Skip to content

Latest commit

 

History

History
110 lines (91 loc) · 9.97 KB

README.md

File metadata and controls

110 lines (91 loc) · 9.97 KB

terraform-aws-transit-gateway

Terraform module to provision:

Introduction

This module is configurable via a few transit gateway and route table specific variables but mainly via the variable tgw_config which defines all attachments and accepters associated with the Transit Gateway.

The variable tgw_config is an object with four keys:

  • tgw_vpc_attachments
  • tgw_vpc_attachment_accepters
  • tgw_peering_attachments
  • tgw_peering_attachment_accepters

The value of each of these keys is a map of objects with the attachment/accepter name as key and its configuration as value. Below we are providing a brief description of these elements and their field:

  • tgw_vpc_attachments

    • vpc_id - The ID of the VPC for which to create a VPC attachment
    • subnet_id - The IDs of the subnets in the VPC where the transit gateway will be attached to.
    • rt_association - Whether to enable route table association for the VPC attachment.
    • rt_propagation - Whether to enable route table propagation for the VPC attachment.
    • static_route - A set of objects with two elements describing the list of routes that will be added to the transit gateway route table pointing to the attachments. It only takes effect if rt_propagation is set to false.
      • blackhole - Whether the static route is a blackhole.
      • destination_cidr_block - CIDR block for individual route
    • tags - Tags for the Transit Gateway VPC attachment.
  • tgw_vpc_attachment_accepters

    • transit_gateway_attachment_id - The ID of the VPC attachment to accept.
    • rt_association - Whether to enable route table association for the VPC accepter.
    • rt_propagation - Whether to enable route table propagation for the VPC accepter.
    • transit_gateway_default_route_table_association - Whether to associate the accepter with the default route table if existing.
    • transit_gateway_default_route_table_propagation - Whether to propagate the accepter route to the default route table if existing.
    • static_routes - A set of objects with two elements describing the list of routes that will be added to the transit gateway route table pointing to the accepted VPC attachment. It only takes effect if rt_propagation is set to false.
      • blackhole - Whether the static route is a blackhole.
      • destination_cidr_block - CIDR block for individual route
    • tags - Tags for the Transit Gateway VPC accepter
  • tgw_peering_attachments

    • peer_account_id - The account ID of the transit gateway to peer with. Mandatory if the peer is in a different account from the one the AWS provider si currently connected to.
    • peer_region - The region of the transit gateway to peer with.
    • peer_transit_gateway_id -
    • rt_association - Whether to enable route table association for the peering attachment.
    • static_routes - A set of objects with two elements describing the list of routes that will be added to the transit gateway route table pointing to the peer transit gateway.
      • blackhole - Whether the static route is a blackhole.
      • destination_cidr_block - CIDR block for individual route
    • tags - Tags for the Transit Gateway peer attachment.
  • tgw_peering_attachment_accepters

    • transit_gateway_attachment_id - The ID of the peering attachment to accept.
    • rt_association - Whether to enable route table association for the peer accepter.
    • static_routes - A set of objects with two elements describing the list of routes that will be added to the transit gateway route table pointing to the accepted peer transit gateway.
      • blackhole - Whether the static route is a blackhole.
      • destination_cidr_block - CIDR block for individual route
    • tags - Tags for the Transit Gateway peer accepter.

Requirements

Name Version
terraform >= 0.13.0
aws >= 3.5.0

Providers

Name Version
aws >= 3.5.0

Inputs

Name Description Type Default Required
amazon_side_asn (Optional) Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. number 64512 no
auto_accept_shared_attachments (Optional) Whether resource attachment requests are automatically accepted. Valid values: disable, enable string "disable" no
create_transit_gateway Whether to create a Transit Gateway. If set to false, an existing Transit Gateway ID must be provided in the variable existing_transit_gateway_id bool true no
create_transit_gateway_route_table Whether to create a Transit Gateway Route Table. If set to false, an existing Transit Gateway Route Table ID must be provided in the variable existing_transit_gateway_route_table_id bool true no
default_route_table_association (Optional) Whether resource attachments are automatically associated with the default association route table. Valid values: disable, enable string "disable" no
default_route_table_propagation (Optional) Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: disable, enable string "disable" no
dns_support (Optional) Whether DNS support is enabled. Valid values: disable, enable string "enable" no
existing_transit_gateway_id Existing Transit Gateway ID. If provided, the module will not create a Transit Gateway but instead will use the existing one string null no
existing_transit_gateway_route_table Existing Transit Gateway Route Table ID. If provided, the module will not create a Transit Gateway Route Table but instead will use the existing one string null no
tgw_config Configuration for VPC attachments, TGW peering attachments, Route Table association, propagation, static routes and VPC and TGW accepters. Set key's values to null to prevent resource creation
object({

tgw_vpc_attachments = map(object({
vpc_id = string
subnet_id = set(string)
rt_association = bool
rt_propagation = bool
static_routes = set(object({
blackhole = bool
destination_cidr_block = string
}))
tags = map(string)
}))

tgw_vpc_attachment_accepters = map(object({
transit_gateway_attachment_id = string
rt_association = bool
rt_propagation = bool
transit_gateway_default_route_table_association = bool
transit_gateway_default_route_table_propagation = bool
static_routes = set(object({
blackhole = bool
destination_cidr_block = string
}))
tags = map(string)
}))

tgw_peering_attachments = map(object({
peer_account_id = string
peer_region = string
peer_transit_gateway_id = string
rt_association = bool
static_routes = set(object({
blackhole = bool
destination_cidr_block = string
}))
tags = map(string)
}))

tgw_peering_attachment_accepters = map(object({
transit_gateway_attachment_id = string
rt_association = bool
static_routes = set(object({
blackhole = bool
destination_cidr_block = string
}))
tags = map(string)
}))
})
null no
tgw_route_table_name (optional) name of transit gateway route tables want to create besides the default route table string null no
transit_gateway_description (Optional) Description of the EC2 Transit Gateway. string "" no
transit_gateway_name Name for the new transit gateway string null no
transit_gateway_route_table_tags (Optional) Key-value tags for the EC2 Transit Gateway Route Table. map(string) {} no
transit_gateway_tags (Optional) Key-value tags for the EC2 Transit Gateway. map(string) {} no
vpn_ecmp_support (Optional) Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: disable, enable string "enable" no

Outputs

Name Description
tgw_module_configuration Map with all data from TGW, route table, associations, propagations, routes and accepters created by this module
tgw_peering_attachment_ids IDs of the transit gateway peering attachments
transit_gateway_id Transit Gateway identifier