From 863165aa8cef01c9bf92c7dbccb765a29a657e6d Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Thu, 24 Aug 2023 15:58:17 +0200 Subject: [PATCH 01/13] [CORE-2591] update the aws_route resource to attach to the vpc with the shared tgw --- main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index 7a2fe44..884309b 100644 --- a/main.tf +++ b/main.tf @@ -15,6 +15,7 @@ locals { for rtb_id in try(v.vpc_route_table_ids, []) : { rtb_id = rtb_id cidr = v.tgw_destination_cidr + tgw_id = v.tgw_id } ] ]) @@ -110,11 +111,11 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for x in local.vpc_route_table_destination_cidr : x.rtb_id => x.cidr } + for_each = { for x in local.vpc_route_table_destination_cidr : x.tgw_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } - route_table_id = each.key - destination_cidr_block = each.value - transit_gateway_id = aws_ec2_transit_gateway.this[0].id + route_table_id = each.value.rtb_id + destination_cidr_block = each.value.cidr + transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.key } resource "aws_ec2_transit_gateway_route_table_association" "this" { From 357cc4d9fa18669aed92f597adab6faee93aff03 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Tue, 12 Sep 2023 12:47:01 +0300 Subject: [PATCH 02/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 884309b..9e64620 100644 --- a/main.tf +++ b/main.tf @@ -111,7 +111,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for x in local.vpc_route_table_destination_cidr : x.tgw_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } + for_each = { for x in local.vpc_route_table_destination_cidr : x.cidr => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 2a49229dab0e4a4ae5918868b091a63500a0a9fc Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Tue, 12 Sep 2023 12:51:59 +0300 Subject: [PATCH 03/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 9e64620..2829ba3 100644 --- a/main.tf +++ b/main.tf @@ -111,7 +111,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for x in local.vpc_route_table_destination_cidr : x.cidr => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } + for_each = { for x in local.vpc_route_table_destination_cidr : x => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From a8ead394cb5b00c4a9fdf1074ecf4be6f0dbb1fe Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Tue, 12 Sep 2023 12:52:59 +0300 Subject: [PATCH 04/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 2829ba3..f3b74d1 100644 --- a/main.tf +++ b/main.tf @@ -111,7 +111,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for x in local.vpc_route_table_destination_cidr : x => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : index => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From f0ddcbaa6b398891ce0fda1ac992b356ae186fe7 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Tue, 12 Sep 2023 14:01:58 +0300 Subject: [PATCH 05/13] chore --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index f3b74d1..a811931 100644 --- a/main.tf +++ b/main.tf @@ -111,11 +111,11 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : index => { "rtb_id" : x.rtb_id, "cidr" : x.cidr } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : index => { "rtb_id" : x.rtb_id, "cidr" : x.cidr , "tgw_id": x.tgw_id} } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr - transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.key + transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.value.tgw_id } resource "aws_ec2_transit_gateway_route_table_association" "this" { From 0596e72b628bd090261fafd7bd47b34ed67503a8 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Tue, 12 Sep 2023 14:04:01 +0300 Subject: [PATCH 06/13] chore --- main.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/main.tf b/main.tf index a811931..70a1868 100644 --- a/main.tf +++ b/main.tf @@ -13,9 +13,10 @@ locals { vpc_route_table_destination_cidr = flatten([ for k, v in var.vpc_attachments : [ for rtb_id in try(v.vpc_route_table_ids, []) : { - rtb_id = rtb_id - cidr = v.tgw_destination_cidr - tgw_id = v.tgw_id + vpc_attachment_id = k + rtb_id = rtb_id + cidr = v.tgw_destination_cidr + tgw_id = v.tgw_id } ] ]) @@ -111,7 +112,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : index => { "rtb_id" : x.rtb_id, "cidr" : x.cidr , "tgw_id": x.tgw_id} } + for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 32ae1dcbed7d1781a964de6926b73c4922e88559 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:07:09 +0300 Subject: [PATCH 07/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 70a1868..e429f5f 100644 --- a/main.tf +++ b/main.tf @@ -112,7 +112,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id + "-" + x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 269b9e08e9a3337d118e48b2721bce8f8bb5946f Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:08:41 +0300 Subject: [PATCH 08/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e429f5f..a22c326 100644 --- a/main.tf +++ b/main.tf @@ -112,7 +112,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id + "-" + x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id + x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 889a9deba2865f58ed0bb9e5015c3941fe7de5d9 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:10:17 +0300 Subject: [PATCH 