Skip to content

Commit

Permalink
feat: add default route table resource to manage default route table,…
Browse files Browse the repository at this point in the history
… its tags, routes, etc. (terraform-aws-modules#599)
  • Loading branch information
bryantbiggs authored and harrythebot committed May 11, 2022
1 parent 4e69c32 commit 5cc8430
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@ No Modules.
| [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) |
| [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) |
| [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) |
| [aws_default_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) |
| [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) |
| [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) |
| [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) |
Expand Down Expand Up @@ -385,6 +386,9 @@ No Modules.
| default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br> {<br> "action": "allow",<br> "cidr_block": "0.0.0.0/0",<br> "from_port": 0,<br> "protocol": "-1",<br> "rule_no": 100,<br> "to_port": 0<br> },<br> {<br> "action": "allow",<br> "from_port": 0,<br> "ipv6_cidr_block": "::/0",<br> "protocol": "-1",<br> "rule_no": 101,<br> "to_port": 0<br> }<br>]</pre> | no |
| default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no |
| default\_network\_acl\_tags | Additional tags for the Default Network ACL | `map(string)` | `{}` | no |
| default\_route\_table\_propagating\_vgws | List of virtual gateways for propagation | `list(string)` | `[]` | no |
| default\_route\_table\_routes | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no |
| default\_route\_table\_tags | Additional tags for the default route table | `map(string)` | `{}` | no |
| default\_security\_group\_egress | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no |
| default\_security\_group\_ingress | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no |
| default\_security\_group\_name | Name to be used on the default security group | `string` | `"default"` | no |
Expand Down Expand Up @@ -603,6 +607,7 @@ No Modules.
| logs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint | `list(string)` | `[]` | no |
| logs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
| manage\_default\_network\_acl | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
| manage\_default\_route\_table | Should be true to manage default route table | `bool` | `false` | no |
| manage\_default\_security\_group | Should be true to adopt and manage default security group | `bool` | `false` | no |
| manage\_default\_vpc | Should be true to adopt and manage Default VPC | `bool` | `false` | no |
| map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no |
Expand Down
3 changes: 3 additions & 0 deletions examples/complete-vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ module "vpc" {

create_database_subnet_group = false

manage_default_route_table = true
default_route_table_tags = { DefaultRouteTable = true }

enable_dns_hostnames = true
enable_dns_support = true

Expand Down
37 changes: 37 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,43 @@ resource "aws_egress_only_internet_gateway" "this" {
)
}

###############
# Default route
###############

resource "aws_default_route_table" "default" {
count = var.create_vpc && var.manage_default_route_table ? 1 : 0

default_route_table_id = aws_vpc.this[0].default_route_table_id
propagating_vgws = var.default_route_table_propagating_vgws

dynamic "route" {
for_each = var.default_route_table_routes
content {
# One of the following destinations must be provided
cidr_block = route.value.cidr_block
ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)

# One of the following targets must be provided
egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
gateway_id = lookup(route.value, "gateway_id", null)
instance_id = lookup(route.value, "instance_id", null)
nat_gateway_id = lookup(route.value, "nat_gateway_id", null)
network_interface_id = lookup(route.value, "network_interface_id", null)
transit_gateway_id = lookup(route.value, "transit_gateway_id", null)
# `vpc_endpoint_id` was recently added in v3.15.0
# vpc_endpoint_id = lookup(route.value, "vpc_endpoint_id", null)
vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
}
}

tags = merge(
{ "Name" = var.name },
var.tags,
var.default_route_table_tags,
)
}

################
# Publiс routes
################
Expand Down
24 changes: 24 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2213,6 +2213,30 @@ variable "propagate_public_route_tables_vgw" {
default = false
}

variable "manage_default_route_table" {
description = "Should be true to manage default route table"
type = bool
default = false
}

variable "default_route_table_propagating_vgws" {
description = "List of virtual gateways for propagation"
type = list(string)
default = []
}

variable "default_route_table_routes" {
description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
type = list(map(string))
default = []
}

variable "default_route_table_tags" {
description = "Additional tags for the default route table"
type = map(string)
default = {}
}

variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
Expand Down

0 comments on commit 5cc8430

Please sign in to comment.