From 5a4f1566b014d80be26dce8ec15238d46039d341 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Mon, 12 Aug 2024 16:17:49 +0200 Subject: [PATCH 01/14] Change naming; Add TGW att code --- examples/complete/main.tf | 2 +- examples/ipam/main.tf | 4 +- examples/ipv6-dualstack/main.tf | 2 +- examples/ipv6-only/main.tf | 2 +- examples/issues/main.tf | 6 +- examples/network-acls/main.tf | 2 +- examples/outpost/main.tf | 2 +- examples/secondary-cidr-blocks/main.tf | 2 +- examples/separate-route-tables/main.tf | 2 +- examples/simple/main.tf | 2 +- examples/vpc-flow-logs/main.tf | 10 +- main.tf | 116 +++++++------ outputs.tf | 52 +++++- tgw.tf | 216 +++++++++++++++++++++++++ variables.tf | 186 +++++++++++++++++++++ 15 files changed, 538 insertions(+), 68 deletions(-) create mode 100644 tgw.tf diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 579a47395..ccfcb4490 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -25,7 +25,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/ipam/main.tf b/examples/ipam/main.tf index d43851202..b38186d02 100644 --- a/examples/ipam/main.tf +++ b/examples/ipam/main.tf @@ -26,7 +26,7 @@ locals { module "vpc_ipam_set_netmask" { source = "../.." - name = "${local.name}-set-netmask" + name_prefix = "${local.name}-set-netmask" use_ipam_pool = true ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id @@ -46,7 +46,7 @@ module "vpc_ipam_set_netmask" { module "vpc_ipam_set_cidr" { source = "../.." - name = "${local.name}-set-cidr" + name_prefix = "${local.name}-set-cidr" use_ipam_pool = true ipv4_ipam_pool_id = aws_vpc_ipam_pool.this.id diff --git a/examples/ipv6-dualstack/main.tf b/examples/ipv6-dualstack/main.tf index d71f8fe35..b514ff83f 100644 --- a/examples/ipv6-dualstack/main.tf +++ b/examples/ipv6-dualstack/main.tf @@ -25,7 +25,7 @@ locals { module "vpc" { source = "../.." - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/ipv6-only/main.tf b/examples/ipv6-only/main.tf index ba737316d..250d0092c 100644 --- a/examples/ipv6-only/main.tf +++ b/examples/ipv6-only/main.tf @@ -22,7 +22,7 @@ locals { module "vpc" { source = "../.." - name = local.name + name_prefix = local.name azs = slice(data.aws_availability_zones.available.names, 0, 3) enable_ipv6 = true diff --git a/examples/issues/main.tf b/examples/issues/main.tf index 9e23b806f..f3272e36f 100644 --- a/examples/issues/main.tf +++ b/examples/issues/main.tf @@ -24,7 +24,7 @@ locals { module "vpc_issue_44" { source = "../../" - name = "asymmetrical" + name_prefix = "asymmetrical" cidr = "10.0.0.0/16" azs = local.azs @@ -48,7 +48,7 @@ module "vpc_issue_44" { module "vpc_issue_46" { source = "../../" - name = "no-private-subnets" + name_prefix = "no-private-subnets" cidr = "10.0.0.0/16" azs = local.azs @@ -74,7 +74,7 @@ module "vpc_issue_46" { module "vpc_issue_108" { source = "../../" - name = "route-already-exists" + name_prefix = "route-already-exists" cidr = "10.0.0.0/16" azs = local.azs diff --git a/examples/network-acls/main.tf b/examples/network-acls/main.tf index 35c3a2211..fc2cc8243 100644 --- a/examples/network-acls/main.tf +++ b/examples/network-acls/main.tf @@ -174,7 +174,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/outpost/main.tf b/examples/outpost/main.tf index b65e8d75a..adf3c6df8 100644 --- a/examples/outpost/main.tf +++ b/examples/outpost/main.tf @@ -124,7 +124,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/secondary-cidr-blocks/main.tf b/examples/secondary-cidr-blocks/main.tf index 5c963bb94..e4485ffc6 100644 --- a/examples/secondary-cidr-blocks/main.tf +++ b/examples/secondary-cidr-blocks/main.tf @@ -26,7 +26,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr secondary_cidr_blocks = local.secondary_cidr_blocks # can add up to 5 total CIDR blocks diff --git a/examples/separate-route-tables/main.tf b/examples/separate-route-tables/main.tf index 99cf9828f..2d661b6b5 100644 --- a/examples/separate-route-tables/main.tf +++ b/examples/separate-route-tables/main.tf @@ -25,7 +25,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 324977173..e4c5a847d 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -25,7 +25,7 @@ locals { module "vpc" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf index 7cd35d34f..4121dfdae 100644 --- a/examples/vpc-flow-logs/main.tf +++ b/examples/vpc-flow-logs/main.tf @@ -27,7 +27,7 @@ locals { module "vpc_with_flow_logs_s3_bucket" { source = "../../" - name = local.name + name_prefix = local.name cidr = local.vpc_cidr azs = local.azs @@ -44,7 +44,7 @@ module "vpc_with_flow_logs_s3_bucket" { module "vpc_with_flow_logs_s3_bucket_parquet" { source = "../../" - name = "${local.name}-parquet" + name_prefix = "${local.name}-parquet" cidr = local.vpc_cidr azs = local.azs @@ -63,7 +63,7 @@ module "vpc_with_flow_logs_s3_bucket_parquet" { module "vpc_with_flow_logs_cloudwatch_logs_default" { source = "../../" - name = "${local.name}-cloudwatch-logs-default" + name_prefix = "${local.name}-cloudwatch-logs-default" cidr = local.vpc_cidr azs = local.azs @@ -87,7 +87,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" { module "vpc_with_flow_logs_cloudwatch_logs_prefix" { source = "../../" - name = "${local.name}-cloudwatch-logs-prefix" + name_prefix = "${local.name}-cloudwatch-logs-prefix" cidr = local.vpc_cidr azs = local.azs @@ -116,7 +116,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_prefix" { module "vpc_with_flow_logs_cloudwatch_logs" { source = "../../" - name = "${local.name}-cloudwatch-logs" + name_prefix = "${local.name}-cloudwatch-logs" cidr = local.vpc_cidr azs = local.azs diff --git a/main.tf b/main.tf index 05b4f5e22..eb448dbb2 100644 --- a/main.tf +++ b/main.tf @@ -13,6 +13,7 @@ locals { local.len_elasticache_subnets, local.len_database_subnets, local.len_redshift_subnets, + local.len_tgw_subnets ) # Use `local.vpc_id` to give a hint to Terraform that subnets should be deleted before secondary CIDR blocks can be free! @@ -44,7 +45,7 @@ resource "aws_vpc" "this" { enable_network_address_usage_metrics = var.enable_network_address_usage_metrics tags = merge( - { "Name" = var.name }, + { "Name" = "${var.name_prefix}-vpc${var.name_suffix}" }, var.tags, var.vpc_tags, ) @@ -74,7 +75,7 @@ resource "aws_vpc_dhcp_options" "this" { ipv6_address_preferred_lease_time = var.dhcp_options_ipv6_address_preferred_lease_time tags = merge( - { "Name" = var.name }, + { "Name" = var.name_prefix }, var.tags, var.dhcp_options_tags, ) @@ -115,7 +116,7 @@ resource "aws_subnet" "public" { { Name = try( var.public_subnet_names[count.index], - format("${var.name}-${var.public_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}-${var.public_subnet_suffix}-%s", element(var.azs, count.index)) ) }, var.tags, @@ -136,9 +137,9 @@ resource "aws_route_table" "public" { tags = merge( { "Name" = var.create_multiple_public_route_tables ? format( - "${var.name}-${var.public_subnet_suffix}-%s", + "${var.name_prefix}-${var.public_subnet_suffix}-%s", element(var.azs, count.index), - ) : "${var.name}-${var.public_subnet_suffix}" + ) : "${var.name_prefix}-${var.public_subnet_suffix}" }, var.tags, var.public_route_table_tags, @@ -183,7 +184,7 @@ resource "aws_network_acl" "public" { subnet_ids = aws_subnet.public[*].id tags = merge( - { "Name" = "${var.name}-${var.public_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.public_subnet_suffix}" }, var.tags, var.public_acl_tags, ) @@ -246,11 +247,15 @@ resource "aws_subnet" "private" { private_dns_hostname_type_on_launch = var.private_subnet_private_dns_hostname_type_on_launch vpc_id = local.vpc_id + # app1-test-euc1a-az2-sub-db tags = merge( { Name = try( var.private_subnet_names[count.index], - format("${var.name}-${var.private_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-%s-sub-${var.private_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + ) ) }, var.tags, @@ -267,9 +272,10 @@ resource "aws_route_table" "private" { tags = merge( { - "Name" = var.single_nat_gateway ? "${var.name}-${var.private_subnet_suffix}" : format( - "${var.name}-${var.private_subnet_suffix}-%s", - element(var.azs, count.index), + "Name" = (var.single_nat_gateway ? "${var.name_prefix}-rtb-${var.private_subnet_suffix}" : + format("${var.name_prefix}%s-rtb-${var.private_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + ) ) }, var.tags, @@ -302,7 +308,7 @@ resource "aws_network_acl" "private" { subnet_ids = aws_subnet.private[*].id tags = merge( - { "Name" = "${var.name}-${var.private_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.private_subnet_suffix}" }, var.tags, var.private_acl_tags, ) @@ -370,7 +376,9 @@ resource "aws_subnet" "database" { { Name = try( var.database_subnet_names[count.index], - format("${var.name}-${var.database_subnet_suffix}-%s", element(var.azs, count.index), ) + format("${var.name_prefix}%s-sub-${var.database_subnet_suffix}", element(var.azs, count.index), + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + ) ) }, var.tags, @@ -381,13 +389,13 @@ resource "aws_subnet" "database" { resource "aws_db_subnet_group" "database" { count = local.create_database_subnets && var.create_database_subnet_group ? 1 : 0 - name = lower(coalesce(var.database_subnet_group_name, var.name)) - description = "Database subnet group for ${var.name}" + name = lower(coalesce(var.database_subnet_group_name, var.name_prefix)) + description = "Database subnet group for ${var.name_prefix}" subnet_ids = aws_subnet.database[*].id tags = merge( { - "Name" = lower(coalesce(var.database_subnet_group_name, var.name)) + "Name" = lower(coalesce(var.database_subnet_group_name, var.name_prefix)) }, var.tags, var.database_subnet_group_tags, @@ -401,9 +409,9 @@ resource "aws_route_table" "database" { tags = merge( { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name}-${var.database_subnet_suffix}" : format( - "${var.name}-${var.database_subnet_suffix}-%s", - element(var.azs, count.index), + "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name_prefix}-rtb-${var.database_subnet_suffix}" : format( + "${var.name_prefix}%s-rtb-${var.database_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), ) }, var.tags, @@ -484,7 +492,7 @@ resource "aws_network_acl" "database" { subnet_ids = aws_subnet.database[*].id tags = merge( - { "Name" = "${var.name}-${var.database_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.database_subnet_suffix}" }, var.tags, var.database_acl_tags, ) @@ -552,7 +560,9 @@ resource "aws_subnet" "redshift" { { Name = try( var.redshift_subnet_names[count.index], - format("${var.name}-${var.redshift_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-${var.redshift_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + ) ) }, var.tags, @@ -563,12 +573,12 @@ resource "aws_subnet" "redshift" { resource "aws_redshift_subnet_group" "redshift" { count = local.create_redshift_subnets && var.create_redshift_subnet_group ? 1 : 0 - name = lower(coalesce(var.redshift_subnet_group_name, var.name)) - description = "Redshift subnet group for ${var.name}" + name = lower(coalesce(var.redshift_subnet_group_name, var.name_prefix)) + description = "Redshift subnet group for ${var.name_prefix}" subnet_ids = aws_subnet.redshift[*].id tags = merge( - { "Name" = coalesce(var.redshift_subnet_group_name, var.name) }, + { "Name" = coalesce(var.redshift_subnet_group_name, var.name_prefix) }, var.tags, var.redshift_subnet_group_tags, ) @@ -580,7 +590,7 @@ resource "aws_route_table" "redshift" { vpc_id = local.vpc_id tags = merge( - { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-rtb-${var.redshift_subnet_suffix}" }, var.tags, var.redshift_route_table_tags, ) @@ -621,7 +631,7 @@ resource "aws_network_acl" "redshift" { subnet_ids = aws_subnet.redshift[*].id tags = merge( - { "Name" = "${var.name}-${var.redshift_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.redshift_subnet_suffix}" }, var.tags, var.redshift_acl_tags, ) @@ -689,7 +699,9 @@ resource "aws_subnet" "elasticache" { { Name = try( var.elasticache_subnet_names[count.index], - format("${var.name}-${var.elasticache_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-${var.elasticache_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + ) ) }, var.tags, @@ -700,12 +712,12 @@ resource "aws_subnet" "elasticache" { resource "aws_elasticache_subnet_group" "elasticache" { count = local.create_elasticache_subnets && var.create_elasticache_subnet_group ? 1 : 0 - name = coalesce(var.elasticache_subnet_group_name, var.name) - description = "ElastiCache subnet group for ${var.name}" + name = coalesce(var.elasticache_subnet_group_name, var.name_prefix) + description = "ElastiCache subnet group for ${var.name_prefix}" subnet_ids = aws_subnet.elasticache[*].id tags = merge( - { "Name" = coalesce(var.elasticache_subnet_group_name, var.name) }, + { "Name" = coalesce(var.elasticache_subnet_group_name, var.name_prefix) }, var.tags, var.elasticache_subnet_group_tags, ) @@ -717,7 +729,7 @@ resource "aws_route_table" "elasticache" { vpc_id = local.vpc_id tags = merge( - { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-rtb-${var.elasticache_subnet_suffix}" }, var.tags, var.elasticache_route_table_tags, ) @@ -751,7 +763,7 @@ resource "aws_network_acl" "elasticache" { subnet_ids = aws_subnet.elasticache[*].id tags = merge( - { "Name" = "${var.name}-${var.elasticache_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.elasticache_subnet_suffix}" }, var.tags, var.elasticache_acl_tags, ) @@ -818,7 +830,9 @@ resource "aws_subnet" "intra" { { Name = try( var.intra_subnet_names[count.index], - format("${var.name}-${var.intra_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-sub-${var.intra_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + ) ) }, var.tags, @@ -838,9 +852,9 @@ resource "aws_route_table" "intra" { tags = merge( { "Name" = var.create_multiple_intra_route_tables ? format( - "${var.name}-${var.intra_subnet_suffix}-%s", - element(var.azs, count.index), - ) : "${var.name}-${var.intra_subnet_suffix}" + "${var.name_prefix}%s-${var.intra_subnet_suffix}-%s", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + ) : "${var.name_prefix}-rtb-${var.intra_subnet_suffix}" }, var.tags, var.intra_route_table_tags, @@ -869,7 +883,7 @@ resource "aws_network_acl" "intra" { subnet_ids = aws_subnet.intra[*].id tags = merge( - { "Name" = "${var.name}-${var.intra_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.intra_subnet_suffix}" }, var.tags, var.intra_acl_tags, ) @@ -938,7 +952,7 @@ resource "aws_subnet" "outpost" { { Name = try( var.outpost_subnet_names[count.index], - format("${var.name}-${var.outpost_subnet_suffix}-%s", var.outpost_az) + format("${var.name_prefix}-%s-sub-${var.outpost_subnet_suffix}", var.outpost_az) ) }, var.tags, @@ -971,7 +985,7 @@ resource "aws_network_acl" "outpost" { subnet_ids = aws_subnet.outpost[*].id tags = merge( - { "Name" = "${var.name}-${var.outpost_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.outpost_subnet_suffix}" }, var.tags, var.outpost_acl_tags, ) @@ -1021,7 +1035,7 @@ resource "aws_internet_gateway" "this" { vpc_id = local.vpc_id tags = merge( - { "Name" = var.name }, + { "Name" = "${var.name_prefix}-igw" }, var.tags, var.igw_tags, ) @@ -1033,7 +1047,7 @@ resource "aws_egress_only_internet_gateway" "this" { vpc_id = local.vpc_id tags = merge( - { "Name" = var.name }, + { "Name" = "${var.name_prefix}-eigw" }, var.tags, var.igw_tags, ) @@ -1064,8 +1078,10 @@ resource "aws_eip" "nat" { tags = merge( { "Name" = format( - "${var.name}-%s", - element(var.azs, var.single_nat_gateway ? 