├── .editorconfig
├── .github
└── workflows
│ ├── lock.yml
│ ├── pr-title.yml
│ ├── pre-commit.yml
│ ├── release.yml
│ └── stale-actions.yaml
├── .gitignore
├── .pre-commit-config.yaml
├── .releaserc.json
├── CHANGELOG.md
├── LICENSE
├── README.md
├── examples
├── complete
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
└── multi-account
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── main.tf
├── outputs.tf
├── variables.tf
└── versions.tf
/.editorconfig:
--------------------------------------------------------------------------------
1 | # EditorConfig is awesome: http://EditorConfig.org
2 | # Uses editorconfig to maintain consistent coding styles
3 |
4 | # top-most EditorConfig file
5 | root = true
6 |
7 | # Unix-style newlines with a newline ending every file
8 | [*]
9 | charset = utf-8
10 | end_of_line = lf
11 | indent_size = 2
12 | indent_style = space
13 | insert_final_newline = true
14 | max_line_length = 80
15 | trim_trailing_whitespace = true
16 |
17 | [*.{tf,tfvars}]
18 | indent_size = 2
19 | indent_style = space
20 |
21 | [*.md]
22 | max_line_length = 0
23 | trim_trailing_whitespace = false
24 |
25 | [Makefile]
26 | tab_width = 2
27 | indent_style = tab
28 |
29 | [COMMIT_EDITMSG]
30 | max_line_length = 0
31 |
--------------------------------------------------------------------------------
/.github/workflows/lock.yml:
--------------------------------------------------------------------------------
1 | name: 'Lock Threads'
2 |
3 | on:
4 | schedule:
5 | - cron: '50 1 * * *'
6 |
7 | jobs:
8 | lock:
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: dessant/lock-threads@v5
12 | with:
13 | github-token: ${{ secrets.GITHUB_TOKEN }}
14 | issue-comment: >
15 | I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
16 | If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
17 | issue-inactive-days: '30'
18 | pr-comment: >
19 | I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
20 | If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
21 | pr-inactive-days: '30'
22 |
--------------------------------------------------------------------------------
/.github/workflows/pr-title.yml:
--------------------------------------------------------------------------------
1 | name: 'Validate PR title'
2 |
3 | on:
4 | pull_request_target:
5 | types:
6 | - opened
7 | - edited
8 | - synchronize
9 |
10 | jobs:
11 | main:
12 | name: Validate PR title
13 | runs-on: ubuntu-latest
14 | steps:
15 | # Please look up the latest version from
16 | # https://github.com/amannn/action-semantic-pull-request/releases
17 | - uses: amannn/action-semantic-pull-request@v5.5.3
18 | env:
19 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
20 | with:
21 | # Configure which types are allowed.
22 | # Default: https://github.com/commitizen/conventional-commit-types
23 | types: |
24 | fix
25 | feat
26 | docs
27 | ci
28 | chore
29 | # Configure that a scope must always be provided.
30 | requireScope: false
31 | # Configure additional validation for the subject based on a regex.
32 | # This example ensures the subject starts with an uppercase character.
33 | subjectPattern: ^[A-Z].+$
34 | # If `subjectPattern` is configured, you can use this property to override
35 | # the default error message that is shown when the pattern doesn't match.
36 | # The variables `subject` and `title` can be used within the message.
37 | subjectPatternError: |
38 | The subject "{subject}" found in the pull request title "{title}"
39 | didn't match the configured pattern. Please ensure that the subject
40 | starts with an uppercase character.
41 | # For work-in-progress PRs you can typically use draft pull requests
42 | # from Github. However, private repositories on the free plan don't have
43 | # this option and therefore this action allows you to opt-in to using the
44 | # special "[WIP]" prefix to indicate this state. This will avoid the
45 | # validation of the PR title and the pull request checks remain pending.
46 | # Note that a second check will be reported if this is enabled.
47 | wip: true
48 | # When using "Squash and merge" on a PR with only one commit, GitHub
49 | # will suggest using that commit message instead of the PR title for the
50 | # merge commit, and it's easy to commit this by mistake. Enable this option
51 | # to also validate the commit message for one commit PRs.
52 | validateSingleCommit: false
53 |
--------------------------------------------------------------------------------
/.github/workflows/pre-commit.yml:
--------------------------------------------------------------------------------
1 | name: Pre-Commit
2 |
3 | on:
4 | pull_request:
5 | branches:
6 | - main
7 | - master
8 |
9 | env:
10 | TERRAFORM_DOCS_VERSION: v0.19.0
11 | TFLINT_VERSION: v0.53.0
12 |
13 | jobs:
14 | collectInputs:
15 | name: Collect workflow inputs
16 | runs-on: ubuntu-latest
17 | outputs:
18 | directories: ${{ steps.dirs.outputs.directories }}
19 | steps:
20 | - name: Checkout
21 | uses: actions/checkout@v4
22 |
23 | - name: Get root directories
24 | id: dirs
25 | uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
26 |
27 | preCommitMinVersions:
28 | name: Min TF pre-commit
29 | needs: collectInputs
30 | runs-on: ubuntu-latest
31 | strategy:
32 | matrix:
33 | directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
34 | steps:
35 | # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
36 | - name: Delete huge unnecessary tools folder
37 | run: |
38 | rm -rf /opt/hostedtoolcache/CodeQL
39 | rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
40 | rm -rf /opt/hostedtoolcache/Ruby
41 | rm -rf /opt/hostedtoolcache/go
42 |
43 | - name: Checkout
44 | uses: actions/checkout@v4
45 |
46 | - name: Terraform min/max versions
47 | id: minMax
48 | uses: clowdhaus/terraform-min-max@v1.3.1
49 | with:
50 | directory: ${{ matrix.directory }}
51 |
52 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
53 | # Run only validate pre-commit check on min version supported
54 | if: ${{ matrix.directory != '.' }}
55 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
56 | with:
57 | terraform-version: ${{ steps.minMax.outputs.minVersion }}
58 | tflint-version: ${{ env.TFLINT_VERSION }}
59 | args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
60 |
61 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
62 | # Run only validate pre-commit check on min version supported
63 | if: ${{ matrix.directory == '.' }}
64 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
65 | with:
66 | terraform-version: ${{ steps.minMax.outputs.minVersion }}
67 | tflint-version: ${{ env.TFLINT_VERSION }}
68 | args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
69 |
70 | preCommitMaxVersion:
71 | name: Max TF pre-commit
72 | runs-on: ubuntu-latest
73 | needs: collectInputs
74 | steps:
75 | # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
76 | - name: Delete huge unnecessary tools folder
77 | run: |
78 | rm -rf /opt/hostedtoolcache/CodeQL
79 | rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
80 | rm -rf /opt/hostedtoolcache/Ruby
81 | rm -rf /opt/hostedtoolcache/go
82 |
83 | - name: Checkout
84 | uses: actions/checkout@v4
85 | with:
86 | ref: ${{ github.event.pull_request.head.ref }}
87 | repository: ${{github.event.pull_request.head.repo.full_name}}
88 |
89 | - name: Terraform min/max versions
90 | id: minMax
91 | uses: clowdhaus/terraform-min-max@v1.3.1
92 |
93 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
94 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
95 | with:
96 | terraform-version: ${{ steps.minMax.outputs.maxVersion }}
97 | tflint-version: ${{ env.TFLINT_VERSION }}
98 | terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
99 | install-hcledit: true
100 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | name: Release
2 |
3 | on:
4 | workflow_dispatch:
5 | push:
6 | branches:
7 | - main
8 | - master
9 | paths:
10 | - '**/*.tpl'
11 | - '**/*.py'
12 | - '**/*.tf'
13 | - '.github/workflows/release.yml'
14 |
15 | jobs:
16 | release:
17 | name: Release
18 | runs-on: ubuntu-latest
19 | # Skip running release workflow on forks
20 | if: github.repository_owner == 'terraform-aws-modules'
21 | steps:
22 | - name: Checkout
23 | uses: actions/checkout@v4
24 | with:
25 | persist-credentials: false
26 | fetch-depth: 0
27 |
28 | - name: Release
29 | uses: cycjimmy/semantic-release-action@v4
30 | with:
31 | semantic_version: 23.0.2
32 | extra_plugins: |
33 | @semantic-release/changelog@6.0.3
34 | @semantic-release/git@10.0.1
35 | conventional-changelog-conventionalcommits@7.0.2
36 | env:
37 | GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
38 |
--------------------------------------------------------------------------------
/.github/workflows/stale-actions.yaml:
--------------------------------------------------------------------------------
1 | name: 'Mark or close stale issues and PRs'
2 | on:
3 | schedule:
4 | - cron: '0 0 * * *'
5 |
6 | jobs:
7 | stale:
8 | runs-on: ubuntu-latest
9 | steps:
10 | - uses: actions/stale@v9
11 | with:
12 | repo-token: ${{ secrets.GITHUB_TOKEN }}
13 | # Staling issues and PR's
14 | days-before-stale: 30
15 | stale-issue-label: stale
16 | stale-pr-label: stale
17 | stale-issue-message: |
18 | This issue has been automatically marked as stale because it has been open 30 days
19 | with no activity. Remove stale label or comment or this issue will be closed in 10 days
20 | stale-pr-message: |
21 | This PR has been automatically marked as stale because it has been open 30 days
22 | with no activity. Remove stale label or comment or this PR will be closed in 10 days
23 | # Not stale if have this labels or part of milestone
24 | exempt-issue-labels: bug,wip,on-hold
25 | exempt-pr-labels: bug,wip,on-hold
26 | exempt-all-milestones: true
27 | # Close issue operations
28 | # Label will be automatically removed if the issues are no longer closed nor locked.
