From 94e68587959bc469cf01ad68c557be0b8875521f Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 18 Oct 2022 06:54:49 -0400
Subject: [PATCH] restructure

---
 common/version.tf                             |   7 +-
 .../availabilty_zones.tf                      |   1 -
 vpc-transit-gateway-association-data/data.tf  |   1 -
 .../defaults.tf                               |   1 -
 vpc-transit-gateway-association-data/main.tf  |  43 ----
 .../module_name.tf                            |   3 -
 .../prefixes.tf                               |   1 -
 .../variables.common.availability_zones.tf    |   1 -
 .../variables.common.tf                       |   1 -
 .../variables.common.vpc.tf                   |   1 -
 .../variables.common.vpc_id.tf                |   1 -
 .../variables.create.tf                       |   1 -
 .../version.tf                                |   1 -
 .../credentials.vpc-transit-gateway.tf.off    |  11 -
 .../OFF/vpc-transit-gateway.tf.off            | 225 ------------------
 vpc-transit-gateway-association/README.md     | 165 +++++--------
 vpc-transit-gateway-association/associate.tf  | 102 --------
 vpc-transit-gateway-association/data.tf       |   1 -
 .../data}/README.md                           |  46 +++-
 .../data/availabilty_zones.tf                 |   1 +
 .../data}/data.network_account.tf             |   0
 .../data}/data.routing.tf                     |   0
 vpc-transit-gateway-association/data/data.tf  |   1 +
 .../data}/data.transit-gateway.tf             |   0
 .../data}/data.vpc.tf                         |   0
 .../data/defaults.tf                          |   1 +
 vpc-transit-gateway-association/data/main.tf  |  63 +++++
 .../data/module_name.tf                       |   3 +
 .../data}/outputs.tf                          |   0
 .../data/prefixes.tf                          |   1 +
 .../variables.common.availability_zones.tf    |   1 +
 .../data/variables.common.tf                  |   1 +
 .../data/variables.common.vpc.tf              |   1 +
 .../data/variables.common.vpc_id.tf           |   1 +
 .../data/variables.create.tf                  |   1 +
 .../data}/variables.subnets.tf                |   0
 .../{ => data}/variables.tf                   |  18 +-
 .../data/version.tf                           |   1 +
 .../data}/versions.tf                         |   0
 vpc-transit-gateway-association/defaults.tf   |   1 -
 vpc-transit-gateway-association/main.tf       |  43 ----
 .../module_name.tf                            |   3 -
 .../peer/README.md                            | 122 ++++++++++
 .../peer/associate.tf                         |  43 ++++
 .../{ => peer}/data.network_account.tf        |   0
 vpc-transit-gateway-association/peer/data.tf  |   1 +
 .../{ => peer}/data.transit-gateway.tf        |   0
 .../{ => peer}/data.vpc.tf                    |   0
 .../peer/defaults.tf                          |   1 +
 vpc-transit-gateway-association/peer/main.tf  |  66 +++++
 .../peer/module_name.tf                       |   3 +
 .../{ => peer}/outputs.tf                     |   2 +
 .../peer/prefixes.tf                          |   1 +
 .../variables.common.availability_zones.tf    |   1 +
 .../peer/variables.common.tf                  |   1 +
 .../peer/variables.common.vpc.tf              |   1 +
 .../peer/variables.common.vpc_id.tf           |   1 +
 .../peer/variables.create.tf                  |   1 +
 .../{ => peer}/variables.data_input.tf        |   0
 .../{ => peer}/variables.subnets.tf           |   0
 .../peer}/variables.tf                        |  18 +-
 .../peer/version.tf                           |   1 +
 .../{ => peer}/versions.tf                    |   0
 vpc-transit-gateway-association/prefixes.tf   |   1 -
 .../credentials.vpc-transit-gateway.tf.off    |   0
 .../self}/OFF/vpc-transit-gateway.tf.off      |   0
 .../self/README.md                            | 128 ++++++++++
 .../self/associate.tf                         |  65 +++++
 .../self/data.network_account.tf              |  12 +
 vpc-transit-gateway-association/self/data.tf  |   1 +
 .../self/data.transit-gateway.tf              | 105 ++++++++
 .../self/data.vpc.tf                          |   3 +
 .../self/defaults.tf                          |   1 +
 vpc-transit-gateway-association/self/main.tf  |  65 +++++
 .../self/module_name.tf                       |   3 +
 .../self/outputs.tf                           |  33 +++
 .../self/prefixes.tf                          |   1 +
 .../{ => self}/routing.tf                     |  15 +-
 .../variables.common.availability_zones.tf    |   1 +
 .../self/variables.common.tf                  |   1 +
 .../self/variables.common.vpc.tf              |   1 +
 .../self/variables.common.vpc_id.tf           |   1 +
 .../self/variables.create.tf                  |   1 +
 .../self/variables.data_input.tf              |  13 +
 .../self/variables.subnets.tf                 |  12 +
 .../self/variables.tf                         |  53 +++++
 .../self/version.tf                           |   1 +
 .../self/versions.tf                          |  31 +++
 .../variables.common.availability_zones.tf    |   1 -
 .../variables.common.tf                       |   1 -
 .../variables.common.vpc.tf                   |   1 -
 .../variables.common.vpc_id.tf                |   1 -
 .../variables.create.tf                       |   1 -
 vpc-transit-gateway-association/version.tf    |   1 -
 94 files changed, 986 insertions(+), 585 deletions(-)
 delete mode 120000 vpc-transit-gateway-association-data/availabilty_zones.tf
 delete mode 120000 vpc-transit-gateway-association-data/data.tf
 delete mode 120000 vpc-transit-gateway-association-data/defaults.tf
 delete mode 100644 vpc-transit-gateway-association-data/main.tf
 delete mode 100644 vpc-transit-gateway-association-data/module_name.tf
 delete mode 120000 vpc-transit-gateway-association-data/prefixes.tf
 delete mode 120000 vpc-transit-gateway-association-data/variables.common.availability_zones.tf
 delete mode 120000 vpc-transit-gateway-association-data/variables.common.tf
 delete mode 120000 vpc-transit-gateway-association-data/variables.common.vpc.tf
 delete mode 120000 vpc-transit-gateway-association-data/variables.common.vpc_id.tf
 delete mode 120000 vpc-transit-gateway-association-data/variables.create.tf
 delete mode 120000 vpc-transit-gateway-association-data/version.tf
 delete mode 100644 vpc-transit-gateway-association/OFF/credentials.vpc-transit-gateway.tf.off
 delete mode 100644 vpc-transit-gateway-association/OFF/vpc-transit-gateway.tf.off
 delete mode 100644 vpc-transit-gateway-association/associate.tf
 delete mode 120000 vpc-transit-gateway-association/data.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/README.md (85%)
 create mode 120000 vpc-transit-gateway-association/data/availabilty_zones.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/data.network_account.tf (100%)
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/data.routing.tf (100%)
 create mode 120000 vpc-transit-gateway-association/data/data.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/data.transit-gateway.tf (100%)
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/data.vpc.tf (100%)
 create mode 120000 vpc-transit-gateway-association/data/defaults.tf
 create mode 100644 vpc-transit-gateway-association/data/main.tf
 create mode 100644 vpc-transit-gateway-association/data/module_name.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/outputs.tf (100%)
 create mode 120000 vpc-transit-gateway-association/data/prefixes.tf
 create mode 120000 vpc-transit-gateway-association/data/variables.common.availability_zones.tf
 create mode 120000 vpc-transit-gateway-association/data/variables.common.tf
 create mode 120000 vpc-transit-gateway-association/data/variables.common.vpc.tf
 create mode 120000 vpc-transit-gateway-association/data/variables.common.vpc_id.tf
 create mode 120000 vpc-transit-gateway-association/data/variables.create.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/variables.subnets.tf (100%)
 rename vpc-transit-gateway-association/{ => data}/variables.tf (79%)
 create mode 120000 vpc-transit-gateway-association/data/version.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/data}/versions.tf (100%)
 delete mode 120000 vpc-transit-gateway-association/defaults.tf
 delete mode 100644 vpc-transit-gateway-association/main.tf
 delete mode 100644 vpc-transit-gateway-association/module_name.tf
 create mode 100644 vpc-transit-gateway-association/peer/README.md
 create mode 100644 vpc-transit-gateway-association/peer/associate.tf
 rename vpc-transit-gateway-association/{ => peer}/data.network_account.tf (100%)
 create mode 120000 vpc-transit-gateway-association/peer/data.tf
 rename vpc-transit-gateway-association/{ => peer}/data.transit-gateway.tf (100%)
 rename vpc-transit-gateway-association/{ => peer}/data.vpc.tf (100%)
 create mode 120000 vpc-transit-gateway-association/peer/defaults.tf
 create mode 100644 vpc-transit-gateway-association/peer/main.tf
 create mode 100644 vpc-transit-gateway-association/peer/module_name.tf
 rename vpc-transit-gateway-association/{ => peer}/outputs.tf (94%)
 create mode 120000 vpc-transit-gateway-association/peer/prefixes.tf
 create mode 120000 vpc-transit-gateway-association/peer/variables.common.availability_zones.tf
 create mode 120000 vpc-transit-gateway-association/peer/variables.common.tf
 create mode 120000 vpc-transit-gateway-association/peer/variables.common.vpc.tf
 create mode 120000 vpc-transit-gateway-association/peer/variables.common.vpc_id.tf
 create mode 120000 vpc-transit-gateway-association/peer/variables.create.tf
 rename vpc-transit-gateway-association/{ => peer}/variables.data_input.tf (100%)
 rename vpc-transit-gateway-association/{ => peer}/variables.subnets.tf (100%)
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/peer}/variables.tf (79%)
 create mode 120000 vpc-transit-gateway-association/peer/version.tf
 rename vpc-transit-gateway-association/{ => peer}/versions.tf (100%)
 delete mode 120000 vpc-transit-gateway-association/prefixes.tf
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/self}/OFF/credentials.vpc-transit-gateway.tf.off (100%)
 rename {vpc-transit-gateway-association-data => vpc-transit-gateway-association/self}/OFF/vpc-transit-gateway.tf.off (100%)
 create mode 100644 vpc-transit-gateway-association/self/README.md
 create mode 100644 vpc-transit-gateway-association/self/associate.tf
 create mode 100644 vpc-transit-gateway-association/self/data.network_account.tf
 create mode 120000 vpc-transit-gateway-association/self/data.tf
 create mode 100644 vpc-transit-gateway-association/self/data.transit-gateway.tf
 create mode 100644 vpc-transit-gateway-association/self/data.vpc.tf
 create mode 120000 vpc-transit-gateway-association/self/defaults.tf
 create mode 100644 vpc-transit-gateway-association/self/main.tf
 create mode 100644 vpc-transit-gateway-association/self/module_name.tf
 create mode 100644 vpc-transit-gateway-association/self/outputs.tf
 create mode 120000 vpc-transit-gateway-association/self/prefixes.tf
 rename vpc-transit-gateway-association/{ => self}/routing.tf (80%)
 create mode 120000 vpc-transit-gateway-association/self/variables.common.availability_zones.tf
 create mode 120000 vpc-transit-gateway-association/self/variables.common.tf
 create mode 120000 vpc-transit-gateway-association/self/variables.common.vpc.tf
 create mode 120000 vpc-transit-gateway-association/self/variables.common.vpc_id.tf
 create mode 120000 vpc-transit-gateway-association/self/variables.create.tf
 create mode 100644 vpc-transit-gateway-association/self/variables.data_input.tf
 create mode 100644 vpc-transit-gateway-association/self/variables.subnets.tf
 create mode 100644 vpc-transit-gateway-association/self/variables.tf
 create mode 120000 vpc-transit-gateway-association/self/version.tf
 create mode 100644 vpc-transit-gateway-association/self/versions.tf
 delete mode 120000 vpc-transit-gateway-association/variables.common.availability_zones.tf
 delete mode 120000 vpc-transit-gateway-association/variables.common.tf
 delete mode 120000 vpc-transit-gateway-association/variables.common.vpc.tf
 delete mode 120000 vpc-transit-gateway-association/variables.common.vpc_id.tf
 delete mode 120000 vpc-transit-gateway-association/variables.create.tf
 delete mode 120000 vpc-transit-gateway-association/version.tf

