Skip to content

Terraform module to create a transit gateway attachment in one account and accept the attachment in the owner account

License

Notifications You must be signed in to change notification settings

plus3it/terraform-aws-tardigrade-transit-gateway

Repository files navigation

terraform-aws-tardigrade-transit-gateway

This module will manage a Transit Gateway, as well as its Route Tables, Routes, VPC attachments, Route Table associations and propagations, and VPC routes associated with the VPC attachments.

Submodules

This module includes several submodules for different workflows and use cases.

  • cross-account-vpc-attachment: Creates a cross-account Transit Gateway VPC Attachment by managing the invite/accept interaction between two accounts. Requires two providers, one for each account. The providers must be different accounts, and must be using the same region. The Transit Gateway must be shared using the AWS Resource Access Manager.
  • cross-region-peering-attachment:: Creates a cross-region Peering Attachment, managing the invite/accept workflow between the two regions. Requires two providers, one for each region. The providers may be the same or different account, but must be different regions.
  • peering-accepter: Accepts a peering attachment request. Used by the cross-region-peering-attachment module.
  • peering-attachment: Sends a peering attachment invite. Used by the cross-region-peering-attachment module.
  • route: Creates a Transit Gateway Route.
  • route-table: Creates a Transit Gateway Route Table.
  • vpc-accepter: Accepts a VPC attachment request. Used by the cross-account-vpc-attachment module. Will also the create Transit Gateway Route Table association and propagations for the attachment, and will manage VPC routes associated with the attachment.
  • vpc-attachment: Sends a VPC attachment invite. Used by the cross-account-vpc-attachment module. Will also the create Transit Gateway Route Table association and propagations for the attachment, and will manage VPC routes associated with the attachment.

Requirements

Name Version
terraform >= 0.13
aws >= 5.69.0

Providers

Name Version
aws >= 5.69.0

Resources

Name Type

Inputs

Name Description Type Default Required
amazon_side_asn Private Autonomous System Number (ASN) for the Amazon side of a BGP session (range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASN) number 64512 no
auto_accept_shared_attachments Whether resource attachment requests are automatically accepted (valid values: disable, enable) string "disable" no
default_route_table_association Whether resource attachments are automatically associated with the default association route table (valid values: disable, enable) string "enable" no
default_route_table_propagation Whether resource attachments automatically propagate routes to the default propagation route table (valid values: disable, enable) string "enable" no
description Description of the EC2 Transit Gateway string null no
dns_support Whether DNS support is enabled (valid values: disable, enable) string "enable" no
prefix_list_references List of TGW prefix list references to add to TGW route tables
list(object({
# name used as for_each key
name = string
prefix_list_id = string
# name from route_tables or id of a pre-existing route table
transit_gateway_route_table = string

blackhole = optional(bool, false)
default_route_table = optional(bool, false)
# name from vpc_attachments or id of a pre-existing tgw attachment
transit_gateway_attachment = optional(string)
}))
[] no
route_tables List of TGW route tables to create with the transit gateway
list(object({
# name used as for_each key
name = string
tags = map(string)
}))
[] no
routes List of TGW routes to add to TGW route tables
list(object({
# name used as for_each key
name = string
blackhole = bool
default_route_table = bool
destination_cidr_block = string
# name from vpc_attachments or id of a pre-existing tgw attachment
transit_gateway_attachment = string
# name from route_tables or id of a pre-existing route table
transit_gateway_route_table = string
}))
[] no
security_group_referencing_support Whether Security Group Referencing Support is enabled. Valid values: disable, enable string "enable" no
tags Map of tags to apply to the TGW and associated resources map(string) {} no
vpc_attachments List of VPC attachments to create with the transit gateway
list(object({
# name used as for_each key
name = string
subnet_ids = list(string)
appliance_mode_support = string
dns_support = string
ipv6_support = string
tags = map(string)
vpc_routes = optional(list(object({
# name is used as for_each key
name = string
route_table_id = string
destination_cidr_block = optional(string)
destination_ipv6_cidr_block = optional(string)
destination_prefix_list_id = optional(string)
})), [])
transit_gateway_default_route_table_association = bool
transit_gateway_default_route_table_propagation = bool
# name from route_tables or id of a pre-existing route table
transit_gateway_route_table_association = string
# list of route table names from route_tables or ids of pre-existing route tables
transit_gateway_route_table_propagations = list(string)
}))
[] no
vpn_ecmp_support Whether VPN Equal Cost Multipath Protocol support is enabled (valid values: disable, enable) string "disable" no

Outputs

Name Description
prefix_list_references Map of TGW prefix list reference objects
route_tables Map of TGW route table objects
routes Map of TGW route objects
transit_gateway Object with attributes of the Transit Gateway
vpc_attachments Map of TGW peering attachment objects

Testing

This module has tests that require multiple providers. In order to simplify the provider config, it assumes you have AWS Profiles named aws and awsalternate. These profiles should resolve a credential for two different accounts.

About

Terraform module to create a transit gateway attachment in one account and accept the attachment in the owner account

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages