Aws transit gateway (#60)

* Adding AWS Transit Gateway modules

Signed-off-by: gar <[email protected]>

* Adding transit gateway example values files

Signed-off-by: gar <[email protected]>

* Adding transit gateway diagrams

Signed-off-by: gar <[email protected]>

docs/aws-transit-gateway/transit-gateway-network.drawio

@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2020-01-21T21:50:13.653Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/12.2.2 Chrome/78.0.3904.94 Electron/7.1.0 Safari/537.36" etag="3aCrFoBm4ux7qyGej92K" version="12.2.2" type="device" pages="1"><diagram id="w0hmULAyHLi41HUKSti7" name="Page-1">7Vxtc6I6FP41fsRJCAT4aO22u3fm7nq3+/7lToSozCI4EGt7f/1N5D1BpYpWuzrTFkII5JznnOfknNgeGs6f7mOymP0deTTo6cB76qHbnq5DA9j8j2h5Tls03claprHvZb3Khgf/P5o1gqx16Xs0qXVkURQwf1FvdKMwpC6rtZE4jlb1bpMoqD91QaZUaXhwSaC2fvc9NktbbROU7e+pP53lT4YguzIneeesIZkRL1pVmtC7HhrGUcTSo/nTkAZCerlc0vvuNlwtXiymIWtzgzNzFj+/33/6tvpq4qcvo78sJ9R0nA7zSIJlNuNPoRg2pnP+59voYypblz8kJiyKs7mw51xAcbQMPSqeAXvoZjXzGX1YEFdcXXFM8LYZmwfZ5YkfBMMo4MOIe5FHqD1xeXvC4ug3rVzBrk3HE35FnWU28UcaM/pUacpmfU+jOWXxM++SX7X09JYMg9AGVtqwKjUKczXNKtrEWRvJQDQtxi7lzA8yUb9E7JYi9sH3h56OyVxILBwni/XcccDf5GbMpY6n4uhLTMLEZ9qUMLoiz2qHZaKtaMI0ffdYhJsGn5rL5T8Q7xtOYsL1sHTZMqZq98HDx7QjNjBAncJgMpnobiMMPDzGJu4GBoZt9M06ECxHV4FgmioQnKMBwVaAoIiWht5AeDJ+5gYkSfxUVCRmanNFyPTJZz8qxz/5MeASSM9uhVRAfvKcn3Arf/5RPancJU7L29Zn+X0b1ZNEy9ilLRwQn86UshYmQ72aw1bVXdGl2WDTeVtMA8L8x7qbb9Jv9oRR5PO5FWhC2JKcimnVx0innt1W9cvSSAaURwLSSKlslJHWgCsmfgAGHQWDa78vwZCbGasjLKaJ/x8ZrzsIFCzEG67f2bzpmbfCxwT+NBQA5big3KZvhLn6nF0H2YW573ni/puAjGlwQ9zf07UnqXsH/mkE2XaTkj1DESRkr1zj4SaPoYE+0pFd044GD4NP3iWaTBJ6FHUiXVHnIo687VyxnRvS+zv1+BRv8PiWMwZbXcoLPH7O6Znu+AfnFPBq1I9Ua+uM+ilppc4XUb3KR+dP9RAZdc1Dy24I+XAD0xfxe+eKz1/pz6V6S6V665e1+PBoR1owIth8jyka3Wn6WTE9RhI/O3BPpreRhEpbl8B2ZKY3cksqIZi5Fd54v8mxjCiN/XB6sQFBYXhdBAQ88EN1UukEZNINnUQH22zraOwDu2UfqKDu/NnHATL5nHKZ2ah19OdQzzbU71xk5sHZmVAPhFIECx1Lgkhb7oHIBnL6QxmsO/pp1ILxxtlnq+ldyedOMxUAiJUlJwI/CjUm1qKPC/eQheoubhl+uP287lnnO8gX+lYf9LkC7iDumHJOsdKV/QS3baBSTtN6x0JHohy1sNA15YC+mFFJO7CfX91AO/xkxJ0Jn58w/gMpBZoqpzRzDzwrTjGVakgenbyUUuSRdGC0S1xy7QpPX3TLHPXGVzYsCd0A1Epd/CAdslNnpZZovo34SODSCSk3zIMJidufbUtgOgyix2cgtdzSloE6Wt1sYSDzkhnIcuRca1OR9aQMpCZaX6Tro0Yb+JJ1DXVTPzdlw+NnV7naatEGQPl5+3ijXPr2TUOvLn95eA92LYDXZx2GMK0TssZZhTAQ2Fz6QFrN2pbdd2yn+Nj7RTUOcvo8kjEdAwILWYa04AItU7abY5yuKQ2qSd23EajAzvK2lxipQP0UDg3Cl7m0ivtKu1bdF/cne/ivjpdlTlufZp6XT0MO7jv1vQbQxmbfONylQaR4MSjx8Ot7MTVF/Ua8WG7Hf6YXU1N+bFcp6XO0ZDyaBl/WglEuz3kMLwSmxNXSwFosxtFS8croSWZkIQ65+kgQ0CCaxmQuMFNxRLVrFQ91ljG5kZcuCt/RsONBz8HY9U6XZt2rKcC1SXelb+J5Gpumak7evoZteYFtqSneEytYTZFdjfsoqsdSGfAMjFvNpF2N+4D0mWFI1t1QwDmxhtX82dW6j5JOQ0oq49WVr6vptKt5H5IxhWdn3/qmvBFhjLizOV0vEQrFpb87NPmp5otVWEgCLX1imo5/81CQNoGWtfvXQ4K6MeeKhBNwvi35BGi8OhLU5foVCScpqMlO4ZRQ0P759WwPbMP7MLy9wysS/jv42rBR+N1QNGj85xJ35UJpV65uYFXER/sqUKOIm3bl1g2iFPklfuOWwxpLMm/IWZxW5irVlTLWL1DGtgLrVxexyiGKXA8uXFX3/RVVql0lKwMZvUrJqih3HaXivs2p7ixO5anTcylOyblHw5DA07YUpcvRL5K/89DdHvRGDZxiW+pe4DRr0NwBy/0RaLRFoH1WCLRNKVY25e9ptv4SHsZ9AOqFVh1ZsO9YZaEVnxSTahq9e0waRWW/Xq3vHJp7l/O3hUi7q/ngrOAKdXk7pCHTbevivVL4QbLz3Rue/LT8/0Np9/LfOKF3/wM=</diagram></mxfile>

