From c2cc2db815becb110684134dd29b71ee0a530d51 Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 20 Mar 2023 17:13:27 -0400 Subject: [PATCH] enable tgw tagging --- CHANGELOG.md | 4 ++++ common/version.tf | 2 +- examples/full-setup-tf-upgrade/apps/dns/tf-run.data | 8 +++++--- examples/full-setup-tf-upgrade/apps/dns/versions.tf | 7 ++----- examples/full-setup-tf-upgrade/outputs.tf | 6 ++++-- tag-shared-vpc-resources/README.md | 7 ++----- tag-shared-vpc-resources/main.tf | 5 +---- tag-shared-vpc-resources/tag-transit-gateway.tf | 7 ++++--- tag-shared-vpc-resources/variables.tf | 2 +- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 99d23ca..fb22501 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -260,3 +260,7 @@ - flowlogs - remove iam_role_arn for s3 log destinations to avoid this error: Error: creating Flow Log (vpc-0f791ea1e2bb46924): InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery + +* 2.6.2 -- 2023-03-20 + - tag-shared-vpc-resources + - enable tgw tagging by default, which works now diff --git a/common/version.tf b/common/version.tf index 189778a..7a0752c 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,5 +1,5 @@ locals { - _module_version = "2.6.1" + _module_version = "2.6.2" _module_names = { "_main_" = "aws-vpc-setup" diff --git a/examples/full-setup-tf-upgrade/apps/dns/tf-run.data b/examples/full-setup-tf-upgrade/apps/dns/tf-run.data index 09e56f9..26ec2e6 100644 --- a/examples/full-setup-tf-upgrade/apps/dns/tf-run.data +++ b/examples/full-setup-tf-upgrade/apps/dns/tf-run.data @@ -1,11 +1,13 @@ -VERSION 1.1.2 +VERSION 1.1.3 REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh COMMAND tf-init -upgrade -# LINKTOP includes.d/ENVIRONMENT/variables.application_tags.auto.tfvars . -LINKTOP includes.d/variables.application_tags.tf . +LINKTOP includes.d/variables.application_tags.tf +LINKTOP includes.d/prod/variables.application_tags.auto.tfvars +LINK variables.vpc.tf +LINK variables.vpc.auto.tfvars ALL COMMAND tf-directory-setup.py -l s3 diff --git a/examples/full-setup-tf-upgrade/apps/dns/versions.tf b/examples/full-setup-tf-upgrade/apps/dns/versions.tf index ec1ce3c..c791e91 100644 --- a/examples/full-setup-tf-upgrade/apps/dns/versions.tf +++ b/examples/full-setup-tf-upgrade/apps/dns/versions.tf @@ -1,12 +1,9 @@ terraform { + required_version = ">= 1.0.0" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.0" - } - infoblox = { - source = "infobloxopen/infoblox" - version = ">= 2.1.0" + version = ">= 4.0" } } } diff --git a/examples/full-setup-tf-upgrade/outputs.tf b/examples/full-setup-tf-upgrade/outputs.tf index 1e49471..929f530 100644 --- a/examples/full-setup-tf-upgrade/outputs.tf +++ b/examples/full-setup-tf-upgrade/outputs.tf @@ -29,12 +29,14 @@ output "vpc_info" { output "vpn_tunnel_endpoints" { description = "VPN Tunnel Endpoint IP Addresses" - value = module.vpn.vpn_tunnel_endpoints + # value = module.vpn.vpn_tunnel_endpoints + value = try(module.vpn[0].vpn_tunnel_endpoints, null) } output "vpn_labels" { description = "VPN Label for Description field of Endpoint device (Cisco ASR)" - value = module.vpn.vpn_labels + # value = module.vpn.vpn_labels + value = try(module.vpn[0].vpn_labels, null) } output "security_groups" { diff --git a/tag-shared-vpc-resources/README.md b/tag-shared-vpc-resources/README.md index 644b4c8..7a73dd3 100644 --- a/tag-shared-vpc-resources/README.md +++ b/tag-shared-vpc-resources/README.md @@ -18,9 +18,6 @@ This reads tags and updates them in the local account and region from these reso * subnets * route-tables * network-acls - -These resources are not compatible for sharing. AWS does not support remote (i.e., in a shared to account) tagging: - * transit-gateway ## How it works @@ -51,7 +48,7 @@ module "tag_shared" { ### tag_enabled_route_tables = true ### tag_enabled_subnets = true ### tag_enabled_network_acls = true - ### tag_enabled_transit_gateway = false + ### tag_enabled_transit_gateway = true } ``` @@ -190,7 +187,7 @@ No modules. | [tag\_enabled\_network\_acls](#input\_tag\_enabled\_network\_acls) | Flag to tag or not tag shared Network ACLs | `bool` | `true` | no | | [tag\_enabled\_route\_tables](#input\_tag\_enabled\_route\_tables) | Flag to tag or not tag shared VPC route tables | `bool` | `true` | no | | [tag\_enabled\_subnets](#input\_tag\_enabled\_subnets) | Flag to tag or not tag shared VPC subnets | `bool` | `true` | no | -| [tag\_enabled\_transit\_gateway](#input\_tag\_enabled\_transit\_gateway) | Flag to tag or not tag shared VPC Transit Gateway (not currently possible in AWS; this has no effect) | `bool` | `false` | no | +| [tag\_enabled\_transit\_gateway](#input\_tag\_enabled\_transit\_gateway) | Flag to tag or not tag shared VPC Transit Gateway (not currently possible in AWS; this has no effect) | `bool` | `true` | no | | [tag\_enabled\_vpcs](#input\_tag\_enabled\_vpcs) | Flag to tag or not tag shared VPCs | `bool` | `true` | no | | [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | | [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no | diff --git a/tag-shared-vpc-resources/main.tf b/tag-shared-vpc-resources/main.tf index 6a16e29..47f0f1a 100644 --- a/tag-shared-vpc-resources/main.tf +++ b/tag-shared-vpc-resources/main.tf @@ -19,9 +19,6 @@ * * subnets * * route-tables * * network-acls -* -* These resources are not compatible for sharing. AWS does not support remote (i.e., in a shared to account) tagging: -* * * transit-gateway * * ## How it works @@ -52,7 +49,7 @@ * ### tag_enabled_route_tables = true * ### tag_enabled_subnets = true * ### tag_enabled_network_acls = true -* ### tag_enabled_transit_gateway = false +* ### tag_enabled_transit_gateway = true * } * ``` * diff --git a/tag-shared-vpc-resources/tag-transit-gateway.tf b/tag-shared-vpc-resources/tag-transit-gateway.tf index 46c5687..2e0d9e3 100644 --- a/tag-shared-vpc-resources/tag-transit-gateway.tf +++ b/tag-shared-vpc-resources/tag-transit-gateway.tf @@ -12,7 +12,7 @@ data "aws_ec2_transit_gateway" "transit_gateway" { ## } locals { - _tgw_enabled = var.tag_enabled_transit_gateway ? false : false + _tgw_enabled = var.tag_enabled_transit_gateway _transit_gateway_tags = local._tgw_enabled ? { format("%v", data.aws_ec2_transit_gateway.transit_gateway[0].id) = data.aws_ec2_transit_gateway.transit_gateway[0] } : {} transit_gateway_tags = { for k, v in local._transit_gateway_tags : k => merge(v.tags, { "boc:vpc:owner_id" = v.owner_id }) } transit_gateway_tags_map = flatten([for k, v in local.transit_gateway_tags : [for tk, tv in v : { label = format("%v__%v", k, tk), transit_gateway_id = k, key = tk, value = tv }]]) @@ -20,7 +20,7 @@ locals { resource "aws_ec2_tag" "transit_gateway" { provider = aws - for_each = false ? { for t in local.transit_gateway_tags_map : t.label => t } : {} + for_each = { for t in local.transit_gateway_tags_map : t.label => t } resource_id = each.value.transit_gateway_id key = each.value.key @@ -35,4 +35,5 @@ resource "aws_ec2_tag" "transit_gateway" { ## on tag-transit-gateway.tf line 19, in resource "aws_ec2_tag" "transit_gateway": ## 19: resource "aws_ec2_tag" "transit_gateway" { ## -## +## 20230320 +## this works now!! diff --git a/tag-shared-vpc-resources/variables.tf b/tag-shared-vpc-resources/variables.tf index d9b6dc0..58a8722 100644 --- a/tag-shared-vpc-resources/variables.tf +++ b/tag-shared-vpc-resources/variables.tf @@ -36,5 +36,5 @@ variable "tag_enabled_network_acls" { variable "tag_enabled_transit_gateway" { description = "Flag to tag or not tag shared VPC Transit Gateway (not currently possible in AWS; this has no effect)" type = bool - default = false + default = true }