diff --git a/vpn-transit-gateway/README.md b/vpn-transit-gateway/README.md index 4208bac..179228c 100644 --- a/vpn-transit-gateway/README.md +++ b/vpn-transit-gateway/README.md @@ -85,6 +85,7 @@ No modules. | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs diff --git a/vpn-transit-gateway/main.tf b/vpn-transit-gateway/main.tf index 799c5b0..5620421 100644 --- a/vpn-transit-gateway/main.tf +++ b/vpn-transit-gateway/main.tf @@ -139,6 +139,19 @@ resource "aws_vpn_connection" "vpn" { static_routes_only = false + tunnel1_log_options { + cloudwatch_log_options { + log_enabled = var.enable_cloudwatch_logging + log_group_arn = var.enable_cloudwatch_logging ? aws_cloudwatch_log_group.log[each.key].arn : null + } + } + tunnel2_log_options { + cloudwatch_log_options { + log_enabled = var.enable_cloudwatch_logging + log_group_arn = var.enable_cloudwatch_logging ? aws_cloudwatch_log_group.log[each.key].arn : null + } + } + tags = merge( local.base_tags, var.tags, diff --git a/vpn-transit-gateway/outputs.tf b/vpn-transit-gateway/outputs.tf index 087d4ed..56d3d75 100644 --- a/vpn-transit-gateway/outputs.tf +++ b/vpn-transit-gateway/outputs.tf @@ -38,7 +38,9 @@ output "vpn_labels" { environment = v.environment sequence = v.sequence # label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label) - label = v.label + label = v.label + tunnel1_label = v.tunnel1_label + tunnel2_label = v.tunnel2_label } } } diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf index 6a844e1..486a9c6 100644 --- a/vpn-transit-gateway/vpn-config.tf +++ b/vpn-transit-gateway/vpn-config.tf @@ -8,6 +8,12 @@ locals { customer_address = aws_customer_gateway.vpn[k].ip_address bgp_asn = aws_customer_gateway.vpn[k].bgp_asn vpn_connection_id = aws_vpn_connection.vpn[k].id + vpc_cidr_block = data.aws_vpc.vpc.cidr_block + vpc_name = var.vpc_name + vpc_short_name = var.vpc_short_name + region = local.region + region_short = local.region_short + account_id = local.account_id tunnel1_label = format("%v %v %v %v %v", aws_vpn_connection.vpn[k].tunnel1_inside_cidr, local.account_id, local.region_short, var.vpc_short_name, v.label) tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn @@ -15,6 +21,7 @@ locals { tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address + tunnel1_preshared_key = aws_vpn_connection.vpn[k].tunnel1_preshared_key tunnel1_interface_number = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[0] : "" tunnel1_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : "" @@ -24,6 +31,7 @@ locals { tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address + tunnel2_preshared_key = aws_vpn_connection.vpn[k].tunnel2_preshared_key tunnel2_interface_number = length(v.tunnel_interfaces) == 2 ? v.tunnel_interfaces[1] : "" tunnel2_loopback = v.tunnel_loopback != null ? v.tunnel_loopback : "" }