0 : count.index), + "${var.name_prefix}%s-eip", + substr(element(var.azs, var.single_nat_gateway ? 0 : count.index), + length(element(var.azs, var.single_nat_gateway ? 0 : count.index)) - 1, 1 + ) ) }, var.tags, @@ -1090,8 +1106,10 @@ resource "aws_nat_gateway" "this" { tags = merge( { "Name" = format( - "${var.name}-%s", - element(var.azs, var.single_nat_gateway ? 0 : count.index), + "${var.name_prefix}%s-natgw", + substr(element(var.azs, var.single_nat_gateway ? 0 : count.index), + length(element(var.azs, var.single_nat_gateway ? 0 : count.index)) - 1, 1 + ) ) }, var.tags, @@ -1138,7 +1156,7 @@ resource "aws_customer_gateway" "this" { type = "ipsec.1" tags = merge( - { Name = "${var.name}-${each.key}" }, + { Name = "${var.name_prefix}-${each.key}" }, var.tags, var.customer_gateway_tags, ) @@ -1160,7 +1178,7 @@ resource "aws_vpn_gateway" "this" { availability_zone = var.vpn_gateway_az tags = merge( - { "Name" = var.name }, + { "Name" = "${var.name_prefix}-vpngw" }, var.tags, var.vpn_gateway_tags, ) @@ -1265,7 +1283,7 @@ resource "aws_default_security_group" "this" { } tags = merge( - { "Name" = coalesce(var.default_security_group_name, "${var.name}-default") }, + { "Name" = coalesce(var.default_security_group_name, "${var.name_prefix}-sg-default") }, var.tags, var.default_security_group_tags, ) @@ -1314,7 +1332,7 @@ resource "aws_default_network_acl" "this" { } tags = merge( - { "Name" = coalesce(var.default_network_acl_name, "${var.name}-default") }, + { "Name" = coalesce(var.default_network_acl_name, "${var.name_prefix}-nacl-default") }, var.tags, var.default_network_acl_tags, ) @@ -1359,7 +1377,7 @@ resource "aws_default_route_table" "default" { } tags = merge( - { "Name" = coalesce(var.default_route_table_name, "${var.name}-default") }, + { "Name" = coalesce(var.default_route_table_name, "${var.name_prefix}-rtb-default") }, var.tags, var.default_route_table_tags, ) diff --git a/outputs.tf b/outputs.tf index a98c65c98..2e59a02cd 100644 --- a/outputs.tf +++ b/outputs.tf @@ -2,6 +2,7 @@ locals { redshift_route_table_ids = aws_route_table.redshift[*].id public_route_table_ids = aws_route_table.public[*].id private_route_table_ids = aws_route_table.private[*].id + tgw_route_table_ids = aws_route_table.tgw[*].id } ################################################################################ @@ -625,7 +626,7 @@ output "azs" { output "name" { description = "The name of the VPC specified as argument to this module" - value = var.name + value = var.name_prefix } ################################################################################ @@ -660,3 +661,52 @@ output "database_subnets_az_ids" { description = "List of AZ IDs of database subnets" value = aws_subnet.database[*].availability_zone_id } + +################################################################################ +# TGW Subnets +################################################################################ + +output "tgw_subnets" { + description = "List of IDs of tgw subnets" + value = aws_subnet.tgw[*].id +} + +output "tgw_subnet_arns" { + description = "List of ARNs of tgw subnets" + value = aws_subnet.tgw[*].arn +} + +output "tgw_subnets_cidr_blocks" { + description = "List of cidr_blocks of tgw subnets" + value = compact(aws_subnet.tgw[*].cidr_block) +} + +output "tgw_subnets_ipv6_cidr_blocks" { + description = "List of IPv6 cidr_blocks of tgw subnets in an IPv6 enabled VPC" + value = compact(aws_subnet.tgw[*].ipv6_cidr_block) +} + +output "tgw_route_table_ids" { + description = "List of IDs of tgw route tables" + value = local.tgw_route_table_ids +} + +output "tgw_route_table_association_ids" { + description = "List of IDs of the tgw route table association" + value = aws_route_table_association.tgw[*].id +} + +output "tgw_network_acl_id" { + description = "ID of the tgw network ACL" + value = try(aws_network_acl.tgw[0].id, null) +} + +output "tgw_network_acl_arn" { + description = "ARN of the tgw network ACL" + value = try(aws_network_acl.tgw[0].arn, null) +} + +output "aws_ec2_transit_gateway_vpc_attachment_id" { + description = "ID of the TGW attachment" + value = try(aws_ec2_transit_gateway_vpc_attachment.tgw[0].id, null) +} diff --git a/tgw.tf b/tgw.tf new file mode 100644 index 000000000..d56d56458 --- /dev/null +++ b/tgw.tf @@ -0,0 +1,216 @@ +################################################################################ +# TGW Subnets +################################################################################ + +locals { + len_tgw_subnets = max(length(var.tgw_subnets), length(var.private_subnet_ipv6_prefixes)) + create_tgw_subnets = local.create_vpc && local.len_tgw_subnets > 0 + + # support variables for transit_gateway_routes + subnets_tgw_routed = keys(var.transit_gateway_routes) +} + +resource "aws_subnet" "tgw" { + count = local.create_tgw_subnets ? local.len_tgw_subnets : 0 + + assign_ipv6_address_on_creation = var.enable_ipv6 && var.tgw_subnet_ipv6_native ? true : var.tgw_subnet_assign_ipv6_address_on_creation + availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null + availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null + cidr_block = var.tgw_subnet_ipv6_native ? null : element(concat(var.tgw_subnets, [""]), count.index) + enable_dns64 = var.enable_ipv6 && var.tgw_subnet_enable_dns64 + enable_resource_name_dns_aaaa_record_on_launch = var.enable_ipv6 && var.tgw_subnet_enable_resource_name_dns_aaaa_record_on_launch + enable_resource_name_dns_a_record_on_launch = !var.tgw_subnet_ipv6_native && var.tgw_subnet_enable_resource_name_dns_a_record_on_launch + ipv6_cidr_block = var.enable_ipv6 && length(var.tgw_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.tgw_subnet_ipv6_prefixes[count.index]) : null + ipv6_native = var.enable_ipv6 && var.tgw_subnet_ipv6_native + private_dns_hostname_type_on_launch = var.tgw_subnet_private_dns_hostname_type_on_launch + vpc_id = local.vpc_id + + #substr(var.input_string, local.string_length - 1, 1) + + tags = merge( + { + Name = try( + var.tgw_subnet_names[count.index], + format("${var.name_prefix}%s-sub-${var.tgw_subnet_suffix}", substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1) + ) + ) + }, + var.tags, + var.tgw_subnet_tags, + lookup(var.tgw_subnet_tags_per_az, element(var.azs, count.index), {}) + ) +} + +# There are as many routing tables as the number of NAT gateways +resource "aws_route_table" "tgw" { + count = local.create_tgw_subnets && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 + + vpc_id = local.vpc_id + + tags = merge( + { + "Name" = var.single_nat_gateway ? "${var.name_prefix}-${var.tgw_subnet_suffix}" : format( + "${var.name_prefix}%s-rtb-${var.tgw_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + ) + }, + var.tags, + var.tgw_route_table_tags, + ) +} + +resource "aws_route_table_association" "tgw" { + count = local.create_tgw_subnets ? local.len_tgw_subnets : 0 + + subnet_id = element(aws_subnet.tgw[*].id, count.index) + route_table_id = element( + aws_route_table.tgw[*].id, + var.single_nat_gateway ? 0 : count.index, + ) +} + +################################################################################ +# TGW Network ACLs +################################################################################ + +locals { + tgw_network_acl = local.create_tgw_subnets && var.tgw_dedicated_network_acl +} + +resource "aws_network_acl" "tgw" { + count = local.tgw_network_acl ? 