Terraform module to create and manage an AWS Transit Gateway.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
quentin.vallin f4be0ef86d Merge pull request 'feat/ Add custom tgw asn' (#15) from feature/asn_id into master 3 weeks ago
examples feat/ Add custom tgw asn 3 weeks ago
.gitignore refactor: removes unuseful rule in .gitignore 1 year ago
.pre-commit-config.yaml feat/ Add custom tgw asn 3 weeks ago
CHANGELOG.md feat/ Add custom tgw asn 3 weeks ago
Jenkinsfile feat/ upgrade to terraform 0.12 3 months ago
README.md feat/ Add custom tgw asn 3 weeks ago
data.tf feat/ upgrade to terraform 0.12 3 months ago
main.tf feat/ Add custom tgw asn 3 weeks ago
outputs.tf feat/ upgrade to terraform 0.12 3 months ago
variables.tf feat/ Add custom tgw asn 3 weeks ago
versions.tf feat/ Add custom tgw asn 3 weeks ago

README.md

Module AWS Transit Gateway

Creates a Transit Gateway.

This module works for a simple Transit Gateway creation. It also creat a VPC attachment, a shared resource for the Transit Gateway and update routes to point to the Transit Gateway. For more features and use case, make a PR.

Note: the Transit Gateway share resource acceptance, the VPC attachment and route propagation for the client account is not implemented in this module. For the following reasons:

  • With AWS provider 1.59 automated Resource Share acceptance is not available.
  • With terraform 0.11.X, VPC attachment in client accounts is not idempotent and will raise an error on subsequent calls.

Providers

Name Version
aws >= 2.18.0

Inputs

Name Description Type Default Required
amazon_side_asn Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. number 64512 no
customer_gateway_name_suffix Suffix of the name of the Customer Gateways. string "customer-gateway" no
customer_gateway_tags Tags of the Customer Gateways. map {} no
description Description of the Transit Gateway. string "" no
enable Whether or not to enable the entire module or not. bool true no
id ID of an existing transit gateway for attachement. If not specify, the module will create a new Transit Gateway (with var.tgw_create = true). string "" no
name_suffix Suffix of the name of the Transit Gateway. string "transit-gateway" no
prefix Prefix to be shared with all resource’s names of the module. string "tgw" no
resource_share_account_ids Ids of the account where the Transit Gateway should be shared. list [] no
resource_share_allow_external_principals Whether or not to allow external principals for the Resource Share for the Transit Gateway. bool true no
resource_share_create Whether or not to create a Resource Share for the Transit Gateway. This value cannot be computed automatically from other variables in Terraform 0.11.X. bool false no
resource_share_name Name of the Resource Share for the Transit Gateway. string "" no
resource_share_name_suffix Suffix of the name of the Resource Share. string "resource-share" no
resource_share_tags Tags of the Resource Share for the Transit Gateway. map {} no
route_attached_vpc_cidrs All the CIDRs of the attached VPCs to the Transit Gateway. These routes will be used to update the current VPC route tables, not the Transit Gateway route table itself. Note: the default value solves the Terraform variable preprocessing in 0.11.X, preventing conditions to work correctly when this variable is an empty list. To make sure routes are not updated with this dummy value, set vpc_routes_update=false. list
[
“127.0.0.1/32"
]
no
route_attached_vpn_cidrs All the CIDRs of the attached VPNs to the Transit Gateway. These routes will be used to update the current VPC route tables, not the Transit Gateway route table itself. Note: the default value solves the Terraform variable preprocessing in 0.11.X, preventing conditions to work correctly when this variable is an empty list. To make sure routes are not updated with this dummy value, set vpc_routes_update=false. list
[
“127.0.0.1/32"
]
no
subnet_ids Subnets to attached to the Transit Gateway. These subnets will be used internally by AWS to install the Transit Gateway. list [] no
tags Tags to be shared with all resources of the module. map {} no
tgw_create Whether or not to create a Transit Gateway. This value cannot be computed automatically in Terraform 0.11. bool true no
tgw_tags Tags specific of the Transit Gateway. Will be merged with var.tags. map {} no
vpc_attachement_create Whether or not to create the Transit Gateway VPC attachment. bool true no
vpc_attachement_tags Tags of the VPC attachement of the Transit Gateway. map {} no
vpc_attachment_name_suffix Suffix of the name of the VPC attachements. string "attachement" no
vpc_id Id of the VPC where to create the resources of the module. string "" no
vpc_route_table_ids All the route tables of the current VPC that should be aware of the sub accounts VPCs or VPNs attached to the Transit Gateway. They will be updated with with route_attached_vpn_cidrs and route_attached_vpc_cidrs. list [] no
vpc_routes_update Whether or not to update VPC route tables with route_attached_vpn_cidrs and route_attached_vpc_cidrs. This value cannot be computed automatically from other variables in Terraform 0.11.X. bool true no
vpc_transit_gateway_route_cidr_indexes List of VPC Connection index that connects vpc_transit_gateway_route_cidrs with the correct VPN. Tied with vpc_transit_gateway_route_cidrs, must have the same number of element. list [] no
vpc_transit_gateway_route_cidrs List routes for the VPC attachement to bind to the Transit Gateway route table. Tied with vpc_transit_gateway_route_cidr_indexes, must have the same number of element. list [] no
vpn_asns List of : The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). list [] no
vpn_ips List of VPN ip's for which you want a VPN Connection. list [] no
vpn_name_suffix Suffix of the name of the VPN Connections. string "vpn" no
vpn_static_routes_options List of: Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP. list [] no
vpn_tags Tags of the VPN Connections. map {} no
vpn_transit_gateway_route_cidr_indexes List of VPN Connection index that connects vpn_transit_gateway_route_cidrs with the correct VPN. Tied with vpn_transit_gateway_route_cidrs, must have the same number of element. list [] no
vpn_transit_gateway_route_cidrs List routes for the VPN attachement to bind to the Transit Gateway route table. Tied with vpn_transit_gateway_route_cidr_indexes, must have the same number of element. list [] no
vpn_type List of : The types of the VPN connections. The only type AWS supports at this time is ‘ipsec.1’. string "ipsec.1" no

Outputs

Name Description
arn n/a
association_default_route_table_id n/a
customer_gateway_ids n/a
customer_gateway_ids_count n/a
customer_gateway_ips n/a
customer_gateway_ips_count n/a
id n/a
owner_id n/a
propagation_default_route_table_id n/a
resource_share_id n/a
vpc_attachment_id n/a
vpn_connection_ids n/a
vpn_connection_ids_count n/a