29 | days-before-close: 10
30 | delete-branch: true
31 | close-issue-message: This issue was automatically closed because of stale in 10 days
32 | close-pr-message: This PR was automatically closed because of stale in 10 days
33 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Local .terraform directories
2 | **/.terraform/*
3 |
4 | # Terraform lockfile
5 | .terraform.lock.hcl
6 |
7 | # .tfstate files
8 | *.tfstate
9 | *.tfstate.*
10 | *.tfplan
11 |
12 | # Crash log files
13 | crash.log
14 |
15 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as
16 | # password, private keys, and other secrets. These should not be part of version
17 | # control as they are data points which are potentially sensitive and subject
18 | # to change depending on the environment.
19 | *.tfvars
20 |
21 | # Ignore override files as they are usually used to override resources locally and so
22 | # are not checked in
23 | override.tf
24 | override.tf.json
25 | *_override.tf
26 | *_override.tf.json
27 |
28 | # Ignore CLI configuration files
29 | .terraformrc
30 | terraform.rc
31 |
32 | # Lambda directories
33 | builds/
34 | __pycache__/
35 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | repos:
2 | - repo: https://github.com/antonbabenko/pre-commit-terraform
3 | rev: v1.96.1
4 | hooks:
5 | - id: terraform_fmt
6 | - id: terraform_docs
7 | args:
8 | - '--args=--lockfile=false'
9 | - id: terraform_tflint
10 | args:
11 | - '--args=--only=terraform_deprecated_interpolation'
12 | - '--args=--only=terraform_deprecated_index'
13 | - '--args=--only=terraform_unused_declarations'
14 | - '--args=--only=terraform_comment_syntax'
15 | - '--args=--only=terraform_documented_outputs'
16 | - '--args=--only=terraform_documented_variables'
17 | - '--args=--only=terraform_typed_variables'
18 | - '--args=--only=terraform_module_pinned_source'
19 | - '--args=--only=terraform_naming_convention'
20 | - '--args=--only=terraform_required_version'
21 | - '--args=--only=terraform_required_providers'
22 | - '--args=--only=terraform_standard_module_structure'
23 | - '--args=--only=terraform_workspace_remote'
24 | - id: terraform_validate
25 | - repo: https://github.com/pre-commit/pre-commit-hooks
26 | rev: v5.0.0
27 | hooks:
28 | - id: check-merge-conflict
29 | - id: end-of-file-fixer
30 | - id: trailing-whitespace
31 |
--------------------------------------------------------------------------------
/.releaserc.json:
--------------------------------------------------------------------------------
1 | {
2 | "branches": [
3 | "main",
4 | "master"
5 | ],
6 | "ci": false,
7 | "plugins": [
8 | [
9 | "@semantic-release/commit-analyzer",
10 | {
11 | "preset": "conventionalcommits"
12 | }
13 | ],
14 | [
15 | "@semantic-release/release-notes-generator",
16 | {
17 | "preset": "conventionalcommits"
18 | }
19 | ],
20 | [
21 | "@semantic-release/github",
22 | {
23 | "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
24 | "labels": false,
25 | "releasedLabels": false
26 | }
27 | ],
28 | [
29 | "@semantic-release/changelog",
30 | {
31 | "changelogFile": "CHANGELOG.md",
32 | "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
33 | }
34 | ],
35 | [
36 | "@semantic-release/git",
37 | {
38 | "assets": [
39 | "CHANGELOG.md"
40 | ],
41 | "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
42 | }
43 | ]
44 | ]
45 | }
46 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | All notable changes to this project will be documented in this file.
4 |
5 | ## [2.13.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.12.2...v2.13.0) (2025-01-15)
6 |
7 |
8 | ### Features
9 |
10 | * Add support for security group referencing to transit-gateway module ([#133](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/133)) ([26c10f3](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/26c10f34d144554eb965598127f86f87d6bb279a))
11 |
12 |
13 | ### Bug Fixes
14 |
15 | * Update CI workflow versions to latest ([#134](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/134)) ([77279c9](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/77279c9d76d7b9978a502cd175173a1a4d7cdecf))
16 |
17 | ## [2.12.2](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.12.1...v2.12.2) (2024-03-06)
18 |
19 |
20 | ### Bug Fixes
21 |
22 | * Update CI workflow versions to remove deprecated runtime warnings ([#130](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/130)) ([d3391d6](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/d3391d692ef1de6e8b3ccedfa1bf4aac54b91ca0))
23 |
24 | ### [2.12.1](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.12.0...v2.12.1) (2023-12-11)
25 |
26 |
27 | ### Bug Fixes
28 |
29 | * Use IPv6 CIDR block destination on route when IPv6 support is enabled ([#102](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/102)) ([f70ec98](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/f70ec98e82ebab67b03450ccb4b2717ae8a42578))
30 |
31 | ## [2.12.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.11.0...v2.12.0) (2023-12-11)
32 |
33 |
34 | ### Features
35 |
36 | * Allow creating VPC routes for already existing or shared TGW ([#114](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/114)) ([20c4dc4](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/20c4dc4f698bc9edc7b7936ee7befb50043ded8a))
37 |
38 | ## [2.11.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.10.0...v2.11.0) (2023-12-11)
39 |
40 |
41 | ### Features
42 |
43 | * Make TGW routing creation optional ([#119](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/119)) ([1661dfa](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/1661dfa3f538c8d5b4f612a7c0982e4afd20daca))
44 |
45 | ## [2.10.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.9.0...v2.10.0) (2023-04-26)
46 |
47 |
48 | ### Features
49 |
50 | * Fixed typo in mutlicast to multicast, also in the variable name ([#108](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/108)) ([baaa7f4](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/baaa7f44c458d29b95d372e3faae7f89a148da0c))
51 |
52 | ## [2.9.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.8.2...v2.9.0) (2023-02-27)
53 |
54 |
55 | ### Features
56 |
57 | * Added tags per VPC attachment ([#103](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/103)) ([e4d6df2](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/e4d6df2aa4bab0d840bbab71276cca3bc69f9113))
58 |
59 | ### [2.8.2](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.8.1...v2.8.2) (2023-01-24)
60 |
61 |
62 | ### Bug Fixes
63 |
64 | * Use a version for to avoid GitHub API rate limiting on CI workflows ([#96](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/96)) ([de6e0cf](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/de6e0cf41b7ee1b84e506f77415257f01f51065d))
65 |
66 | ### [2.8.1](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.8.0...v2.8.1) (2022-10-27)
67 |
68 |
69 | ### Bug Fixes
70 |
71 | * Update CI configuration files to use latest version ([#88](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/88)) ([12ccdcc](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/12ccdcc0a209973e391e05079f3e1f04c0a78ff7))
72 |
73 | ## [2.8.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.7.0...v2.8.0) (2022-05-09)
74 |
75 |
76 | ### Features
77 |