diff --git a/common/version.tf b/common/version.tf
index 5dbeb1c..d100514 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.4.1"
+  _module_version = "2.4.2"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 
@@ -18,7 +18,8 @@ locals {
     "vpn"                                  = "aws-vpc-setup/vpn"
     "vpn-transit-gateway"                  = "aws-vpc-setup/vpn-transit-gateway"
     "vpn-transit-gateway"                  = "aws-vpc-setup/vpn-transit-gateway"
-    "vpc-transit-gateway-association"      = "aws-vpc-setup/vpc-transit-gateway-association"
-    "vpc-transit-gateway-association-data" = "aws-vpc-setup/vpc-transit-gateway-association-data"
+    "vpc-transit-gateway-association/data" = "aws-vpc-setup/vpc-transit-gateway-association/data"
+    "vpc-transit-gateway-association/self" = "aws-vpc-setup/vpc-transit-gateway-association/self"
+    "vpc-transit-gateway-association/peer" = "aws-vpc-setup/vpc-transit-gateway-association/peer"
   }
 }
diff --git a/vpc-transit-gateway-association-data/availabilty_zones.tf b/vpc-transit-gateway-association-data/availabilty_zones.tf
deleted file mode 120000
index 00a240c..0000000
--- a/vpc-transit-gateway-association-data/availabilty_zones.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/data.tf b/vpc-transit-gateway-association-data/data.tf
deleted file mode 120000
index 995624d..0000000
--- a/vpc-transit-gateway-association-data/data.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/data.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/defaults.tf b/vpc-transit-gateway-association-data/defaults.tf
deleted file mode 120000
index a5556ac..0000000
--- a/vpc-transit-gateway-association-data/defaults.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/defaults.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/main.tf b/vpc-transit-gateway-association-data/main.tf
deleted file mode 100644
index 2585da5..0000000
--- a/vpc-transit-gateway-association-data/main.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
-* # About aws-vpc-setup ::  vpc-transit-gateway-association
-* 
-* This sets up the necessary transit gateway configuration for attaching a VPC with all of the components.  It does the following:
-*
-* * gets transit gateway ID shared to this account and region
-* * gets transit gateway route tables
-* * creates routes for the attachment subnets to the transit gatewway
-* * creates routes to all other things on the transit gateway through a network prefix
-* * attaches the VPC to the transit gateway
-* * propagates the route to the associated route tables for the envirornment/VRF
-*   * services is propagated to all
-* * creates static routes for transit gateway route tables in a peer region
-
-* # Usage
-* 
-* ```hcl
-* module "vpc_tgw" {
-*   source                  = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association?ref=tf-upgrade"
-*   network_account_profile = "057445207498-ent-gov-network-sa"
-* }
-* ```
-*/
-
-locals {
-  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
-  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
-  region              = data.aws_region.current.name
-  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
-
-  base_tags = {
-    "boc:tf_module_version" = local._module_version
-    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
-    "boc:created_by"        = "terraform"
-  }
-}
-
-
-#  vpc_id = local.vpc_id
-#  vpc_full_name                = var.vpc_full_name
-#  availability_zones           = []
-#  subnet_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
-#  route_table_label    = "attachment"
diff --git a/vpc-transit-gateway-association-data/module_name.tf b/vpc-transit-gateway-association-data/module_name.tf
deleted file mode 100644
index 1f505b5..0000000
--- a/vpc-transit-gateway-association-data/module_name.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
-  _module_name = "vpc-transit-gateway-association-data"
-}
diff --git a/vpc-transit-gateway-association-data/prefixes.tf b/vpc-transit-gateway-association-data/prefixes.tf
deleted file mode 120000
index 7e265d5..0000000
--- a/vpc-transit-gateway-association-data/prefixes.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/prefixes.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.common.availability_zones.tf b/vpc-transit-gateway-association-data/variables.common.availability_zones.tf
deleted file mode 120000
index dca20a3..0000000
--- a/vpc-transit-gateway-association-data/variables.common.availability_zones.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.common.tf b/vpc-transit-gateway-association-data/variables.common.tf
deleted file mode 120000
index 7439ed8..0000000
--- a/vpc-transit-gateway-association-data/variables.common.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.common.vpc.tf b/vpc-transit-gateway-association-data/variables.common.vpc.tf
deleted file mode 120000
index 5e77d37..0000000
--- a/vpc-transit-gateway-association-data/variables.common.vpc.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.common.vpc_id.tf b/vpc-transit-gateway-association-data/variables.common.vpc_id.tf
deleted file mode 120000
index bc2e061..0000000
--- a/vpc-transit-gateway-association-data/variables.common.vpc_id.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.vpc_id.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.create.tf b/vpc-transit-gateway-association-data/variables.create.tf
deleted file mode 120000
index de1275b..0000000
--- a/vpc-transit-gateway-association-data/variables.create.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.create.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/version.tf b/vpc-transit-gateway-association-data/version.tf
deleted file mode 120000
index b83c5b7..0000000
--- a/vpc-transit-gateway-association-data/version.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/version.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/OFF/credentials.vpc-transit-gateway.tf.off b/vpc-transit-gateway-association/OFF/credentials.vpc-transit-gateway.tf.off
deleted file mode 100644
index f7c439e..0000000
--- a/vpc-transit-gateway-association/OFF/credentials.vpc-transit-gateway.tf.off
+++ /dev/null
@@ -1,11 +0,0 @@
-provider "aws" {
-  alias   = "tgw_west"
-  region  = "us-gov-west-1"
-  profile = var.network_account_profile
-}
-
-provider "aws" {
-  alias   = "tgw_east"
-  region  = "us-gov-east-1"
-  profile = var.network_account_profile
-}
diff --git a/vpc-transit-gateway-association/OFF/vpc-transit-gateway.tf.off b/vpc-transit-gateway-association/OFF/vpc-transit-gateway.tf.off
deleted file mode 100644
index 6567821..0000000
--- a/vpc-transit-gateway-association/OFF/vpc-transit-gateway.tf.off
+++ /dev/null
@@ -1,225 +0,0 @@
-locals {
-  trs_region_outputs = data.terraform_remote_state.vpc_east.outputs
-#  tgw_id = local.trs_region_outputs.transit_gateway_id
-#  tgw_id = data.aws_ec2_transit_gateway.gateway_east.id
-  info_vpc = data.terraform_remote_state.vpc.outputs.info_vpc
-}
-
-data "aws_ec2_transit_gateway" "gateway_east" { }
-
-data "aws_ec2_transit_gateway" "gateway_west" {
-  provider = aws.tgw_main_west
-}
-
-data "aws_ec2_transit_gateway_peering_attachment" "peer_west" {
-  provider = aws.tgw_main_west
-  filter {
-    name   = "tag:Name"
-    values = [ "tgw-proto-peer" ]
-  }
-}
-
-locals {
-  transit_gateway_peer_attachment_id_west  = data.aws_ec2_transit_gateway_peering_attachment.peer_west.id
-}
-
-module "routing_attachment" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing"
-  vpc_id = local.vpc_id
-
-  vpc_full_name                = var.vpc_full_name
-  availability_zones           = []
-  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
-  create_public_route_table    = false
-  private_route_table_label    = "attachment"
-  enable_igw                   = false
-  enable_nat                   = false
-  enable_vpc_endpoint_s3       = false
-  enable_vpc_endpoint_dynamodb = false
-
-  vpc_name       = var.vpc_name
-  vpc_short_name = var.vpc_short_name
-  vpc_cidr_block = var.vpc_cidr_block
-  vpc_index      = var.vpc_index
-
-  tags = merge(
-    local.common_tags,
-    local.tags,
-  )
-}
-
-# routes to tgw (for now, 10.128/16, should be each of the highest cidr blocks per account). It would be nice to use prefix lists, but not supported in gov
-resource "aws_route" "gateway" {
-  for_each               = module.routing.private_route_table_ids 
-  route_table_id         = each.value
-#  destination_cidr_block = "0.0.0.0/0"
-  destination_cidr_block = "10.128.0.0/16"
-  transit_gateway_id         = data.aws_ec2_transit_gateway.gateway_east.id
-  depends_on = [ aws_ec2_transit_gateway_vpc_attachment.vpc_attachment ]
-}
-
-#---
-# route tables east
-#---
-data "aws_ec2_transit_gateway_route_tables" "route_tables_east" {
-  provider = aws.tgw_main_east
-  filter {
-    name   = "transit-gateway-id"
-    values = [ data.aws_ec2_transit_gateway.gateway_east.id ]
-  }
-}
-
-data "aws_ec2_transit_gateway_route_table" "route_tables_east" {
-  provider = aws.tgw_main_east
-  for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_east.ids)
-  id = each.key
-}
-
-locals {
-  transit_gateway_route_table_ids_east = { for k,v in data.aws_ec2_transit_gateway_route_table.route_tables_east: v.tags["boc:network_vrf"] => k }
-}
-
-#---
-# route tables west
-#---
-data "aws_ec2_transit_gateway_route_tables" "route_tables_west" {
-  provider = aws.tgw_main_west
-  filter {
-    name   = "transit-gateway-id"
-    values = [ data.aws_ec2_transit_gateway.gateway_west.id ]
-  }
-}
-
-data "aws_ec2_transit_gateway_route_table" "route_tables_west" {
-  provider = aws.tgw_main_west
-  for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_west.ids)
-  id = each.key
-}
-
-locals {
-  transit_gateway_route_table_ids_west = { for k,v in data.aws_ec2_transit_gateway_route_table.route_tables_west: v.tags["boc:network_vrf"] => k }
-}
-
-
-#---
-# assocaite this vpc to route table in east
-#---
-resource "aws_ec2_transit_gateway_route_table_association" "route_table" {
-  provider = aws.tgw_main_east
-  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_east[var.tgw_environment]
-}
-
-#---
-# attach this vpc to tgw
-#---
-resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" {
-  subnet_ids                                      = [for sn in module.subnets.private_subnets_ids : sn.id if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
-  transit_gateway_id                              = data.aws_ec2_transit_gateway.gateway_east.id
-  vpc_id                                          = local.vpc_id
-  dns_support                                     = "enable"
-  ipv6_support                                    = "disable"
-  transit_gateway_default_route_table_association = true
-  transit_gateway_default_route_table_propagation = true
-
-  tags = merge(
-    local.common_tags,
-    tomap({ Name = "tgwa-proto-${var.vpc_short_name}-${local.region}" }),
-    tomap({ "boc:tgw_environment" = var.tgw_environment }),
-  )
-}
-
-# will need to adjust this where there are common, services, shared
-data "aws_ec2_transit_gateway_vpc_attachment" "vpc_services" {
-  filter {
-    name   = "tag:boc:tgw_environment"
-    values = ["services"]
-  }
-}
-
-#---
-# propagate services in {environment} route table in east
-#---
-# resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self" {
-#   provider = aws.tgw_main_east
-#   count = var.tgw_environment != "services" ? 1 : 0
-#   transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_vpc_attachment.vpc_services.id
-#   transit_gateway_route_table_id = local.transit_gateway_route_table_ids_east[var.tgw_environment]
-# }
-
-#---
-# also add route to other environment in other region  to peering attachment in west
-#---
-## resource "aws_ec2_transit_gateway_route" "vpc_self_peers" {
-##   provider = aws.tgw_main_west
-##   for_each = var.tgw_environment != "services" ? toset([ for k,v in local.info_vpc: v.cidr_block if v.region == local.region && v.tgw_environment == var.tgw_environment]) : toset([])
-##   destination_cidr_block = each.key
-##   transit_gateway_attachment_id  = local.transit_gateway_peer_attachment_id_west
-##   transit_gateway_route_table_id = local.transit_gateway_route_table_ids_west[var.tgw_environment]
-## }
-
-# propagate in services to this attachment in all route tables
-resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_services" {
-  provider = aws.tgw_main_east
-  for_each = var.tgw_environment == "services" ? local.transit_gateway_route_table_ids_east :  { for k,v in local.transit_gateway_route_table_ids_east: k => v if k == var.tgw_environment }
-#  count = var.tgw_environment != "services" ? 1 : 0
-  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_east[each.key]
-}
-
-## # for services, add static IP to all environments in other region to peering attachment
-## resource "aws_ec2_transit_gateway_route" "vpc_services_peers" {
-##   provider = aws.tgw_main_west
-##   for_each = var.tgw_environment == "services" ? toset([ for k,v in local.info_vpc: v.cidr_block if v.region == local.region && v.tgw_environment != ""]) : toset([ for k,v in local.info_vpc: v.cidr_block if v.region == local.region && v.tgw_environment == "services"]) 
-##   destination_cidr_block = each.key
-##   transit_gateway_attachment_id  = local.transit_gateway_peer_attachment_id_west
-##   transit_gateway_route_table_id = local.transit_gateway_route_table_ids_west[var.tgw_environment]
-## }
-
-# propagate all to inter-region table
-resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_inter-region" {
-  provider = aws.tgw_main_east
-  count = var.tgw_environment != "services" ? 1 : 0
-  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_east["inter-region"]
-}
-
