From 4b52da0681d04b7f6de948f5ff7d76fb99ca78de Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Tue, 23 Feb 2021 04:18:59 -0500
Subject: [PATCH] feat: add default route table resource to manage default
 route table, its tags, routes, etc. (#599)

---
 README.md                     |  5 +++++
 examples/complete-vpc/main.tf |  3 +++
 main.tf                       | 37 +++++++++++++++++++++++++++++++++++
 variables.tf                  | 24 +++++++++++++++++++++++
 4 files changed, 69 insertions(+)

diff --git a/README.md b/README.md
index 72573d54b..f9b7b7460 100644
--- a/README.md
+++ b/README.md
@@ -249,6 +249,7 @@ No Modules.
 | [aws_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) |
 | [aws_db_subnet_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) |
 | [aws_default_network_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl) |
+| [aws_default_route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table) |
 | [aws_default_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_security_group) |
 | [aws_default_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc) |
 | [aws_egress_only_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/egress_only_internet_gateway) |
@@ -385,6 +386,9 @@ No Modules.
 | default\_network\_acl\_ingress | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | default\_network\_acl\_name | Name to be used on the Default Network ACL | `string` | `""` | no |
 | default\_network\_acl\_tags | Additional tags for the Default Network ACL | `map(string)` | `{}` | no |
+| default\_route\_table\_propagating\_vgws | List of virtual gateways for propagation | `list(string)` | `[]` | no |
+| default\_route\_table\_routes | Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route | `list(map(string))` | `[]` | no |
+| default\_route\_table\_tags | Additional tags for the default route table | `map(string)` | `{}` | no |
 | default\_security\_group\_egress | List of maps of egress rules to set on the default security group | `list(map(string))` | `null` | no |
 | default\_security\_group\_ingress | List of maps of ingress rules to set on the default security group | `list(map(string))` | `null` | no |
 | default\_security\_group\_name | Name to be used on the default security group | `string` | `"default"` | no |
@@ -603,6 +607,7 @@ No Modules.
 | logs\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint | `list(string)` | `[]` | no |
 | logs\_endpoint\_subnet\_ids | The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used. | `list(string)` | `[]` | no |
 | manage\_default\_network\_acl | Should be true to adopt and manage Default Network ACL | `bool` | `false` | no |
+| manage\_default\_route\_table | Should be true to manage default route table | `bool` | `false` | no |
 | manage\_default\_security\_group | Should be true to adopt and manage default security group | `bool` | `false` | no |
 | manage\_default\_vpc | Should be true to adopt and manage Default VPC | `bool` | `false` | no |
 | map\_public\_ip\_on\_launch | Should be false if you do not want to auto-assign public IP on launch | `bool` | `true` | no |
diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf
index acc5cb565..258152886 100644
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -24,6 +24,9 @@ module "vpc" {
 
   create_database_subnet_group = false
 
+  manage_default_route_table = true
+  default_route_table_tags   = { DefaultRouteTable = true }
+
   enable_dns_hostnames = true
   enable_dns_support   = true
 
diff --git a/main.tf b/main.tf
index fb65d5012..cf33ab61f 100644
--- a/main.tf
+++ b/main.tf
@@ -160,6 +160,43 @@ resource "aws_egress_only_internet_gateway" "this" {
   )
 }
 
+###############
+# Default route
+###############
+
+resource "aws_default_route_table" "default" {
+  count = var.create_vpc && var.manage_default_route_table ? 1 : 0
+
+  default_route_table_id = aws_vpc.this[0].default_route_table_id
+  propagating_vgws       = var.default_route_table_propagating_vgws
+
+  dynamic "route" {
+    for_each = var.default_route_table_routes
+    content {
+      # One of the following destinations must be provided
+      cidr_block      = route.value.cidr_block
+      ipv6_cidr_block = lookup(route.value, "ipv6_cidr_block", null)
+
+      # One of the following targets must be provided
+      egress_only_gateway_id = lookup(route.value, "egress_only_gateway_id", null)
+      gateway_id             = lookup(route.value, "gateway_id", null)
+      instance_id            = lookup(route.value, "instance_id", null)
+      nat_gateway_id         = lookup(route.value, "nat_gateway_id", null)
+      network_interface_id   = lookup(route.value, "network_interface_id", null)
+      transit_gateway_id     = lookup(route.value, "transit_gateway_id", null)
+      # `vpc_endpoint_id` was recently added in v3.15.0
+      # vpc_endpoint_id           = lookup(route.value, "vpc_endpoint_id", null)
+      vpc_peering_connection_id = lookup(route.value, "vpc_peering_connection_id", null)
+    }
+  }
+
+  tags = merge(
+    { "Name" = var.name },
+    var.tags,
+    var.default_route_table_tags,
+  )
+}
+
 ################
 # Publiс routes
 ################
diff --git a/variables.tf b/variables.tf
index cf61b2897..e75560c40 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2213,6 +2213,30 @@ variable "propagate_public_route_tables_vgw" {
   default     = false
 }
 
+variable "manage_default_route_table" {
+  description = "Should be true to manage default route table"
+  type        = bool
+  default     = false
+}
+
+variable "default_route_table_propagating_vgws" {
+  description = "List of virtual gateways for propagation"
+  type        = list(string)
+  default     = []
+}
+
+variable "default_route_table_routes" {
+  description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
+  type        = list(map(string))
+  default     = []
+}
+
+variable "default_route_table_tags" {
+  description = "Additional tags for the default route table"
+  type        = map(string)
+  default     = {}
+}
+
 variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)