Skip to content

DNXLabs/terraform-aws-transit-gateway

BranchesTags

Repository files navigation

terraform-aws-transit-gateway

This module creates the transit gateway network resources.

The following resources will be created:

  • Direct Connect Data resource
  • AWS Organization Data resource
  • Direct Connect Gateway
  • Direct Connect Gateway Association
  • Direct Connect Transit Virtual Interface
  • Transit Gateway
  • Transit Gateway Blackhole Route
  • Transit Gateway Route
  • Transit Gateway VPC Attachment
  • Resource Access Manager (RAM) Resource Share
  • Resource Access Manager (RAM) Resource Association
  • Resource Access Manager (RAM) Principal Association
  • SSM Security String Parameter

Execution Diagram of terraform-transit-gateway

Usage

module "transit_gateway" {
  source = "git::https://github.com/DNXLabs/terraform-aws-transit-gateway.git?ref=1.0.0"

  name                       = local.workspace.org_name
  account_name               = local.workspace.account_name
  transit_gateway_account_id = local.workspace.transit_gateway.attachment.transit_gateway_account_id
  allowed_prefixes           = try(local.workspace.transit_gateway.allowed_prefixes, [])
  dns_support                = try(local.workspace.transit_gateway.dns_support, "enable")
  attachment                 = try(local.workspace.transit_gateway.attachment.enabled, false)
  transit_gateway_enabled    = try(local.workspace.transit_gateway.enabled, false)
  vpc_id                     = module.network[0].vpc_id
  subnet_ids                 = module.network[0].private_subnet_ids
  private_route_table_id     = module.network[0].private_route_table_id[0]
  public_route_table_id      = module.network[0].public_route_table_id
  private_network_acl_id     = module.network[0].private_nacl_id
  public_network_acl_id      = module.network[0].public_nacl_id
  dx_connection              = try(local.workspace.transit_gateway.dx_connection, [])
  direct_connect_gateway_asn = try(local.workspace.transit_gateway.direct_connect_gateway_asn, "64512")
  transit_gateway_asn        = try(local.workspace.transit_gateway.transit_gateway_asn, "64513")
  public_route               = try(local.workspace.transit_gateway.attachment.public_route, [])
  private_route              = try(local.workspace.transit_gateway.attachment.private_route, [])
}

Requirements

Name Version
terraform >= 0.12.0
aws >= 4.4.0
random >= 2.1.0
tls >= 3.1.0

Providers

Name Version
aws >= 4.4.0

Inputs

Name Description Type Default Required
account_name Name of the AWS account. string n/a yes
allowed_prefixes VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured. list(string) [] no
attachment Create VPC Attachment to Transit Gateway bool false no
default_route_table_association Whether resource attachments are automatically associated with the default association route table. Valid values: disable, enable. Default value: enable. string "enable" no
default_route_table_propagation Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: disable, enable. Default value: enable. string "enable" no
direct_connect_gateway_asn The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294. number n/a yes
dns_support Whether DNS support is enabled. Valid values: disable, enable. Default value: enable. string "enable" no
dx_connection The name of the connection to retrieve. list(any) [] no
name Name prefix for the resources of this stack string n/a yes
private_network_acl_id Private Network ACL ID string n/a yes
private_route Private Destination CIDR blocks for NACL definition 
list(object({
    cidr                          = string
    protocol                      = optional(string, "tcp")
    nacl_inbound_ports            = list(number)
    nacl_outbound_ports           = list(number)
    nacl_inbound_ephemeral_ports  = optional(bool, false)
    nacl_outbound_ephemeral_ports = optional(bool, false)
  }))
 n/a yes
private_route_table_id Private Route Table Identifier string n/a yes
public_network_acl_id Public Network ACL ID string n/a yes
public_route Public Destination CIDR blocks for NACL definition 
list(object({
    cidr                          = string
    protocol                      = optional(string, "tcp")
    nacl_inbound_ports            = list(number)
    nacl_outbound_ports           = list(number)
    nacl_inbound_ephemeral_ports  = optional(bool, false)
    nacl_outbound_ephemeral_ports = optional(bool, false)
  }))
 n/a yes
public_route_table_id Public Route Table Identifier string n/a yes
ram_organization_association Controls if a resource share of the transit gateway to AWS Organizations should be created. bool true no
secure_network_acl_id Secure Network ACL ID string n/a yes
secure_route Secure Destination CIDR blocks for NACL definition 
list(object({
    cidr                          = string
    protocol                      = optional(string, "tcp")
    nacl_inbound_ports            = list(number)
    nacl_outbound_ports           = list(number)
    nacl_inbound_ephemeral_ports  = optional(bool, false)
    nacl_outbound_ephemeral_ports = optional(bool, false)
  }))
 n/a yes
secure_route_table_id Secure Route Table Identifier string n/a yes
subnet_ids Identifiers of EC2 Subnets. list(any) [] no
tags Extra tags to attach to resources map(string) {} no
transit_gateway_account_id Identifier of the AWS account that owns the EC2 Transit Gateway. string n/a yes
transit_gateway_asn Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. Default value: 64512. number 64512 no
transit_gateway_default_route_table_association Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. bool true no
transit_gateway_default_route_table_propagation Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. bool true no
transit_gateway_enabled Enable or disable Transit Gateway bool n/a yes
vpc_id Identifier of EC2 VPC. string n/a yes

Outputs

Name Description
private_nacls n/a
public_nacls n/a
secure_nacls n/a
transit_attachment_account_owner_id Transit Gateway attachment AWS Account owner
transit_attachment_id Transit Gateway attachment
transit_gateway_account_owner_id Transit Gateway AWS account ID owner
transit_gateway_cidr_blocks Transit Gateway CIDR blocks
transit_gateway_default_route_table_id Transit Gateway route table id default
transit_gateway_id Transit Gateway ID

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 18

1.10.0 Latest
Dec 4, 2024
+ 17 releases

Packages

No packages published

Contributors 8

Languages