-# peer route tables for our vpc to tgw peer
-locals {
-  peer_rt  = [ for r in keys(local.transit_gateway_route_table_ids_west): r if r!="inter-region" && r!="services" ]
-##   peer_rt0 = { for k,v in local.info_vpc: v.cidr_block => v.tgw_environment if v.region == local.region && v.tgw_environment != "" }
-##   peer_rt1 = transpose({ for k,v in local.info_vpc: v.cidr_block => [ v.tgw_environment ] if v.region == local.region && v.tgw_environment != "" })
-##   peer_rt2 = merge(local.peer_rt1,
-##     { "services" = [ for k,v in local.info_vpc: v.cidr_block if v.region == local.region && v.tgw_environment != "" ] },
-##   )
-##   peer_rt3 = { for v in local.peer_rt2[var.tgw_environment]: format("%v:%v",var.tgw_environment,v) => {
-##     label = format("%v:%v",var.tgw_environment,v),
-##     tgw_environment = var.tgw_environment,
-##     environment = local.peer_rt0[v],
-##     cidr_block = v } 
-##   } 
-}
-
-# for services, add static IP to all environments in other region to peering attachment
-resource "aws_ec2_transit_gateway_route" "peer_vpc_environment" {
-  provider = aws.tgw_main_west
-  destination_cidr_block = var.vpc_cidr_block
-  transit_gateway_attachment_id  = local.transit_gateway_peer_attachment_id_west
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_west[var.tgw_environment]
-}
-
-resource "aws_ec2_transit_gateway_route" "peer_vpc_to_services" {
-  provider = aws.tgw_main_west
-  count = var.tgw_environment != "services" ? 1 : 0
-  destination_cidr_block = var.vpc_cidr_block
-  transit_gateway_attachment_id  = local.transit_gateway_peer_attachment_id_west
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_west["services"]
-}
-
-resource "aws_ec2_transit_gateway_route" "peer_vpc_services" {
-  provider = aws.tgw_main_west
-  for_each = var.tgw_environment == "services" ? local.peer_rt : toset([])
-  destination_cidr_block = var.vpc_cidr_block
-  transit_gateway_attachment_id  = local.transit_gateway_peer_attachment_id_west
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_west[each.key]
-}
diff --git a/vpc-transit-gateway-association/README.md b/vpc-transit-gateway-association/README.md
index a18e242..84c6c4c 100644
--- a/vpc-transit-gateway-association/README.md
+++ b/vpc-transit-gateway-association/README.md
@@ -1,102 +1,63 @@
-# About aws-vpc-setup ::  vpc-transit-gateway-association
-
-This sets up the necessary transit gateway configuration for attaching a VPC with all of the components.  It does the following:
-
-* gets transit gateway ID shared to this account and region
-* gets transit gateway route tables
-* creates routes for the attachment subnets to the transit gatewway
-* creates routes to all other things on the transit gateway through a network prefix
-* attaches the VPC to the transit gateway
-* propagates the route to the associated route tables for the envirornment/VRF
-  * services is propagated to all
-* creates static routes for transit gateway route tables in a peer region
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
-| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
-| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
-| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
-| <a name="provider_aws.network_account"></a> [aws.network\_account](#provider\_aws.network\_account) | >= 3.66.0 |
-| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 3.66.0 |
-| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 3.66.0 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_routing_attachment_ipv4"></a> [routing\_attachment\_ipv4](#module\_routing\_attachment\_ipv4) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing | tf-upgrade |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_ec2_transit_gateway_route.vpc_peer_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
-| [aws_ec2_transit_gateway_route.vpc_peer_common](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
-| [aws_ec2_transit_gateway_route.vpc_peer_own_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
-| [aws_ec2_transit_gateway_route_table_association.route_table_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
-| [aws_ec2_transit_gateway_route_table_propagation.vpc_self_common](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
-| [aws_ec2_transit_gateway_route_table_propagation.vpc_self_own_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
-| [aws_ec2_transit_gateway_vpc_attachment.vpc_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource |
-| [aws_route.gateway_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
-| [null_resource.vpc_attachment_exists](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
-| [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_ec2_transit_gateway.gateway_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
-| [aws_ec2_transit_gateway.gateway_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
-| [aws_ec2_transit_gateway_peering_attachment.attachment_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
-| [aws_ec2_transit_gateway_peering_attachment.attachment_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
-| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
-| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
-| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
-| <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
-| <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone      = map(any)<br>    gateway_self          = string<br>    gateway_peer          = string<br>    route_tables_self     = map(any)<br>    route_tables_peer     = map(any)<br>    map_route_tables_self = map(any)<br>    map_route_tables_peer = map(any)<br>    prefix_list_id_ipv4   = string<br>  })</pre> | n/a | yes |
-| <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
-| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| <a name="input_private_route_table_ids"></a> [private\_route\_table\_ids](#input\_private\_route\_table\_ids) | Map of private route table IDs (which exclude the attachment subnets) | `map(string)` | `{}` | no |
-| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
-| <a name="input_route_prefix_list_name"></a> [route\_prefix\_list\_name](#input\_route\_prefix\_list\_name) | Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW. | `string` | `"transit-gateway.prod"` | no |
-| <a name="input_route_table_label"></a> [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
-| <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
-| <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
-| <a name="input_transit_gateway_routing_type"></a> [transit\_gateway\_routing\_type](#input\_transit\_gateway\_routing\_type) | Transit Gateway routing type, to select either self or peer (where we may have many peers) | `string` | n/a | yes |
-| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
-| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
-| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
-| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
-| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
-| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_gateway_peer"></a> [gateway\_peer](#output\_gateway\_peer) | Transit Gateway peer (other region) |
-| <a name="output_gateway_self"></a> [gateway\_self](#output\_gateway\_self) | Transit Gateway self (this region) |
-| <a name="output_map_route_tables_peer"></a> [map\_route\_tables\_peer](#output\_map\_route\_tables\_peer) | Transit Gateway route tables map (VRF:id) peer (other region) |
-| <a name="output_map_route_tables_self"></a> [map\_route\_tables\_self](#output\_map\_route\_tables\_self) | Transit Gateway route tables map (VRF:id) self (this region) |
-| <a name="output_route_tables_peer"></a> [route\_tables\_peer](#output\_route\_tables\_peer) | Transit Gateway route tables peer (other region) |
-| <a name="output_route_tables_self"></a> [route\_tables\_self](#output\_route\_tables\_self) | Transit Gateway route tables self (this region) |
+module "vpc_tgw_data" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/data?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+}
+
+
+# call once for self, once for each peer (if we have multiple regions for peeers, change the peer to each region)
+# note the self must be done before the peer
+module "vpc_tgw_self" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/self?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+  data_input                   = module.vpc_tgw_data.data_output
+}
+
+module "vpc_tgw_peer" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/peer?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+  data_input                   = module.vpc_tgw_data.data_output
+
+  depends_on = [module.vpc_tgw_self]
+}
diff --git a/vpc-transit-gateway-association/associate.tf b/vpc-transit-gateway-association/associate.tf
deleted file mode 100644
index a217077..0000000
--- a/vpc-transit-gateway-association/associate.tf
+++ /dev/null
@@ -1,102 +0,0 @@
-#---
-# attach this vpc to tgw (my region, my account)
-#---
-resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" {
-  count = var.transit_gateway_routing_type == "self" ? 1 : 0
-  #  subnet_ids                                      = [for sn in module.subnets.private_subnets_ids : sn.id if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
-  subnet_ids                                      = [for k, v in var.private_subnets_ids : v.id]
-  transit_gateway_id                              = data.aws_ec2_transit_gateway.gateway_self.id
-  vpc_id                                          = var.vpc_id
-  dns_support                                     = "enable"
-  ipv6_support                                    = "disable"
-  transit_gateway_default_route_table_association = true
-  transit_gateway_default_route_table_propagation = true
-
-  tags = merge(
-    local.base_tags,
-    {
-      Name                  = format("tgwa-%v-%v-%v", var.transit_gateway_label, var.vpc_full_name, local.region),
-      "boc:tgw_environment" = var.transit_gateway_environment,
-    },
-  )
-}
-
-#---
-# assocaite this vpc to route table in self (my region, network account)
-#---
-resource "aws_ec2_transit_gateway_route_table_association" "route_table_self" {
-  count                          = var.transit_gateway_routing_type == "self" ? 1 : 0
-  provider                       = aws.self
-  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment]
-}
-
-#---
-# get rt variables for use later
-#---
-locals {
-  propagate_all_rt = ["services", "inter-region"]
-  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)]
-}
-
-#---
-# propagate this attachment to necessary RT (my region, network account)
-# for services, it is all but services
-# for all others, it is just itself
-# we will cover services and inter-region separately
-#---
-resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" {
-  provider = aws.self
-  for_each = var.transit_gateway_routing_type == "self" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] } : {}
-
-  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
-  transit_gateway_route_table_id = each.value
-}
-
-#---
-# propagate to services, inter-region
-# propagate all to inter-region table
-#---
-resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_common" {
-  provider = aws.self
-  for_each = var.transit_gateway_routing_type == "self" ? { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] } : {}
-
-  transit_gateway_attachment_id  = one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id)
-  transit_gateway_route_table_id = each.value
-}
-
-#---
-# add routes to peer for non-services
-#---
-resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" {
-  provider               = aws.peer
-  for_each               = var.transit_gateway_routing_type == "peer" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.transit_gateway_environment } : {}
-  destination_cidr_block = data.aws_vpc.vpc.cidr_block
-
-  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
-  transit_gateway_route_table_id = each.value
-}
-
-#---
-# always add routes to services
-#--
-resource "aws_ec2_transit_gateway_route" "vpc_peer_common" {
-  provider               = aws.peer
-  for_each               = var.transit_gateway_routing_type == "peer" ? { "services" = local.transit_gateway_route_table_ids_peer["services"] } : {}
-  destination_cidr_block = data.aws_vpc.vpc.cidr_block
-
-  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
-  transit_gateway_route_table_id = each.value
-}
-
-#---
-# if services, add routes to all other route tables
-#--
-resource "aws_ec2_transit_gateway_route" "vpc_peer_all" {
-  provider               = aws.peer
-  for_each               = var.transit_gateway_routing_type == "peer" && contains(local.propagate_all_rt, var.transit_gateway_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {}
-  destination_cidr_block = data.aws_vpc.vpc.cidr_block
-
-  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
-  transit_gateway_route_table_id = each.value
-}
diff --git a/vpc-transit-gateway-association/data.tf b/vpc-transit-gateway-association/data.tf
deleted file mode 120000
index 995624d..0000000
--- a/vpc-transit-gateway-association/data.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/data.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/README.md b/vpc-transit-gateway-association/data/README.md
similarity index 85%
rename from vpc-transit-gateway-association-data/README.md
rename to vpc-transit-gateway-association/data/README.md
index 1a3c765..a02bedb 100644
--- a/vpc-transit-gateway-association-data/README.md
+++ b/vpc-transit-gateway-association/data/README.md
@@ -1,15 +1,42 @@
-# About aws-vpc-setup ::  vpc-transit-gateway-association
+# About aws-vpc-setup ::  vpc-transit-gateway-association/data
 