1 : 0 + + vpc_id = local.vpc_id + subnet_ids = aws_subnet.tgw[*].id + + tags = merge( + { "Name" = "${var.name_prefix}-nacl-${var.tgw_subnet_suffix}" }, + var.tags, + var.tgw_acl_tags, + ) +} + +resource "aws_network_acl_rule" "tgw_inbound" { + count = local.tgw_network_acl ? length(var.tgw_inbound_acl_rules) : 0 + + network_acl_id = aws_network_acl.private[0].id + + egress = false + rule_number = var.tgw_inbound_acl_rules[count.index]["rule_number"] + rule_action = var.tgw_inbound_acl_rules[count.index]["rule_action"] + from_port = lookup(var.tgw_inbound_acl_rules[count.index], "from_port", null) + to_port = lookup(var.tgw_inbound_acl_rules[count.index], "to_port", null) + icmp_code = lookup(var.tgw_inbound_acl_rules[count.index], "icmp_code", null) + icmp_type = lookup(var.tgw_inbound_acl_rules[count.index], "icmp_type", null) + protocol = var.tgw_inbound_acl_rules[count.index]["protocol"] + cidr_block = lookup(var.tgw_inbound_acl_rules[count.index], "cidr_block", null) + ipv6_cidr_block = lookup(var.tgw_inbound_acl_rules[count.index], "ipv6_cidr_block", null) +} + +resource "aws_network_acl_rule" "tgw_outbound" { + count = local.tgw_network_acl ? length(var.tgw_outbound_acl_rules) : 0 + + network_acl_id = aws_network_acl.tgw[0].id + + egress = true + rule_number = var.tgw_outbound_acl_rules[count.index]["rule_number"] + rule_action = var.tgw_outbound_acl_rules[count.index]["rule_action"] + from_port = lookup(var.tgw_outbound_acl_rules[count.index], "from_port", null) + to_port = lookup(var.tgw_outbound_acl_rules[count.index], "to_port", null) + icmp_code = lookup(var.tgw_outbound_acl_rules[count.index], "icmp_code", null) + icmp_type = lookup(var.tgw_outbound_acl_rules[count.index], "icmp_type", null) + protocol = var.tgw_outbound_acl_rules[count.index]["protocol"] + cidr_block = lookup(var.tgw_outbound_acl_rules[count.index], "cidr_block", null) + ipv6_cidr_block = lookup(var.tgw_outbound_acl_rules[count.index], "ipv6_cidr_block", null) +} + +# Transit Gateway VPC attachment +resource "aws_ec2_transit_gateway_vpc_attachment" "tgw" { + count = var.enable_tgw_attachment ? 1 : 0 + + subnet_ids = aws_subnet.tgw[*].id + transit_gateway_id = var.transit_gateway_id + vpc_id = local.vpc_id + + tags = merge( + { Name = "${var.name_prefix}-tgw-att" } + ) +} + +resource "aws_route" "tgw_nat_gateway" { + count = local.create_vpc && var.enable_tgw_nat_gateway ? local.nat_gateway_count : 0 + + route_table_id = element(aws_route_table.tgw[*].id, count.index) + destination_cidr_block = var.nat_gateway_destination_cidr_block + nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) + + timeouts { + create = "5m" + } + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} + +resource "aws_route" "tgw_dns64_nat_gateway" { + count = local.create_vpc && var.enable_tgw_nat_gateway && var.enable_ipv6 && var.tgw_subnet_enable_dns64 ? local.nat_gateway_count : 0 + + route_table_id = element(aws_route_table.tgw[*].id, count.index) + destination_ipv6_cidr_block = "64:ff9b::/96" + nat_gateway_id = element(aws_nat_gateway.this[*].id, count.index) + + timeouts { + create = "5m" + } + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} + +# Route: IPv4 routes from public subnets to the Transit Gateway (if configured in var.transit_gateway_routes) +resource "aws_route" "public_to_tgw" { + count = (local.create_public_subnets && contains(local.subnets_tgw_routed, "public")) ? (var.enable_nat_gateway ? length(var.azs) : 1) : 0 + + destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["public"])) ? null : var.transit_gateway_routes["public"] + destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["public"])) ? var.transit_gateway_routes["public"] : null + + transit_gateway_id = var.transit_gateway_id + route_table_id = element(aws_route_table.public[*].id, count.index) + + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} + +# Route: IPv4 routes from private subnets to the Transit Gateway (if configured in var.transit_gateway_routes) +resource "aws_route" "private_to_tgw" { + count = (local.create_private_subnets && contains(local.subnets_tgw_routed, "private")) ? length(var.azs) : 0 + + destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["private"])) ? null : var.transit_gateway_routes["private"] + destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["private"])) ? var.transit_gateway_routes["private"] : null + + transit_gateway_id = var.transit_gateway_id + route_table_id = element(aws_route_table.private[*].id, count.index) + + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} + +# Route: IPv4 routes from intra subnets to the Transit Gateway (if configured in var.transit_gateway_routes) +resource "aws_route" "intra_to_tgw" { + count = (local.create_intra_subnets && contains(local.subnets_tgw_routed, "intra")) ? length(var.azs) : 0 + + destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["intra"])) ? null : var.transit_gateway_routes["intra"] + destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["intra"])) ? var.transit_gateway_routes["intra"] : null + + transit_gateway_id = var.transit_gateway_id + route_table_id = element(aws_route_table.intra[*].id, count.index) + + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} + +# Route: IPv4 routes from public subnets to the Transit Gateway (if configured in var.transit_gateway_routes) +resource "aws_route" "database_to_tgw" { + count = (local.create_database_subnets && contains(local.subnets_tgw_routed, "database")) ? length(var.azs) : 0 + + destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["database"])) ? null : var.transit_gateway_routes["database"] + destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["database"])) ? var.transit_gateway_routes["database"] : null + + transit_gateway_id = var.transit_gateway_id + route_table_id = element(aws_route_table.database[*].id, count.index) + + depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +} diff --git a/variables.tf b/variables.tf index 8bfae5164..8e72a4936 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,18 @@ variable "name" { default = "" } +variable "name_prefix" { + description = "Name to be used on all the resources as identifier" + type = string + default = "" +} + +variable "name_suffix" { + description = "Suffix for more detailed resource description" + type = string + default = "" +} + variable "cidr" { description = "(Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv4_netmask_length` & `ipv4_ipam_pool_id`" type = string @@ -38,6 +50,12 @@ variable "azs" { default = [] } +variable "az_name_to_az_id" { + description = "A map of availability zones names to ids in the account" + type = map(string) + default = {} +} + variable "enable_dns_hostnames" { description = "Should be true to enable DNS hostnames in the VPC" type = bool @@ -1240,6 +1258,12 @@ variable "nat_eip_tags" { default = {} } +variable "enable_tgw_nat_gateway" { + description = "Should be true if you want to provision NAT Gateways for each of your TGW networks" + type = bool + default = false +} + ################################################################################ # Customer Gateways ################################################################################ @@ -1638,3 +1662,165 @@ variable "putin_khuylo" { type = bool default = true } + +################################################################################ +# Transit Gateway +################################################################################ + +variable "transit_gateway_id" { + type = string + description = "Transit gateway id to attach the VPC to. Required when `transit_gateway` subnet is defined." + default = null +} + +variable "transit_gateway_routes" { + description = <<-EOF + Configuration of route(s) to transit gateway. + For each `public` and/or `private` subnets named in the `subnets` variable, + Optionally create routes from the subnet to transit gateway. Specify the CIDR range or a + prefix-list-id that you want routed to the transit gateway. + Example: + ``` + transit_gateway_routes = { + public = "10.0.0.0/8" + private = "pl-123" + } + ``` +EOF + type = any + default = {} +} + +################################################################################ +# TGW Subnets +################################################################################ + +variable "enable_tgw_attachment" { + description = "Enable Transit Gateway Attachment" + type = bool + default = false +} + +variable "tgw_subnets" { + description = "A list of tgw subnets inside the VPC" + type = list(string) + default = [] +} + +variable "tgw_subnet_assign_ipv6_address_on_creation" { + description = "Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is `false`" + type = bool + default = false +} + +variable "tgw_subnet_enable_dns64" { + description = "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: `true`" + type = bool + default = true +} + +variable "tgw_subnet_enable_resource_name_dns_aaaa_record_on_launch" { + description = "Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: `true`" + type = bool + default = true +} + +variable "tgw_subnet_enable_resource_name_dns_a_record_on_launch" { + description = "Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: `false`" + type = bool + default = false +} + +variable "tgw_subnet_ipv6_prefixes" { + description = "Assigns IPv6 tgw subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list" + type = list(string) + default = [] +} + +variable "tgw_subnet_ipv6_native" { + description = "Indicates whether to create an IPv6-only subnet. Default: `false`" + type = bool + default = false +} + +variable "tgw_subnet_private_dns_hostname_type_on_launch" { + description = "The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name`, `resource-name`" + type = string + default = null +} + +variable "tgw_subnet_names" { + description = "Explicit values to use in the Name tag on tgw subnets. If empty, Name tags are generated" + type = list(string) + default = [] +} + +variable "tgw_subnet_suffix" { + description = "Suffix to append to tgw subnets name" + type = string + default = "tgw" +} + +variable "tgw_subnet_tags" { + description = "Additional tags for the tgw subnets" + type = map(string) + default = {} +} + +variable "tgw_subnet_tags_per_az" { + description = "Additional tags for the tgw subnets where the primary key is the AZ" + type = map(map(string)) + default = {} +} + +variable "tgw_route_table_tags" { + description = "Additional tags for the tgw route tables" + type = map(string) + default = {} +} + +################################################################################ +# TGW Network ACLs +################################################################################ + +variable "tgw_dedicated_network_acl" { + description = "Whether to use dedicated network ACL (not default) and custom rules for tgw subnets" + type = bool + default = false +} + +variable "tgw_inbound_acl_rules" { + description = "TGW subnets inbound network ACLs" + type = list(map(string)) + default = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] +} + +variable "tgw_outbound_acl_rules" { + description = "TGW subnets outbound network ACLs" + type = list(map(string)) + default = [ + { + rule_number = 100 + rule_action = "allow" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_block = "0.0.0.0/0" + }, + ] +} + +variable "tgw_acl_tags" { + description = "Additional tags for the tgw subnets network ACL" + type = map(string) + default = {} +} From 9745b001fd522189191214f4b1807f8347eaf0de Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Wed, 14 Aug 2024 18:08:09 +0200 Subject: [PATCH 02/14] Update naming for resources --- main.tf | 13 ++++++++----- tgw.tf | 4 +++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index eb448dbb2..ed001e593 100644 --- a/main.tf +++ b/main.tf @@ -116,7 +116,10 @@ resource "aws_subnet" "public" { { Name = try( var.public_subnet_names[count.index], - format("${var.name_prefix}-${var.public_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-%s-sub-${var.public_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + ) ) }, var.tags, @@ -137,9 +140,9 @@ resource "aws_route_table" "public" { tags = merge( { "Name" = var.create_multiple_public_route_tables ? format( - "${var.name_prefix}-${var.public_subnet_suffix}-%s", - element(var.azs, count.index), - ) : "${var.name_prefix}-${var.public_subnet_suffix}" + "${var.name_prefix}%s-rtb-${var.public_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + ) : "${var.name_prefix}-rtb-${var.public_subnet_suffix}" }, var.tags, var.public_route_table_tags, @@ -184,7 +187,7 @@ resource "aws_network_acl" "public" { subnet_ids = aws_subnet.public[*].id tags = merge( - { "Name" = "${var.name_prefix}-${var.public_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.public_subnet_suffix}" }, var.tags, var.public_acl_tags, ) diff --git a/tgw.tf b/tgw.tf index d56d56458..a2eff7a7e 100644 --- a/tgw.tf +++ b/tgw.tf @@ -31,7 +31,9 @@ resource "aws_subnet" "tgw" { { Name = try( var.tgw_subnet_names[count.index], - format("${var.name_prefix}%s-sub-${var.tgw_subnet_suffix}", substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1) + format("${var.name_prefix}%s-%s-sub-${var.tgw_subnet_suffix}", + substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") ) ) }, From d95bc41e533d7308090fffd302a96067e6ffd45a Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Thu, 15 Aug 2024 17:15:15 +0200 Subject: [PATCH 03/14] Update naming for resources --- main.tf | 13 ++++++++----- tgw.tf | 4 +++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index eb448dbb2..ed001e593 100644 --- a/main.tf +++ b/main.tf @@ -116,7 +116,10 @@ resource "aws_subnet" "public" { { Name = try( var.public_subnet_names[count.index], - format("${var.name_prefix}-${var.public_subnet_suffix}-%s", element(var.azs, count.index)) + format("${var.name_prefix}%s-%s-sub-${var.public_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + ) ) }, var.tags, @@ -137,9 +140,9 @@ resource "aws_route_table" "public" { tags = merge( { "Name" = var.create_multiple_public_route_tables ? format( - "${var.name_prefix}-${var.public_subnet_suffix}-%s", - element(var.azs, count.index), - ) : "${var.name_prefix}-${var.public_subnet_suffix}" + "${var.name_prefix}%s-rtb-${var.public_subnet_suffix}", + substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + ) : "${var.name_prefix}-rtb-${var.public_subnet_suffix}" }, var.tags, var.public_route_table_tags, @@ -184,7 +187,7 @@ resource "aws_network_acl" "public" { subnet_ids = aws_subnet.public[*].id tags = merge( - { "Name" = "${var.name_prefix}-${var.public_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-nacl-${var.public_subnet_suffix}" }, var.tags, var.public_acl_tags, ) diff --git a/tgw.tf b/tgw.tf index d56d56458..a2eff7a7e 100644 --- a/tgw.tf +++ b/tgw.tf @@ -31,7 +31,9 @@ resource "aws_subnet" "tgw" { { Name = try( var.tgw_subnet_names[count.index], - format("${var.name_prefix}%s-sub-${var.tgw_subnet_suffix}", substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1) + format("${var.name_prefix}%s-%s-sub-${var.tgw_subnet_suffix}", + substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") ) ) }, From fb6156962ba40b19a69179a3e63e6dbf163b9f08 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 16 Aug 2024 11:29:19 +0200 Subject: [PATCH 04/14] Update Spacelift module version to reflect new versioning for OCP --- .spacelift/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.spacelift/config.yml b/.spacelift/config.yml index 4aae5459a..ce65ee521 100644 --- a/.spacelift/config.yml +++ b/.spacelift/config.yml @@ -1,2 +1,2 @@ version: 1 -module_version: 5.1.1 +module_version: 1.0.0 From d608a4f07e75745ec9264eb0a3211b390ae9a36c Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 16 Aug 2024 11:47:00 +0200 Subject: [PATCH 05/14] Update to new versioning --- .spacelift/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.spacelift/config.yml b/.spacelift/config.yml index ce65ee521..bc464466c 100644 --- a/.spacelift/config.yml +++ b/.spacelift/config.yml @@ -1,2 +1,2 @@ version: 1 -module_version: 1.0.0 +module_version: 0.1.0 From 366514f9c3cd6c6cfd3a5c7d2df19a9154eef8a0 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Mon, 19 Aug 2024 13:50:21 +0200 Subject: [PATCH 06/14] Add TGW att name output to set tag --- outputs.