tf-environments/infrastructure/aws/transit-gateway/_env_defaults/transit-gateway.tfvars

@@ -0,0 +1,7 @@
+# Infrastructure account:
+aws_first_access_key = ""
+aws_first_secret_key = ""
+
+# second account:
+aws_second_access_key = ""
+aws_second_secret_key = ""

tf-environments/infrastructure/aws/transit-gateway/terragrunt.hcl

@@ -0,0 +1,21 @@
+remote_state {
+  backend = "s3"
+  config = {
+    bucket = "kubernetes-ops-tf-state-${get_aws_account_id()}-transit-gateway"
+
+    key = "infrastructure/${path_relative_to_include()}/terraform.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+    dynamodb_table = "kubernetes-ops-lock-table"
+  }
+}
+
+terraform {
+  // extra_arguments "common_vars" {
+  //   commands = get_terraform_commands_that_need_vars()
+  //
+  //   arguments = [
+  //     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
+  //   ]
+  // }
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/_env_defaults/aws.tfvars

@@ -0,0 +1,3 @@
+environment_name = "production-test-vpc"
+region = "us-east-1"
+vpc_cidr = "10.35.0.0/16"

tf-environments/infrastructure/aws/transit-gateway/us-east-1/add-tg-routes/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,32 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../tf-modules/aws/networks/add-tg-routes/"
+
+  # extra_arguments "common_vars" {
+  #   commands = get_terraform_commands_that_need_vars()
+
+  #   arguments = [
+  #     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+  #   ]
+  # }
+}
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  transit-gateway-id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_id", "--terragrunt-working-dir", "../../transit-gateway"))
+
+  # Routing table associated with the VPC subnets
+  route_table_id_list = ["rtb-0137cd69ffeeea89d", "rtb-0a568e7960813d48f"]
+
+  # External destination routes list CIDR
+  routes-list = ["10.36.0.0/16", "10.37.0.0/16"]
+}
+
+dependencies {
+  paths = ["../transit-gateway"]
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/tg-internal-attach-vpc/dev-us/terragrunt.hcl