-This sets up the necessary transit gateway configuration for attaching a VPC with all of the components.  It does the following:
+This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+section TGW setup, consisting of data (required,this), self, and peer (remote(s)).  They do the following:
 
-* gets transit gateway ID shared to this account and region
-* gets transit gateway route tables
-* creates routes for the attachment subnets to the transit gatewway
-* creates routes to all other things on the transit gateway through a network prefix
-* attaches the VPC to the transit gateway
-* propagates the route to the associated route tables for the envirornment/VRF
+* data
+  * gets transit gateway ID shared to this account and region
+  * gets transit gateway route tables
+* self
+  * creates routes for the attachment subnets to the transit gatewway
+  * creates routes to all other things on the transit gateway through a network prefix
+  * attaches the VPC to the transit gateway
+  * propagates the route to the associated route tables for the envirornment/VRF
   * services is propagated to all
-* creates static routes for transit gateway route tables in a peer region
+* peer
+  * creates static routes for transit gateway route tables in a peer region
+
+# Usage
+
+```hcl
+module "vpc_tgw_data" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/data?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+}
+```
 
 ## Requirements
 
@@ -77,7 +104,6 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
 | <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
-| <a name="input_transit_gateway_routing_type"></a> [transit\_gateway\_routing\_type](#input\_transit\_gateway\_routing\_type) | Transit Gateway routing type, to select either self or peer (where we may have many peers) | `string` | n/a | yes |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
 | <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
diff --git a/vpc-transit-gateway-association/data/availabilty_zones.tf b/vpc-transit-gateway-association/data/availabilty_zones.tf
new file mode 120000
index 0000000..224b546
--- /dev/null
+++ b/vpc-transit-gateway-association/data/availabilty_zones.tf
@@ -0,0 +1 @@
+../../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/data.network_account.tf b/vpc-transit-gateway-association/data/data.network_account.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/data.network_account.tf
rename to vpc-transit-gateway-association/data/data.network_account.tf
diff --git a/vpc-transit-gateway-association-data/data.routing.tf b/vpc-transit-gateway-association/data/data.routing.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/data.routing.tf
rename to vpc-transit-gateway-association/data/data.routing.tf
diff --git a/vpc-transit-gateway-association/data/data.tf b/vpc-transit-gateway-association/data/data.tf
new file mode 120000
index 0000000..37fff16
--- /dev/null
+++ b/vpc-transit-gateway-association/data/data.tf
@@ -0,0 +1 @@
+../../common/data.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/data.transit-gateway.tf b/vpc-transit-gateway-association/data/data.transit-gateway.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/data.transit-gateway.tf
rename to vpc-transit-gateway-association/data/data.transit-gateway.tf
diff --git a/vpc-transit-gateway-association-data/data.vpc.tf b/vpc-transit-gateway-association/data/data.vpc.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/data.vpc.tf
rename to vpc-transit-gateway-association/data/data.vpc.tf
diff --git a/vpc-transit-gateway-association/data/defaults.tf b/vpc-transit-gateway-association/data/defaults.tf
new file mode 120000
index 0000000..1227df3
--- /dev/null
+++ b/vpc-transit-gateway-association/data/defaults.tf
@@ -0,0 +1 @@
+../../common/defaults.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/main.tf b/vpc-transit-gateway-association/data/main.tf
new file mode 100644
index 0000000..06274e0
--- /dev/null
+++ b/vpc-transit-gateway-association/data/main.tf
@@ -0,0 +1,63 @@
+/*
+* # About aws-vpc-setup ::  vpc-transit-gateway-association/data
+* 
+* This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+* section TGW setup, consisting of data (required,this), self, and peer (remote(s)).  They do the following:
+*
+* * data
+*   * gets transit gateway ID shared to this account and region
+*   * gets transit gateway route tables
+* * self
+*   * creates routes for the attachment subnets to the transit gatewway
+*   * creates routes to all other things on the transit gateway through a network prefix
+*   * attaches the VPC to the transit gateway
+*   * propagates the route to the associated route tables for the envirornment/VRF
+*   * services is propagated to all
+* * peer
+*   * creates static routes for transit gateway route tables in a peer region
+*
+* # Usage
+*
+* ```hcl
+* module "vpc_tgw_data" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/data?ref=tf-upgrade"
+*   providers = {
+*     aws                 = aws
+*     aws.network_account = aws.network_account
+*     aws.self            = aws.tgw_east
+*     aws.peer            = aws.tgw_west
+*   }
+* 
+*   network_account_profile      = var.network_account_profile
+*   vpc_id                       = local.vpc_id
+*   vpc_full_name                = var.vpc_full_name
+*   private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+*   private_route_table_ids      = module.routing.private_route_table_ids
+*   transit_gateway_environment  = var.tgw_environment
+*   transit_gateway_label        = var.tgw_label
+*   route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+* }
+* ````
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
+  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
+    "boc:created_by"        = "terraform"
+  }
+}
+
+
+#  vpc_id = local.vpc_id
+#  vpc_full_name                = var.vpc_full_name
+#  availability_zones           = []
+#  subnet_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+#  route_table_label    = "attachment"
+
+
diff --git a/vpc-transit-gateway-association/data/module_name.tf b/vpc-transit-gateway-association/data/module_name.tf
new file mode 100644
index 0000000..3245c2c
--- /dev/null
+++ b/vpc-transit-gateway-association/data/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_name = "vpc-transit-gateway-association/data"
+}
diff --git a/vpc-transit-gateway-association-data/outputs.tf b/vpc-transit-gateway-association/data/outputs.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/outputs.tf
rename to vpc-transit-gateway-association/data/outputs.tf
diff --git a/vpc-transit-gateway-association/data/prefixes.tf b/vpc-transit-gateway-association/data/prefixes.tf
new file mode 120000
index 0000000..5bc256c
--- /dev/null
+++ b/vpc-transit-gateway-association/data/prefixes.tf
@@ -0,0 +1 @@
+../../common/prefixes.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/variables.common.availability_zones.tf b/vpc-transit-gateway-association/data/variables.common.availability_zones.tf
new file mode 120000
index 0000000..ec237ef
--- /dev/null
+++ b/vpc-transit-gateway-association/data/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/variables.common.tf b/vpc-transit-gateway-association/data/variables.common.tf
new file mode 120000
index 0000000..e01226c
--- /dev/null
+++ b/vpc-transit-gateway-association/data/variables.common.tf
@@ -0,0 +1 @@
+../../common/variables.common.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/variables.common.vpc.tf b/vpc-transit-gateway-association/data/variables.common.vpc.tf
new file mode 120000
index 0000000..b7a8eef
--- /dev/null
+++ b/vpc-transit-gateway-association/data/variables.common.vpc.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/variables.common.vpc_id.tf b/vpc-transit-gateway-association/data/variables.common.vpc_id.tf
new file mode 120000
index 0000000..aabcfbd
--- /dev/null
+++ b/vpc-transit-gateway-association/data/variables.common.vpc_id.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc_id.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data/variables.create.tf b/vpc-transit-gateway-association/data/variables.create.tf
new file mode 120000
index 0000000..ae0c122
--- /dev/null
+++ b/vpc-transit-gateway-association/data/variables.create.tf
@@ -0,0 +1 @@
+../../common/variables.create.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/variables.subnets.tf b/vpc-transit-gateway-association/data/variables.subnets.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/variables.subnets.tf
rename to vpc-transit-gateway-association/data/variables.subnets.tf
diff --git a/vpc-transit-gateway-association/variables.tf b/vpc-transit-gateway-association/data/variables.tf
similarity index 79%
rename from vpc-transit-gateway-association/variables.tf
rename to vpc-transit-gateway-association/data/variables.tf
index fe85c1a..0656be0 100644
--- a/vpc-transit-gateway-association/variables.tf
+++ b/vpc-transit-gateway-association/data/variables.tf
@@ -13,15 +13,15 @@ variable "transit_gateway_environment" {
   }
 }
 