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 2e59a02cd..301a64f30 100644 --- a/outputs.tf +++ b/outputs.tf @@ -630,7 +630,7 @@ output "name" { } ################################################################################ -# Our own outputs +# AS added outputs ################################################################################ output "private_subnets_az_names" { description = "List of AZ names of private subnets" @@ -710,3 +710,8 @@ output "aws_ec2_transit_gateway_vpc_attachment_id" { description = "ID of the TGW attachment" value = try(aws_ec2_transit_gateway_vpc_attachment.tgw[0].id, null) } + +output "tgw_att_name" { + description = "Name of the TGW attachment" + value = try(aws_ec2_transit_gateway_vpc_attachment.tgw[0].tags["Name"], "") +} From a4128ed3cc2fbf0bdf339011db8486fb4ed93a22 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 23 Aug 2024 14:33:49 +0200 Subject: [PATCH 07/14] Add short region variable as requirement --- variables.tf | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index 8e72a4936..6a543b3b4 100644 --- a/variables.tf +++ b/variables.tf @@ -20,8 +20,13 @@ variable "name_prefix" { default = "" } -variable "name_suffix" { - description = "Suffix for more detailed resource description" +variable "short_aws_region" { + type = string + description = "The AWS region code where the VPC will be created" +} + +variable "vpc_name_suffix" { + description = "Name suffix for more detailed resource description" type = string default = "" } @@ -1779,6 +1784,12 @@ variable "tgw_route_table_tags" { default = {} } +variable "create_multiple_tgw_route_tables" { + description = "Indicates whether to create a separate route table for each TGW subnet. Default: `false`" + type = bool + default = true +} + ################################################################################ # TGW Network ACLs ################################################################################ From f498540f9c37ea252115026da1210cdfd7e679a4 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 23 Aug 2024 14:34:39 +0200 Subject: [PATCH 08/14] Add default value to vpc suffix name --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 6a543b3b4..60d4ff7c1 100644 --- a/variables.tf +++ b/variables.tf @@ -28,7 +28,7 @@ variable "short_aws_region" { variable "vpc_name_suffix" { description = "Name suffix for more detailed resource description" type = string - default = "" + default = "main" } variable "cidr" { From 167b067d336326e6f3acf409c2b28647f585caf2 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 23 Aug 2024 14:44:50 +0200 Subject: [PATCH 09/14] Fix subnet type for subnet length and nacl --- tgw.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tgw.tf b/tgw.tf index a2eff7a7e..eaf4b798c 100644 --- a/tgw.tf +++ b/tgw.tf @@ -3,7 +3,7 @@ ################################################################################ locals { - len_tgw_subnets = max(length(var.tgw_subnets), length(var.private_subnet_ipv6_prefixes)) + len_tgw_subnets = max(length(var.tgw_subnets), length(var.tgw_subnet_ipv6_prefixes)) create_tgw_subnets = local.create_vpc && local.len_tgw_subnets > 0 # support variables for transit_gateway_routes @@ -95,7 +95,7 @@ resource "aws_network_acl" "tgw" { resource "aws_network_acl_rule" "tgw_inbound" { count = local.tgw_network_acl ? length(var.tgw_inbound_acl_rules) : 0 - network_acl_id = aws_network_acl.private[0].id + network_acl_id = aws_network_acl.tgw[0].id # TODO: Fixed egress = false rule_number = var.tgw_inbound_acl_rules[count.index]["rule_number"] From 394796cc0de2513fee9921a7908f298d67d4f1a1 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Fri, 23 Aug 2024 14:47:18 +0200 Subject: [PATCH 10/14] Change naming based on PR feedback --- main.tf | 86 ++++++++++++++++++++++++++++++++++----------------------- tgw.tf | 46 +++++++++++++++++++----------- 2 files changed, 81 insertions(+), 51 deletions(-) diff --git a/main.tf b/main.tf index ed001e593..99396d745 100644 --- a/main.tf +++ b/main.tf @@ -45,7 +45,7 @@ resource "aws_vpc" "this" { enable_network_address_usage_metrics = var.enable_network_address_usage_metrics tags = merge( - { "Name" = "${var.name_prefix}-vpc${var.name_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-vpc-${var.vpc_name_suffix}" }, var.tags, var.vpc_tags, ) @@ -116,9 +116,10 @@ resource "aws_subnet" "public" { { Name = try( var.public_subnet_names[count.index], - format("${var.name_prefix}%s-%s-sub-${var.public_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), - lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + format("%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), + var.public_subnet_suffix ) ) }, @@ -140,9 +141,10 @@ resource "aws_route_table" "public" { tags = merge( { "Name" = var.create_multiple_public_route_tables ? format( - "${var.name_prefix}%s-rtb-${var.public_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), - ) : "${var.name_prefix}-rtb-${var.public_subnet_suffix}" + "%s-%s%s-rtb-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + var.public_subnet_suffix + ) : "${var.name_prefix}-${var.short_aws_region}-rtb-${var.public_subnet_suffix}" }, var.tags, var.public_route_table_tags, @@ -187,7 +189,7 @@ resource "aws_network_acl" "public" { subnet_ids = aws_subnet.public[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.public_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.public_subnet_suffix}" }, var.tags, var.public_acl_tags, ) @@ -255,9 +257,10 @@ resource "aws_subnet" "private" { { Name = try( var.private_subnet_names[count.index], - format("${var.name_prefix}%s-%s-sub-${var.private_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), - lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + format("%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), + var.private_subnet_suffix ) ) }, @@ -275,9 +278,10 @@ resource "aws_route_table" "private" { tags = merge( { - "Name" = (var.single_nat_gateway ? "${var.name_prefix}-rtb-${var.private_subnet_suffix}" : - format("${var.name_prefix}%s-rtb-${var.private_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + "Name" = (var.single_nat_gateway ? "${var.name_prefix}-${var.short_aws_region}-rtb-${var.private_subnet_suffix}" : + format("%s-%s%s-rtb-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + var.public_subnet_suffix ) ) }, @@ -311,7 +315,7 @@ resource "aws_network_acl" "private" { subnet_ids = aws_subnet.private[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.private_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.private_subnet_suffix}" }, var.tags, var.private_acl_tags, ) @@ -379,8 +383,11 @@ resource "aws_subnet" "database" { { Name = try( var.database_subnet_names[count.index], - format("${var.name_prefix}%s-sub-${var.database_subnet_suffix}", element(var.azs, count.index), - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + format( + "%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), + var.database_subnet_suffix ) ) }, @@ -412,9 +419,13 @@ resource "aws_route_table" "database" { tags = merge( { - "Name" = var.single_nat_gateway || var.create_database_internet_gateway_route ? "${var.name_prefix}-rtb-${var.database_subnet_suffix}" : format( - "${var.name_prefix}%s-rtb-${var.database_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + "Name" = ( + var.single_nat_gateway || var.create_database_internet_gateway_route ? + "${var.name_prefix}-${var.short_aws_region}-rtb-${var.database_subnet_suffix}" + : format( + "${var.name_prefix}-${var.short_aws_region}%s-rtb-${var.database_subnet_suffix}", + substr(element(var.azs, count.index), -1, 1), + ) ) }, var.tags, @@ -495,7 +506,7 @@ resource "aws_network_acl" "database" { subnet_ids = aws_subnet.database[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.database_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.database_subnet_suffix}" }, var.tags, var.database_acl_tags, ) @@ -563,8 +574,9 @@ resource "aws_subnet" "redshift" { { Name = try( var.redshift_subnet_names[count.index], - format("${var.name_prefix}%s-${var.redshift_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + format("${var.name_prefix}-${var.short_aws_region}%s-%s-sub-${var.redshift_subnet_suffix}", + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), "") ) ) }, @@ -593,7 +605,7 @@ resource "aws_route_table" "redshift" { vpc_id = local.vpc_id tags = merge( - { "Name" = "${var.name_prefix}-rtb-${var.redshift_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-rtb-${var.redshift_subnet_suffix}" }, var.tags, var.redshift_route_table_tags, ) @@ -634,7 +646,7 @@ resource "aws_network_acl" "redshift" { subnet_ids = aws_subnet.redshift[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.redshift_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.redshift_subnet_suffix}" }, var.tags, var.redshift_acl_tags, ) @@ -702,8 +714,10 @@ resource "aws_subnet" "elasticache" { { Name = try( var.elasticache_subnet_names[count.index], - format("${var.name_prefix}%s-${var.elasticache_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + format("%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), + var.elasticache_subnet_suffix ) ) }, @@ -732,7 +746,7 @@ resource "aws_route_table" "elasticache" { vpc_id = local.vpc_id tags = merge( - { "Name" = "${var.name_prefix}-rtb-${var.elasticache_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-rtb-${var.elasticache_subnet_suffix}" }, var.tags, var.elasticache_route_table_tags, ) @@ -766,7 +780,7 @@ resource "aws_network_acl" "elasticache" { subnet_ids = aws_subnet.elasticache[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.elasticache_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.elasticache_subnet_suffix}" }, var.tags, var.elasticache_acl_tags, ) @@ -833,8 +847,10 @@ resource "aws_subnet" "intra" { { Name = try( var.intra_subnet_names[count.index], - format("${var.name_prefix}%s-sub-${var.intra_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + format("%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), + var.intra_subnet_suffix ) ) }, @@ -988,7 +1004,7 @@ resource "aws_network_acl" "outpost" { subnet_ids = aws_subnet.outpost[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.outpost_subnet_suffix}" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-nacl-${var.outpost_subnet_suffix}" }, var.tags, var.outpost_acl_tags, ) @@ -1081,7 +1097,7 @@ resource "aws_eip" "nat" { tags = merge( { "Name" = format( - "${var.name_prefix}%s-eip", + "${var.name_prefix}-${var.short_aws_region}%s-eip", substr(element(var.azs, var.single_nat_gateway ? 0 : count.index), length(element(var.azs, var.single_nat_gateway ? 0 : count.index)) - 1, 1 ) @@ -1109,7 +1125,7 @@ resource "aws_nat_gateway" "this" { tags = merge( { "Name" = format( - "${var.name_prefix}%s-natgw", + "${var.name_prefix}-${var.short_aws_region}%s-natgw", substr(element(var.azs, var.single_nat_gateway ? 0 : count.index), length(element(var.azs, var.single_nat_gateway ? 0 : count.index)) - 1, 1 ) @@ -1181,7 +1197,7 @@ resource "aws_vpn_gateway" "this" { availability_zone = var.vpn_gateway_az tags = merge( - { "Name" = "${var.name_prefix}-vpngw" }, + { "Name" = "${var.name_prefix}-${var.short_aws_region}-vpngw" }, var.tags, var.vpn_gateway_tags, ) diff --git a/tgw.tf b/tgw.tf index eaf4b798c..7ccdc09ee 100644 --- a/tgw.tf +++ b/tgw.tf @@ -11,7 +11,7 @@ locals { } resource "aws_subnet" "tgw" { - count = local.create_tgw_subnets ? local.len_tgw_subnets : 0 + count = local.create_tgw_subnets ? local.len_tgw_subnets : 0 # TODO: Maybe add condition to have at least as many as AZs assign_ipv6_address_on_creation = var.enable_ipv6 && var.tgw_subnet_ipv6_native ? true : var.tgw_subnet_assign_ipv6_address_on_creation availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null @@ -25,15 +25,17 @@ resource "aws_subnet" "tgw" { private_dns_hostname_type_on_launch = var.tgw_subnet_private_dns_hostname_type_on_launch vpc_id = local.vpc_id - #substr(var.input_string, local.string_length - 1, 1) - tags = merge( { Name = try( var.tgw_subnet_names[count.index], - format("${var.name_prefix}%s-%s-sub-${var.tgw_subnet_suffix}", - substr(element(var.azs, count.index),length(element(var.azs, count.index)) - 1 , 1), - lookup(var.az_name_to_az_id, element(var.azs, count.index), "") + format( + "%s-%s%s-%s-sub-%s", + var.name_prefix, + var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), # Get last letter of az code + lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), # Lookup az-id based on name + var.tgw_subnet_suffix ) ) }, @@ -43,21 +45,31 @@ resource "aws_subnet" "tgw" { ) } -# There are as many routing tables as the number of NAT gateways +locals { + num_tgw_route_tables = var.create_multiple_tgw_route_tables ? local.len_tgw_subnets : 1 +} + resource "aws_route_table" "tgw" { - count = local.create_tgw_subnets && local.max_subnet_length > 0 ? local.nat_gateway_count : 0 + count = local.create_tgw_subnets ? local.num_tgw_route_tables : 0 vpc_id = local.vpc_id - tags = merge( { - "Name" = var.single_nat_gateway ? "${var.name_prefix}-${var.tgw_subnet_suffix}" : format( - "${var.name_prefix}%s-rtb-${var.tgw_subnet_suffix}", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1) + "Name" = var.create_multiple_tgw_route_tables ? format( + "%s-%s%s-rtb-%s", + var.name_prefix, + var.short_aws_region, + substr(element(var.azs, count.index), -1, 1), + var.tgw_subnet_suffix + ) : format( + "%s-%s-rtb-%s", + var.name_prefix, + var.short_aws_region, + var.tgw_subnet_suffix ) }, var.tags, - var.tgw_route_table_tags, + var.tgw_route_table_tags ) } @@ -67,7 +79,7 @@ resource "aws_route_table_association" "tgw" { subnet_id = element(aws_subnet.tgw[*].id, count.index) route_table_id = element( aws_route_table.tgw[*].id, - var.single_nat_gateway ? 