fix tgw route tables

terraform-modules · Nov 23, 2022 · a6e2ac6 · a6e2ac6
1 parent 358ed70
commit a6e2ac6
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 15 deletions.
diff --git a/vpc-transit-gateway-association/peer/README.md b/vpc-transit-gateway-association/peer/README.md
@@ -103,6 +103,8 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
 | <a name="input_transit_gateway_label"></a> [transit\_gateway\_label](#input\_transit\_gateway\_label) | Transit Gateway label for specific instance (sa, prod) | `string` | `"prod"` | no |
+| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR Block | `string` | `null` | no |
+| <a name="input_vpc_cidr_blocks"></a> [vpc\_cidr\_blocks](#input\_vpc\_cidr\_blocks) | VPC CIDR Block List | `list(string)` | `[]` | no |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
 | <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |

diff --git a/vpc-transit-gateway-association/peer/associate.tf b/vpc-transit-gateway-association/peer/associate.tf
@@ -3,15 +3,17 @@
 #---
 locals {
   propagate_all_rt = ["services", "inter-region"]
-  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_peer) : k if ! contains(local.propagate_all_rt, k)]
+  #  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_peer) : k if ! contains(local.propagate_all_rt, k)]
+  selected_rt = [for k in keys(var.data_input.map_route_tables_peer) : k if ! contains(local.propagate_all_rt, k)]
 }
 
 #---
 # add routes to peer for non-services
 #---
 resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" {
   provider = aws.peer
-  for_each = { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.transit_gateway_environment }
+  #  for_each = { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] if k == var.transit_gateway_environment }
+  for_each = { for k in local.selected_rt : k => var.data_input.map_route_tables_peer[k] if k == var.transit_gateway_environment }
   #  destination_cidr_block = data.aws_vpc.vpc.cidr_block
   destination_cidr_block = var.vpc_cidr_block
 
@@ -24,7 +26,8 @@ resource "aws_ec2_transit_gateway_route" "vpc_peer_own_rt" {
 #--
 resource "aws_ec2_transit_gateway_route" "vpc_peer_common" {
   provider = aws.peer
-  for_each = { "services" = local.transit_gateway_route_table_ids_peer["services"] }
+  #  for_each = { "services" = local.transit_gateway_route_table_ids_peer["services"] }
+  for_each = { "services" = var.data_input.map_route_tables_peer["services"] }
   #  destination_cidr_block = data.aws_vpc.vpc.cidr_block
   destination_cidr_block = var.vpc_cidr_block
 
@@ -37,7 +40,8 @@ resource "aws_ec2_transit_gateway_route" "vpc_peer_common" {
 #--
 resource "aws_ec2_transit_gateway_route" "vpc_peer_all" {
   provider = aws.peer
-  for_each = contains(local.propagate_all_rt, var.transit_gateway_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {}
+  #  for_each = contains(local.propagate_all_rt, var.transit_gateway_environment) ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_peer[k] } : {}
+  for_each = contains(local.propagate_all_rt, var.transit_gateway_environment) ? { for k in local.selected_rt : k => var.data_input.map_route_tables_peer[k] } : {}
   #  destination_cidr_block = data.aws_vpc.vpc.cidr_block
   destination_cidr_block = var.vpc_cidr_block
 

diff --git a/vpc-transit-gateway-association/peer/outputs.tf b/vpc-transit-gateway-association/peer/outputs.tf
@@ -24,10 +24,12 @@ output "route_tables_peer" {
 
 output "map_route_tables_self" {
   description = "Transit Gateway route tables map (VRF:id) self (this region)"
-  value       = local.transit_gateway_route_table_ids_self
+  #  value       = local.transit_gateway_route_table_ids_self
+  value = var.data_input.map_route_tables_self
 }
 
 output "map_route_tables_peer" {
   description = "Transit Gateway route tables map (VRF:id) peer (other region)"
-  value       = local.transit_gateway_route_table_ids_peer
+  #  value       = local.transit_gateway_route_table_ids_peer
+  value = var.data_input.map_route_tables_peeer
 }
diff --git a/vpc-transit-gateway-association/self/associate.tf b/vpc-transit-gateway-association/self/associate.tf
@@ -30,17 +30,19 @@ output "vpc_attachment_id" {
 # assocaite this vpc to route table in self (my region, network account)
 #---
 resource "aws_ec2_transit_gateway_route_table_association" "route_table_self" {
-  provider                       = aws.self
-  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
-  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment]
+  provider                      = aws.self
+  transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
+  #  transit_gateway_route_table_id = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment]
+  transit_gateway_route_table_id = var.data_input.map_route_tables_self[var.transit_gateway_environment]
 }
 
 #---
 # get rt variables for use later
 #---
 locals {
   propagate_all_rt = ["services", "inter-region"]
-  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)]
+  #  selected_rt      = [for k in keys(local.transit_gateway_route_table_ids_self) : k if ! contains(local.propagate_all_rt, k)]
+  selected_rt = [for k in keys(var.data_input.map_route_tables_self) : k if ! contains(local.propagate_all_rt, k)]
 }
 
 #---
@@ -51,7 +53,8 @@ locals {
 #---
 resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" {
   provider = aws.self
-  for_each = var.transit_gateway_environment == "services" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] } : { (var.transit_gateway_environment) = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment] }
+  #  for_each = var.transit_gateway_environment == "services" ? { for k in local.selected_rt : k => local.transit_gateway_route_table_ids_self[k] } : { (var.transit_gateway_environment) = local.transit_gateway_route_table_ids_self[var.transit_gateway_environment] }
+  for_each = var.transit_gateway_environment == "services" ? { for k in local.selected_rt : k => var.data_input.map_route_tables_self[k] } : { (var.transit_gateway_environment) = var.data_input.map_route_tables_self[var.transit_gateway_environment] }
 
   transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
   transit_gateway_route_table_id = each.value
@@ -63,9 +66,9 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_own_rt" {
 #---
 resource "aws_ec2_transit_gateway_route_table_propagation" "vpc_self_common" {
   provider = aws.self
-  for_each = { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] }
+  #  for_each = { for k in local.propagate_all_rt : k => local.transit_gateway_route_table_ids_self[k] }
+  for_each = { for k in local.propagate_all_rt : k => var.data_input.map_route_tables_self[k] }
 
   transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment.id
   transit_gateway_route_table_id = each.value
 }
-
diff --git a/vpc-transit-gateway-association/self/outputs.tf b/vpc-transit-gateway-association/self/outputs.tf
@@ -24,10 +24,12 @@ output "route_tables_peer" {
 
 output "map_route_tables_self" {
   description = "Transit Gateway route tables map (VRF:id) self (this region)"
-  value       = local.transit_gateway_route_table_ids_self
+  #  value       = local.transit_gateway_route_table_ids_self
+  value = var.data_input.map_route_tables_self
 }
 
 output "map_route_tables_peer" {
   description = "Transit Gateway route tables map (VRF:id) peer (other region)"
-  value       = local.transit_gateway_route_table_ids_peer
+  #  value       = local.transit_gateway_route_table_ids_peer
+  value = var.data_input.map_route_tables_peeer
 }