-variable "transit_gateway_routing_type" {
-  description = "Transit Gateway routing type, to select either self or peer (where we may have many peers)"
-  type        = string
-
-  validation {
-    condition     = contains(["self", "peer"], var.transit_gateway_routing_type)
-    error_message = "transit_gateway_routing_type must be either self or peer"
-  }
-}
+## variable "transit_gateway_routing_type" {
+##   description = "Transit Gateway routing type, to select either self or peer (where we may have many peers)"
+##   type        = string
+## 
+##   validation {
+##     condition     = contains(["self", "peer"], var.transit_gateway_routing_type)
+##     error_message = "transit_gateway_routing_type must be either self or peer"
+##   }
+## }
 
 variable "route_table_label" {
   description = "Route table lable for the attachment subnets"
diff --git a/vpc-transit-gateway-association/data/version.tf b/vpc-transit-gateway-association/data/version.tf
new file mode 120000
index 0000000..4950c91
--- /dev/null
+++ b/vpc-transit-gateway-association/data/version.tf
@@ -0,0 +1 @@
+../../common/version.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/versions.tf b/vpc-transit-gateway-association/data/versions.tf
similarity index 100%
rename from vpc-transit-gateway-association-data/versions.tf
rename to vpc-transit-gateway-association/data/versions.tf
diff --git a/vpc-transit-gateway-association/defaults.tf b/vpc-transit-gateway-association/defaults.tf
deleted file mode 120000
index a5556ac..0000000
--- a/vpc-transit-gateway-association/defaults.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/defaults.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/main.tf b/vpc-transit-gateway-association/main.tf
deleted file mode 100644
index 2585da5..0000000
--- a/vpc-transit-gateway-association/main.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
-* # About aws-vpc-setup ::  vpc-transit-gateway-association
-* 
-* This sets up the necessary transit gateway configuration for attaching a VPC with all of the components.  It does the following:
-*
-* * gets transit gateway ID shared to this account and region
-* * gets transit gateway route tables
-* * creates routes for the attachment subnets to the transit gatewway
-* * creates routes to all other things on the transit gateway through a network prefix
-* * attaches the VPC to the transit gateway
-* * propagates the route to the associated route tables for the envirornment/VRF
-*   * services is propagated to all
-* * creates static routes for transit gateway route tables in a peer region
-
-* # Usage
-* 
-* ```hcl
-* module "vpc_tgw" {
-*   source                  = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association?ref=tf-upgrade"
-*   network_account_profile = "057445207498-ent-gov-network-sa"
-* }
-* ```
-*/
-
-locals {
-  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
-  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
-  region              = data.aws_region.current.name
-  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
-
-  base_tags = {
-    "boc:tf_module_version" = local._module_version
-    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
-    "boc:created_by"        = "terraform"
-  }
-}
-
-
-#  vpc_id = local.vpc_id
-#  vpc_full_name                = var.vpc_full_name
-#  availability_zones           = []
-#  subnet_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
-#  route_table_label    = "attachment"
diff --git a/vpc-transit-gateway-association/module_name.tf b/vpc-transit-gateway-association/module_name.tf
deleted file mode 100644
index 979f028..0000000
--- a/vpc-transit-gateway-association/module_name.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
-  _module_name = "vpc-transit-gateway-association"
-}
diff --git a/vpc-transit-gateway-association/peer/README.md b/vpc-transit-gateway-association/peer/README.md
new file mode 100644
index 0000000..ea4af65
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/README.md
@@ -0,0 +1,122 @@
+# About aws-vpc-setup ::  vpc-transit-gateway-association/peer
+
+This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+section TGW setup, consisting of data (required), self , and peer (this) (remote(s)).  They do the following:
+
+* data
+  * gets transit gateway ID shared to this account and region
+  * gets transit gateway route tables
+* self
+  * creates routes for the attachment subnets to the transit gatewway
+  * creates routes to all other things on the transit gateway through a network prefix
+  * attaches the VPC to the transit gateway
+  * propagates the route to the associated route tables for the envirornment/VRF
+  * services is propagated to all
+* peer
+  * creates static routes for transit gateway route tables in a peer region
+
+# Usage
+
+```hcl
+module "vpc_tgw_peer" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/peer?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+  data_input                   = module.vpc_tgw_data.data_output
+
+  depends_on = [module.vpc_tgw_self]
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_aws.network_account"></a> [aws.network\_account](#provider\_aws.network\_account) | >= 3.66.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 3.66.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 3.66.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ec2_transit_gateway_route.vpc_peer_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
+| [aws_ec2_transit_gateway_route.vpc_peer_common](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
+| [aws_ec2_transit_gateway_route.vpc_peer_own_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_ec2_transit_gateway.gateway_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
+| [aws_ec2_transit_gateway.gateway_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
+| [aws_ec2_transit_gateway_peering_attachment.attachment_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
+| [aws_ec2_transit_gateway_peering_attachment.attachment_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
+| <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone      = map(any)<br>    gateway_self          = string<br>    gateway_peer          = string<br>    route_tables_self     = map(any)<br>    route_tables_peer     = map(any)<br>    map_route_tables_self = map(any)<br>    map_route_tables_peer = map(any)<br>    prefix_list_id_ipv4   = string<br>  })</pre> | n/a | yes |
+| <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_route_table_ids"></a> [private\_route\_table\_ids](#input\_private\_route\_table\_ids) | Map of private route table IDs (which exclude the attachment subnets) | `map(string)` | `{}` | no |
+| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_route_prefix_list_name"></a> [route\_prefix\_list\_name](#input\_route\_prefix\_list\_name) | Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW. | `string` | `"transit-gateway.prod"` | no |
+| <a name="input_route_table_label"></a> [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
+| <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_gateway_peer"></a> [gateway\_peer](#output\_gateway\_peer) | Transit Gateway peer (other region) |
+| <a name="output_gateway_self"></a> [gateway\_self](#output\_gateway\_self) | Transit Gateway self (this region) |
+| <a name="output_map_route_tables_peer"></a> [map\_route\_tables\_peer](#output\_map\_route\_tables\_peer) | Transit Gateway route tables map (VRF:id) peer (other region) |
+| <a name="output_map_route_tables_self"></a> [map\_route\_tables\_self](#output\_map\_route\_tables\_self) | Transit Gateway route tables map (VRF:id) self (this region) |
+| <a name="output_route_tables_peer"></a> [route\_tables\_peer](#output\_route\_tables\_peer) | Transit Gateway route tables peer (other region) |
+| <a name="output_route_tables_self"></a> [route\_tables\_self](#output\_route\_tables\_self) | Transit Gateway route tables self (this region) |
diff --git a/vpc-transit-gateway-association/peer/associate.tf b/vpc-transit-gateway-association/peer/associate.tf
new file mode 100644
index 0000000..4eb89a5
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/associate.tf
@@ -0,0 +1,43 @@
+#---
+# get rt variables for use later
+#---
+locals {
+  propagate_all_rt = ["services", "inter-region"]
+  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_peer) : k if ! contains(local.propagate_all_rt, k)]
+}
+
+#---
+# add routes to peer for non-services
+#---
+resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" {
+  provider               = aws.peer
+  for_each               = { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.transit_gateway_environment }
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# always add routes to services
+#--
+resource "aws_ec2_transit_gateway_route" "vpc_peer_common" {
+  provider               = aws.peer
+  for_each               = { "services" = local.transit_gateway_route_table_ids_peer["services"] }
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# if services, add routes to all other route tables
+#--
+resource "aws_ec2_transit_gateway_route" "vpc_peer_all" {
+  provider               = aws.peer
+  for_each               = contains(local.propagate_all_rt, var.transit_gateway_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {}
+  destination_cidr_block = data.aws_vpc.vpc.cidr_block
+
+  transit_gateway_attachment_id  = data.aws_ec2_transit_gateway_peering_attachment.attachment_peer.id
+  transit_gateway_route_table_id = each.value
+}
diff --git a/vpc-transit-gateway-association/data.network_account.tf b/vpc-transit-gateway-association/peer/data.network_account.tf
similarity index 100%
rename from vpc-transit-gateway-association/data.network_account.tf
rename to vpc-transit-gateway-association/peer/data.network_account.tf
diff --git a/vpc-transit-gateway-association/peer/data.tf b/vpc-transit-gateway-association/peer/data.tf
new file mode 120000
index 0000000..37fff16
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/data.tf
@@ -0,0 +1 @@
+../../common/data.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/data.transit-gateway.tf b/vpc-transit-gateway-association/peer/data.transit-gateway.tf
similarity index 100%
rename from vpc-transit-gateway-association/data.transit-gateway.tf
rename to vpc-transit-gateway-association/peer/data.transit-gateway.tf
diff --git a/vpc-transit-gateway-association/data.vpc.tf b/vpc-transit-gateway-association/peer/data.vpc.tf
similarity index 100%
rename from vpc-transit-gateway-association/data.vpc.tf
rename to vpc-transit-gateway-association/peer/data.vpc.tf
diff --git a/vpc-transit-gateway-association/peer/defaults.tf b/vpc-transit-gateway-association/peer/defaults.tf
new file mode 120000
index 0000000..1227df3
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/defaults.tf
@@ -0,0 +1 @@
+../../common/defaults.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/main.tf b/vpc-transit-gateway-association/peer/main.tf
new file mode 100644
index 0000000..7fddf2a
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/main.tf
@@ -0,0 +1,66 @@
+/*
+* # About aws-vpc-setup ::  vpc-transit-gateway-association/peer
+* 
+* This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+* section TGW setup, consisting of data (required), self , and peer (this) (remote(s)).  They do the following:
+*
+* * data
+*   * gets transit gateway ID shared to this account and region
+*   * gets transit gateway route tables
+* * self
+*   * creates routes for the attachment subnets to the transit gatewway
+*   * creates routes to all other things on the transit gateway through a network prefix
+*   * attaches the VPC to the transit gateway
+*   * propagates the route to the associated route tables for the envirornment/VRF
+*   * services is propagated to all
+* * peer
+*   * creates static routes for transit gateway route tables in a peer region
+*
+* # Usage
+* 
+* ```hcl
+* module "vpc_tgw_peer" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/peer?ref=tf-upgrade"
+*   providers = {
+*     aws                 = aws
+*     aws.network_account = aws.network_account
+*     aws.self            = aws.tgw_east
+*     aws.peer            = aws.tgw_west
+*   }
+* 
+*   network_account_profile      = var.network_account_profile
+*   vpc_id                       = local.vpc_id
+*   vpc_full_name                = var.vpc_full_name
+*   private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+*   private_route_table_ids      = module.routing.private_route_table_ids
+*   transit_gateway_environment  = var.tgw_environment
+*   transit_gateway_label        = var.tgw_label
+*   route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+*   data_input                   = module.vpc_tgw_data.data_output
+* 
+*   depends_on = [module.vpc_tgw_self]
+* }
+* ```
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
+  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
+    "boc:created_by"        = "terraform"
+  }
+}
+
+
+#  vpc_id = local.vpc_id
+#  vpc_full_name                = var.vpc_full_name
+#  availability_zones           = []
+#  subnet_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+#  route_table_label    = "attachment"
+
+
diff --git a/vpc-transit-gateway-association/peer/module_name.tf b/vpc-transit-gateway-association/peer/module_name.tf
new file mode 100644
index 0000000..b765c06
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_name = "vpc-transit-gateway-association/peer"
+}
diff --git a/vpc-transit-gateway-association/outputs.tf b/vpc-transit-gateway-association/peer/outputs.tf
similarity index 94%
rename from vpc-transit-gateway-association/outputs.tf
rename to vpc-transit-gateway-association/peer/outputs.tf
index 7554b97..c161df8 100644
--- a/vpc-transit-gateway-association/outputs.tf
+++ b/vpc-transit-gateway-association/peer/outputs.tf
@@ -1,3 +1,5 @@
+# all these module (data, peer, self) output the same core data
+
 output "gateway_self" {
   description = "Transit Gateway self (this region)"
   value       = data.aws_ec2_transit_gateway.gateway_self.id
diff --git a/vpc-transit-gateway-association/peer/prefixes.tf b/vpc-transit-gateway-association/peer/prefixes.tf
new file mode 120000
index 0000000..5bc256c
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/prefixes.tf
@@ -0,0 +1 @@
+../../common/prefixes.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/variables.common.availability_zones.tf b/vpc-transit-gateway-association/peer/variables.common.availability_zones.tf
new file mode 120000
index 0000000..ec237ef
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/variables.common.tf b/vpc-transit-gateway-association/peer/variables.common.tf
new file mode 120000
index 0000000..e01226c
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/variables.common.tf
@@ -0,0 +1 @@
+../../common/variables.common.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/variables.common.vpc.tf b/vpc-transit-gateway-association/peer/variables.common.vpc.tf
new file mode 120000
index 0000000..b7a8eef
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/variables.common.vpc.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/variables.common.vpc_id.tf b/vpc-transit-gateway-association/peer/variables.common.vpc_id.tf
new file mode 120000
index 0000000..aabcfbd
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/variables.common.vpc_id.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc_id.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/peer/variables.create.tf b/vpc-transit-gateway-association/peer/variables.create.tf
new file mode 120000
index 0000000..ae0c122
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/variables.create.tf
@@ -0,0 +1 @@
+../../common/variables.create.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/variables.data_input.tf b/vpc-transit-gateway-association/peer/variables.data_input.tf
similarity index 100%
rename from vpc-transit-gateway-association/variables.data_input.tf
rename to vpc-transit-gateway-association/peer/variables.data_input.tf
diff --git a/vpc-transit-gateway-association/variables.subnets.tf b/vpc-transit-gateway-association/peer/variables.subnets.tf
similarity index 100%
rename from vpc-transit-gateway-association/variables.subnets.tf
rename to vpc-transit-gateway-association/peer/variables.subnets.tf
diff --git a/vpc-transit-gateway-association-data/variables.tf b/vpc-transit-gateway-association/peer/variables.tf
similarity index 79%
rename from vpc-transit-gateway-association-data/variables.tf
rename to vpc-transit-gateway-association/peer/variables.tf
index fe85c1a..0656be0 100644
--- a/vpc-transit-gateway-association-data/variables.tf
+++ b/vpc-transit-gateway-association/peer/variables.tf
@@ -13,15 +13,15 @@ variable "transit_gateway_environment" {
   }
 }
 
