Skip to content

kloia/terraform-aws-transit-gateway

 
 

Repository files navigation

AWS Transit Gateway Terraform module

Terraform module which creates Transit Gateway resources on AWS.

This type of resources are supported:

Not supported yet:

Terraform versions

Only Terraform 0.12 or newer is supported.

Usage with VPC module

module "tgw" {
  source  = "terraform-aws-modules/transit-gateway/aws"
  version = "~> 1.0"
  
  name        = "my-tgw"
  description = "My TGW shared with several other AWS accounts"
  
  enable_auto_accept_shared_attachments = true

  vpc_attachments = {
    vpc = {
      vpc_id       = module.vpc.vpc_id
      subnet_ids   = module.vpc.private_subnets
      dns_support  = true
      ipv6_support = true

      tgw_routes = [
        {
          destination_cidr_block = "30.0.0.0/16"
        },
        {
          blackhole = true
          destination_cidr_block = "40.0.0.0/20"
        }
      ]
    }
  }

  ram_allow_external_principals = true
  ram_principals = [307990089504]

  tags = {
    Purpose = "tgw-complete-example"
  }
}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 2.0"

  name = "my-vpc"

  cidr = "10.10.0.0/16"

  azs             = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]

  enable_ipv6                                    = true
  private_subnet_assign_ipv6_address_on_creation = true
  private_subnet_ipv6_prefixes                   = [0, 1, 2]
}

Examples

Requirements

Name Version
terraform >= 0.12.7, < 0.14
aws >= 2.24, < 4.0

Providers

Name Version
aws >= 2.24, < 4.0

Inputs

Name Description Type Default Required
amazon_side_asn The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN. string "64512" no
create_tgw Controls if TGW should be created (it affects almost all resources) bool true no
description Description of the EC2 Transit Gateway string null no
enable_auto_accept_shared_attachments Whether resource attachment requests are automatically accepted bool false no
enable_default_route_table_association Whether resource attachments are automatically associated with the default association route table bool true no
enable_default_route_table_propagation Whether resource attachments automatically propagate routes to the default propagation route table bool true no
enable_dns_support Should be true to enable DNS support in the TGW bool true no
enable_vpn_ecmp_support Whether VPN Equal Cost Multipath Protocol support is enabled bool true no
name Name to be used on all the resources as identifier string "" no
ram_allow_external_principals Indicates whether principals outside your organization can be associated with a resource share. bool false no
ram_name The name of the resource share of TGW string "" no
ram_principals A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN list(string) [] no
ram_resource_share_arn ARN of RAM resource share string "" no
ram_tags Additional tags for the RAM map(string) {} no
share_tgw Whether to share your transit gateway with other accounts bool true no
tags A map of tags to add to all resources map(string) {} no
tgw_route_table_tags Additional tags for the TGW route table map(string) {} no
tgw_tags Additional tags for the TGW map(string) {} no
tgw_vpc_attachment_tags Additional tags for VPC attachments map(string) {} no
transit_gateway_route_table_id Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs string null no
vpc_attachments Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. any {} no

Outputs

Name Description
this_ec2_transit_gateway_arn EC2 Transit Gateway Amazon Resource Name (ARN)
this_ec2_transit_gateway_association_default_route_table_id Identifier of the default association route table
this_ec2_transit_gateway_id EC2 Transit Gateway identifier
this_ec2_transit_gateway_owner_id Identifier of the AWS account that owns the EC2 Transit Gateway
this_ec2_transit_gateway_propagation_default_route_table_id Identifier of the default propagation route table
this_ec2_transit_gateway_route_ids List of EC2 Transit Gateway Route Table identifier combined with destination
this_ec2_transit_gateway_route_table_association Map of EC2 Transit Gateway Route Table Association attributes
this_ec2_transit_gateway_route_table_association_ids List of EC2 Transit Gateway Route Table Association identifiers
this_ec2_transit_gateway_route_table_default_association_route_table Boolean whether this is the default association route table for the EC2 Transit Gateway
this_ec2_transit_gateway_route_table_default_propagation_route_table Boolean whether this is the default propagation route table for the EC2 Transit Gateway
this_ec2_transit_gateway_route_table_id EC2 Transit Gateway Route Table identifier
this_ec2_transit_gateway_route_table_propagation Map of EC2 Transit Gateway Route Table Propagation attributes
this_ec2_transit_gateway_route_table_propagation_ids List of EC2 Transit Gateway Route Table Propagation identifiers
this_ec2_transit_gateway_vpc_attachment Map of EC2 Transit Gateway VPC Attachment attributes
this_ec2_transit_gateway_vpc_attachment_ids List of EC2 Transit Gateway VPC Attachment identifiers
this_ram_principal_association_id The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma
this_ram_resource_share_id The Amazon Resource Name (ARN) of the resource share

Authors

Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.

Packages

No packages published

Languages

  • HCL 99.0%
  • Makefile 1.0%