diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf index bbef073..a52f3e3 100644 --- a/vpn-transit-gateway/vpn-config.tf +++ b/vpn-transit-gateway/vpn-config.tf @@ -1,4 +1,6 @@ locals { + single_vpn_tunnel_loopback = one([for k, v in local.vpn_settings : v.tunnel_loopback]) + single_vpn_tunnel_ip_address = one([for k, v in local.vpn_settings : v.ip_address]) vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => { vpn_name = k site = v.site @@ -26,7 +28,7 @@ locals { tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address tunnel1_interface_number = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[0] : "" tunnel1_track_number = length(v.tunnel_track) == 2 ? v.tunnel_track[0] : "" - tunnel1_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : "" + tunnel1_loopback = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback : v.tunnel_loopback) : "" tunnel2_label = format("%v %v %v %v %v", aws_vpn_connection.vpn[k].tunnel2_inside_cidr, local.account_id, local.region_short, var.vpc_short_name, v.label) tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn @@ -36,7 +38,7 @@ locals { tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address tunnel2_interface_number = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[1] : "" tunnel2_track_number = length(v.tunnel_track) == 2 ? v.tunnel_track[1] : "" - tunnel2_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : "" + tunnel2_loopback = v.tunnel_loopback != null ? (var.use_single_cgw ? local.single_vpn_tunnel_loopback : v.tunnel_loopback) : "" } } vpn_tunnel_secrets = { for k, v in local.vpn_settings : k => { @@ -49,6 +51,11 @@ locals { vpn_site_tunnel_outputs = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_tunnel_outputs : merge(v, local.vpn_tunnel_secrets[k]) if v.site == s]) } # vpn_site_tunnel_outputs = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_tunnel_outputs : v if v.site == s]) } vpn_site_common_settings = ["account_alias", "account_id", "region", "region_short", "vpc_cidr_block", "vpc_name", "vpc_short_name", "vpn_environment"] + single_cgw_settings = { + single_cgw = var.use_single_cgw ? true : false + customer_address = var.use_single_cgw ? local.single_vpn_tunnel_ip_address : "" + loopback = var.use_single_cgw ? local.single_vpn_tunnel_loopback : "" + } } @@ -99,14 +106,14 @@ resource "local_sensitive_file" "vpn_details_yaml" { resource "local_sensitive_file" "vpn_site_details_json" { for_each = var.generate_json_files ? local.vpn_site_tunnel_outputs : {} # content = yamlencode({ version = local._module_version, site = each.key, vpns = each.value }) - content = jsonencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, { for k in local.vpn_site_common_settings : k => each.value[0][k] })) + content = jsonencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings, { for k in local.vpn_site_common_settings : k => each.value[0][k] })) filename = format("%v/%v/site.%v.%v.%v.json", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key) file_permission = "0644" } resource "local_sensitive_file" "vpn_site_details_yaml" { for_each = var.generate_yaml_files ? local.vpn_site_tunnel_outputs : {} - content = yamlencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, { for k in local.vpn_site_common_settings : k => each.value[0][k] })) + content = yamlencode(merge({ version = local._module_version, site = each.key, vpns = each.value }, local.single_cgw_settings, { for k in local.vpn_site_common_settings : k => each.value[0][k] })) filename = format("%v/%v/site.%v.%v.%v.yml", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key) file_permission = "0644" }