-variable "transit_gateway_routing_type" {
-  description = "Transit Gateway routing type, to select either self or peer (where we may have many peers)"
-  type        = string
-
-  validation {
-    condition     = contains(["self", "peer"], var.transit_gateway_routing_type)
-    error_message = "transit_gateway_routing_type must be either self or peer"
-  }
-}
+## variable "transit_gateway_routing_type" {
+##   description = "Transit Gateway routing type, to select either self or peer (where we may have many peers)"
+##   type        = string
+## 
+##   validation {
+##     condition     = contains(["self", "peer"], var.transit_gateway_routing_type)
+##     error_message = "transit_gateway_routing_type must be either self or peer"
+##   }
+## }
 
 variable "route_table_label" {
   description = "Route table lable for the attachment subnets"
diff --git a/vpc-transit-gateway-association/peer/version.tf b/vpc-transit-gateway-association/peer/version.tf
new file mode 120000
index 0000000..4950c91
--- /dev/null
+++ b/vpc-transit-gateway-association/peer/version.tf
@@ -0,0 +1 @@
+../../common/version.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/versions.tf b/vpc-transit-gateway-association/peer/versions.tf
similarity index 100%
rename from vpc-transit-gateway-association/versions.tf
rename to vpc-transit-gateway-association/peer/versions.tf
diff --git a/vpc-transit-gateway-association/prefixes.tf b/vpc-transit-gateway-association/prefixes.tf
deleted file mode 120000
index 7e265d5..0000000
--- a/vpc-transit-gateway-association/prefixes.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/prefixes.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association-data/OFF/credentials.vpc-transit-gateway.tf.off b/vpc-transit-gateway-association/self/OFF/credentials.vpc-transit-gateway.tf.off
similarity index 100%
rename from vpc-transit-gateway-association-data/OFF/credentials.vpc-transit-gateway.tf.off
rename to vpc-transit-gateway-association/self/OFF/credentials.vpc-transit-gateway.tf.off
diff --git a/vpc-transit-gateway-association-data/OFF/vpc-transit-gateway.tf.off b/vpc-transit-gateway-association/self/OFF/vpc-transit-gateway.tf.off
similarity index 100%
rename from vpc-transit-gateway-association-data/OFF/vpc-transit-gateway.tf.off
rename to vpc-transit-gateway-association/self/OFF/vpc-transit-gateway.tf.off
diff --git a/vpc-transit-gateway-association/self/README.md b/vpc-transit-gateway-association/self/README.md
new file mode 100644
index 0000000..0796c70
--- /dev/null
+++ b/vpc-transit-gateway-association/self/README.md
@@ -0,0 +1,128 @@
+# About aws-vpc-setup ::  vpc-transit-gateway-association/self
+
+This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+section TGW setup, consisting of data (required), self (this), and peer (remote(s)).  They do the following:
+
+* data
+  * gets transit gateway ID shared to this account and region
+  * gets transit gateway route tables
+* self
+  * creates routes for the attachment subnets to the transit gatewway
+  * creates routes to all other things on the transit gateway through a network prefix
+  * attaches the VPC to the transit gateway
+  * propagates the route to the associated route tables for the envirornment/VRF
+  * services is propagated to all
+* peer
+  * creates static routes for transit gateway route tables in a peer region
+
+# Usage
+
+```hcl
+# call once for self, once for each peer (if we have multiple regions for peeers, change the peer to each region)
+# note the self must be done before the peer
+module "vpc_tgw_self" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/self?ref=tf-upgrade"
+  providers = {
+    aws                 = aws
+    aws.network_account = aws.network_account
+    aws.self            = aws.tgw_east
+    aws.peer            = aws.tgw_west
+  }
+
+  network_account_profile      = var.network_account_profile
+  vpc_id                       = local.vpc_id
+  vpc_full_name                = var.vpc_full_name
+  private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  private_route_table_ids      = module.routing.private_route_table_ids
+  transit_gateway_environment  = var.tgw_environment
+  transit_gateway_label        = var.tgw_label
+  route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+  data_input                   = module.vpc_tgw_data.data_output
+}
+````	`
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_aws.network_account"></a> [aws.network\_account](#provider\_aws.network\_account) | >= 3.66.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 3.66.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 3.66.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_routing_attachment_ipv4"></a> [routing\_attachment\_ipv4](#module\_routing\_attachment\_ipv4) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing | tf-upgrade |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ec2_transit_gateway_route_table_association.route_table_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.vpc_self_common](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.vpc_self_own_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_vpc_attachment.vpc_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource |
+| [aws_route.gateway_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [null_resource.vpc_attachment_exists](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_ec2_transit_gateway.gateway_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
+| [aws_ec2_transit_gateway.gateway_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
+| [aws_ec2_transit_gateway_peering_attachment.attachment_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
+| [aws_ec2_transit_gateway_peering_attachment.attachment_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_peering_attachment) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
+| <a name="input_data_input"></a> [data\_input](#input\_data\_input) | Map of data generated by vpc-transit-gateway-association-data | <pre>object({<br>    availablity_zone      = map(any)<br>    gateway_self          = string<br>    gateway_peer          = string<br>    route_tables_self     = map(any)<br>    route_tables_peer     = map(any)<br>    map_route_tables_self = map(any)<br>    map_route_tables_peer = map(any)<br>    prefix_list_id_ipv4   = string<br>  })</pre> | n/a | yes |
+| <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_route_table_ids"></a> [private\_route\_table\_ids](#input\_private\_route\_table\_ids) | Map of private route table IDs (which exclude the attachment subnets) | `map(string)` | `{}` | no |
+| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_route_prefix_list_name"></a> [route\_prefix\_list\_name](#input\_route\_prefix\_list\_name) | Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW. | `string` | `"transit-gateway.prod"` | no |
+| <a name="input_route_table_label"></a> [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
+| <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
+| <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
+| <a name="input_vpc_index"></a> [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
+| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no |
+| <a name="input_vpc_short_name"></a> [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_gateway_peer"></a> [gateway\_peer](#output\_gateway\_peer) | Transit Gateway peer (other region) |
+| <a name="output_gateway_self"></a> [gateway\_self](#output\_gateway\_self) | Transit Gateway self (this region) |
+| <a name="output_map_route_tables_peer"></a> [map\_route\_tables\_peer](#output\_map\_route\_tables\_peer) | Transit Gateway route tables map (VRF:id) peer (other region) |
+| <a name="output_map_route_tables_self"></a> [map\_route\_tables\_self](#output\_map\_route\_tables\_self) | Transit Gateway route tables map (VRF:id) self (this region) |
+| <a name="output_route_tables_peer"></a> [route\_tables\_peer](#output\_route\_tables\_peer) | Transit Gateway route tables peer (other region) |
+| <a name="output_route_tables_self"></a> [route\_tables\_self](#output\_route\_tables\_self) | Transit Gateway route tables self (this region) |
diff --git a/vpc-transit-gateway-association/self/associate.tf b/vpc-transit-gateway-association/self/associate.tf
new file mode 100644
index 0000000..1f3007d
--- /dev/null
+++ b/vpc-transit-gateway-association/self/associate.tf
@@ -0,0 +1,65 @@
+#---
+# attach this vpc to tgw (my region, my account)
+#---
+resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment" {
+  #  subnet_ids                                      = [for sn in module.subnets.private_subnets_ids : sn.id if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+  subnet_ids                                      = [for k, v in var.private_subnets_ids : v.id]
+  transit_gateway_id                              = data.aws_ec2_transit_gateway.gateway_self.id
+  vpc_id                                          = var.vpc_id
+  dns_support                                     = "enable"
+  ipv6_support                                    = "disable"
+  transit_gateway_default_route_table_association = true
+  transit_gateway_default_route_table_propagation = true
+
+  tags = merge(
+    local.base_tags,
+    {
+      Name                  = format("tgwa-%v-%v-%v", var.transit_gateway_label, var.vpc_full_name, local.region),
+      "boc:tgw_environment" = var.transit_gateway_environment,
+    },
+  )
+}
+
+#---
+# assocaite this vpc to route table in self (my region, network account)
+#---
+resource "aws_ec2_transit_gateway_route_table_association" "route_table_self" {
+  provider                       = aws.self
+  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
+  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment]
+}
+
+#---
+# get rt variables for use later
+#---
+locals {
+  propagate_all_rt = ["services", "inter-region"]
+  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)]
+}
+
+#---
+# propagate this attachment to necessary RT (my region, network account)
+# for services, it is all but services
+# for all others, it is just itself
+# we will cover services and inter-region separately
+#---
+resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" {
+  provider = aws.self
+  for_each = { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] }
+
+  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
+  transit_gateway_route_table_id = each.value
+}
+
+#---
+# propagate to services, inter-region
+# propagate all to inter-region table
+#---
+resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_common" {
+  provider = aws.self
