From 153a30c72838f153140f68706cda97eee765024e Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 9 Aug 2022 17:51:54 -0400 Subject: [PATCH] backport tf-upgrade vpn gateway changes --- CHANGELOG.md | 3 +++ common/version.tf | 2 +- vpn/main.tf | 14 ++++++-------- vpn/vpn-config.tf | 3 ++- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f967c06..e9adcd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -133,3 +133,6 @@ * 1.6.7 -- 2022-07-15 - fix flowlogs filename +* 1.6.8 -- 2022-08-9 + - vpn + - fix vpn gateway (backport from tf-upgrade) diff --git a/common/version.tf b/common/version.tf index 333737f..7fad35f 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,5 +1,5 @@ locals { - _module_version = "1.6.7" + _module_version = "1.6.8" _module_names = { "_main_" = "aws-vpc-setup" diff --git a/vpn/main.tf b/vpn/main.tf index d7a8c2a..52e09e2 100644 --- a/vpn/main.tf +++ b/vpn/main.tf @@ -57,7 +57,7 @@ locals { "boc:created_by" = "terraform" } - vpn_gateway = element(concat(aws_vpn_gateway.vpn[*].id, []), 0) + # vpn_gateway = element(concat(aws_vpn_gateway.vpn[*].id, []), 0) } @@ -78,7 +78,7 @@ resource "aws_vpn_gateway" "vpn" { resource "aws_vpn_gateway_attachment" "vpn" { count = var.create ? 1 : 0 vpc_id = var.vpc_id - vpn_gateway_id = local.vpn_gateway + vpn_gateway_id = var.create ? aws_vpn_gateway.vpn[0].id : null } #--- @@ -112,10 +112,9 @@ resource "random_string" "tunnel_preshared_key" { # at this time, static routing is not an option. We can re-code this later if needed #--- resource "aws_vpn_connection" "vpn" { - for_each = var.create ? local.vpn_settings : {} - type = "ipsec.1" - # vpn_gateway_id = aws_vpn_gateway.vpn.id - vpn_gateway_id = local.vpn_gateway + for_each = var.create ? local.vpn_settings : {} + type = "ipsec.1" + vpn_gateway_id = var.create ? aws_vpn_gateway.vpn[0].id : null customer_gateway_id = aws_customer_gateway.vpn[each.key].id tunnel1_preshared_key = length(var.custom_preshared_keys) == 0 ? random_string.tunnel_preshared_key[each.key].result : element(var.custom_preshared_keys, 0) tunnel2_preshared_key = length(var.custom_preshared_keys) == 0 ? random_string.tunnel_preshared_key[each.key].result : element(var.custom_preshared_keys, 1) @@ -154,8 +153,7 @@ locals { resource "aws_vpn_gateway_route_propagation" "vpn" { for_each = var.create ? { for v in local.vpn_route_table_ids : "${v.site}.${v.route_table_id}" => v } : {} - # vpn_gateway_id = aws_vpn_gateway.vpn.id - vpn_gateway_id = local.vpn_gateway + vpn_gateway_id = var.create ? aws_vpn_gateway.vpn[0].id : null route_table_id = each.value.route_table_id } diff --git a/vpn/vpn-config.tf b/vpn/vpn-config.tf index 25cac06..912eedb 100644 --- a/vpn/vpn-config.tf +++ b/vpn/vpn-config.tf @@ -3,6 +3,7 @@ locals { site = v.site environment = lookup(v, "environment", "") sequence = lookup(v, "sequence", "") + file_label = join("-", compact([v.site, lookup(v, "environment", ""), lookup(v, "sequence", "")])) label = lookup(v, "label", var.vpc_full_name) full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, lookup(v, "label", var.vpc_full_name)) customer_address = aws_customer_gateway.vpn[k].ip_address @@ -40,7 +41,7 @@ resource "null_resource" "generate_configs" { } provisioner "local-exec" { working_dir = "${path.root}/vpn-configs" - command = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.label}.${each.value.vpn_connection_id}.txt" + command = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.file_label}.${each.value.vpn_connection_id}.txt" environment = { AWS_PROFILE = var.profile AWS_REGION = local.region