From 642b2635e9103172dc90d4c9cac86d955b3dc857 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 20 Feb 2025 14:38:37 -0500 Subject: [PATCH] * 2.11.6 -- 2025-02-20 - vpc-transit-gateway-association/self - add variables: - appliance_mode_support default false (for firewall subnets) - security_group_referencing_support default true --- CHANGELOG.md | 6 ++++++ common/version.tf | 2 +- vpc-transit-gateway-association/self/README.md | 2 ++ vpc-transit-gateway-association/self/associate.tf | 2 ++ vpc-transit-gateway-association/self/variables.tf | 12 ++++++++++++ 5 files changed, 23 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40c9cb7..68fe603 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -455,3 +455,9 @@ * 2.11.5 -- 2025-02-18 - vpc-transit-gateway-association - allow additional propgate_rt_all options via variable propagate_all_route_table_names + +* 2.11.6 -- 2025-02-20 + - vpc-transit-gateway-association/self + - add variables: + - appliance_mode_support default false (for firewall subnets) + - security_group_referencing_support default true diff --git a/common/version.tf b/common/version.tf index d7643e3..6e03495 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,5 +1,5 @@ locals { - _module_version = "2.11.5" + _module_version = "2.11.6" _module_names = { "_main_" = "aws-vpc-setup" diff --git a/vpc-transit-gateway-association/self/README.md b/vpc-transit-gateway-association/self/README.md index 5913cc6..2c0b6b3 100644 --- a/vpc-transit-gateway-association/self/README.md +++ b/vpc-transit-gateway-association/self/README.md @@ -255,6 +255,7 @@ module "vpc_tgw_self" { |------|-------------|------|---------|:--------:| | [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no | | [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no | +| [appliance\_mode\_support](#input\_appliance\_mode\_support) | Flag to enable or disable appliance mode support on the VPC TGW Attachment (needed for firewalls) | `bool` | `false` | no | | [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no | | [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no | | [create\_prefix\_list\_routing](#input\_create\_prefix\_list\_routing) | Flag to create (or not) prefix list routing. This is to be applied only on the TGW main account and VPCs | `bool` | `false` | no | @@ -268,6 +269,7 @@ module "vpc_tgw_self" { | [propagate\_all\_route\_table\_names](#input\_propagate\_all\_route\_table\_names) | List of route table names to propagate routes into for every attachment | `list(string)` | 
[
  "services",
  "inter-region"
]
| no | | [route\_prefix\_list\_name](#input\_route\_prefix\_list\_name) | Shared prefix list name used for routing to TGW. It is comprised of all of the network CIDR blocks in AWS using TGW. | `string` | `"transit-gateway.prod"` | no | | [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no | +| [security\_group\_referencing\_support](#input\_security\_group\_referencing\_support) | Flag to enable or disable security group referencing cross-TGW on the VPC TGW Attachment | `bool` | `true` | no | | [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | | [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes | | [transit\_gateway\_environments](#input\_transit\_gateway\_environments) | Transit Gateway Environments possible. Pass a different list to use in the Lab or DMZ environment | `list(string)` | `[]` | no | diff --git a/vpc-transit-gateway-association/self/associate.tf b/vpc-transit-gateway-association/self/associate.tf index 4aecb82..c57a1f9 100644 --- a/vpc-transit-gateway-association/self/associate.tf +++ b/vpc-transit-gateway-association/self/associate.tf @@ -19,6 +19,8 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" { ipv6_support = "disable" transit_gateway_default_route_table_association = false transit_gateway_default_route_table_propagation = false + appliance_mode_support = var.appliance_mode_support ? "enable" : "disable" + security_group_referencing_support = var.security_group_referencing_support ? "enable" : "disable" tags = merge( local.base_tags, diff --git a/vpc-transit-gateway-association/self/variables.tf b/vpc-transit-gateway-association/self/variables.tf index 3f790e4..e7128c0 100644 --- a/vpc-transit-gateway-association/self/variables.tf +++ b/vpc-transit-gateway-association/self/variables.tf @@ -74,3 +74,15 @@ variable "propagate_all_route_table_names" { error_message = "propagate_all_route_table_names must be one of: services, inter-region, inspection, cross-boundary." } } + +variable "appliance_mode_support" { + description = "Flag to enable or disable appliance mode support on the VPC TGW Attachment (needed for firewalls)" + type = bool + default = false +} + +variable "security_group_referencing_support" { + description = "Flag to enable or disable security group referencing cross-TGW on the VPC TGW Attachment" + type = bool + default = true +}