78 | * Added TGW multicast support ([#73](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/73)) ([a4d569b](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/a4d569b7f03443921d9dff7ce54f8acc06aed7fa))
79 |
80 | ## [2.7.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.6.0...v2.7.0) (2022-03-26)
81 |
82 |
83 | ### Features
84 |
85 | * Add support for transit gateway CIDR blocks ([#69](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/69)) ([131ed50](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/131ed5006713aec86a20147796ce6489f6daadc6))
86 |
87 | ## [2.6.0](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.5.1...v2.6.0) (2022-03-26)
88 |
89 |
90 | ### Features
91 |
92 | * Update Terraform minimum supported version to `v0.13.1` ([#68](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/68)) ([4e8f9c9](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/4e8f9c95d429d8f623db563388fe759707e38379))
93 |
94 | ### [2.5.1](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.5.0...v2.5.1) (2022-01-10)
95 |
96 |
97 | ### Bug Fixes
98 |
99 | * update CI/CD process to enable auto-release workflow ([#63](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/63)) ([558f5ff](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/commit/558f5ff261d9e5b25304c3f38ae0242850c92b2b))
100 |
101 |
102 | ## [v2.5.0] - 2021-07-07
103 |
104 | - fix: add tags if the default route table association is enabled ([#52](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/52))
105 |
106 |
107 |
108 | ## [v2.4.0] - 2021-05-24
109 |
110 | - feat: Optionally update VPC Route Tables for attached VPCs ([#35](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/35))
111 |
112 |
113 |
114 | ## [v2.3.0] - 2021-05-19
115 |
116 | - feat: default tgw route table tags ([#49](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/49))
117 |
118 |
119 |
120 | ## [v2.2.0] - 2021-05-19
121 |
122 | - feat: adding appliance_mode_support to vpc attachments ([#48](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/48))
123 |
124 |
125 |
126 | ## [v2.1.0] - 2021-05-05
127 |
128 | - fix: Update map function to work in Terraform 0.15 ([#44](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/44))
129 | - chore: update CI/CD to use stable `terraform-docs` release artifact and discoverable Apache2.0 license ([#42](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/42))
130 |
131 |
132 |
133 | ## [v2.0.0] - 2021-04-27
134 |
135 | - feat: Shorten outputs (removing this_) ([#41](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/41))
136 | - chore: update documentation and pin `terraform_docs` version to avoid future changes ([#40](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/40))
137 | - chore: align ci-cd static checks to use individual minimum Terraform versions ([#38](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/38))
138 | - fix: bump min supported version due to types unsupported on current ([#37](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/37))
139 | - chore: add ci-cd workflow for pre-commit checks ([#36](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/36))
140 |
141 |
142 |
143 | ## [v1.4.0] - 2020-11-24
144 |
145 | - fix: Updated supported Terraform versions ([#30](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/30))
146 | - docs: typos on example readme.mds ([#21](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/21))
147 |
148 |
149 |
150 | ## [v1.3.0] - 2020-08-18
151 |
152 | - fix: Added support for multi-account deployments ([#20](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/20))
153 |
154 |
155 |
156 | ## [v1.2.0] - 2020-08-17
157 |
158 | - chore: Minor updates in docs
159 | - fix: fix variable in aws_ec2_transit_gateway_route_table_propagation ([#13](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/issues/13))
160 |
161 |
162 |
163 | ## [v1.1.0] - 2020-01-16
164 |
165 | - Updated notes in example
166 |
167 |
168 |
169 | ## [v1.0.0] - 2020-01-15
170 |
171 | - Added code for the module
172 |
173 |
174 |
175 | ## v0.0.1 - 2020-01-15
176 |
177 | - Initial commit
178 |
179 |
180 | [Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.5.0...HEAD
181 | [v2.5.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.4.0...v2.5.0
182 | [v2.4.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.3.0...v2.4.0
183 | [v2.3.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.2.0...v2.3.0
184 | [v2.2.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.1.0...v2.2.0
185 | [v2.1.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v2.0.0...v2.1.0
186 | [v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v1.4.0...v2.0.0
187 | [v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v1.3.0...v1.4.0
188 | [v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v1.2.0...v1.3.0
189 | [v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v1.1.0...v1.2.0
190 | [v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v1.0.0...v1.1.0
191 | [v1.0.0]: https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/compare/v0.0.1...v1.0.0
192 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AWS Transit Gateway Terraform module
2 |
3 | Terraform module which creates Transit Gateway resources on AWS.
4 |
5 | ## Usage with VPC module
6 |
7 | ```hcl
8 | module "tgw" {
9 | source = "terraform-aws-modules/transit-gateway/aws"
10 | version = "~> 2.0"
11 |
12 | name = "my-tgw"
13 | description = "My TGW shared with several other AWS accounts"
14 |
15 | enable_auto_accept_shared_attachments = true
16 |
17 | vpc_attachments = {
18 | vpc = {
19 | vpc_id = module.vpc.vpc_id
20 | subnet_ids = module.vpc.private_subnets
21 | dns_support = true
22 | ipv6_support = true
23 |
24 | tgw_routes = [
25 | {
26 | destination_cidr_block = "30.0.0.0/16"
27 | },
28 | {
29 | blackhole = true
30 | destination_cidr_block = "40.0.0.0/20"
31 | }
32 | ]
33 | }
34 | }
35 |
36 | ram_allow_external_principals = true
37 | ram_principals = [307990089504]
38 |
39 | tags = {
40 | Purpose = "tgw-complete-example"
41 | }
42 | }
43 |
44 | module "vpc" {
45 | source = "terraform-aws-modules/vpc/aws"
46 | version = "~> 3.0"
47 |
48 | name = "my-vpc"
49 |
50 | cidr = "10.10.0.0/16"
51 |
52 | azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
53 | private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
54 |
55 | enable_ipv6 = true
56 | private_subnet_assign_ipv6_address_on_creation = true
57 | private_subnet_ipv6_prefixes = [0, 1, 2]
58 | }
59 | ```
60 |
61 | ## Examples
62 |
63 | - [Complete example](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete) shows TGW in combination with the [VPC module](https://github.com/terraform-aws-modules/terraform-aws-vpc) and [Resource Access Manager (RAM)](https://aws.amazon.com/ram/).
64 | - [Multi-account example](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/multi-account) shows TGW resources shared with different AWS accounts (via [Resource Access Manager (RAM)](https://aws.amazon.com/ram/)).
65 |
66 |
67 | ## Requirements
68 |
69 | | Name | Version |
70 | |------|---------|
71 | | [terraform](#requirement\_terraform) | >= 0.13.1 |
72 | | [aws](#requirement\_aws) | >= 4.4 |
73 |
74 | ## Providers
75 |
76 | | Name | Version |
77 | |------|---------|
78 | | [aws](#provider\_aws) | >= 4.4 |
79 |
80 | ## Modules
81 |
82 | No modules.