+  for_each = { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] }
+
+  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
+  transit_gateway_route_table_id = each.value
+}
+
diff --git a/vpc-transit-gateway-association/self/data.network_account.tf b/vpc-transit-gateway-association/self/data.network_account.tf
new file mode 100644
index 0000000..d0ef9c1
--- /dev/null
+++ b/vpc-transit-gateway-association/self/data.network_account.tf
@@ -0,0 +1,12 @@
+data "aws_caller_identity" "network_account" {
+  provider = aws.network_account
+}
+
+data "aws_arn" "network_account" {
+  provider = aws.network_account
+  arn      = data.aws_caller_identity.network_account.arn
+}
+
+# output "network_account" {
+#   value = data.aws_arn.network_account
+# }
diff --git a/vpc-transit-gateway-association/self/data.tf b/vpc-transit-gateway-association/self/data.tf
new file mode 120000
index 0000000..37fff16
--- /dev/null
+++ b/vpc-transit-gateway-association/self/data.tf
@@ -0,0 +1 @@
+../../common/data.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/data.transit-gateway.tf b/vpc-transit-gateway-association/self/data.transit-gateway.tf
new file mode 100644
index 0000000..9b8024f
--- /dev/null
+++ b/vpc-transit-gateway-association/self/data.transit-gateway.tf
@@ -0,0 +1,105 @@
+#---
+# transit gateways
+#---
+data "aws_ec2_transit_gateway" "gateway_self" {
+  provider = aws.self
+  filter {
+    name   = "owner-id"
+    values = [data.aws_arn.network_account.account]
+  }
+}
+
+data "aws_ec2_transit_gateway" "gateway_peer" {
+  provider = aws.peer
+  filter {
+    name   = "owner-id"
+    values = [data.aws_arn.network_account.account]
+  }
+}
+
+## these must be passed in
+## #---
+## # tgw route tables self
+## #---
+## data "aws_ec2_transit_gateway_route_tables" "route_tables_self" {
+##   provider = aws.self
+##   filter {
+##     name   = "transit-gateway-id"
+##     values = [data.aws_ec2_transit_gateway.gateway_self.id]
+##   }
+## }
+## 
+## data "aws_ec2_transit_gateway_route_table" "route_tables_self" {
+##   provider = aws.self
+##   for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_self.ids)
+##   id       = each.key
+## }
+
+locals {
+  transit_gateway_route_table_ids_self = { for k, v in var.data_input.route_tables_self : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
+}
+
+## these must be passed in
+## #---
+## # route tables west
+## #---
+## data "aws_ec2_transit_gateway_route_tables" "route_tables_peer" {
+##   provider = aws.peer
+##   filter {
+##     name   = "transit-gateway-id"
+##     values = [data.aws_ec2_transit_gateway.gateway_peer.id]
+##   }
+## }
+## 
+## data "aws_ec2_transit_gateway_route_table" "route_tables_peer" {
+##   provider = aws.peer
+##   for_each = toset(data.aws_ec2_transit_gateway_route_tables.route_tables_peer.ids)
+##   id       = each.key
+## }
+
+locals {
+  transit_gateway_route_table_ids_peer = { for k, v in var.data_input.route_tables_peer : v.tags["boc:network_vrf"] => k if contains(keys(v.tags), "boc:network_vrf") }
+}
+
+# These two hold a map of VRF => route table
+# * transit_gateway_route_table_ids_self
+# * transit_gateway_route_table_ids_peer
+
+#---
+# peering attachments
+#---
+data "aws_ec2_transit_gateway_peering_attachment" "attachment_self" {
+  provider = aws.self
+  filter {
+    name   = "transit-gateway-id"
+    values = [data.aws_ec2_transit_gateway.gateway_self.id]
+  }
+}
+
+data "aws_ec2_transit_gateway_peering_attachment" "attachment_peer" {
+  provider = aws.peer
+  filter {
+    name   = "transit-gateway-id"
+    values = [data.aws_ec2_transit_gateway.gateway_peer.id]
+  }
+}
+
+## required from data_output
+#    availablity_zone (does not appear to be used)
+#    route_tables_self
+#    route_tables_peer
+#    prefix_list_id_ipv4
+
+## output "data_output" {
+##   description = "Map of data generated by this submodule need for the vpc-transit-gateway-association module"
+##   value = {
+##     availablity_zone      = data.aws_availability_zone.zone
+##     gateway_self          = data.aws_ec2_transit_gateway.gateway_self.id
+##     gateway_peer          = data.aws_ec2_transit_gateway.gateway_peer.id
+##     route_tables_self     = data.aws_ec2_transit_gateway_route_table.route_tables_self
+##     route_tables_peer     = data.aws_ec2_transit_gateway_route_table.route_tables_peer
+##     map_route_tables_self = local.transit_gateway_route_table_ids_self
+##     map_route_tables_peer = local.transit_gateway_route_table_ids_peer
+##     prefix_list_id_ipv4   = one([for k, v in data.aws_ec2_managed_prefix_list.tgw_ipv4 : k if v.address_family == "IPv4"])
+##   }
+## }
diff --git a/vpc-transit-gateway-association/self/data.vpc.tf b/vpc-transit-gateway-association/self/data.vpc.tf
new file mode 100644
index 0000000..34f3677
--- /dev/null
+++ b/vpc-transit-gateway-association/self/data.vpc.tf
@@ -0,0 +1,3 @@
+data "aws_vpc" "vpc" {
+  id = var.vpc_id
+}
diff --git a/vpc-transit-gateway-association/self/defaults.tf b/vpc-transit-gateway-association/self/defaults.tf
new file mode 120000
index 0000000..1227df3
--- /dev/null
+++ b/vpc-transit-gateway-association/self/defaults.tf
@@ -0,0 +1 @@
+../../common/defaults.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/main.tf b/vpc-transit-gateway-association/self/main.tf
new file mode 100644
index 0000000..c2c53b7
--- /dev/null
+++ b/vpc-transit-gateway-association/self/main.tf
@@ -0,0 +1,65 @@
+/*
+* # About aws-vpc-setup ::  vpc-transit-gateway-association/self
+* 
+* This sets up the necessary transit gateway configuration for attaching a VPC with all of the components. This is part of a three
+* section TGW setup, consisting of data (required), self (this), and peer (remote(s)).  They do the following:
+*
+* * data
+*   * gets transit gateway ID shared to this account and region
+*   * gets transit gateway route tables
+* * self
+*   * creates routes for the attachment subnets to the transit gatewway
+*   * creates routes to all other things on the transit gateway through a network prefix
+*   * attaches the VPC to the transit gateway
+*   * propagates the route to the associated route tables for the envirornment/VRF
+*   * services is propagated to all
+* * peer
+*   * creates static routes for transit gateway route tables in a peer region
+*
+* # Usage
+* 
+* ```hcl
+* # call once for self, once for each peer (if we have multiple regions for peeers, change the peer to each region)
+* # note the self must be done before the peer
+* module "vpc_tgw_self" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/self?ref=tf-upgrade"
+*   providers = {
+*     aws                 = aws
+*     aws.network_account = aws.network_account
+*     aws.self            = aws.tgw_east
+*     aws.peer            = aws.tgw_west
+*   }
+* 
+*   network_account_profile      = var.network_account_profile
+*   vpc_id                       = local.vpc_id
+*   vpc_full_name                = var.vpc_full_name
+*   private_subnets_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+*   private_route_table_ids      = module.routing.private_route_table_ids
+*   transit_gateway_environment  = var.tgw_environment
+*   transit_gateway_label        = var.tgw_label
+*   route_prefix_list_name       = format("transit-gateway.%v", var.tgw_label)
+*   data_input                   = module.vpc_tgw_data.data_output
+* }
+* ````	
+*/
+
+locals {
+  account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+  account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+  region              = data.aws_region.current.name
+  region_short        = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+  base_tags = {
+    "boc:tf_module_version" = local._module_version
+    "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
+    "boc:created_by"        = "terraform"
+  }
+}
+
+
+#  vpc_id = local.vpc_id
+#  vpc_full_name                = var.vpc_full_name
+#  availability_zones           = []
+#  subnet_ids          = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"]
+#  route_table_label    = "attachment"
+
diff --git a/vpc-transit-gateway-association/self/module_name.tf b/vpc-transit-gateway-association/self/module_name.tf
new file mode 100644
index 0000000..37f1a17
--- /dev/null
+++ b/vpc-transit-gateway-association/self/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+  _module_name = "vpc-transit-gateway-association/self"
+}
diff --git a/vpc-transit-gateway-association/self/outputs.tf b/vpc-transit-gateway-association/self/outputs.tf
new file mode 100644
index 0000000..c161df8
--- /dev/null
+++ b/vpc-transit-gateway-association/self/outputs.tf
@@ -0,0 +1,33 @@
+# all these module (data, peer, self) output the same core data
+
+output "gateway_self" {
+  description = "Transit Gateway self (this region)"
+  value       = data.aws_ec2_transit_gateway.gateway_self.id
+}
+
+output "gateway_peer" {
+  description = "Transit Gateway peer (other region)"
+  value       = data.aws_ec2_transit_gateway.gateway_peer.id
+}
+
+output "route_tables_self" {
+  description = "Transit Gateway route tables self (this region)"
+  #  value       = data.aws_ec2_transit_gateway_route_table.route_tables_self
+  value = var.data_input.route_tables_self
+}
+
+output "route_tables_peer" {
+  description = "Transit Gateway route tables peer (other region)"
+  #  value       = data.aws_ec2_transit_gateway_route_table.route_tables_peer
+  value = var.data_input.route_tables_peer
+}
+
+output "map_route_tables_self" {
+  description = "Transit Gateway route tables map (VRF:id) self (this region)"
+  value       = local.transit_gateway_route_table_ids_self
+}
+
+output "map_route_tables_peer" {
+  description = "Transit Gateway route tables map (VRF:id) peer (other region)"
+  value       = local.transit_gateway_route_table_ids_peer
+}
diff --git a/vpc-transit-gateway-association/self/prefixes.tf b/vpc-transit-gateway-association/self/prefixes.tf
new file mode 120000
index 0000000..5bc256c
--- /dev/null
+++ b/vpc-transit-gateway-association/self/prefixes.tf
@@ -0,0 +1 @@
+../../common/prefixes.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/self/routing.tf
similarity index 80%
rename from vpc-transit-gateway-association/routing.tf
rename to vpc-transit-gateway-association/self/routing.tf
index 83e73ef..33a7efc 100644
--- a/vpc-transit-gateway-association/routing.tf
+++ b/vpc-transit-gateway-association/self/routing.tf
@@ -1,6 +1,5 @@
 module "routing_attachment_ipv4" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing?ref=tf-upgrade"
-  count  = var.transit_gateway_routing_type == "self" ? 1 : 0
   vpc_id = var.vpc_id
 
