update

terraform-modules · Oct 14, 2022 · 82453ae · 82453ae
1 parent a0cc6ff
commit 82453ae
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 60 deletions.
diff --git a/vpc-transit-gateway-association/README.md b/vpc-transit-gateway-association/README.md
@@ -54,20 +54,12 @@ This sets up the necessary transit gateway configuration for attaching a VPC wit
 | [null_resource.vpc_attachment_exists](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
-| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
-| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_ec2_managed_prefix_list.tgw_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source |
-| [aws_ec2_managed_prefix_lists.tgw_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_lists) | data source |
 | [aws_ec2_transit_gateway.gateway_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
 | [aws_ec2_transit_gateway.gateway_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
 | [aws_ec2_transit_gateway_peering_attachment.attachment_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
 | [aws_ec2_transit_gateway_peering_attachment.attachment_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
-| [aws_ec2_transit_gateway_route_table.route_tables_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_table) | data source |
-| [aws_ec2_transit_gateway_route_table.route_tables_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_table) | data source |
-| [aws_ec2_transit_gateway_route_tables.route_tables_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_tables) | data source |
-| [aws_ec2_transit_gateway_route_tables.route_tables_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_tables) | data source |
 | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
@@ -80,6 +72,7 @@ This sets up the necessary transit gateway configuration for attaching a VPC wit
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
+| <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone      = map(string)<br>    gateway_self          = string<br>    gateway_peer          = string<br>    route_tables_self     = map(string)<br>    route_tables_peer     = map(string)<br>    map_route_tables_self = map(string)<br>    map_route_tables_peer = map(string)<br>    prefix_list_id_ipv4   = string<br>  })</pre> | n/a | yes |
 | <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
@@ -100,9 +93,6 @@ This sets up the necessary transit gateway configuration for attaching a VPC wit
 
 | Name | Description |
 |------|-------------|
-| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list (3) |
-| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list (3) |
-| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list (3) |
 | <a name="output_gateway_peer"></a> [gateway\_peer](#output\_gateway\_peer) | Transit Gateway peer (other region) |
 | <a name="output_gateway_self"></a> [gateway\_self](#output\_gateway\_self) | Transit Gateway self (this region) |
 | <a name="output_map_route_tables_peer"></a> [map\_route\_tables\_peer](#output\_map\_route\_tables\_peer) | Transit Gateway route tables map (VRF:id) peer (other region) |

diff --git a/vpc-transit-gateway-association/availabilty_zones.tf b/vpc-transit-gateway-association/availabilty_zones.tf
diff --git a/vpc-transit-gateway-association/data.transit-gateway.tf b/vpc-transit-gateway-association/data.transit-gateway.tf
@@ -1,6 +1,6 @@
 #---
 # transit gateways
-
+#---
 data "aws_ec2_transit_gateway" "gateway_self" {
   provider = aws.self
   filter {
@@ -17,46 +17,48 @@ data "aws_ec2_transit_gateway" "gateway_peer" {
   }
 }
 
-#---
-# tgw route tables self
-#---
-data "aws_ec2_transit_gateway_route_tables" "route_tables_self" {
-  provider = aws.self
-  filter {
-    name   = "transit-gateway-id"
-    values = [data.aws_ec2_transit_gateway.gateway_self.id]
-  }
-}
-
-data "aws_ec2_transit_gateway_route_table" "route_tables_self" {
-  provider = aws.self
-  for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_self.ids)
-  id       = each.key
-}
+## these must be passed in
+## #---
+## # tgw route tables self
+## #---
+## data "aws_ec2_transit_gateway_route_tables" "route_tables_self" {
+##   provider = aws.self
+##   filter {
+##     name   = "transit-gateway-id"
+##     values = [data.aws_ec2_transit_gateway.gateway_self.id]
+##   }
+## }
+## 
+## data "aws_ec2_transit_gateway_route_table" "route_tables_self" {
+##   provider = aws.self
+##   for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_self.ids)
+##   id       = each.key
+## }
 
 locals {
-  transit_gateway_route_table_ids_self = { for k, v in data.aws_ec2_transit_gateway_route_table.route_tables_self : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
+  transit_gateway_route_table_ids_self = { for k, v in local.data_input.route_tables_self : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
 }
 
