fix

terraform-modules · Oct 14, 2022 · 5b294e4 · 5b294e4
1 parent 608deb7
commit 5b294e4
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 1 deletion.
diff --git a/vpc-transit-gateway-association/associate.tf b/vpc-transit-gateway-association/associate.tf
@@ -0,0 +1,102 @@
+#---
+# attach this vpc to tgw (my region, my account)
+#---
+resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" {
+  count = var.transit_gateway_routing_type == "self" ? 1 : 0
+  #  subnet_ids                                      = [for sn in module.subnets.private_subnets_ids : sn.id if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  subnet_ids                                      = var.private_subnets_ids
+  transit_gateway_id                              = data.aws_ec2_transit_gateway.gateway_self.id
+  vpc_id                                          = local.vpc_id
+  dns_support                                     = "enable"
+  ipv6_support                                    = "disable"
+  transit_gateway_default_route_table_association = true
+  transit_gateway_default_route_table_propagation = true
+
+  tags = merge(
+    local.base_tags,
+    {
+      Name                  = format("tgwa-%v-%v-%v", var.tgw_label, var.vpc_short_name, local.region),
+      "boc:tgw_environment" = var.tgw_environment,
+    },
+  )
+}
+
+#---
+# assocaite this vpc to route table in self (my region, network account)
+#---
+resource "aws_ec2_transit_gateway_route_table_association" "route_table_self" {
+  count                          = var.transit_gateway_routing_type == "self" ? 1 : 0
+  provider                       = aws.self
+  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
+  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.tgw_environment]
+}
+
+#---
+# get rt variables for use later
+#---
+locals {
+  propagate_all_rt = ["services", "inter-region"]
+  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)]
+}
+
+#---
+# propagate this attachment to necessary RT (my region, network account)
+# for services, it is all but services
+# for all others, it is just itself
+# we will cover services and inter-region separately
+#---
+resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" {
+  provider = aws.self
+  for_each = var.transit_gateway_routing_type == "self" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] } : {}
+
+  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# propagate to services, inter-region
+# propagate all to inter-region table
+#---
+resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_common" {
+  provider = aws.self
+  for_each = var.transit_gateway_routing_type == "self" ? { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] } : {}
+
+  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# add routes to peer for non-services
+#---
+resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" {
+  provider               = aws.peer
+  for_each               = var.transit_gateway_routing_type == "peer" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.tgw_environment } : {}
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# always add routes to services
+#--
+resource "aws_ec2_transit_gateway_route" "vpc_peer_common" {
+  provider               = aws.peer
+  for_each               = var.transit_gateway_routing_type == "peer" ? { "services" = local.transit_gateway_route_table_ids_peer["services"] } : {}
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# if services, add routes to all other route tables
+#--
+resource "aws_ec2_transit_gateway_route" "vpc_peer_all" {
+  provider               = aws.peer
+  for_each               = var.transit_gateway_routing_type == "peer" && contains(local.propagate_all_rt, var.tgw_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {}
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/routing.tf
@@ -39,7 +39,7 @@ data "aws_ec2_managed_prefix_list" "tgw_ipv4" {
 
 resource "null_resource" "vpc_attachment_exists" {
   triggers = {
-    vpc_attachment = var.transit_gateway_routing_type == "self" ? aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[0].id : ""
+    vpc_attachment = var.transit_gateway_routing_type == "self" ? one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) : ""
   }
 }