* 2.2.0 -- 2022-09-19

  - vpn-transit-gatewy
    - add labels for tunnel_interfaces and tunnel_loopbacks (optional)
    - generate configurations for ASR automation

CHANGELOG.md

@@ -178,3 +178,8 @@
 * 2.1.1 -- 2022-09-13
   - subnet
     - add arn to output
+
+* 2.2.0 -- 2022-09-19
+  - vpn-transit-gatewy
+    - add labels for tunnel_interfaces and tunnel_loopbacks (optional)
+    - generate configurations for ASR automation

common/version.tf

@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.1.1"
+  _module_version = "2.2.0"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

vpn-transit-gateway/README.md

@@ -56,6 +56,7 @@ module "vpn_transit-gateway" {
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |
 
@@ -74,19 +75,21 @@ No modules.
 | [aws_ec2_transit_gateway_route_table_association.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.propagate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_vpn_connection.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |
+| [local_sensistive_file.vpn_details](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensistive_file) | resource |
 | [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
-| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS Profile Name, used for makign AWS call to download VPN configurations | `string` | `"default"` | no |
@@ -95,7 +98,7 @@ No modules.
 | <a name="input_tgw_environment"></a> [tgw\_environment](#input\_tgw\_environment) | Transit Gatewway environment purpose (services, dev, test, stage, prod, cre) | `string` | `null` | no |
 | <a name="input_tgw_route_table_association"></a> [tgw\_route\_table\_association](#input\_tgw\_route\_table\_association) | Transit Gateway Route Table to associate the VPN attachments with.  Only one route table may be associated with a VPN attachment. | `string` | `null` | no |
 | <a name="input_tgw_route_table_propagation"></a> [tgw\_route\_table\_propagation](#input\_tgw\_route\_table\_propagation) | Transit Gateway Route Tables to propagate the VPN attachments.  Multiple route tables may be selected. | `list(string)` | `[]` | no |
-| <a name="input_tgw_vpn_settings"></a> [tgw\_vpn\_settings](#input\_tgw\_vpn\_settings) | Transit Gateway VPN Connection details array of objects | <pre>list(object(<br>    {<br>      site           = string<br>      environment    = string<br>      sequence       = number<br>      bgp_asn_id     = number<br>      ip_address     = string<br>      tunnel_ips     = list(string)<br>      preshared_keys = list(string)<br>    }<br>  ))</pre> | `[]` | no |
+| <a name="input_tgw_vpn_settings"></a> [tgw\_vpn\_settings](#input\_tgw\_vpn\_settings) | Transit Gateway VPN Connection details array of objects | <pre>list(object(<br>    {<br>      site             = string<br>      environment      = string<br>      sequence         = number<br>      region           = optional(string)<br>      bgp_asn_id       = number<br>      ip_address       = string<br>      tunnel_ips       = list(string)<br>      preshared_keys   = list(string)<br>      tunnel_interaces = optional(list(number))<br>      tunnel_loopback  = optional(number)<br>    }<br>  ))</pre> | `[]` | no |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit Gateway ID | `string` | n/a | yes |
 | <a name="input_use_tgw_prefixes"></a> [use\_tgw\_prefixes](#input\_use\_tgw\_prefixes) | Flag to enable or disable the use of Transit Gateway prefixes (default: false) | `bool` | `false` | no |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |

vpn-transit-gateway/main.tf

@@ -145,6 +145,8 @@ resource "aws_vpn_connection" "vpn" {
       Name                  = format("%v%v%v", (var.use_tgw_prefixes ? local._prefixes["transit-gateway-vpn"] : ""), local._prefixes["vpn-connection"], each.key)
       "boc:tgw_environment" = var.tgw_environment
     },
+    length(each.value.tunnel_interfaces) == 2 ? { "boc:vpn:tunnel_interfaces" = join(" ", each.value.tunnel_interfaces) } : {},
+    each.value.tunnel_loopback != null ? { "boc:vpn:tunnel_loopback" = each.value.tunnel_loopback } : {},
   )
 }
 

vpn-transit-gateway/variables.tf

@@ -17,13 +17,16 @@ variable "tgw_vpn_settings" {
   description = "Transit Gateway VPN Connection details array of objects"
   type = list(object(
     {
-      site           = string
-      environment    = string
-      sequence       = number
-      bgp_asn_id     = number
-      ip_address     = string
-      tunnel_ips     = list(string)
-      preshared_keys = list(string)
+      site             = string
+      environment      = string
+      sequence         = number
+      region           = optional(string)
+      bgp_asn_id       = number
+      ip_address       = string
+      tunnel_ips       = list(string)
+      preshared_keys   = list(string)
+      tunnel_interaces = optional(list(number))
+      tunnel_loopback  = optional(number)
     }
   ))
   default = []

vpn-transit-gateway/vpn-config.tf

@@ -14,20 +14,27 @@ locals {
     tunnel1_inside_cidr        = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
     tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
     tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+    tunnel1_interface_number   = length(local.vpn_settings.tunnel_interfaces) == 2 ? local.vpn_settings.tunnel_interfaces[0] : ""
+    tunnel1_loopback           = local.vpn_settings.tunnel_loopback != null ? local.vpn_settings.tunnel_loopback : ""
 
     tunnel2_bgp_asn            = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
     tunnel2_address            = aws_vpn_connection.vpn[k].tunnel2_address
     tunnel2_inside_cidr        = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
     tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
     tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+    tunnel2_interface_number   = length(local.vpn_settings.tunnel_interfaces) == 2 ? local.vpn_settings.tunnel_interfaces[1] : ""
+    tunnel2_loopback           = local.vpn_settings.tunnel_loopback != null ? local.vpn_settings.tunnel_loopback : ""
     }
   }
 }
 
 resource "null_resource" "directory_setup" {
+  triggers = {
+    name = "vpn-config"
+  }
   provisioner "local-exec" {
     working_dir = path.root
-    command     = "test -d vpn-configs || ( mkdir vpn-configs; echo vpn-configs >> .gitignore )"
+    command     = "test -d ${self.triggers.name} || ( mkdir ${self.triggers.name}; echo ${self.triggers.name} >> .gitignore )"
   }
 }
 
@@ -47,3 +54,11 @@ resource "null_resource" "generate_configs" {
     }
   }
 }
+
+resource "local_sensistive_file" "vpn_details" {
+  for_each = local.vpn_tunnel_outputs
+  #  content = templatefile("${path.module}/templates/vpn_details.tpl"), {
+  content         = jsonencode(merge({ version = local._module_version, name = each.key }, each.value))
+  filename        = format("${path.root}/%v/%v.vpn_details.json", null_resource.directory_setup.triggers.name, each.key)
+  file_permission = "0644"
+}