-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
151 additions
and
0 deletions.
There are no files selected for viewing
15 changes: 15 additions & 0 deletions
15
examples/vpc-transit-gateway-attachment/variables.vpc-transit-gateway.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| variable "network_account_profile" { | ||
| description = "AWS profile of the source account sharing the VPC resources" | ||
| type = string | ||
| } | ||
|
|
||
| variable "tgw_label" { | ||
| description = "Transit Gateway label for specific instance (sa, prod)" | ||
| type = string | ||
| default = "prod" | ||
|
|
||
| validation { | ||
| condition = contains(["sa", "prod"], var.tgw_label) | ||
| error_message = "tgw_label must be set to valid environment, used in determining managed prefixes" | ||
| } | ||
| } |
5 changes: 5 additions & 0 deletions
5
examples/vpc-transit-gateway-attachment/variables.vpc.auto.tfvars.update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # make sure to add to variables.vpc.auto.tfvars tgw_environment, with the appropriate selected | ||
| # valid VRF. See the definition for the variable tgw_environment. If omitted, it defaults to null | ||
| # and no attachments will be made | ||
|
|
||
| tgw_environment = "unconfigured" |
12 changes: 12 additions & 0 deletions
12
examples/vpc-transit-gateway-attachment/variables.vpc.tf.update
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| # update the variables.vpc.tf defintions for validation of the tgw_environment variable | ||
|
|
||
| variable "tgw_environment" { | ||
| description = "Transit Gateway environment route table (services, dev, test, stage, prod, network)" | ||
| type = string | ||
| default = null | ||
|
|
||
| validation { | ||
| condition = vr.tgw_environment == null || contains(["services", "dev", "test", "stage", "prod", "cre"], var.tgw_environment) | ||
| error_message = "tgw_environment value must be one of the valid VRF selections or null for no attachment" | ||
| } | ||
| } |
96 changes: 96 additions & 0 deletions
96
examples/vpc-transit-gateway-attachment/vpc-transit-gateway.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| # establish the additional providers needed for self and peer. For commercial, there will be several peers | ||
| # though we have not worked out that configuration. We may split the provider parts out to a different file. | ||
|
|
||
| provider "aws" { | ||
| alias = "network_account" | ||
| region = var.region | ||
| profile = var.network_account_profile | ||
| } | ||
|
|
||
| provider "aws" { | ||
| alias = "tgw_self" | ||
| region = var.region | ||
| profile = var.network_account_profile | ||
| } | ||
|
|
||
| provider "aws" { | ||
| alias = "tgw_peer" | ||
| region = var.region == "us-gov-east-1" ? "us-gov-west-1" : "us-gov-east-1" | ||
| profile = var.network_account_profile | ||
| } | ||
|
|
||
| # this is a three part setup, but due to proper referencing it will do them in the correct order | ||
| # first, we need to get data, then do self, and then do peer | ||
| # this expects in the network account for the environment, two managed prefixe lists are setup, one for all CIDR blocks handled | ||
| # by TGW (transit-gateway.{label}) and another for VPNs back to on-prem (vpn-transit-gateway.{label}). | ||
|
|
||
| module "vpc_tgw_data" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/data?ref=tf-upgrade" | ||
| providers = { | ||
| aws = aws | ||
| aws.network_account = aws.network_account | ||
| aws.self = aws.tgw_self | ||
| aws.peer = aws.tgw_peer | ||
| } | ||
|
|
||
| network_account_profile = var.network_account_profile | ||
| vpc_id = local.vpc_id | ||
| vpc_full_name = var.vpc_full_name | ||
| private_subnets_ids = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"] | ||
| private_route_table_ids = module.routing.private_route_table_ids | ||
| transit_gateway_environment = var.tgw_environment | ||
| transit_gateway_label = var.tgw_label | ||
| route_prefix_list_name = format("transit-gateway.%v", var.tgw_label) | ||
| vpn_route_prefix_list_name = format("vpn-transit-gateway.%v", var.tgw_label) | ||
| } | ||
|
|
||
|
|
||
| # call once for self, once for each peer (if we have multiple regions for peers, change the peer to each region) | ||
| # note the self must be done before the peer | ||
|
|
||
| module "vpc_tgw_self" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/self?ref=tf-upgrade" | ||
| providers = { | ||
| aws = aws | ||
| aws.network_account = aws.network_account | ||
| aws.self = aws.tgw_self | ||
| aws.peer = aws.tgw_peer | ||
| } | ||
| count = var.tgw_environment != null ? 1 : 0 | ||
|
|
||
| network_account_profile = var.network_account_profile | ||
| vpc_id = local.vpc_id | ||
| vpc_full_name = var.vpc_full_name | ||
| private_subnets_ids = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"] | ||
| private_route_table_ids = module.routing.private_route_table_ids | ||
| transit_gateway_environment = var.tgw_environment | ||
| transit_gateway_label = var.tgw_label | ||
| route_prefix_list_name = format("transit-gateway.%v", var.tgw_label) | ||
| vpn_route_prefix_list_name = format("vpn-transit-gateway.%v", var.tgw_label) | ||
| data_input = module.vpc_tgw_data.data_output | ||
| } | ||
|
|
||
| module "vpc_tgw_peer" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc-transit-gateway-association/peer?ref=tf-upgrade" | ||
| providers = { | ||
| aws = aws | ||
| aws.network_account = aws.network_account | ||
| aws.self = aws.tgw_self | ||
| aws.peer = aws.tgw_peer | ||
| } | ||
| count = var.tgw_environment != null ? 1 : 0 | ||
|
|
||
| network_account_profile = var.network_account_profile | ||
| vpc_id = local.vpc_id | ||
| vpc_full_name = var.vpc_full_name | ||
| private_subnets_ids = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) == "attachment"] | ||
| private_route_table_ids = module.routing.private_route_table_ids | ||
| transit_gateway_environment = var.tgw_environment | ||
| transit_gateway_label = var.tgw_label | ||
| route_prefix_list_name = format("transit-gateway.%v", var.tgw_label) | ||
| vpn_route_prefix_list_name = format("vpn-transit-gateway.%v", var.tgw_label) | ||
| data_input = module.vpc_tgw_data.data_output | ||
|
|
||
| depends_on = [module.vpc_tgw_self] | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # update the module.vpc to add the tgw_environment=var.tgw_environment line. This is so a VPC configuration | ||
| # file can be created in setup/ which will be used for updating routing on the on-prem ASRs through TGG | ||
|
|
||
| module "vpc" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//vpc?ref=tf-upgrade" | ||
|
|
||
| vpc_name = var.vpc_name | ||
| vpc_cidr_block = var.vpc_cidr_block | ||
| vpc_index = var.vpc_index | ||
| vpc_short_name = var.vpc_short_name | ||
| vpc_full_name = var.vpc_full_name | ||
| vpc_environment = var.vpc_environment | ||
| vpc_domain_name = var.vpc_domain_name | ||
| vpc_dns_servers = var.vpc_dns_servers | ||
| vpc_ntp_servers = var.vpc_ntp_servers | ||
| enable_aws_dns = var.vpc_enable_awsdns | ||
| tgw_environment = var.tgw_environment | ||
|
|
||
| tags = merge( | ||
| local.tags, | ||
| tomap({ "boc:tgw_environment" = var.tgw_environment }), | ||
| ) | ||
| } |