We are following the hub-spoke(s) (aka star network) network topology model.
This Terraform module aims to handle the AWS resources required by a so-called "hub" node.
This module assumes that its pair module was used: terraform-aws-transit-gateway-satellite to handle the satellite(s).
Check out some use cases in the examples.
The module starts from the assumption that the aws_login_profile allows the
user to assume the necessary IAM roles, as required, to make the necessary
changes (and in the case of the satellite module, cross-account).
See this example to first make sure that the credentials you want to use allow for cross-account actions.
You can read more about how Terraform handles this here.
Obviously, all the supported authentication methods can also be used.
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_account_id_hub | AWS account number containing the TGW hub | string |
n/a | yes |
| aws_account_id_satellite | List of AWS account numbers representing the satellites of the TGW | list |
n/a | yes |
| aws_login_profile | Name of the AWS login profile as seen under ~/.aws/config used for assuming cross-account roles | any |
n/a | yes |
| description | Description of the Transit Gateway | string |
n/a | yes |
| name | Name to be used on all the resources as identifier | string |
n/a | yes |
| role_to_assume_hub | IAM role name to assume in the AWS account containing the TGW hub (eg. ASSUME-ROLE-HUB) | string |
n/a | yes |
| allow_external_principals | Indicates whether principals outside your organization can be associated with a resource share | bool |
false |
no |
| default_route_table_association | Boolean flag for toggling the default route table association | string |
"disable" |
no |
| default_route_table_propagation | Boolean flag for toggling the propagation of routes in the default route table | string |
"disable" |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| ram_principal_association_id | Identifier of the Resource Access Manager Principal Association |
| ram_resource_association_id | Identifier of the Resource Access Manager Resource Association |
| ram_resource_share_arn | ARN of the Resource Access Manager Resource Share |
| ram_resource_share_id | Identifier of the Resource Access Manager Resource Share |
| transit_gateway_arn | ARN of the Transit Gateway |
| transit_gateway_id | Identifier of the Transit Gateway |
| transit_gateway_route_table_id | Identifier of the Transit Gateway Route Table |