update, add variables

terraform-modules · Feb 9, 2023 · 43d2b18 · 43d2b18
1 parent 547746e
commit 43d2b18
Show file tree

Hide file tree

Showing 6 changed files with 42 additions and 20 deletions.
diff --git a/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf b/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf
@@ -27,7 +27,7 @@ module "vpc_tgw_data" {
 
   tags = merge(
     local.common_tags,
-    #    var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {},
+    var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {},
   )
 }
 
@@ -58,13 +58,13 @@ module "vpc_tgw_self" {
   route_prefix_list_name      = format("transit-gateway.%v", var.tgw_label)
   vpn_route_prefix_list_name  = format("vpn-transit-gateway.%v", var.tgw_label)
   data_input                  = module.vpc_tgw_data.data_output
-  enable_vpn_routing          = true
+  enable_vpn_routing          = var.tgw_enable_vpn_routing
   #  create_prefix_list_routing  = false
   #  create_static_peer_routing  = false
 
   tags = merge(
     local.common_tags,
-    #    var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {},
+    var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {},
   )
 }
 
@@ -91,13 +91,13 @@ module "vpc_tgw_peer" {
   route_prefix_list_name      = format("transit-gateway.%v", var.tgw_label)
   vpn_route_prefix_list_name  = format("vpn-transit-gateway.%v", var.tgw_label)
   data_input                  = module.vpc_tgw_data.data_output
-  enable_vpn_routing          = true
+  enable_vpn_routing          = var.tgw_enable_vpn_routing
   #  create_prefix_list_routing  = false
   #  create_static_peer_routing  = false
 
   tags = merge(
     local.common_tags,
-    #    var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {},
+    var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {},
   )
 
   depends_on = [module.vpc_tgw_self]

diff --git a/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars b/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars
@@ -3,6 +3,7 @@ public_subnets = [
 ]
 private_subnets = [
   { base_cidr = "10.188.65.0/24", label = "endpoints", bits = 2, private = true, enabled = true, tags = {} },
+  { base_cidr = "10.188.65.192/26", label = "attachment", bits = 2, private = true, enabled = true, tags = { "boc:vpc:route-table" = "attachment" } },
   { base_cidr = "10.188.66.0/23", label = "private-lb", bits = 2, private = true, enabled = true,
     tags      = { "kubernetes.io/role/internal-elb" = 1 }
   },

diff --git a/examples/full-setup-tf-upgrade/variables.tgw_environment.tf b/examples/full-setup-tf-upgrade/variables.tgw_environment.tf
@@ -3,3 +3,9 @@ variable "tgw_environment" {
   type        = string
   default     = null
 }
+
+variable "tgw_enable_vpn_routing" {
+  description = "Enable VPN routing over Transit Gateway"
+  type        = bool
+  default     = false
+}
diff --git a/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars b/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars
@@ -1,17 +1,19 @@
-vpc_name           = "dice-ite"
-vpc_cidr_block     = "10.188.64.0/19"
-vpc_index          = "4"
-vpc_short_name     = "vpc4"
-vpc_full_name      = "vpc4-dice-ite"
-vpc_environment    = "ite"
-vpc_domain_name    = "ite.dice.census.gov"
-vpc_dns_servers    = ["148.129.127.22", "148.129.191.22"]
-vpc_ntp_servers    = ["148.129.127.23", "148.129.191.23"]
-vpc_enable_igw     = false
-vpc_enable_nat     = false
-vpc_enable_vpn     = true
-vpc_enable_awsdns  = true
-availability_zones = []
+vpc_name               = "dice-ite"
+vpc_cidr_block         = "10.188.64.0/19"
+vpc_index              = "4"
+vpc_short_name         = "vpc4"
+vpc_full_name          = "vpc4-dice-ite"
+vpc_environment        = "ite"
+vpc_domain_name        = "ite.dice.census.gov"
+vpc_dns_servers        = ["148.129.127.22", "148.129.191.22"]
+vpc_ntp_servers        = ["148.129.127.23", "148.129.191.23"]
+vpc_enable_igw         = false
+vpc_enable_nat         = false
+vpc_enable_vpn         = true
+vpc_enable_vpn_routing = true
+vpc_enable_awsdns      = true
+availability_zones     = []
+shared_vpc_label       = ""
 
 vpn_settings = [
   { site = "hq", "bgp_asn_id" = 65510, "ip_address" = "148.129.163.NNN" },
@@ -23,3 +25,4 @@ services_peer_settings = {
   "west" = { peer_name = "vpc1-services", region = "us-gov-west-1", rule_number = 2210 }
   "east" = { peer_name = "vpc1-services", region = "us-gov-east-1", rule_number = 2260 }
 }
+
diff --git a/examples/full-setup-tf-upgrade/variables.vpc.tf b/examples/full-setup-tf-upgrade/variables.vpc.tf
@@ -42,6 +42,12 @@ variable "vpc_enable_vpn" {
   default     = true
 }
 
+variable "vpc_enable_vpn_routing" {
+  description = "Enable routing through AWS VPN Configuration on the VPC"
+  type        = bool
+  default     = true
+}
+
 variable "vpc_enable_awsdns" {
   description = "Enable AWS DNS on the VPC"
   type        = bool
@@ -86,3 +92,9 @@ variable "peer_settings" {
   ))
   default = {}
 }
+
+variable "shared_vpc_label" {
+  description = "Label to use for shared VPC for flowlogs and other things"
+  type        = string
+  default     = ""
+}
diff --git a/examples/full-setup-tf-upgrade/vpc.tf b/examples/full-setup-tf-upgrade/vpc.tf
@@ -79,7 +79,7 @@ module "vpn" {
   vpc_full_name   = var.vpc_full_name
   vpc_environment = var.vpc_environment
   vpn_settings    = var.vpn_settings
-  route_table_ids = values(module.routing.private_route_table_ids)
+  route_table_ids = var.vpc_enable_vpn_routing && ! var.tgw_enable_vpn_routing ? values(module.routing.private_route_table_ids) : []
 
   tags = merge(
     local.tags,