From 43d2b18573e84c0bb01fdaafb9f65e6769380971 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 9 Feb 2023 06:28:49 -0500 Subject: [PATCH] update, add variables --- .../tgw/vpc-transit-gateway.tf | 10 +++--- .../variables.subnets.auto.tfvars | 1 + .../variables.tgw_environment.tf | 6 ++++ .../variables.vpc.auto.tfvars | 31 ++++++++++--------- .../full-setup-tf-upgrade/variables.vpc.tf | 12 +++++++ examples/full-setup-tf-upgrade/vpc.tf | 2 +- 6 files changed, 42 insertions(+), 20 deletions(-) diff --git a/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf b/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf index 450d54f..6fea554 100644 --- a/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf +++ b/examples/full-setup-tf-upgrade/tgw/vpc-transit-gateway.tf @@ -27,7 +27,7 @@ module "vpc_tgw_data" { tags = merge( local.common_tags, - # var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {}, + var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {}, ) } @@ -58,13 +58,13 @@ module "vpc_tgw_self" { route_prefix_list_name = format("transit-gateway.%v", var.tgw_label) vpn_route_prefix_list_name = format("vpn-transit-gateway.%v", var.tgw_label) data_input = module.vpc_tgw_data.data_output - enable_vpn_routing = true + enable_vpn_routing = var.tgw_enable_vpn_routing # create_prefix_list_routing = false # create_static_peer_routing = false tags = merge( local.common_tags, - # var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {}, + var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {}, ) } @@ -91,13 +91,13 @@ module "vpc_tgw_peer" { route_prefix_list_name = format("transit-gateway.%v", var.tgw_label) vpn_route_prefix_list_name = format("vpn-transit-gateway.%v", var.tgw_label) data_input = module.vpc_tgw_data.data_output - enable_vpn_routing = true + enable_vpn_routing = var.tgw_enable_vpn_routing # create_prefix_list_routing = false # create_static_peer_routing = false tags = merge( local.common_tags, - # var.shared_vpc_label!=null ? { "boc:network_shared"= var.shared_vpc_label } : {}, + var.shared_vpc_label != null ? { "boc:network_shared" = var.shared_vpc_label } : {}, ) depends_on = [module.vpc_tgw_self] diff --git a/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars b/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars index 3c5dae7..0255455 100644 --- a/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars +++ b/examples/full-setup-tf-upgrade/variables.subnets.auto.tfvars @@ -3,6 +3,7 @@ public_subnets = [ ] private_subnets = [ { base_cidr = "10.188.65.0/24", label = "endpoints", bits = 2, private = true, enabled = true, tags = {} }, + { base_cidr = "10.188.65.192/26", label = "attachment", bits = 2, private = true, enabled = true, tags = { "boc:vpc:route-table" = "attachment" } }, { base_cidr = "10.188.66.0/23", label = "private-lb", bits = 2, private = true, enabled = true, tags = { "kubernetes.io/role/internal-elb" = 1 } }, diff --git a/examples/full-setup-tf-upgrade/variables.tgw_environment.tf b/examples/full-setup-tf-upgrade/variables.tgw_environment.tf index c52aba3..ed7c56d 100644 --- a/examples/full-setup-tf-upgrade/variables.tgw_environment.tf +++ b/examples/full-setup-tf-upgrade/variables.tgw_environment.tf @@ -3,3 +3,9 @@ variable "tgw_environment" { type = string default = null } + +variable "tgw_enable_vpn_routing" { + description = "Enable VPN routing over Transit Gateway" + type = bool + default = false +} diff --git a/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars b/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars index aa2aaab..8aeb5af 100644 --- a/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars +++ b/examples/full-setup-tf-upgrade/variables.vpc.auto.tfvars @@ -1,17 +1,19 @@ -vpc_name = "dice-ite" -vpc_cidr_block = "10.188.64.0/19" -vpc_index = "4" -vpc_short_name = "vpc4" -vpc_full_name = "vpc4-dice-ite" -vpc_environment = "ite" -vpc_domain_name = "ite.dice.census.gov" -vpc_dns_servers = ["148.129.127.22", "148.129.191.22"] -vpc_ntp_servers = ["148.129.127.23", "148.129.191.23"] -vpc_enable_igw = false -vpc_enable_nat = false -vpc_enable_vpn = true -vpc_enable_awsdns = true -availability_zones = [] +vpc_name = "dice-ite" +vpc_cidr_block = "10.188.64.0/19" +vpc_index = "4" +vpc_short_name = "vpc4" +vpc_full_name = "vpc4-dice-ite" +vpc_environment = "ite" +vpc_domain_name = "ite.dice.census.gov" +vpc_dns_servers = ["148.129.127.22", "148.129.191.22"] +vpc_ntp_servers = ["148.129.127.23", "148.129.191.23"] +vpc_enable_igw = false +vpc_enable_nat = false +vpc_enable_vpn = true +vpc_enable_vpn_routing = true +vpc_enable_awsdns = true +availability_zones = [] +shared_vpc_label = "" vpn_settings = [ { site = "hq", "bgp_asn_id" = 65510, "ip_address" = "148.129.163.NNN" }, @@ -23,3 +25,4 @@ services_peer_settings = { "west" = { peer_name = "vpc1-services", region = "us-gov-west-1", rule_number = 2210 } "east" = { peer_name = "vpc1-services", region = "us-gov-east-1", rule_number = 2260 } } + diff --git a/examples/full-setup-tf-upgrade/variables.vpc.tf b/examples/full-setup-tf-upgrade/variables.vpc.tf index 2750e8b..e90c533 100644 --- a/examples/full-setup-tf-upgrade/variables.vpc.tf +++ b/examples/full-setup-tf-upgrade/variables.vpc.tf @@ -42,6 +42,12 @@ variable "vpc_enable_vpn" { default = true } +variable "vpc_enable_vpn_routing" { + description = "Enable routing through AWS VPN Configuration on the VPC" + type = bool + default = true +} + variable "vpc_enable_awsdns" { description = "Enable AWS DNS on the VPC" type = bool @@ -86,3 +92,9 @@ variable "peer_settings" { )) default = {} } + +variable "shared_vpc_label" { + description = "Label to use for shared VPC for flowlogs and other things" + type = string + default = "" +} diff --git a/examples/full-setup-tf-upgrade/vpc.tf b/examples/full-setup-tf-upgrade/vpc.tf index 769c04f..49a56c5 100644 --- a/examples/full-setup-tf-upgrade/vpc.tf +++ b/examples/full-setup-tf-upgrade/vpc.tf @@ -79,7 +79,7 @@ module "vpn" { vpc_full_name = var.vpc_full_name vpc_environment = var.vpc_environment vpn_settings = var.vpn_settings - route_table_ids = values(module.routing.private_route_table_ids) + route_table_ids = var.vpc_enable_vpn_routing && ! var.tgw_enable_vpn_routing ? values(module.routing.private_route_table_ids) : [] tags = merge( local.tags,