0 : count.index, + var.create_multiple_tgw_route_tables ? count.index : 0 ) } @@ -86,7 +98,9 @@ resource "aws_network_acl" "tgw" { subnet_ids = aws_subnet.tgw[*].id tags = merge( - { "Name" = "${var.name_prefix}-nacl-${var.tgw_subnet_suffix}" }, + { + "Name" = format("%s-%s-nacl-%s", var.name_prefix, var.short_aws_region, var.tgw_subnet_suffix) + }, var.tags, var.tgw_acl_tags, ) @@ -135,7 +149,7 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "tgw" { vpc_id = local.vpc_id tags = merge( - { Name = "${var.name_prefix}-tgw-att" } + { Name = "${var.name_prefix}-${var.short_aws_region}-tgw-att" } ) } From 63114ebd02de214ebba5007e1de3cd3c158e1cb0 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Mon, 26 Aug 2024 15:38:17 +0200 Subject: [PATCH 11/14] Update naming according to PR feedback --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 99396d745..0ccd621e4 100644 --- a/main.tf +++ b/main.tf @@ -1302,7 +1302,7 @@ resource "aws_default_security_group" "this" { } tags = merge( - { "Name" = coalesce(var.default_security_group_name, "${var.name_prefix}-sg-default") }, + { "Name" = coalesce(var.default_security_group_name, "${var.name_prefix}-${var.short_aws_region}-sg-default") }, var.tags, var.default_security_group_tags, ) @@ -1351,7 +1351,7 @@ resource "aws_default_network_acl" "this" { } tags = merge( - { "Name" = coalesce(var.default_network_acl_name, "${var.name_prefix}-nacl-default") }, + { "Name" = coalesce(var.default_network_acl_name, "${var.name_prefix}-${var.short_aws_region}-nacl-default") }, var.tags, var.default_network_acl_tags, ) @@ -1396,7 +1396,7 @@ resource "aws_default_route_table" "default" { } tags = merge( - { "Name" = coalesce(var.default_route_table_name, "${var.name_prefix}-rtb-default") }, + { "Name" = coalesce(var.default_route_table_name, "${var.name_prefix}-${var.short_aws_region}-rtb-default") }, var.tags, var.default_route_table_tags, ) From 513bb51a8592fbf43910ba542c65812058e96507 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Mon, 26 Aug 2024 15:39:33 +0200 Subject: [PATCH 12/14] Allow lists as input for routes to the TGW from private/public subnets --- tgw.tf | 67 +++++++++++++++++++++++++--------------------------- variables.tf | 4 ++-- 2 files changed, 34 insertions(+), 37 deletions(-) diff --git a/tgw.tf b/tgw.tf index 7ccdc09ee..e8b6a76a4 100644 --- a/tgw.tf +++ b/tgw.tf @@ -33,7 +33,7 @@ resource "aws_subnet" "tgw" { "%s-%s%s-%s-sub-%s", var.name_prefix, var.short_aws_region, - substr(element(var.azs, count.index), -1, 1), # Get last letter of az code + substr(element(var.azs, count.index), -1, 1), # Get last letter of az code lookup(var.az_name_to_az_id, element(var.azs, count.index), ""), # Lookup az-id based on name var.tgw_subnet_suffix ) @@ -179,54 +179,51 @@ resource "aws_route" "tgw_dns64_nat_gateway" { depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] } -# Route: IPv4 routes from public subnets to the Transit Gateway (if configured in var.transit_gateway_routes) -resource "aws_route" "public_to_tgw" { - count = (local.create_public_subnets && contains(local.subnets_tgw_routed, "public")) ? (var.enable_nat_gateway ? length(var.azs) : 1) : 0 - - destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["public"])) ? null : var.transit_gateway_routes["public"] - destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["public"])) ? var.transit_gateway_routes["public"] : null - - transit_gateway_id = var.transit_gateway_id - route_table_id = element(aws_route_table.public[*].id, count.index) - - depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +locals { + create_public_to_tgw = (local.create_public_subnets && contains(local.subnets_tgw_routed, "public")) + public_to_tgw_cidr_pairs = local.create_public_to_tgw ? flatten([ + for public_rtb in aws_route_table.public : [ + for cidr in var.transit_gateway_routes["public"]: { + rtb_id = public_rtb.id + cidr = cidr + } + ] + ]) : [] } -# Route: IPv4 routes from private subnets to the Transit Gateway (if configured in var.transit_gateway_routes) -resource "aws_route" "private_to_tgw" { - count = (local.create_private_subnets && contains(local.subnets_tgw_routed, "private")) ? length(var.azs) : 0 +resource "aws_route" "public_to_tgw" { + for_each = local.create_public_to_tgw ? {for i, v in local.public_to_tgw_cidr_pairs : "${i}-${v.cidr}" => v} : {} - destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["private"])) ? null : var.transit_gateway_routes["private"] - destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["private"])) ? var.transit_gateway_routes["private"] : null + destination_cidr_block = can(regex("^pl-", each.value.cidr)) ? null : each.value.cidr + destination_prefix_list_id = can(regex("^pl-", each.value.cidr)) ? each.value.cidr : null transit_gateway_id = var.transit_gateway_id - route_table_id = element(aws_route_table.private[*].id, count.index) + route_table_id = each.value.rtb_id depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] } -# Route: IPv4 routes from intra subnets to the Transit Gateway (if configured in var.transit_gateway_routes) -resource "aws_route" "intra_to_tgw" { - count = (local.create_intra_subnets && contains(local.subnets_tgw_routed, "intra")) ? length(var.azs) : 0 - - destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["intra"])) ? null : var.transit_gateway_routes["intra"] - destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["intra"])) ? var.transit_gateway_routes["intra"] : null - - transit_gateway_id = var.transit_gateway_id - route_table_id = element(aws_route_table.intra[*].id, count.index) - - depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] +# Route: IPv4 routes from private subnets to the Transit Gateway (if configured in var.transit_gateway_routes) +locals { + create_private_to_tgw = (local.create_private_subnets && contains(local.subnets_tgw_routed, "private")) + private_to_tgw_cidr_pairs = local.create_private_to_tgw ? flatten([ + for private_rtb in aws_route_table.private : [ + for cidr in var.transit_gateway_routes["private"]: { + rtb_id = private_rtb.id + cidr = cidr + } + ] + ]) : [] } -# Route: IPv4 routes from public subnets to the Transit Gateway (if configured in var.transit_gateway_routes) -resource "aws_route" "database_to_tgw" { - count = (local.create_database_subnets && contains(local.subnets_tgw_routed, "database")) ? length(var.azs) : 0 +resource "aws_route" "private_to_tgw" { + for_each = local.create_private_to_tgw ? {for i, v in local.private_to_tgw_cidr_pairs : "${i}-${v.cidr}" => v} : {} - destination_cidr_block = can(regex("^pl-", var.transit_gateway_routes["database"])) ? null : var.transit_gateway_routes["database"] - destination_prefix_list_id = can(regex("^pl-", var.transit_gateway_routes["database"])) ? var.transit_gateway_routes["database"] : null + destination_cidr_block = can(regex("^pl-", each.value.cidr)) ? null : each.value.cidr + destination_prefix_list_id = can(regex("^pl-", each.value.cidr)) ? each.value.cidr : null transit_gateway_id = var.transit_gateway_id - route_table_id = element(aws_route_table.database[*].id, count.index) + route_table_id = each.value.rtb_id depends_on = [aws_ec2_transit_gateway_vpc_attachment.tgw] } diff --git a/variables.tf b/variables.tf index 60d4ff7c1..bfd56e37d 100644 --- a/variables.tf +++ b/variables.tf @@ -1687,8 +1687,8 @@ variable "transit_gateway_routes" { Example: ``` transit_gateway_routes = { - public = "10.0.0.0/8" - private = "pl-123" + public = ["10.0.0.0/8"] + private = ["pl-123"] } ``` EOF From 115caeebda701a4014eb27a507ddba48a80e4c83 Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Tue, 27 Aug 2024 13:44:28 +0200 Subject: [PATCH 13/14] Add comment for subnet naming --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 0ccd621e4..deecb4e8d 100644 --- a/main.tf +++ b/main.tf @@ -252,6 +252,7 @@ resource "aws_subnet" "private" { private_dns_hostname_type_on_launch = var.private_subnet_private_dns_hostname_type_on_launch vpc_id = local.vpc_id + # ${var.name_prefix}-${var.region_short}--sub-${var.private_subnet_suffix} # app1-test-euc1a-az2-sub-db tags = merge( { From a3b4213bd549818109aed36548363bcdd8874ace Mon Sep 17 00:00:00 2001 From: Marvin Bertram Date: Tue, 27 Aug 2024 13:59:43 +0200 Subject: [PATCH 14/14] Remove unnecessary function call --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index deecb4e8d..106b96cf0 100644 --- a/main.tf +++ b/main.tf @@ -873,7 +873,7 @@ resource "aws_route_table" "intra" { { "Name" = var.create_multiple_intra_route_tables ? format( "${var.name_prefix}%s-${var.intra_subnet_suffix}-%s", - substr(element(var.azs, count.index), length(element(var.azs, count.index)) - 1, 1), + substr(element(var.azs, count.index), -1, 1), ) : "${var.name_prefix}-rtb-${var.intra_subnet_suffix}" }, var.tags,