83 |
84 | ## Resources
85 |
86 | | Name | Type |
87 | |------|------|
88 | | [aws_ec2_tag.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
89 | | [aws_ec2_transit_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway) | resource |
90 | | [aws_ec2_transit_gateway_route.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
91 | | [aws_ec2_transit_gateway_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table) | resource |
92 | | [aws_ec2_transit_gateway_route_table_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
93 | | [aws_ec2_transit_gateway_route_table_propagation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
94 | | [aws_ec2_transit_gateway_vpc_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource |
95 | | [aws_ram_principal_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association) | resource |
96 | | [aws_ram_resource_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_association) | resource |
97 | | [aws_ram_resource_share.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_share) | resource |
98 | | [aws_ram_resource_share_accepter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_share_accepter) | resource |
99 | | [aws_route.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
100 |
101 | ## Inputs
102 |
103 | | Name | Description | Type | Default | Required |
104 | |------|-------------|------|---------|:--------:|
105 | | [amazon\_side\_asn](#input\_amazon\_side\_asn) | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN. | `string` | `null` | no |
106 | | [create\_tgw](#input\_create\_tgw) | Controls if TGW should be created (it affects almost all resources) | `bool` | `true` | no |
107 | | [create\_tgw\_routes](#input\_create\_tgw\_routes) | Controls if TGW Route Table / Routes should be created | `bool` | `true` | no |
108 | | [description](#input\_description) | Description of the EC2 Transit Gateway | `string` | `null` | no |
109 | | [enable\_auto\_accept\_shared\_attachments](#input\_enable\_auto\_accept\_shared\_attachments) | Whether resource attachment requests are automatically accepted | `bool` | `false` | no |
110 | | [enable\_default\_route\_table\_association](#input\_enable\_default\_route\_table\_association) | Whether resource attachments are automatically associated with the default association route table | `bool` | `true` | no |
111 | | [enable\_default\_route\_table\_propagation](#input\_enable\_default\_route\_table\_propagation) | Whether resource attachments automatically propagate routes to the default propagation route table | `bool` | `true` | no |
112 | | [enable\_dns\_support](#input\_enable\_dns\_support) | Should be true to enable DNS support in the TGW | `bool` | `true` | no |
113 | | [enable\_multicast\_support](#input\_enable\_multicast\_support) | Whether multicast support is enabled | `bool` | `false` | no |
114 | | [enable\_sg\_referencing\_support](#input\_enable\_sg\_referencing\_support) | Indicates whether to enable security group referencing support | `bool` | `true` | no |
115 | | [enable\_vpn\_ecmp\_support](#input\_enable\_vpn\_ecmp\_support) | Whether VPN Equal Cost Multipath Protocol support is enabled | `bool` | `true` | no |
116 | | [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |
117 | | [ram\_allow\_external\_principals](#input\_ram\_allow\_external\_principals) | Indicates whether principals outside your organization can be associated with a resource share. | `bool` | `false` | no |
118 | | [ram\_name](#input\_ram\_name) | The name of the resource share of TGW | `string` | `""` | no |
119 | | [ram\_principals](#input\_ram\_principals) | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | `list(string)` | `[]` | no |
120 | | [ram\_resource\_share\_arn](#input\_ram\_resource\_share\_arn) | ARN of RAM resource share | `string` | `""` | no |
121 | | [ram\_tags](#input\_ram\_tags) | Additional tags for the RAM | `map(string)` | `{}` | no |
122 | | [share\_tgw](#input\_share\_tgw) | Whether to share your transit gateway with other accounts | `bool` | `true` | no |
123 | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
124 | | [tgw\_default\_route\_table\_tags](#input\_tgw\_default\_route\_table\_tags) | Additional tags for the Default TGW route table | `map(string)` | `{}` | no |
125 | | [tgw\_route\_table\_tags](#input\_tgw\_route\_table\_tags) | Additional tags for the TGW route table | `map(string)` | `{}` | no |
126 | | [tgw\_tags](#input\_tgw\_tags) | Additional tags for the TGW | `map(string)` | `{}` | no |
127 | | [tgw\_vpc\_attachment\_tags](#input\_tgw\_vpc\_attachment\_tags) | Additional tags for VPC attachments | `map(string)` | `{}` | no |
128 | | [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | `map(string)` | `{}` | no |
129 | | [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6 | `list(string)` | `[]` | no |
130 | | [transit\_gateway\_route\_table\_id](#input\_transit\_gateway\_route\_table\_id) | Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs | `string` | `null` | no |
131 | | [vpc\_attachments](#input\_vpc\_attachments) | Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. | `any` | `{}` | no |
132 |
133 | ## Outputs
134 |
135 | | Name | Description |
136 | |------|-------------|
137 | | [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) |
138 | | [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table |
139 | | [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier |
140 | | [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway |
141 | | [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table |
142 | | [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination |
143 | | [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes |
144 | | [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers |
145 | | [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway |
146 | | [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
147 | | [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier |
148 | | [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes |
149 | | [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers |
150 | | [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes |
151 | | [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers |
152 | | [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
153 | | [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share |
154 |
155 |
156 | ## Authors
157 |
158 | Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/graphs/contributors).
159 |
160 | ## License
161 |
162 | Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/LICENSE) for full details.
163 |
--------------------------------------------------------------------------------
/examples/complete/README.md:
--------------------------------------------------------------------------------
1 | # Complete AWS Transit Gateway example
2 |
3 | Configuration in this directory creates AWS Transit Gateway, attach VPC to it and share it with other AWS principals using [Resource Access Manager (RAM)](https://aws.amazon.com/ram/).
4 |
5 | ## Usage
6 |
7 | To run this example you need to execute:
8 |
9 | ```bash
10 | $ terraform init
11 | $ terraform plan
12 | $ terraform apply
13 | ```
14 |
15 | Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
16 |
17 |
18 | ## Requirements
19 |
20 | | Name | Version |
21 | |------|---------|
22 | | [terraform](#requirement\_terraform) | >= 1.0 |
23 | | [aws](#requirement\_aws) | >= 4.4 |
24 |
25 | ## Providers
26 |
27 | No providers.
28 |
29 | ## Modules
30 |
31 | | Name | Source | Version |
32 | |------|--------|---------|
33 | | [tgw](#module\_tgw) | ../../ | n/a |
34 | | [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 |
35 | | [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 |
36 |
37 | ## Resources
38 |
39 | No resources.
40 |
41 | ## Inputs
42 |
43 | No inputs.
44 |
45 | ## Outputs
46 |
47 | | Name | Description |
48 | |------|-------------|
49 | | [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) |
50 | | [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table |
51 | | [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier |
52 | | [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway |
53 | | [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table |
54 | | [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination |
55 | | [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes |
56 | | [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers |
57 | | [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway |
58 | | [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
59 | | [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier |
60 | | [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes |
61 | | [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers |
62 | | [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes |
63 | | [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers |
64 | | [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
65 | | [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share |
66 |
67 |
--------------------------------------------------------------------------------
/examples/complete/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | locals {