-#---
-# route tables west
-#---
-data "aws_ec2_transit_gateway_route_tables" "route_tables_peer" {
-  provider = aws.peer
-  filter {
-    name   = "transit-gateway-id"
-    values = [data.aws_ec2_transit_gateway.gateway_peer.id]
-  }
-}
-
-data "aws_ec2_transit_gateway_route_table" "route_tables_peer" {
-  provider = aws.peer
-  for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_peer.ids)
-  id       = each.key
-}
+## these must be passed in
+## #---
+## # route tables west
+## #---
+## data "aws_ec2_transit_gateway_route_tables" "route_tables_peer" {
+##   provider = aws.peer
+##   filter {
+##     name   = "transit-gateway-id"
+##     values = [data.aws_ec2_transit_gateway.gateway_peer.id]
+##   }
+## }
+## 
+## data "aws_ec2_transit_gateway_route_table" "route_tables_peer" {
+##   provider = aws.peer
+##   for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_peer.ids)
+##   id       = each.key
+## }
 
 locals {
-  transit_gateway_route_table_ids_peer = { for k, v in data.aws_ec2_transit_gateway_route_table.route_tables_peer : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
+  transit_gateway_route_table_ids_peer = { for k, v in local.data_input.route_tables_peer : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
 }
 
 # These two hold a map of VRF => route table
@@ -82,3 +84,22 @@ data "aws_ec2_transit_gateway_peering_attachment" "attachment_peer" {
   }
 }
 
+## required from data_output
+#    availablity_zone (does not appear to be used)
+#    route_tables_self
+#    route_tables_peer
+#    prefix_list_id_ipv4
+
+## output "data_output" {
+##   description = "Map of data generated by this submodule need for the vpc-transit-gateway-association module"
+##   value = {
+##     availablity_zone      = data.aws_availability_zone.zone
+##     gateway_self          = data.aws_ec2_transit_gateway.gateway_self.id
+##     gateway_peer          = data.aws_ec2_transit_gateway.gateway_peer.id
+##     route_tables_self     = data.aws_ec2_transit_gateway_route_table.route_tables_self
+##     route_tables_peer     = data.aws_ec2_transit_gateway_route_table.route_tables_peer
+##     map_route_tables_self = local.transit_gateway_route_table_ids_self
+##     map_route_tables_peer = local.transit_gateway_route_table_ids_peer
+##     prefix_list_id_ipv4   = one([for k, v in data.aws_ec2_managed_prefix_list.tgw_ipv4 : k if v.address_family == "IPv4"])
+##   }
+## }
diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/routing.tf
@@ -25,32 +25,32 @@ module "routing_attachment_ipv4" {
   )
 }
 
-data "aws_ec2_managed_prefix_lists" "tgw_ipv4" {
-  filter {
-    name   = "prefix-list-name"
-    values = [var.route_prefix_list_name, format("%v.ipv4", var.route_prefix_list_name)]
-  }
-}
-
-data "aws_ec2_managed_prefix_list" "tgw_ipv4" {
-  for_each = toset(data.aws_ec2_managed_prefix_lists.tgw_ipv4.ids)
-  id       = each.key
-}
+## data "aws_ec2_managed_prefix_lists" "tgw_ipv4" {
+##   filter {
+##     name   = "prefix-list-name"
+##     values = [var.route_prefix_list_name, format("%v.ipv4", var.route_prefix_list_name)]
+##   }
+## }
+## 
+## data "aws_ec2_managed_prefix_list" "tgw_ipv4" {
+##   for_each = toset(data.aws_ec2_managed_prefix_lists.tgw_ipv4.ids)
+##   id       = each.key
+## }
 
 resource "null_resource" "vpc_attachment_exists" {
   triggers = {
     vpc_attachment = var.transit_gateway_routing_type == "self" ? one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) : ""
   }
 }
 
-
 # pick the first prefix list found, either NAME or NAME.ipv4
 resource "aws_route" "gateway_ipv4" {
   for_each = var.transit_gateway_routing_type == "self" ? module.routing_attachment_ipv4[0].private_route_table_ids : {}
 
   route_table_id = each.value
   #  destination_cidr_block = "10.128.0.0/16"
-  destination_prefix_list_id = one([for k, v in data.aws_ec2_managed_prefix_list.tgw_ipv4 : k if v.address_family == "IPv4"])
+  #  destination_prefix_list_id = one([for k, v in data.aws_ec2_managed_prefix_list.tgw_ipv4 : k if v.address_family == "IPv4"])
+  destination_prefix_list_id = local.data_input.prefix_list_id_ipv4
   transit_gateway_id         = data.aws_ec2_transit_gateway.gateway_self.id
 
   depends_on = [null_resource.vpc_attachment_exists]

diff --git a/vpc-transit-gateway-association/variables.data_input.tf b/vpc-transit-gateway-association/variables.data_input.tf
@@ -0,0 +1,13 @@
+variable "data_input" {
+  description = "Map of data generated by vpc-transit-gateway-association-data"
+  type = object({
+    availablity_zone      = map(string)
+    gateway_self          = string
+    gateway_peer          = string
+    route_tables_self     = map(string)
+    route_tables_peer     = map(string)
+    map_route_tables_self = map(string)
+    map_route_tables_peer = map(string)
+    prefix_list_id_ipv4   = string
+  })
+}