diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d9fb42..fd4e552 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -178,3 +178,8 @@
* 2.1.1 -- 2022-09-13
- subnet
- add arn to output
+
+* 2.2.0 -- 2022-09-19
+ - vpn-transit-gatewy
+ - add labels for tunnel_interfaces and tunnel_loopbacks (optional)
+ - generate configurations for ASR automation
diff --git a/common/version.tf b/common/version.tf
index 9e41897..42137a1 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
locals {
- _module_version = "2.1.1"
+ _module_version = "2.2.0"
_module_names = {
"_main_" = "aws-vpc-setup"
diff --git a/vpn-transit-gateway/README.md b/vpn-transit-gateway/README.md
index 18d35d9..0a797fc 100644
--- a/vpn-transit-gateway/README.md
+++ b/vpn-transit-gateway/README.md
@@ -56,6 +56,7 @@ module "vpn_transit-gateway" {
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.66.0 |
+| [local](#provider\_local) | n/a |
| [null](#provider\_null) | >= 3.0 |
| [random](#provider\_random) | >= 3.0 |
@@ -74,19 +75,21 @@ No modules.
| [aws_ec2_transit_gateway_route_table_association.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
| [aws_ec2_transit_gateway_route_table_propagation.propagate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
| [aws_vpn_connection.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |
+| [local_sensistive_file.vpn_details](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensistive_file) | resource |
| [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
-| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
| [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
| [profile](#input\_profile) | AWS Profile Name, used for makign AWS call to download VPN configurations | `string` | `"default"` | no |
@@ -95,7 +98,7 @@ No modules.
| [tgw\_environment](#input\_tgw\_environment) | Transit Gatewway environment purpose (services, dev, test, stage, prod, cre) | `string` | `null` | no |
| [tgw\_route\_table\_association](#input\_tgw\_route\_table\_association) | Transit Gateway Route Table to associate the VPN attachments with. Only one route table may be associated with a VPN attachment. | `string` | `null` | no |
| [tgw\_route\_table\_propagation](#input\_tgw\_route\_table\_propagation) | Transit Gateway Route Tables to propagate the VPN attachments. Multiple route tables may be selected. | `list(string)` | `[]` | no |
-| [tgw\_vpn\_settings](#input\_tgw\_vpn\_settings) | Transit Gateway VPN Connection details array of objects | list(object(
{
site = string
environment = string
sequence = number
bgp_asn_id = number
ip_address = string
tunnel_ips = list(string)
preshared_keys = list(string)
}
))
| `[]` | no |
+| [tgw\_vpn\_settings](#input\_tgw\_vpn\_settings) | Transit Gateway VPN Connection details array of objects | list(object(
{
site = string
environment = string
sequence = number
region = optional(string)
bgp_asn_id = number
ip_address = string
tunnel_ips = list(string)
preshared_keys = list(string)
tunnel_interaces = optional(list(number))
tunnel_loopback = optional(number)
}
))
| `[]` | no |
| [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit Gateway ID | `string` | n/a | yes |
| [use\_tgw\_prefixes](#input\_use\_tgw\_prefixes) | Flag to enable or disable the use of Transit Gateway prefixes (default: false) | `bool` | `false` | no |
| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
diff --git a/vpn-transit-gateway/main.tf b/vpn-transit-gateway/main.tf
index 9c01132..1a312bb 100644
--- a/vpn-transit-gateway/main.tf
+++ b/vpn-transit-gateway/main.tf
@@ -145,6 +145,8 @@ resource "aws_vpn_connection" "vpn" {
Name = format("%v%v%v", (var.use_tgw_prefixes ? local._prefixes["transit-gateway-vpn"] : ""), local._prefixes["vpn-connection"], each.key)
"boc:tgw_environment" = var.tgw_environment
},
+ length(each.value.tunnel_interfaces) == 2 ? { "boc:vpn:tunnel_interfaces" = join(" ", each.value.tunnel_interfaces) } : {},
+ each.value.tunnel_loopback != null ? { "boc:vpn:tunnel_loopback" = each.value.tunnel_loopback } : {},
)
}
diff --git a/vpn-transit-gateway/variables.tf b/vpn-transit-gateway/variables.tf
index 4d87d73..acc4687 100644
--- a/vpn-transit-gateway/variables.tf
+++ b/vpn-transit-gateway/variables.tf
@@ -17,13 +17,16 @@ variable "tgw_vpn_settings" {
description = "Transit Gateway VPN Connection details array of objects"
type = list(object(
{
- site = string
- environment = string
- sequence = number
- bgp_asn_id = number
- ip_address = string
- tunnel_ips = list(string)
- preshared_keys = list(string)
+ site = string
+ environment = string
+ sequence = number
+ region = optional(string)
+ bgp_asn_id = number
+ ip_address = string
+ tunnel_ips = list(string)
+ preshared_keys = list(string)
+ tunnel_interaces = optional(list(number))
+ tunnel_loopback = optional(number)
}
))
default = []
diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf
index df1059d..489a785 100644
--- a/vpn-transit-gateway/vpn-config.tf
+++ b/vpn-transit-gateway/vpn-config.tf
@@ -14,20 +14,27 @@ locals {
tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+ tunnel1_interface_number = length(local.vpn_settings.tunnel_interfaces) == 2 ? local.vpn_settings.tunnel_interfaces[0] : ""
+ tunnel1_loopback = local.vpn_settings.tunnel_loopback != null ? local.vpn_settings.tunnel_loopback : ""
tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+ tunnel2_interface_number = length(local.vpn_settings.tunnel_interfaces) == 2 ? local.vpn_settings.tunnel_interfaces[1] : ""
+ tunnel2_loopback = local.vpn_settings.tunnel_loopback != null ? local.vpn_settings.tunnel_loopback : ""
}
}
}
resource "null_resource" "directory_setup" {
+ triggers = {
+ name = "vpn-config"
+ }
provisioner "local-exec" {
working_dir = path.root
- command = "test -d vpn-configs || ( mkdir vpn-configs; echo vpn-configs >> .gitignore )"
+ command = "test -d ${self.triggers.name} || ( mkdir ${self.triggers.name}; echo ${self.triggers.name} >> .gitignore )"
}
}
@@ -47,3 +54,11 @@ resource "null_resource" "generate_configs" {
}
}
}
+
+resource "local_sensistive_file" "vpn_details" {
+ for_each = local.vpn_tunnel_outputs
+ # content = templatefile("${path.module}/templates/vpn_details.tpl"), {
+ content = jsonencode(merge({ version = local._module_version, name = each.key }, each.value))
+ filename = format("${path.root}/%v/%v.vpn_details.json", null_resource.directory_setup.triggers.name, each.key)
+ file_permission = "0644"
+}