6 | name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}"
7 | region = "eu-west-1"
8 |
9 | tags = {
10 | Example = local.name
11 | GithubRepo = "terraform-aws-eks"
12 | GithubOrg = "terraform-aws-transit-gateway"
13 | }
14 | }
15 |
16 | ################################################################################
17 | # Transit Gateway Module
18 | ################################################################################
19 |
20 | module "tgw" {
21 | source = "../../"
22 |
23 | name = local.name
24 | description = "My TGW shared with several other AWS accounts"
25 | amazon_side_asn = 64532
26 |
27 | transit_gateway_cidr_blocks = ["10.99.0.0/24"]
28 |
29 | # When "true" there is no need for RAM resources if using multiple AWS accounts
30 | enable_auto_accept_shared_attachments = true
31 |
32 | # When "true", SG referencing support is enabled at the Transit Gateway level
33 | enable_sg_referencing_support = true
34 |
35 | # When "true", allows service discovery through IGMP
36 | enable_multicast_support = false
37 |
38 | vpc_attachments = {
39 | vpc1 = {
40 | vpc_id = module.vpc1.vpc_id
41 | subnet_ids = module.vpc1.private_subnets
42 | security_group_referencing_support = true
43 | dns_support = true
44 | ipv6_support = true
45 |
46 | transit_gateway_default_route_table_association = false
47 | transit_gateway_default_route_table_propagation = false
48 |
49 | tgw_routes = [
50 | {
51 | destination_cidr_block = "30.0.0.0/16"
52 | },
53 | {
54 | blackhole = true
55 | destination_cidr_block = "0.0.0.0/0"
56 | }
57 | ]
58 | },
59 | vpc2 = {
60 | vpc_id = module.vpc2.vpc_id
61 | subnet_ids = module.vpc2.private_subnets
62 |
63 | tgw_routes = [
64 | {
65 | destination_cidr_block = "50.0.0.0/16"
66 | },
67 | {
68 | blackhole = true
69 | destination_cidr_block = "10.10.10.10/32"
70 | }
71 | ]
72 | tags = {
73 | Name = "${local.name}-vpc2"
74 | }
75 | },
76 | }
77 |
78 | ram_allow_external_principals = true
79 | ram_principals = [307990089504]
80 |
81 | tags = local.tags
82 | }
83 |
84 | ################################################################################
85 | # Supporting resources
86 | ################################################################################
87 |
88 | module "vpc1" {
89 | source = "terraform-aws-modules/vpc/aws"
90 | version = "~> 5.0"
91 |
92 | name = "${local.name}-vpc1"
93 | cidr = "10.10.0.0/16"
94 |
95 | azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
96 | private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
97 |
98 | enable_ipv6 = true
99 | private_subnet_assign_ipv6_address_on_creation = true
100 | private_subnet_ipv6_prefixes = [0, 1, 2]
101 |
102 | tags = local.tags
103 | }
104 |
105 | module "vpc2" {
106 | source = "terraform-aws-modules/vpc/aws"
107 | version = "~> 5.0"
108 |
109 | name = "${local.name}-vpc2"
110 | cidr = "10.20.0.0/16"
111 |
112 | azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
113 | private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
114 |
115 | enable_ipv6 = false
116 |
117 | tags = local.tags
118 | }
119 |
--------------------------------------------------------------------------------
/examples/complete/outputs.tf:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # Transit Gateway
3 | ################################################################################
4 |
5 | output "ec2_transit_gateway_arn" {
6 | description = "EC2 Transit Gateway Amazon Resource Name (ARN)"
7 | value = module.tgw.ec2_transit_gateway_arn
8 | }
9 |
10 | output "ec2_transit_gateway_id" {
11 | description = "EC2 Transit Gateway identifier"
12 | value = module.tgw.ec2_transit_gateway_id
13 | }
14 |
15 | output "ec2_transit_gateway_owner_id" {
16 | description = "Identifier of the AWS account that owns the EC2 Transit Gateway"
17 | value = module.tgw.ec2_transit_gateway_owner_id
18 | }
19 |
20 | output "ec2_transit_gateway_association_default_route_table_id" {
21 | description = "Identifier of the default association route table"
22 | value = module.tgw.ec2_transit_gateway_association_default_route_table_id
23 | }
24 |
25 | output "ec2_transit_gateway_propagation_default_route_table_id" {
26 | description = "Identifier of the default propagation route table"
27 | value = module.tgw.ec2_transit_gateway_propagation_default_route_table_id
28 | }
29 |
30 | ################################################################################
31 | # VPC Attachment
32 | ################################################################################
33 |
34 | output "ec2_transit_gateway_vpc_attachment_ids" {
35 | description = "List of EC2 Transit Gateway VPC Attachment identifiers"
36 | value = module.tgw.ec2_transit_gateway_vpc_attachment_ids
37 | }
38 |
39 | output "ec2_transit_gateway_vpc_attachment" {
40 | description = "Map of EC2 Transit Gateway VPC Attachment attributes"
41 | value = module.tgw.ec2_transit_gateway_vpc_attachment
42 | }
43 |
44 | ################################################################################
45 | # Route Table / Routes
46 | ################################################################################
47 |
48 | output "ec2_transit_gateway_route_table_id" {
49 | description = "EC2 Transit Gateway Route Table identifier"
50 | value = module.tgw.ec2_transit_gateway_route_table_id
51 | }
52 |
53 | output "ec2_transit_gateway_route_table_default_association_route_table" {
54 | description = "Boolean whether this is the default association route table for the EC2 Transit Gateway"
55 | value = module.tgw.ec2_transit_gateway_route_table_default_association_route_table
56 | }
57 |
58 | output "ec2_transit_gateway_route_table_default_propagation_route_table" {
59 | description = "Boolean whether this is the default propagation route table for the EC2 Transit Gateway"
60 | value = module.tgw.ec2_transit_gateway_route_table_default_propagation_route_table
61 | }
62 |
63 | output "ec2_transit_gateway_route_ids" {
64 | description = "List of EC2 Transit Gateway Route Table identifier combined with destination"
65 | value = module.tgw.ec2_transit_gateway_route_ids
66 | }
67 |
68 | output "ec2_transit_gateway_route_table_association_ids" {
69 | description = "List of EC2 Transit Gateway Route Table Association identifiers"
70 | value = module.tgw.ec2_transit_gateway_route_table_association_ids
71 | }
72 |
73 | output "ec2_transit_gateway_route_table_association" {
74 | description = "Map of EC2 Transit Gateway Route Table Association attributes"
75 | value = module.tgw.ec2_transit_gateway_route_table_association
76 | }
77 |
78 | output "ec2_transit_gateway_route_table_propagation_ids" {
79 | description = "List of EC2 Transit Gateway Route Table Propagation identifiers"
80 | value = module.tgw.ec2_transit_gateway_route_table_propagation_ids
81 | }
82 |
83 | output "ec2_transit_gateway_route_table_propagation" {
84 | description = "Map of EC2 Transit Gateway Route Table Propagation attributes"
85 | value = module.tgw.ec2_transit_gateway_route_table_propagation
86 | }
87 |
88 | ################################################################################
89 | # Resource Access Manager
90 | ################################################################################
91 |
92 | output "ram_resource_share_id" {
93 | description = "The Amazon Resource Name (ARN) of the resource share"
94 | value = module.tgw.ram_resource_share_id
95 | }
96 |
97 | output "ram_principal_association_id" {
98 | description = "The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma"
99 | value = module.tgw.ram_principal_association_id
100 | }
101 |
--------------------------------------------------------------------------------
/examples/complete/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-transit-gateway/01789bd39b59e2ef0f6be58cd36deb89f9178446/examples/complete/variables.tf
--------------------------------------------------------------------------------
/examples/complete/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.4"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/examples/multi-account/README.md:
--------------------------------------------------------------------------------
1 | # Complete AWS Transit Gateway example
2 |
3 | Configuration in this directory creates AWS Transit Gateway, attach VPC to it and share it with other AWS principals using [Resource Access Manager (RAM)](https://aws.amazon.com/ram/).
4 |
5 | ## Usage
6 |
7 | To run this example you need to execute:
8 |
9 | ```bash
10 | $ terraform init
11 | $ terraform plan
12 | $ terraform apply
13 | ```
14 |
15 | Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
16 |
17 |
18 | ## Requirements
19 |
20 | | Name | Version |
21 | |------|---------|
22 | | [terraform](#requirement\_terraform) | >= 1.0 |
23 | | [aws](#requirement\_aws) | >= 4.4 |
24 |
25 | ## Providers
26 |
27 | No providers.
28 |
29 | ## Modules
30 |
31 | | Name | Source | Version |
32 | |------|--------|---------|
33 | | [tgw](#module\_tgw) | ../../ | n/a |
34 | | [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a |
35 | | [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 |
36 | | [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 |
37 |
38 | ## Resources
39 |
40 | No resources.
41 |
42 | ## Inputs
43 |
44 | No inputs.
