backport tf-upgrade vpn gateway changes

terraform-modules · Aug 9, 2022 · 153a30c · 153a30c
1 parent 70895c0
commit 153a30c
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -133,3 +133,6 @@
 * 1.6.7 -- 2022-07-15
   - fix flowlogs filename
 
+* 1.6.8 -- 2022-08-9
+  - vpn
+    - fix vpn gateway (backport from tf-upgrade)
diff --git a/common/version.tf b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "1.6.7"
+  _module_version = "1.6.8"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

diff --git a/vpn/main.tf b/vpn/main.tf
@@ -57,7 +57,7 @@ locals {
     "boc:created_by"        = "terraform"
   }
 
-  vpn_gateway = element(concat(aws_vpn_gateway.vpn[*].id, []), 0)
+  #  vpn_gateway = element(concat(aws_vpn_gateway.vpn[*].id, []), 0)
 }
 
 
@@ -78,7 +78,7 @@ resource "aws_vpn_gateway" "vpn" {
 resource "aws_vpn_gateway_attachment" "vpn" {
   count          = var.create ? 1 : 0
   vpc_id         = var.vpc_id
-  vpn_gateway_id = local.vpn_gateway
+  vpn_gateway_id = var.create ? aws_vpn_gateway.vpn[0].id : null
 }
 
 #---
@@ -112,10 +112,9 @@ resource "random_string" "tunnel_preshared_key" {
 #  at this time, static routing is not an option.  We can re-code this later if needed
 #---
 resource "aws_vpn_connection" "vpn" {
-  for_each = var.create ? local.vpn_settings : {}
-  type     = "ipsec.1"
-  #  vpn_gateway_id        = aws_vpn_gateway.vpn.id
-  vpn_gateway_id        = local.vpn_gateway
+  for_each              = var.create ? local.vpn_settings : {}
+  type                  = "ipsec.1"
+  vpn_gateway_id        = var.create ? aws_vpn_gateway.vpn[0].id : null
   customer_gateway_id   = aws_customer_gateway.vpn[each.key].id
   tunnel1_preshared_key = length(var.custom_preshared_keys) == 0 ? random_string.tunnel_preshared_key[each.key].result : element(var.custom_preshared_keys, 0)
   tunnel2_preshared_key = length(var.custom_preshared_keys) == 0 ? random_string.tunnel_preshared_key[each.key].result : element(var.custom_preshared_keys, 1)
@@ -154,8 +153,7 @@ locals {
 resource "aws_vpn_gateway_route_propagation" "vpn" {
   for_each = var.create ? { for v in local.vpn_route_table_ids : "${v.site}.${v.route_table_id}" => v } : {}
 
-  #  vpn_gateway_id = aws_vpn_gateway.vpn.id
-  vpn_gateway_id = local.vpn_gateway
+  vpn_gateway_id = var.create ? aws_vpn_gateway.vpn[0].id : null
   route_table_id = each.value.route_table_id
 }
 

diff --git a/vpn/vpn-config.tf b/vpn/vpn-config.tf
@@ -3,6 +3,7 @@ locals {
     site              = v.site
     environment       = lookup(v, "environment", "")
     sequence          = lookup(v, "sequence", "")
+    file_label        = join("-", compact([v.site, lookup(v, "environment", ""), lookup(v, "sequence", "")]))
     label             = lookup(v, "label", var.vpc_full_name)
     full_label        = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, lookup(v, "label", var.vpc_full_name))
     customer_address  = aws_customer_gateway.vpn[k].ip_address
@@ -40,7 +41,7 @@ resource "null_resource" "generate_configs" {
   }
   provisioner "local-exec" {
     working_dir = "${path.root}/vpn-configs"
-    command     = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.label}.${each.value.vpn_connection_id}.txt"
+    command     = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.file_label}.${each.value.vpn_connection_id}.txt"
     environment = {
       AWS_PROFILE = var.profile
       AWS_REGION  = local.region