-
Notifications
You must be signed in to change notification settings - Fork 18
/
main.tf
160 lines (145 loc) · 7.01 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Aviatrix Transit VPC
resource "aviatrix_vpc" "default" {
count = var.use_existing_vpc ? 0 : 1
cloud_type = local.cloud_type
region = local.cloud == "gcp" ? null : var.region
cidr = local.cloud == "gcp" ? null : var.cidr
account_name = var.account
name = substr(local.name, 0, 30)
aviatrix_transit_vpc = local.aviatrix_transit_vpc
aviatrix_firenet_vpc = local.aviatrix_firenet_vpc
resource_group = var.resource_group
private_mode_subnets = var.private_mode_subnets
dynamic "subnets" {
for_each = local.cloud == "gcp" ? ["dummy"] : [] #Trick to make block conditional. Count not available on dynamic blocks.
content {
name = local.name
cidr = var.cidr
region = var.region
}
}
dynamic "subnets" {
for_each = length(var.ha_region) > 0 ? ["dummy"] : [] #Trick to make block conditional. Count not available on dynamic blocks.
content {
name = "${local.name}-ha"
cidr = var.ha_cidr
region = var.ha_region
}
}
}
# LAN VPC
resource "aviatrix_vpc" "lan_vpc" {
count = local.cloud == "gcp" && local.enable_transit_firenet ? 1 : 0 #Only create for GCP and when firenet is enabled
cloud_type = 4
account_name = var.account
name = "${local.name}-lan"
aviatrix_transit_vpc = false
aviatrix_firenet_vpc = false
subnets {
name = "${local.name}-lan"
cidr = var.lan_cidr
region = var.region
}
}
resource "aviatrix_vpc" "bgp_over_lan_vpc" {
for_each = merge(local.bgp_lan_vpcs_to_create, local.ha_bgp_lan_vpcs_to_create)
cloud_type = 4
account_name = var.account
name = each.key
aviatrix_transit_vpc = false
aviatrix_firenet_vpc = false
subnets {
name = "${each.key}-${var.region}"
cidr = each.value
region = var.region
}
}
#Transit GW
resource "aviatrix_transit_gateway" "default" {
cloud_type = local.cloud_type
vpc_reg = local.cloud == "gcp" ? local.zone : var.region
gw_name = local.gw_name
gw_size = local.instance_size
vpc_id = var.use_existing_vpc ? var.vpc_id : aviatrix_vpc.default[0].vpc_id
account_name = var.account
subnet = local.subnet
zone = local.cloud == "azure" ? local.zone : null
ha_subnet = var.ha_gw ? local.ha_subnet : null
ha_gw_size = var.ha_gw ? local.instance_size : null
ha_zone = var.ha_gw ? local.ha_zone : null
connected_transit = var.enable_egress_transit_firenet ? false : var.connected_transit
enable_hybrid_connection = var.hybrid_connection
bgp_manual_spoke_advertise_cidrs = var.bgp_manual_spoke_advertise_cidrs
enable_learned_cidrs_approval = var.learned_cidr_approval
learned_cidrs_approval_mode = var.learned_cidrs_approval_mode
approved_learned_cidrs = var.approved_learned_cidrs
enable_segmentation = var.enable_segmentation
insane_mode = var.insane_mode
insane_mode_az = local.insane_mode_az
ha_insane_mode_az = var.ha_gw ? local.ha_insane_mode_az : null
single_az_ha = var.single_az_ha
single_ip_snat = var.single_ip_snat
enable_advertise_transit_cidr = var.enable_advertise_transit_cidr
bgp_polling_time = var.bgp_polling_time
bgp_ecmp = var.bgp_ecmp
local_as_number = var.local_as_number
enable_bgp_over_lan = var.enable_bgp_over_lan
enable_encrypt_volume = var.enable_encrypt_volume
customer_managed_keys = var.customer_managed_keys
tunnel_detection_time = var.tunnel_detection_time
tags = var.tags
availability_domain = local.availability_domain
fault_domain = local.fault_domain
ha_availability_domain = local.ha_availability_domain
ha_fault_domain = local.ha_fault_domain
enable_multi_tier_transit = var.enable_multi_tier_transit
enable_active_standby = var.enable_active_standby
enable_active_standby_preemptive = var.enable_active_standby_preemptive
enable_s2c_rx_balancing = var.enable_s2c_rx_balancing
rx_queue_size = var.rx_queue_size
enable_preserve_as_path = var.enable_preserve_as_path
enable_gateway_load_balancer = var.enable_gateway_load_balancer
bgp_lan_interfaces_count = var.bgp_lan_interfaces_count
enable_monitor_gateway_subnets = var.enable_monitor_gateway_subnets
enable_vpc_dns_server = var.enable_vpc_dns_server
enable_gro_gso = var.enable_gro_gso
bgp_hold_time = var.bgp_hold_time
customized_transit_vpc_routes = var.customized_transit_vpc_routes
filtered_spoke_vpc_routes = var.filtered_spoke_vpc_routes
enable_transit_summarize_cidr_to_tgw = var.enable_transit_summarize_cidr_to_tgw
excluded_advertised_spoke_routes = var.excluded_advertised_spoke_routes
#Custom EIP settings
allocate_new_eip = var.allocate_new_eip
eip = var.eip
ha_eip = var.ha_eip
azure_eip_name_resource_group = var.azure_eip_name_resource_group
ha_azure_eip_name_resource_group = var.ha_azure_eip_name_resource_group
#Private mode settings
private_mode_lb_vpc_id = var.private_mode_lb_vpc_id
private_mode_subnet_zone = var.private_mode_subnets && local.cloud == "aws" ? format("%s%s", var.region, local.az1) : null
ha_private_mode_subnet_zone = var.private_mode_subnets && local.cloud == "aws" && var.ha_gw ? format("%s%s", var.region, local.az2) : null
#Firenet Settings
enable_firenet = var.enable_firenet
enable_transit_firenet = local.enable_transit_firenet
enable_egress_transit_firenet = var.enable_egress_transit_firenet
#GCP Firenet settings
lan_vpc_id = local.enable_transit_firenet && local.cloud == "gcp" ? aviatrix_vpc.lan_vpc[0].name : null
lan_private_subnet = local.enable_transit_firenet && local.cloud == "gcp" ? aviatrix_vpc.lan_vpc[0].subnets[0].cidr : null
dynamic "bgp_lan_interfaces" {
for_each = local.bgp_lan_interfaces
content {
vpc_id = bgp_lan_interfaces.key
subnet = bgp_lan_interfaces.value["subnet"]
}
}
dynamic "ha_bgp_lan_interfaces" {
for_each = local.ha_bgp_lan_interfaces
content {
vpc_id = ha_bgp_lan_interfaces.key
subnet = ha_bgp_lan_interfaces.value["subnet"]
}
}
depends_on = [
aviatrix_vpc.bgp_over_lan_vpc
]
}