- vpc-transit-gateway-association/self

- allow passing of transit_gateway_environments
terraform-modules · Jul 6, 2023 · 62d2729 · 62d2729
1 parent b293c34
commit 62d2729
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -337,3 +337,7 @@
 * 2.9.5 -- 2023-07-06
   - routing
     - change vpc to domain="vpc" due to aws provider changes
+
+* 2.9.6 -- 2023-07-06
+  - vpc-transit-gateway-association/self
+    - allow passing of transit_gateway_environments
diff --git a/common/version.tf b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.9.5"
+  _module_version = "2.9.6"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

diff --git a/vpc-transit-gateway-association/self/README.md b/vpc-transit-gateway-association/self/README.md
@@ -112,7 +112,7 @@ module "vpc_tgw_self" {
 | <a name="input_create_prefix_list_routing"></a> [create\_prefix\_list\_routing](#input\_create\_prefix\_list\_routing) | Flag to create (or not) prefix list routing. This is to be applied only on the TGW main account and VPCs | `bool` | `false` | no |
 | <a name="input_create_static_peer_routing"></a> [create\_static\_peer\_routing](#input\_create\_static\_peer\_routing) | Flag to create (or not) static peer. This can be applied on every account including the TGW main account. This conflicts with craete\_prefix\_list\_routing | `bool` | `false` | no |
 | <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone          = map(any)<br>    gateway_self              = string<br>    gateway_peer              = string<br>    route_tables_self         = map(any)<br>    route_tables_peer         = map(any)<br>    map_route_tables_self     = map(any)<br>    map_route_tables_peer     = map(any)<br>    map_vpn_route_tables_self = map(any)<br>    map_vpn_route_tables_peer = map(any)<br>    prefix_list_id_ipv4       = string<br>    vpn_prefix_list_id_ipv4   = string<br>    vpc_id                    = string<br>    vpc_cidr_block            = string<br>    vpc_cidr_blocks           = list(string)<br>  })</pre> | n/a | yes |
-| <a name="input_enable_vpn_routing"></a> [enable\_vpn\_routing](#input\_enable\_vpn\_routing) | Flag to enable VPN routing, handled through a prefix list.  This is used in the transition from per-VPC VPNs to TGW | `bool` | `false` | no |
+| <a name="input_enable_vpn_routing"></a> [enable\_vpn\_routing](#input\_enable\_vpn\_routing) | Flag to enable VPN routing, handled through a prefix list.  This is used in the transition from per-VPC VPNs to TGW | `bool` | `true` | no |
 | <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_private_route_table_ids"></a> [private\_route\_table\_ids](#input\_private\_route\_table\_ids) | Map of private route table IDs (which exclude the attachment subnets) | `map(string)` | `{}` | no |
@@ -121,6 +121,7 @@ module "vpc_tgw_self" {
 | <a name="input_route_table_label"></a> [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
+| <a name="input_transit_gateway_environments"></a> [transit\_gateway\_environments](#input\_transit\_gateway\_environments) | Transit Gateway Environments possible.  Pass a different list to use in the Lab or DMZ environment | `list(string)` | `[]` | no |
 | <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
 | <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | `null` | no |
 | <a name="input_vpc_cidr_blocks"></a> [vpc\_cidr\_blocks](#input\_vpc\_cidr\_blocks) | VPC CIDR Block List | `list(string)` | `[]` | no |

diff --git a/vpc-transit-gateway-association/self/data.prefix_lists.tf b/vpc-transit-gateway-association/self/data.prefix_lists.tf
@@ -1,5 +1,5 @@
 data "aws_ec2_managed_prefix_lists" "tgw_crossregion_env" {
-  for_each = toset(local._defaults["transit-gateway-environments"])
+  for_each = length(var.transit_gateway_environments) > 0 ? toset(var.transit_gateway_environments) : toset(local._defaults["transit-gateway-environments"])
   filter {
     name   = "prefix-list-name"
     values = [format("%v.crossregion.transit-gateway.%v", each.key, var.transit_gateway_label)]

diff --git a/vpc-transit-gateway-association/self/variables.tf b/vpc-transit-gateway-association/self/variables.tf
@@ -57,3 +57,10 @@ variable "private_route_table_ids" {
   type        = map(string)
   default     = {}
 }
+
+variable "transit_gateway_environments" {
+  description = "Transit Gateway Environments possible.  Pass a different list to use in the Lab or DMZ environment"
+  type        = list(string)
+  default     = []
+}
+