@@ -0,0 +1,55 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../tf-modules/aws/networks/tg-external-attach-to-vpc/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+    arguments = [
+      "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+      # "-var-file=../../vpc/dev-us/vpc-tfvars",
+    ]
+  }
+}
+
+locals {
+  vpc_id_second = "vpc-0f13269709c9a4822"
+}
+
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  name-postfix = "dev-us"
+
+  tags = {
+    Environment     = "dev-us",
+    Account         = "infrastructure",
+    Group           = "devops",
+    Region          = "us-east-1"
+    managed_by      = "Terraform"
+    purpose         = "transit-gateway"
+    terraform_module = "tg-internal-attach-to-vpc"
+    terragrunt_dir = get_terragrunt_dir()
+    last_callers_identity = get_aws_caller_identity_arn()
+    last_callers_user_id  = get_aws_caller_identity_user_id()
+  }
+
+  transit-gateway-arn = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_arn", "--terragrunt-working-dir", "../../transit-gateway"))
+  transit-gateway-id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_id", "--terragrunt-working-dir", "../../transit-gateway"))
+
+  # vpc_id_first = "Retrieved via the extra args command input"
+  vpc_id_second = "vpc-0f13269709c9a4822"
+
+  availability_zone = ["us-east-1a", "us-east-1b", "us-east-1c"]
+  # CIDR blocks per the ./<repo-root>/cidr-ranges.md
+  subnets_cidr = ["172.17.104.16/28", "172.17.104.32/28", "172.17.104.48/28"]
+}
+
+dependencies {
+  paths = ["../../transit-gateway", "../../vpc/dev-us"]
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/tg-internal-attach-vpc/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,47 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../tf-modules/aws/networks/tg-internal-attach-to-vpc/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+    arguments = [
+      "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+    ]
+  }
+}
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  name-postfix = "production-test-vpc"
+
+  tags = {
+    Environment     = "production-test-vpc",
+    Account         = "infrastructure",
+    Group           = "devops",
+    Region          = "us-east-1"
+    managed_by      = "Terraform"
+    purpose         = "transit-gateway"
+    terraform_module = "tg-internal-attach-to-vpc"
+    terragrunt_dir = get_terragrunt_dir()
+    last_callers_identity = get_aws_caller_identity_arn()
+    last_callers_user_id  = get_aws_caller_identity_user_id()
+  }
+
+  transit-gateway-arn = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_arn", "--terragrunt-working-dir", "../../transit-gateway"))
+  transit-gateway-id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_id", "--terragrunt-working-dir", "../../transit-gateway"))
+
+  vpc_id_first = trimspace(run_cmd("terragrunt", "output", "aws_vpc_id", "--terragrunt-working-dir", "../../vpc/production-test-vpc"))
+
+  availability_zone = ["us-east-1a", "us-east-1b", "us-east-1c"]
+  subnets_cidr = ["10.35.20.0/24", "10.35.21.0/24", "10.35.22.0/24"]
+}
+
+dependencies {
+  paths = ["../../transit-gateway", "../../vpc/production-test-vpc"]
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/transit-gateway-route-table/us-east-2/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,36 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../../tf-modules/aws/networks/transit-gateway-route-table/"
+
+  # This module uses AWS keys from the local shell's environment
+
+  # extra_arguments "common_vars" {
+  #   commands = get_terraform_commands_that_need_vars()
+
+  #   arguments = [
+  #     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+  #   ]
+  # }
+}
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  destination_cidr_block_list = ["10.36.0.0/16"]
+
+  blackhole_list = ["false"]
+
+  # This is hardcoded right now b/c the transit-gateway to transit-gateway peering has to be done manually.  Terraform has a PR open for this functionality but it has not landed yet.
+  transit_gateway_attachment_id = "tgw-attach-07ff6a0a0ca3ced71"
+
+  transit_gateway_route_table_id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_propagation_default_route_table_id", "--terragrunt-working-dir", "../../../transit-gateway"))
+
+}
+
+dependencies {
+  paths = ["../../../transit-gateway"]
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/transit-gateway-route-table/us-west-2/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,36 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../../tf-modules/aws/networks/transit-gateway-route-table/"
+
+  # This module uses AWS keys from the local shell's environment
+
+  # extra_arguments "common_vars" {
+  #   commands = get_terraform_commands_that_need_vars()
+
+  #   arguments = [
+  #     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+  #   ]
+  # }
+}
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  destination_cidr_block_list = ["10.37.0.0/16"]
+
+  blackhole_list = ["false"]
+
+  # This is hardcoded right now b/c the transit-gateway to transit-gateway peering has to be done manually.  Terraform has a PR open for this functionality but it has not landed yet.
+  transit_gateway_attachment_id = "tgw-attach-07ed65746271a3316"
+
+  transit_gateway_route_table_id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_propagation_default_route_table_id", "--terragrunt-working-dir", "../../../transit-gateway"))
+
+}
+
+dependencies {
+  paths = ["../../../transit-gateway"]
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/transit-gateway/terragrunt.hcl

