From 5b294e48c9cff38248f6d8f5f22b6eda902f3b27 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 14 Oct 2022 12:19:27 -0400 Subject: [PATCH] fix --- vpc-transit-gateway-association/associate.tf | 102 +++++++++++++++++++ vpc-transit-gateway-association/routing.tf | 2 +- 2 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 vpc-transit-gateway-association/associate.tf diff --git a/vpc-transit-gateway-association/associate.tf b/vpc-transit-gateway-association/associate.tf new file mode 100644 index 0000000..6e38901 --- /dev/null +++ b/vpc-transit-gateway-association/associate.tf @@ -0,0 +1,102 @@ +#--- +# attach this vpc to tgw (my region, my account) +#--- +resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" { + count = var.transit_gateway_routing_type == "self" ? 1 : 0 + # subnet_ids = [for sn in module.subnets.private_subnets_ids : sn.id if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"] + subnet_ids = var.private_subnets_ids + transit_gateway_id = data.aws_ec2_transit_gateway.gateway_self.id + vpc_id = local.vpc_id + dns_support = "enable" + ipv6_support = "disable" + transit_gateway_default_route_table_association = true + transit_gateway_default_route_table_propagation = true + + tags = merge( + local.base_tags, + { + Name = format("tgwa-%v-%v-%v", var.tgw_label, var.vpc_short_name, local.region), + "boc:tgw_environment" = var.tgw_environment, + }, + ) +} + +#--- +# assocaite this vpc to route table in self (my region, network account) +#--- +resource "aws_ec2_transit_gateway_route_table_association" "route_table_self" { + count = var.transit_gateway_routing_type == "self" ? 1 : 0 + provider = aws.self + transit_gateway_attachment_id = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) + transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.tgw_environment] +} + +#--- +# get rt variables for use later +#--- +locals { + propagate_all_rt = ["services", "inter-region"] + selected_rt = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)] +} + +#--- +# propagate this attachment to necessary RT (my region, network account) +# for services, it is all but services +# for all others, it is just itself +# we will cover services and inter-region separately +#--- +resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" { + provider = aws.self + for_each = var.transit_gateway_routing_type == "self" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] } : {} + + transit_gateway_attachment_id = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) + transit_gateway_route_table_id = each.value +} + +#--- +# propagate to services, inter-region +# propagate all to inter-region table +#--- +resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_common" { + provider = aws.self + for_each = var.transit_gateway_routing_type == "self" ? { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] } : {} + + transit_gateway_attachment_id = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) + transit_gateway_route_table_id = each.value +} + +#--- +# add routes to peer for non-services +#--- +resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" { + provider = aws.peer + for_each = var.transit_gateway_routing_type == "peer" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.tgw_environment } : {} + destination_cidr_block = data.aws_vpc.vpc.cidr_block + + transit_gateway_attachment_id = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id + transit_gateway_route_table_id = each.value +} + +#--- +# always add routes to services +#-- +resource "aws_ec2_transit_gateway_route" "vpc_peer_common" { + provider = aws.peer + for_each = var.transit_gateway_routing_type == "peer" ? { "services" = local.transit_gateway_route_table_ids_peer["services"] } : {} + destination_cidr_block = data.aws_vpc.vpc.cidr_block + + transit_gateway_attachment_id = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id + transit_gateway_route_table_id = each.value +} + +#--- +# if services, add routes to all other route tables +#-- +resource "aws_ec2_transit_gateway_route" "vpc_peer_all" { + provider = aws.peer + for_each = var.transit_gateway_routing_type == "peer" && contains(local.propagate_all_rt, var.tgw_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {} + destination_cidr_block = data.aws_vpc.vpc.cidr_block + + transit_gateway_attachment_id = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id + transit_gateway_route_table_id = each.value +} diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/routing.tf index 9da4c59..d3a497c 100644 --- a/vpc-transit-gateway-association/routing.tf +++ b/vpc-transit-gateway-association/routing.tf @@ -39,7 +39,7 @@ data "aws_ec2_managed_prefix_list" "tgw_ipv4" { resource "null_resource" "vpc_attachment_exists" { triggers = { - vpc_attachment = var.transit_gateway_routing_type == "self" ? aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[0].id : "" + vpc_attachment = var.transit_gateway_routing_type == "self" ? one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) : "" } }