45 |
46 | ## Outputs
47 |
48 | | Name | Description |
49 | |------|-------------|
50 | | [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) |
51 | | [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table |
52 | | [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier |
53 | | [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway |
54 | | [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table |
55 | | [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination |
56 | | [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes |
57 | | [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers |
58 | | [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway |
59 | | [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
60 | | [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier |
61 | | [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes |
62 | | [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers |
63 | | [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes |
64 | | [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers |
65 | | [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
66 | | [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share |
67 |
68 |
--------------------------------------------------------------------------------
/examples/multi-account/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | # This provider is required for attachment only installation in another AWS Account
6 | provider "aws" {
7 | region = local.region
8 | alias = "peer"
9 | }
10 |
11 | locals {
12 | name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}"
13 | region = "eu-west-1"
14 |
15 | tags = {
16 | Example = local.name
17 | GithubRepo = "terraform-aws-eks"
18 | GithubOrg = "terraform-aws-transit-gateway"
19 | }
20 | }
21 |
22 | ################################################################################
23 | # Transit Gateway Module
24 | ################################################################################
25 |
26 | module "tgw" {
27 | source = "../../"
28 |
29 | name = local.name
30 | description = "My TGW shared with several other AWS accounts"
31 | amazon_side_asn = 64532
32 |
33 | # When "true" there is no need for RAM resources if using multiple AWS accounts
34 | enable_auto_accept_shared_attachments = true
35 |
36 | vpc_attachments = {
37 | vpc1 = {
38 | vpc_id = module.vpc1.vpc_id
39 | subnet_ids = module.vpc1.private_subnets
40 | dns_support = true
41 | ipv6_support = true
42 |
43 | transit_gateway_default_route_table_association = false
44 | transit_gateway_default_route_table_propagation = false
45 |
46 | tgw_routes = [
47 | {
48 | destination_cidr_block = "30.0.0.0/16"
49 | },
50 | {
51 | blackhole = true
52 | destination_cidr_block = "0.0.0.0/0"
53 | }
54 | ]
55 | },
56 | vpc2 = {
57 | vpc_id = module.vpc2.vpc_id
58 | subnet_ids = module.vpc2.private_subnets
59 |
60 | tgw_routes = [
61 | {
62 | destination_cidr_block = "50.0.0.0/16"
63 | },
64 | {
65 | blackhole = true
66 | destination_cidr_block = "10.10.10.10/32"
67 | }
68 | ]
69 | },
70 | }
71 |
72 | ram_allow_external_principals = true
73 | ram_principals = [307990089504]
74 |
75 | tags = local.tags
76 | }
77 |
78 | module "tgw_peer" {
79 | # This is optional and connects to another account. Meaning you need to be authenticated with 2 separate AWS Accounts
80 | source = "../../"
81 |
82 | providers = {
83 | aws = aws.peer
84 | }
85 |
86 | name = "${local.name}-peer"
87 | description = "My TGW shared with several other AWS accounts"
88 | amazon_side_asn = 64532
89 |
90 | create_tgw = false
91 | share_tgw = true
92 | ram_resource_share_arn = module.tgw.ram_resource_share_id
93 | # When "true" there is no need for RAM resources if using multiple AWS accounts
94 | enable_auto_accept_shared_attachments = true
95 |
96 | vpc_attachments = {
97 | vpc1 = {
98 | tgw_id = module.tgw.ec2_transit_gateway_id
99 | vpc_id = module.vpc1.vpc_id
100 | subnet_ids = module.vpc1.private_subnets
101 | dns_support = true
102 | ipv6_support = true
103 |
104 | transit_gateway_default_route_table_association = false
105 | transit_gateway_default_route_table_propagation = false
106 |
107 | vpc_route_table_ids = module.vpc1.private_route_table_ids
108 | tgw_destination_cidr = "0.0.0.0/0"
109 |
110 | tgw_routes = [
111 | {
112 | destination_cidr_block = "30.0.0.0/16"
113 | },
114 | {
115 | blackhole = true
116 | destination_cidr_block = "0.0.0.0/0"
117 | }
118 | ]
119 | },
120 | }
121 |
122 | ram_allow_external_principals = true
123 | ram_principals = [307990089504]
124 |
125 | tags = local.tags
126 | }
127 |
128 | ################################################################################
129 | # Supporting resources
130 | ################################################################################
131 |
132 | module "vpc1" {
133 | source = "terraform-aws-modules/vpc/aws"
134 | version = "~> 5.0"
135 |
136 | name = "${local.name}-vpc1"
137 | cidr = "10.10.0.0/16"
138 |
139 | azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
140 | private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
141 |
142 | enable_ipv6 = true
143 | private_subnet_assign_ipv6_address_on_creation = true
144 | private_subnet_ipv6_prefixes = [0, 1, 2]
145 |
146 | tags = local.tags
147 | }
148 |
149 |
150 | module "vpc2" {
151 | source = "terraform-aws-modules/vpc/aws"
152 | version = "~> 5.0"
153 |
154 | providers = {
155 | aws = aws.peer
156 | }
157 |
158 | name = "${local.name}-vpc2"
159 | cidr = "10.20.0.0/16"
160 |
161 | azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
162 | private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
163 |
164 | enable_ipv6 = false
165 |
166 | tags = local.tags
167 | }
168 |
--------------------------------------------------------------------------------
/examples/multi-account/outputs.tf:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # Transit Gateway
3 | ################################################################################
4 |
5 | output "ec2_transit_gateway_arn" {
6 | description = "EC2 Transit Gateway Amazon Resource Name (ARN)"
7 | value = module.tgw.ec2_transit_gateway_arn
8 | }
9 |
10 | output "ec2_transit_gateway_id" {
11 | description = "EC2 Transit Gateway identifier"
12 | value = module.tgw.ec2_transit_gateway_id
13 | }
14 |
15 | output "ec2_transit_gateway_owner_id" {
16 | description = "Identifier of the AWS account that owns the EC2 Transit Gateway"
17 | value = module.tgw.ec2_transit_gateway_owner_id
18 | }
19 |
20 | output "ec2_transit_gateway_association_default_route_table_id" {
21 | description = "Identifier of the default association route table"
22 | value = module.tgw.ec2_transit_gateway_association_default_route_table_id
23 | }
24 |
25 | output "ec2_transit_gateway_propagation_default_route_table_id" {
26 | description = "Identifier of the default propagation route table"
27 | value = module.tgw.ec2_transit_gateway_propagation_default_route_table_id
28 | }
29 |
30 | ################################################################################
31 | # VPC Attachment
32 | ################################################################################
33 |
34 | output "ec2_transit_gateway_vpc_attachment_ids" {
35 | description = "List of EC2 Transit Gateway VPC Attachment identifiers"
36 | value = module.tgw.ec2_transit_gateway_vpc_attachment_ids
37 | }
38 |
39 | output "ec2_transit_gateway_vpc_attachment" {
40 | description = "Map of EC2 Transit Gateway VPC Attachment attributes"
41 | value = module.tgw.ec2_transit_gateway_vpc_attachment
42 | }
43 |
44 | ################################################################################
45 | # Route Table / Routes
46 | ################################################################################
47 |
48 | output "ec2_transit_gateway_route_table_id" {
49 | description = "EC2 Transit Gateway Route Table identifier"
50 | value = module.tgw.ec2_transit_gateway_route_table_id
51 | }
52 |
53 | output "ec2_transit_gateway_route_table_default_association_route_table" {
54 | description = "Boolean whether this is the default association route table for the EC2 Transit Gateway"
55 | value = module.tgw.ec2_transit_gateway_route_table_default_association_route_table
56 | }
57 |
58 | output "ec2_transit_gateway_route_table_default_propagation_route_table" {
59 | description = "Boolean whether this is the default propagation route table for the EC2 Transit Gateway"
60 | value = module.tgw.ec2_transit_gateway_route_table_default_propagation_route_table
61 | }
62 |
63 | output "ec2_transit_gateway_route_ids" {
64 | description = "List of EC2 Transit Gateway Route Table identifier combined with destination"
65 | value = module.tgw.ec2_transit_gateway_route_ids
66 | }
67 |
68 | output "ec2_transit_gateway_route_table_association_ids" {
69 | description = "List of EC2 Transit Gateway Route Table Association identifiers"
70 | value = module.tgw.ec2_transit_gateway_route_table_association_ids
71 | }
72 |
73 | output "ec2_transit_gateway_route_table_association" {
74 | description = "Map of EC2 Transit Gateway Route Table Association attributes"
75 | value = module.tgw.ec2_transit_gateway_route_table_association
76 | }
77 |
78 | output "ec2_transit_gateway_route_table_propagation_ids" {
79 | description = "List of EC2 Transit Gateway Route Table Propagation identifiers"
