ipv6_cidr_block

This is needed exactly when var.enable_ipv6 is true.

* Set subnet ipv6_cidr_block to null if unused

* Be picky about spelling

* Revert unrelated change

* More IPv6 spelling

* Added IPv6 support to VPC module

* Added IPv6 support to VPC module

* run terraform 0.12upgrade

* Cleanup for Terraform 0.12 (closes #265, #228)

* add ecs vpc endpoints

* add ecs vpcendpoints outputs

* add ecs vpc endpoints to readme inputs/outputs table

* add ecs vpc endpoints to readme endpoint list

* Improving DHCP options docs

* generating README from variables description

* Add variables for network ACLs

Add variables for specifying network ACLs for public, private, and
intra subnets. The ACLs are defined in a list, with sets of seven
elements for the rule number, rule action, from port, to port,
protocol, and cidr block.

* Add variables for network ACL tags

Add variables to specify additional tags for public, private, and intra
network ACL resources.

* Add resources for network ACLs

Add aws_network_acl and aws_network_acl_rule resources to specify
inbound and outbound network ACL rules for public, private, and intra
subnets.

* Add resource for default network ACL

Add a aws_default_network_acl resource to adopt the default network ACL
in the VPC.

* Adjust spacing to match code style

Remove the empty lines after comment blocks for network ACLs to match
the style of the rest of this module.

* Copy simple-vpc example as network-acls

Copy the simple-vpc example and adapt it to demonstrate the
configuration of network ACLs. A set of inbound and outbound ACLs are
specified in main.tf.

* Rename variables from _acls to _acl_rules

Clarify the variables for specifying ACL rules by renaming them from
*_acls to *_acl_rules. The values are used to create rules, not create
ACLs.

* Add nacl resources and variables for other subnets

Add aws_network_acl and aws_network_acl_rule resources for database,
redshift, and elasticache subnets, along with corresponding variables.
This provides network ACL coverage to all subnet types produced by this
module.

* Create ACLs only if there are subnets

For each subnet type, only create ACL resources if there are subnets
defined. For example, if database_subnets is empty, then don't create
ACL resources for database subnets.

* Add missing variables for ACL tags

Add the missing variable declarations for database_acl_tags,
redshift_acl_tags, and elasticache_acl_tags.

* Make ACL singular in description for _acl_tags

A single ACL is created for each of the subnet types. Update the
variable descriptions to reflect this.

* Convert rules to nested list of maps

Convert the NACL rule specifications from a list of lists to a list of
maps, as suggested by @jczerniak. This improves the readability of
rules.

* Restructure example config to use locals

Restructure the network ACL rules in the network-acls example to use
local variables to specify the rules, split between default and custom
rules.

* Follow-up for #174

* add public subnet for redshift to enable access for kinesis

* fix redshift subnet group name

* fix redshift public association

* add public redshift to documentation

* fix doc typo

* update code after review

* Added intra subnet suffix.

* Fixed duplicate intra

* Fixed tag