This module will manage a Transit Gateway, as well as its Route Tables, Routes, VPC attachments, Route Table associations and propagations, and VPC routes associated with the VPC attachments.
This module includes several submodules for different workflows and use cases.
cross-account-vpc-attachment
: Creates a cross-account Transit Gateway VPC Attachment by managing the invite/accept interaction between two accounts. Requires two providers, one for each account. The providers must be different accounts, and must be using the same region. The Transit Gateway must be shared using the AWS Resource Access Manager.cross-region-peering-attachment
:: Creates a cross-region Peering Attachment, managing the invite/accept workflow between the two regions. Requires two providers, one for each region. The providers may be the same or different account, but must be different regions.peering-accepter
: Accepts a peering attachment request. Used by the cross-region-peering-attachment module.peering-attachment
: Sends a peering attachment invite. Used by the cross-region-peering-attachment module.route
: Creates a Transit Gateway Route.route-table
: Creates a Transit Gateway Route Table.vpc-accepter
: Accepts a VPC attachment request. Used by the cross-account-vpc-attachment module. Will also the create Transit Gateway Route Table association and propagations for the attachment, and will manage VPC routes associated with the attachment.vpc-attachment
: Sends a VPC attachment invite. Used by the cross-account-vpc-attachment module. Will also the create Transit Gateway Route Table association and propagations for the attachment, and will manage VPC routes associated with the attachment.
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 5.69.0 |
Name | Version |
---|---|
aws | >= 5.69.0 |
Name | Type |
---|
Name | Description | Type | Default | Required |
---|---|---|---|---|
amazon_side_asn | Private Autonomous System Number (ASN) for the Amazon side of a BGP session (range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASN) | number |
64512 |
no |
auto_accept_shared_attachments | Whether resource attachment requests are automatically accepted (valid values: disable, enable) | string |
"disable" |
no |
default_route_table_association | Whether resource attachments are automatically associated with the default association route table (valid values: disable, enable) | string |
"enable" |
no |
default_route_table_propagation | Whether resource attachments automatically propagate routes to the default propagation route table (valid values: disable, enable) | string |
"enable" |
no |
description | Description of the EC2 Transit Gateway | string |
null |
no |
dns_support | Whether DNS support is enabled (valid values: disable, enable) | string |
"enable" |
no |
prefix_list_references | List of TGW prefix list references to add to TGW route tables | list(object({ |
[] |
no |
route_tables | List of TGW route tables to create with the transit gateway | list(object({ |
[] |
no |
routes | List of TGW routes to add to TGW route tables | list(object({ |
[] |
no |
security_group_referencing_support | Whether Security Group Referencing Support is enabled. Valid values: disable, enable | string |
"enable" |
no |
tags | Map of tags to apply to the TGW and associated resources | map(string) |
{} |
no |
vpc_attachments | List of VPC attachments to create with the transit gateway | list(object({ |
[] |
no |
vpn_ecmp_support | Whether VPN Equal Cost Multipath Protocol support is enabled (valid values: disable, enable) | string |
"disable" |
no |
Name | Description |
---|---|
prefix_list_references | Map of TGW prefix list reference objects |
route_tables | Map of TGW route table objects |
routes | Map of TGW route objects |
transit_gateway | Object with attributes of the Transit Gateway |
vpc_attachments | Map of TGW peering attachment objects |
This module has tests that require multiple providers. In order to simplify the provider config, it
assumes you have AWS Profiles named aws
and awsalternate
. These profiles should
resolve a credential for two different accounts.