80 | value = module.tgw.ec2_transit_gateway_route_table_propagation_ids
81 | }
82 |
83 | output "ec2_transit_gateway_route_table_propagation" {
84 | description = "Map of EC2 Transit Gateway Route Table Propagation attributes"
85 | value = module.tgw.ec2_transit_gateway_route_table_propagation
86 | }
87 |
88 | ################################################################################
89 | # Resource Access Manager
90 | ################################################################################
91 |
92 | output "ram_resource_share_id" {
93 | description = "The Amazon Resource Name (ARN) of the resource share"
94 | value = module.tgw.ram_resource_share_id
95 | }
96 |
97 | output "ram_principal_association_id" {
98 | description = "The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma"
99 | value = module.tgw.ram_principal_association_id
100 | }
101 |
--------------------------------------------------------------------------------
/examples/multi-account/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-transit-gateway/01789bd39b59e2ef0f6be58cd36deb89f9178446/examples/multi-account/variables.tf
--------------------------------------------------------------------------------
/examples/multi-account/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.4"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | # List of maps with key and route values
3 | vpc_attachments_with_routes = chunklist(flatten([
4 | for k, v in var.vpc_attachments : setproduct([{ key = k }], v.tgw_routes) if var.create_tgw && can(v.tgw_routes)
5 | ]), 2)
6 |
7 | tgw_default_route_table_tags_merged = merge(
8 | var.tags,
9 | { Name = var.name },
10 | var.tgw_default_route_table_tags,
11 | )
12 |
13 | vpc_route_table_destination_cidr = flatten([
14 | for k, v in var.vpc_attachments : [
15 | for rtb_id in try(v.vpc_route_table_ids, []) : {
16 | rtb_id = rtb_id
17 | cidr = v.tgw_destination_cidr
18 | tgw_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : v.tgw_id
19 | }
20 | ]
21 | ])
22 | }
23 |
24 | ################################################################################
25 | # Transit Gateway
26 | ################################################################################
27 |
28 | resource "aws_ec2_transit_gateway" "this" {
29 | count = var.create_tgw ? 1 : 0
30 |
31 | description = coalesce(var.description, var.name)
32 | amazon_side_asn = var.amazon_side_asn
33 | default_route_table_association = var.enable_default_route_table_association ? "enable" : "disable"
34 | default_route_table_propagation = var.enable_default_route_table_propagation ? "enable" : "disable"
35 | auto_accept_shared_attachments = var.enable_auto_accept_shared_attachments ? "enable" : "disable"
36 | multicast_support = var.enable_multicast_support ? "enable" : "disable"
37 | vpn_ecmp_support = var.enable_vpn_ecmp_support ? "enable" : "disable"
38 | dns_support = var.enable_dns_support ? "enable" : "disable"
39 | transit_gateway_cidr_blocks = var.transit_gateway_cidr_blocks
40 | security_group_referencing_support = var.enable_sg_referencing_support ? "enable" : "disable"
41 |
42 | timeouts {
43 | create = try(var.timeouts.create, null)
44 | update = try(var.timeouts.update, null)
45 | delete = try(var.timeouts.delete, null)
46 | }
47 |
48 | tags = merge(
49 | var.tags,
50 | { Name = var.name },
51 | var.tgw_tags,
52 | )
53 | }
54 |
55 | resource "aws_ec2_tag" "this" {
56 | for_each = { for k, v in local.tgw_default_route_table_tags_merged : k => v if var.create_tgw && var.enable_default_route_table_association }
57 |
58 | resource_id = aws_ec2_transit_gateway.this[0].association_default_route_table_id
59 | key = each.key
60 | value = each.value
61 | }
62 |
63 | ################################################################################
64 | # VPC Attachment
65 | ################################################################################
66 |
67 | resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
68 | for_each = var.vpc_attachments
69 |
70 | transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.value.tgw_id
71 | vpc_id = each.value.vpc_id
72 | subnet_ids = each.value.subnet_ids
73 |
74 | dns_support = try(each.value.dns_support, true) ? "enable" : "disable"
75 | ipv6_support = try(each.value.ipv6_support, false) ? "enable" : "disable"
76 | appliance_mode_support = try(each.value.appliance_mode_support, false) ? "enable" : "disable"
77 | security_group_referencing_support = try(each.value.security_group_referencing_support, false) ? "enable" : "disable"
78 | transit_gateway_default_route_table_association = try(each.value.transit_gateway_default_route_table_association, true)
79 | transit_gateway_default_route_table_propagation = try(each.value.transit_gateway_default_route_table_propagation, true)
80 |
81 | tags = merge(
82 | var.tags,
83 | { Name = var.name },
84 | var.tgw_vpc_attachment_tags,
85 | try(each.value.tags, {}),
86 | )
87 | }
88 |
89 | ################################################################################
90 | # Route Table / Routes
91 | ################################################################################
92 |
93 | resource "aws_ec2_transit_gateway_route_table" "this" {
94 | count = var.create_tgw && var.create_tgw_routes ? 1 : 0
95 |
96 | transit_gateway_id = aws_ec2_transit_gateway.this[0].id
97 |
98 | tags = merge(
99 | var.tags,
100 | { Name = var.name },
101 | var.tgw_route_table_tags,
102 | )
103 | }
104 |
105 | resource "aws_ec2_transit_gateway_route" "this" {
106 | count = var.create_tgw_routes ? length(local.vpc_attachments_with_routes) : 0
107 |
108 | destination_cidr_block = local.vpc_attachments_with_routes[count.index][1].destination_cidr_block
109 | blackhole = try(local.vpc_attachments_with_routes[count.index][1].blackhole, null)
110 |
111 | transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : var.transit_gateway_route_table_id
112 | transit_gateway_attachment_id = tobool(try(local.vpc_attachments_with_routes[count.index][1].blackhole, false)) == false ? aws_ec2_transit_gateway_vpc_attachment.this[local.vpc_attachments_with_routes[count.index][0].key].id : null
113 | }
114 |
115 | resource "aws_route" "this" {
116 | for_each = { for x in local.vpc_route_table_destination_cidr : x.rtb_id => {
117 | cidr = x.cidr,
118 | tgw_id = x.tgw_id
119 | } }
120 |
121 | route_table_id = each.key
122 | destination_cidr_block = try(each.value.ipv6_support, false) ? null : each.value["cidr"]
123 | destination_ipv6_cidr_block = try(each.value.ipv6_support, false) ? each.value["cidr"] : null
124 | transit_gateway_id = each.value["tgw_id"]
125 | }
126 |
127 | resource "aws_ec2_transit_gateway_route_table_association" "this" {
128 | for_each = {
129 | for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_association, true) != true
130 | }
131 |
132 | # Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource
133 | transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id
134 | transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id)
135 | }
136 |
137 | resource "aws_ec2_transit_gateway_route_table_propagation" "this" {
138 | for_each = {
139 | for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_propagation, true) != true
140 | }
141 |
142 | # Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource
143 | transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id
144 | transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id)
145 | }
146 |
147 | ################################################################################
148 | # Resource Access Manager
149 | ################################################################################
150 |
151 | resource "aws_ram_resource_share" "this" {
152 | count = var.create_tgw && var.share_tgw ? 1 : 0
153 |
154 | name = coalesce(var.ram_name, var.name)
155 | allow_external_principals = var.ram_allow_external_principals
156 |
157 | tags = merge(
158 | var.tags,
159 | { Name = coalesce(var.ram_name, var.name) },
160 | var.ram_tags,
161 | )
162 | }
163 |
164 | resource "aws_ram_resource_association" "this" {
165 | count = var.create_tgw && var.share_tgw ? 1 : 0
166 |
167 | resource_arn = aws_ec2_transit_gateway.this[0].arn
168 | resource_share_arn = aws_ram_resource_share.this[0].id
169 | }
170 |
171 | resource "aws_ram_principal_association" "this" {
172 | count = var.create_tgw && var.share_tgw ? length(var.ram_principals) : 0
173 |
174 | principal = var.ram_principals[count.index]
175 | resource_share_arn = aws_ram_resource_share.this[0].arn
176 | }
177 |
178 | resource "aws_ram_resource_share_accepter" "this" {
179 | count = !var.create_tgw && var.share_tgw ? 1 : 0
180 |
181 | share_arn = var.ram_resource_share_arn
182 | }
183 |
--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # Transit Gateway
3 | ################################################################################
4 |
5 | output "ec2_transit_gateway_arn" {
6 | description = "EC2 Transit Gateway Amazon Resource Name (ARN)"
7 | value = try(aws_ec2_transit_gateway.this[0].arn, "")
8 | }
9 |
10 | output "ec2_transit_gateway_id" {
11 | description = "EC2 Transit Gateway identifier"
12 | value = try(aws_ec2_transit_gateway.this[0].id, "")
13 | }
14 |
15 | output "ec2_transit_gateway_owner_id" {
16 | description = "Identifier of the AWS account that owns the EC2 Transit Gateway"
17 | value = try(aws_ec2_transit_gateway.this[0].owner_id, "")
18 | }
19 |