   vpc_full_name      = var.vpc_full_name
@@ -39,13 +38,13 @@ module "routing_attachment_ipv4" {
 
 resource "null_resource" "vpc_attachment_exists" {
   triggers = {
-    vpc_attachment = var.transit_gateway_routing_type == "self" ? one(aws_ec2_transit_gateway_vpc_attachment.vpc_attachment[*].id) : ""
+    vpc_attachment = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
   }
 }
 
 # pick the first prefix list found, either NAME or NAME.ipv4
 resource "aws_route" "gateway_ipv4" {
-  for_each = var.transit_gateway_routing_type == "self" ? var.private_route_table_ids : {}
+  for_each = var.private_route_table_ids
 
   route_table_id = each.value
   #  destination_cidr_block = "10.128.0.0/16"
@@ -55,3 +54,13 @@ resource "aws_route" "gateway_ipv4" {
 
   depends_on = [null_resource.vpc_attachment_exists]
 }
+
+# resource "aws_route" "gateway_vpn_ipv4" {
+#   for_each = var.private_route_table_ids 
+# 
+#   route_table_id = each.value
+#   destination_prefix_list_id = var.data_input.prefix_list_id_ipv4
+#   transit_gateway_id         = data.aws_ec2_transit_gateway.gateway_self.id
+# 
+#   depends_on = [null_resource.vpc_attachment_exists]
+# }
diff --git a/vpc-transit-gateway-association/self/variables.common.availability_zones.tf b/vpc-transit-gateway-association/self/variables.common.availability_zones.tf
new file mode 120000
index 0000000..ec237ef
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.common.availability_zones.tf
@@ -0,0 +1 @@
+../../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/variables.common.tf b/vpc-transit-gateway-association/self/variables.common.tf
new file mode 120000
index 0000000..e01226c
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.common.tf
@@ -0,0 +1 @@
+../../common/variables.common.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/variables.common.vpc.tf b/vpc-transit-gateway-association/self/variables.common.vpc.tf
new file mode 120000
index 0000000..b7a8eef
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.common.vpc.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/variables.common.vpc_id.tf b/vpc-transit-gateway-association/self/variables.common.vpc_id.tf
new file mode 120000
index 0000000..aabcfbd
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.common.vpc_id.tf
@@ -0,0 +1 @@
+../../common/variables.common.vpc_id.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/variables.create.tf b/vpc-transit-gateway-association/self/variables.create.tf
new file mode 120000
index 0000000..ae0c122
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.create.tf
@@ -0,0 +1 @@
+../../common/variables.create.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/variables.data_input.tf b/vpc-transit-gateway-association/self/variables.data_input.tf
new file mode 100644
index 0000000..a27009a
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.data_input.tf
@@ -0,0 +1,13 @@
+variable "data_input" {
+  description = "Map of data generated by vpc-transit-gateway-association-data"
+  type = object({
+    availablity_zone      = map(any)
+    gateway_self          = string
+    gateway_peer          = string
+    route_tables_self     = map(any)
+    route_tables_peer     = map(any)
+    map_route_tables_self = map(any)
+    map_route_tables_peer = map(any)
+    prefix_list_id_ipv4   = string
+  })
+}
diff --git a/vpc-transit-gateway-association/self/variables.subnets.tf b/vpc-transit-gateway-association/self/variables.subnets.tf
new file mode 100644
index 0000000..666405e
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.subnets.tf
@@ -0,0 +1,12 @@
+# from routing/variables.f
+
+variable "private_subnets_ids" {
+  description = "List of private subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
diff --git a/vpc-transit-gateway-association/self/variables.tf b/vpc-transit-gateway-association/self/variables.tf
new file mode 100644
index 0000000..0656be0
--- /dev/null
+++ b/vpc-transit-gateway-association/self/variables.tf
@@ -0,0 +1,53 @@
+variable "network_account_profile" {
+  description = "AWS profile of the source account sharing the VPC resources"
+  type        = string
+}
+
+variable "transit_gateway_environment" {
+  description = "Transit Gateway Environment (aka, VRF) to which to connnect this VPC"
+  type        = string
+
+  validation {
+    condition     = contains(["services", "dev", "test", "stage", "prod", "cre"], var.transit_gateway_environment)
+    error_message = "transit_gateway_environment value must be one of the valid VRF selections"
+  }
+}
+
+## variable "transit_gateway_routing_type" {
+##   description = "Transit Gateway routing type, to select either self or peer (where we may have many peers)"
+##   type        = string
+## 
+##   validation {
+##     condition     = contains(["self", "peer"], var.transit_gateway_routing_type)
+##     error_message = "transit_gateway_routing_type must be either self or peer"
+##   }
+## }
+
+variable "route_table_label" {
+  description = "Route table lable for the attachment subnets"
+  type        = string
+  default     = "attachment"
+}
+
+variable "route_prefix_list_name" {
+  description = "Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW."
+  type        = string
+  default     = "transit-gateway.prod"
+}
+
+variable "transit_gateway_label" {
+  description = "Transit Gateway label for specific instance (sa, prod)"
+  type        = string
+  default     = "prod"
+}
+
+## variable "subnet_ids" {
+##   description = "List of subnet IDs for this VPC for the TGW attachment. This should be not public, and should be a separate attachment set of /28 subnets with no other use"
+##   type        = list(string)
+## }
+
+variable "private_route_table_ids" {
+  description = "Map of private route table IDs (which exclude the attachment subnets)"
+  type        = map(string)
+  default     = {}
+}
diff --git a/vpc-transit-gateway-association/self/version.tf b/vpc-transit-gateway-association/self/version.tf
new file mode 120000
index 0000000..4950c91
--- /dev/null
+++ b/vpc-transit-gateway-association/self/version.tf
@@ -0,0 +1 @@
+../../common/version.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/self/versions.tf b/vpc-transit-gateway-association/self/versions.tf
new file mode 100644
index 0000000..fb772a1
--- /dev/null
+++ b/vpc-transit-gateway-association/self/versions.tf
@@ -0,0 +1,31 @@
+terraform {
+  #  experiments = [module_variable_optional_attrs]
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      version               = ">= 3.66.0"
+      configuration_aliases = [aws.network_account, aws.self, aws.peer]
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = ">= 2.0"
+    }
+    ldap = {
+      source  = "trevex/ldap"
+      version = ">= 0.5.4"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 1.0.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/vpc-transit-gateway-association/variables.common.availability_zones.tf b/vpc-transit-gateway-association/variables.common.availability_zones.tf
deleted file mode 120000
index dca20a3..0000000
--- a/vpc-transit-gateway-association/variables.common.availability_zones.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.availability_zones.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/variables.common.tf b/vpc-transit-gateway-association/variables.common.tf
deleted file mode 120000
index 7439ed8..0000000
--- a/vpc-transit-gateway-association/variables.common.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/variables.common.vpc.tf b/vpc-transit-gateway-association/variables.common.vpc.tf
deleted file mode 120000
index 5e77d37..0000000
--- a/vpc-transit-gateway-association/variables.common.vpc.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.vpc.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/variables.common.vpc_id.tf b/vpc-transit-gateway-association/variables.common.vpc_id.tf
deleted file mode 120000
index bc2e061..0000000
--- a/vpc-transit-gateway-association/variables.common.vpc_id.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.vpc_id.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/variables.create.tf b/vpc-transit-gateway-association/variables.create.tf
deleted file mode 120000
index de1275b..0000000
--- a/vpc-transit-gateway-association/variables.create.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.create.tf
\ No newline at end of file
diff --git a/vpc-transit-gateway-association/version.tf b/vpc-transit-gateway-association/version.tf
deleted file mode 120000
index b83c5b7..0000000
--- a/vpc-transit-gateway-association/version.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/version.tf
\ No newline at end of file