09/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a22c326..b09e3bf 100644 --- a/main.tf +++ b/main.tf @@ -112,7 +112,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : x.vpc_attachment_id + x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 4bf5bea9ce34d052660fbd11dd4c9c5c52b8608d Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:37:03 +0300 Subject: [PATCH 10/13] chore --- main.tf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index b09e3bf..87546a9 100644 --- a/main.tf +++ b/main.tf @@ -12,12 +12,14 @@ locals { vpc_route_table_destination_cidr = flatten([ for k, v in var.vpc_attachments : [ - for rtb_id in try(v.vpc_route_table_ids, []) : { - vpc_attachment_id = k - rtb_id = rtb_id - cidr = v.tgw_destination_cidr - tgw_id = v.tgw_id - } + for rtb_id in try(v.vpc_route_table_ids, []) : [ + for tgw_route in try(v.tgw_routes, []) : { + vpc_attachment_id = k + rtb_id = rtb_id + cidr = tgw_route.destination_cidr_block + tgw_id = v.tgw_id + } + ] ] ]) } From 7957769f9c3ae9cdaa641b447c93eca02e26ce7e Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:40:20 +0300 Subject: [PATCH 11/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 87546a9..b0705f9 100644 --- a/main.tf +++ b/main.tf @@ -114,7 +114,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : x.rtb_id => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : "${x.rtb_id}-${x.cidr}" => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From 27fd38013b28a8f80e09714aa058560cf13f8623 Mon Sep 17 00:00:00 2001 From: elio-tohme Date: Wed, 13 Sep 2023 11:56:52 +0300 Subject: [PATCH 12/13] chore --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b0705f9..b38e2b7 100644 --- a/main.tf +++ b/main.tf @@ -114,7 +114,7 @@ resource "aws_ec2_transit_gateway_route" "this" { } resource "aws_route" "this" { - for_each = { for index, x in local.vpc_route_table_destination_cidr : "${x.rtb_id}-${x.cidr}" => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } + for_each = { for index, x in local.vpc_route_table_destination_cidr : "${x.tgw_id}-${x.rtb_id}-${x.cidr}" => { "rtb_id" : x.rtb_id, "cidr" : x.cidr, "tgw_id" : x.tgw_id } } route_table_id = each.value.rtb_id destination_cidr_block = each.value.cidr From c0982f07cf6d27bf5f83c4046f5a6556c5950436 Mon Sep 17 00:00:00 2001 From: Anderson Nogueira Date: Wed, 6 Dec 2023 10:09:21 +0100 Subject: [PATCH 13/13] CORE-2711 - add support for TG peering --- main.tf | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ variables.tf | 24 ++++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/main.tf b/main.tf index b38e2b7..708e324 100644 --- a/main.tf +++ b/main.tf @@ -177,3 +177,55 @@ resource "aws_ram_resource_share_accepter" "this" { share_arn = var.ram_resource_share_arn } + +# Transit Gateway Peering Attachment +resource "aws_ec2_transit_gateway_peering_attachment" "this" { + for_each = var.tgw_peering_attachments + + transit_gateway_id = aws_ec2_transit_gateway.this[0].id + peer_transit_gateway_id = each.value.peer_transit_gateway_id + peer_region = each.value.peer_region + peer_account_id = each.value.peer_account_id + + tags = merge( + var.tags, + { Name = "${var.name}-peering-${each.key}" } + ) + + lifecycle { + create_before_destroy = true + } +} + +# Accepting Peering Attachment +resource "aws_ec2_transit_gateway_peering_attachment_accepter" "this" { + count = length([for k, v in var.tgw_peering_attachments : v if v.request_accepter]) + + transit_gateway_attachment_id = tolist([for attachment in aws_ec2_transit_gateway_peering_attachment.this : attachment.id])[count.index] + + tags = merge( + var.tags, + { Name = "${var.name}-peering-accepter-${count.index}" } + ) +} + +# Transit Gateway Peering Route Table +resource "aws_ec2_transit_gateway_route_table" "peering" { + count = length(var.tgw_peering_attachments) > 0 ? 1 : 0 + + transit_gateway_id = aws_ec2_transit_gateway.this[0].id + + tags = merge( + var.tags, + { Name = "${var.name}-tgw-peering-route-table" } + ) +} + +# Routes for Peering Attachments +resource "aws_ec2_transit_gateway_route" "peering" { + for_each = { for r in var.tgw_peering_route_table_routes : "${r.peering_attachment_key}-${r.destination_cidr_block}" => r } + + destination_cidr_block = each.value.destination_cidr_block + transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.peering[0].id + transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment.this[each.value.peering_attachment_key].id +} diff --git a/variables.tf b/variables.tf index 0154bf6..d81790d 100644 --- a/variables.tf +++ b/variables.tf @@ -163,3 +163,27 @@ variable "ram_tags" { type = map(string) default = {} } + +################################################################################ +# TGW Peering Settings +################################################################################ +variable "tgw_peering_attachments" { + description = "A map of transit gateway peering attachments" + type = map(object({ + peer_transit_gateway_id = string + peer_region = string + peer_account_id = string + request_accepter = bool + })) + default = {} +} + +variable "tgw_peering_route_table_routes" { + description = "A list of routes for the Transit Gateway Peering Route Table" + type = list(object({ + destination_cidr_block = string + peering_attachment_key = string + })) + default = [] +} +