20 | output "ec2_transit_gateway_association_default_route_table_id" {
21 | description = "Identifier of the default association route table"
22 | value = try(aws_ec2_transit_gateway.this[0].association_default_route_table_id, "")
23 | }
24 |
25 | output "ec2_transit_gateway_propagation_default_route_table_id" {
26 | description = "Identifier of the default propagation route table"
27 | value = try(aws_ec2_transit_gateway.this[0].propagation_default_route_table_id, "")
28 | }
29 |
30 | ################################################################################
31 | # VPC Attachment
32 | ################################################################################
33 |
34 | output "ec2_transit_gateway_vpc_attachment_ids" {
35 | description = "List of EC2 Transit Gateway VPC Attachment identifiers"
36 | value = [for k, v in aws_ec2_transit_gateway_vpc_attachment.this : v.id]
37 | }
38 |
39 | output "ec2_transit_gateway_vpc_attachment" {
40 | description = "Map of EC2 Transit Gateway VPC Attachment attributes"
41 | value = aws_ec2_transit_gateway_vpc_attachment.this
42 | }
43 |
44 | ################################################################################
45 | # Route Table / Routes
46 | ################################################################################
47 |
48 | output "ec2_transit_gateway_route_table_id" {
49 | description = "EC2 Transit Gateway Route Table identifier"
50 | value = try(aws_ec2_transit_gateway_route_table.this[0].id, "")
51 | }
52 |
53 | output "ec2_transit_gateway_route_table_default_association_route_table" {
54 | description = "Boolean whether this is the default association route table for the EC2 Transit Gateway"
55 | value = try(aws_ec2_transit_gateway_route_table.this[0].default_association_route_table, "")
56 | }
57 |
58 | output "ec2_transit_gateway_route_table_default_propagation_route_table" {
59 | description = "Boolean whether this is the default propagation route table for the EC2 Transit Gateway"
60 | value = try(aws_ec2_transit_gateway_route_table.this[0].default_propagation_route_table, "")
61 | }
62 |
63 | output "ec2_transit_gateway_route_ids" {
64 | description = "List of EC2 Transit Gateway Route Table identifier combined with destination"
65 | value = aws_ec2_transit_gateway_route.this[*].id
66 | }
67 |
68 | output "ec2_transit_gateway_route_table_association_ids" {
69 | description = "List of EC2 Transit Gateway Route Table Association identifiers"
70 | value = [for k, v in aws_ec2_transit_gateway_route_table_association.this : v.id]
71 | }
72 |
73 | output "ec2_transit_gateway_route_table_association" {
74 | description = "Map of EC2 Transit Gateway Route Table Association attributes"
75 | value = aws_ec2_transit_gateway_route_table_association.this
76 | }
77 |
78 | output "ec2_transit_gateway_route_table_propagation_ids" {
79 | description = "List of EC2 Transit Gateway Route Table Propagation identifiers"
80 | value = [for k, v in aws_ec2_transit_gateway_route_table_propagation.this : v.id]
81 | }
82 |
83 | output "ec2_transit_gateway_route_table_propagation" {
84 | description = "Map of EC2 Transit Gateway Route Table Propagation attributes"
85 | value = aws_ec2_transit_gateway_route_table_propagation.this
86 | }
87 |
88 | ################################################################################
89 | # Resource Access Manager
90 | ################################################################################
91 |
92 | output "ram_resource_share_id" {
93 | description = "The Amazon Resource Name (ARN) of the resource share"
94 | value = try(aws_ram_resource_share.this[0].id, "")
95 | }
96 |
97 | output "ram_principal_association_id" {
98 | description = "The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma"
99 | value = try(aws_ram_principal_association.this[0].id, "")
100 | }
101 |
--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name" {
2 | description = "Name to be used on all the resources as identifier"
3 | type = string
4 | default = ""
5 | }
6 |
7 | variable "tags" {
8 | description = "A map of tags to add to all resources"
9 | type = map(string)
10 | default = {}
11 | }
12 |
13 | ################################################################################
14 | # Transit Gateway
15 | ################################################################################
16 |
17 | variable "create_tgw" {
18 | description = "Controls if TGW should be created (it affects almost all resources)"
19 | type = bool
20 | default = true
21 | }
22 |
23 | variable "description" {
24 | description = "Description of the EC2 Transit Gateway"
25 | type = string
26 | default = null
27 | }
28 |
29 | variable "amazon_side_asn" {
30 | description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN."
31 | type = string
32 | default = null
33 | }
34 |
35 | variable "enable_default_route_table_association" {
36 | description = "Whether resource attachments are automatically associated with the default association route table"
37 | type = bool
38 | default = true
39 | }
40 |
41 | variable "enable_default_route_table_propagation" {
42 | description = "Whether resource attachments automatically propagate routes to the default propagation route table"
43 | type = bool
44 | default = true
45 | }
46 |
47 | variable "enable_auto_accept_shared_attachments" {
48 | description = "Whether resource attachment requests are automatically accepted"
49 | type = bool
50 | default = false
51 | }
52 |
53 | variable "enable_vpn_ecmp_support" {
54 | description = "Whether VPN Equal Cost Multipath Protocol support is enabled"
55 | type = bool
56 | default = true
57 | }
58 |
59 | variable "enable_multicast_support" {
60 | description = "Whether multicast support is enabled"
61 | type = bool
62 | default = false
63 | }
64 |
65 | variable "enable_dns_support" {
66 | description = "Should be true to enable DNS support in the TGW"
67 | type = bool
68 | default = true
69 | }
70 |
71 | variable "transit_gateway_cidr_blocks" {
72 | description = "One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6"
73 | type = list(string)
74 | default = []
75 | }
76 |
77 | variable "timeouts" {
78 | description = "Create, update, and delete timeout configurations for the transit gateway"
79 | type = map(string)
80 | default = {}
81 | }
82 |
83 | variable "tgw_tags" {
84 | description = "Additional tags for the TGW"
85 | type = map(string)
86 | default = {}
87 | }
88 |
89 | variable "tgw_default_route_table_tags" {
90 | description = "Additional tags for the Default TGW route table"
91 | type = map(string)
92 | default = {}
93 | }
94 |
95 | variable "enable_sg_referencing_support" {
96 | description = "Indicates whether to enable security group referencing support"
97 | type = bool
98 | default = true
99 | }
100 |
101 | ################################################################################
102 | # VPC Attachment
103 | ################################################################################
104 |
105 | variable "vpc_attachments" {
106 | description = "Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform."
107 | type = any
108 | default = {}
109 | }
110 |
111 | variable "tgw_vpc_attachment_tags" {
112 | description = "Additional tags for VPC attachments"
113 | type = map(string)
114 | default = {}
115 | }
116 |
117 | ################################################################################
118 | # Route Table / Routes
119 | ################################################################################
120 |
121 | variable "create_tgw_routes" {
122 | description = "Controls if TGW Route Table / Routes should be created"
123 | type = bool
124 | default = true
125 | }
126 |
127 | variable "transit_gateway_route_table_id" {
128 | description = "Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs"
129 | type = string
130 | default = null
131 | }
132 |
133 | variable "tgw_route_table_tags" {
134 | description = "Additional tags for the TGW route table"
135 | type = map(string)
136 | default = {}
137 | }
138 |
139 | ################################################################################
140 | # Resource Access Manager
141 | ################################################################################
142 |
143 | variable "share_tgw" {
144 | description = "Whether to share your transit gateway with other accounts"
145 | type = bool
146 | default = true
147 | }
148 |
149 | variable "ram_name" {
150 | description = "The name of the resource share of TGW"
151 | type = string
152 | default = ""
153 | }
154 |
155 | variable "ram_allow_external_principals" {
156 | description = "Indicates whether principals outside your organization can be associated with a resource share."
157 | type = bool
158 | default = false
159 | }
160 |
161 | variable "ram_principals" {
162 | description = "A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN"
163 | type = list(string)
164 | default = []
165 | }
166 |
167 | variable "ram_resource_share_arn" {
168 | description = "ARN of RAM resource share"
169 | type = string
170 | default = ""
171 | }
172 |
173 | variable "ram_tags" {
174 | description = "Additional tags for the RAM"
175 | type = map(string)
176 | default = {}
177 | }
178 |
--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 0.13.1"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.4"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------