@@ -0,0 +1,38 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../tf-modules/aws/networks/transit-gateway/"
+
+
+  # This module uses AWS keys from the local shell's environment
+
+  # extra_arguments "common_vars" {
+  #   commands = get_terraform_commands_that_need_vars()
+
+  #   arguments = [
+  #     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+  #   ]
+  # }
+}
+
+inputs = {
+
+  aws_region = "us-east-1"
+
+  amazon_side_asn = "64601"
+
+  tags = {
+    Name            = "tg-production",
+    Environment     = "tg-production",
+    Account         = "infrastructure",
+    Group           = "devops",
+    Region          = "us-east-1"
+    managed_by      = "Terraform"
+    purpose         = "transit-gateway"
+    terragrunt_dir = get_terragrunt_dir()
+    last_callers_identity = get_aws_caller_identity_arn()
+    last_callers_user_id  = get_aws_caller_identity_user_id()
+  }
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-1/vpc/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,39 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../tf-modules/aws/vpc/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+    arguments = [
+      "-var-file=${get_parent_terragrunt_dir()}/us-east-1/_env_defaults/aws.tfvars",
+    ]
+  }
+}
+
+inputs = {
+
+  region = "us-east-1"
+  availability_zones            = ["us-east-1a"]
+
+  public_cidrs                  = ["10.35.10.0/24"]
+
+  private_cidrs                 = ["10.35.11.0/24"]
+
+  tags = {
+    Name            = "production-test-vpc",
+    Environment     = "production-test-vpc",
+    Account         = "infrastructure",
+    Group           = "devops",
+    Region          = "us-east-1"
+    managed_by      = "Terraform"
+    terraform_module = "vpc"
+    terragrunt_dir = get_terragrunt_dir()
+    last_callers_identity = get_aws_caller_identity_arn()
+    last_callers_user_id  = get_aws_caller_identity_user_id()
+  }
+
+}

tf-environments/infrastructure/aws/transit-gateway/us-east-2/_env_defaults/aws.tfvars

@@ -0,0 +1,3 @@
+environment_name = "production-test-vpc"
+region = "us-east-2"
+vpc_cidr = "10.36.0.0/16"

tf-environments/infrastructure/aws/transit-gateway/us-east-2/add-tg-routes/production-test-vpc/terragrunt.hcl

@@ -0,0 +1,34 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../../../tf-modules/aws/networks/add-tg-routes/"
+
+  # This module uses AWS keys from the local shell's environment
+
+  # extra_arguments "common_vars" {
+  #   commands = get_terraform_commands_that_need_vars()
+
+  #   arguments = [
+  #     "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/transit-gateway.tfvars",
+  #   ]
+  # }
+}
+
+inputs = {
+
+  aws_region = "us-east-2"
+
+  transit-gateway-id = trimspace(run_cmd("terragrunt", "output", "aws_ec2_transit_gateway_id", "--terragrunt-working-dir", "../../transit-gateway"))
+
+  # Routing table associated with the VPC subnets
+  route_table_id_list = ["rtb-04b71b62aa6fb03d6", "rtb-0707cf615945ad25d"]
+
+  # External destination routes list CIDR
+  routes-list = ["10.35.0.0/16", "10.37.0.0/16", "10.38.0.0/16"]
+}
+
+dependencies {
+  paths = ["../../transit-gateway"]
+}