diff --git a/README.md b/README.md
index 348d70b..3757cfa 100644
--- a/README.md
+++ b/README.md
@@ -366,7 +366,7 @@ Each Spoke VPC segment created is independent between each other, meaning that i
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.15.0 |
+| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [aws](#requirement\_aws) | >= 3.73.0 |
| [awscc](#requirement\_awscc) | >= 0.15.0 |
@@ -380,8 +380,8 @@ Each Spoke VPC segment created is independent between each other, meaning that i
| Name | Source | Version |
|------|--------|---------|
-| [aws\_network\_firewall](#module\_aws\_network\_firewall) | aws-ia/networkfirewall/aws | = 0.0.1 |
-| [central\_vpcs](#module\_central\_vpcs) | aws-ia/vpc/aws | = 3.0.0 |
+| [aws\_network\_firewall](#module\_aws\_network\_firewall) | aws-ia/networkfirewall/aws | = 0.0.2 |
+| [central\_vpcs](#module\_central\_vpcs) | aws-ia/vpc/aws | = 3.0.1 |
| [spoke\_vpcs](#module\_spoke\_vpcs) | ./modules/spoke_vpcs | n/a |
## Resources
@@ -415,9 +415,9 @@ Each Spoke VPC segment created is independent between each other, meaning that i
|------|-------------|------|---------|:--------:|
| [central\_vpcs](#input\_central\_vpcs) | Configuration of the Central VPCs - used to centralized different services. You can create the following central VPCs: "inspection", "egress", "shared-services", "hybrid-dns", and "ingress".
In each Central VPC, You can specify the following attributes:
- `vpc_id` = (Optional\|string) **If you specify this value, no other attributes can be set** VPC ID, the VPC will be attached to the Transit Gateway, and its attachment associate/propagated to the corresponding TGW Route Tables.
- `cidr_block` = (Optional\|string) CIDR range to assign to the VPC if creating a new VPC.
- `az_count` = (Optional\|number) Searches the number of AZs in the region and takes a slice based on this number - the slice is sorted a-z.
- `vpc_enable_dns_hostnames` = (Optional\|bool) Indicates whether the instances launched in the VPC get DNS hostnames. Enabled by default.
- `vpc_enable_dns_support` = (Optional\|bool) Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default.
- `vpc_instance_tenancy` = (Optional\|string) The allowed tenancy of instances launched into the VPC.
- `vpc_flow_logs` = (Optional\|object(any)) Configuration of the VPC Flow Logs of the VPC configured. Options: "cloudwatch", "s3", "none".
- `subnet_configuration` = (Optional\|any) Configuration of the subnets to create in the VPC. Depending the type of central VPC to create, the format (subnets to configure) will be different.
To get more information of the format of the variables, check the section "Central VPCs" in the README. | `any` | n/a | yes |
| [identifier](#input\_identifier) | String to identify the whole Hub and Spoke environment. | `string` | n/a | yes |
-| [network\_definition](#input\_network\_definition) | "Definition of the IPv4 CIDR configuration. The definition is done by using two variables:"
- `type` = (string) Defines the type of network definition provided. It has to be either `CIDR` (Supernet's CIDR Block) or `PREFIX_LIST` (prefix list ID containing all the CIDR blocks of the network)
- `value` = (string) Either a Supernet's CIDR Block or a prefix list ID. This value needs to be consistent with the `type` provided in this variable. | object({
type = string
value = string
}) | n/a | yes |
-| [spoke\_vpcs](#input\_spoke\_vpcs) | Variable is used to provide the Hub and Spoke module the neccessary information about the Spoke VPCs created. Within this variable, a map of routing domains is expected. The *key* of each map will defined that specific routing domain (e.g. prod, nonprod, etc.) and a Transit Gateway Route Table for that routing domain will be created. Inside each routing domain definition, you can define a map of VPCs with the following attributes:
- `vpc_id` = (Optional\|string) VPC ID. *This value is not used in this version of the module, we keep it as placehoder when adding support for centralized VPC endpoints*.
- `transit_gateway_attachment_id` = (Optional\|string) Transit Gateway VPC attachment ID.
To get more information of the format of the variables, check the section "Spoke VPCs" in the README. | `any` | `null` | no |
-| [transit\_gateway\_attributes](#input\_transit\_gateway\_attributes) | Attributes about the new Transit Gateway to create. **If you specify this value, transit\_gateway\_id can't be set**:
- `name` = (Optional\|string) Name to apply to the new Transit Gateway.
- `description` = (Optional\|string) Description of the Transit Gateway
- `amazon_side_asn` = (Optional\|number) Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is `64512` to `65534` for 16-bit ASNs and `4200000000` to `4294967294` for 32-bit ASNs. It is recommended to configure one to avoid ASN overlap. Default value: `64512`.
- `auto_accept_shared_attachments` = (Optional\|string) Wheter the attachment requests are automatically accepted. Valid values: `disable` (default) or `enable`.
- `dns_support` = (Optional\|string) Wheter DNS support is enabled. Valid values: `disable` or `enable` (default).
- `multicast_support` = (Optional\|string) Wheter Multicas support is enabled. Valid values: `disable` (default) or `enable`.
- `transit_gateway_cidr_blocks` = (Optional\|list(string)) One or more IPv4/IPv6 CIDR blocks for the Transit Gateway. Must be a size /24 for IPv4 CIDRs, and /64 for IPv6 CIDRs.
- `vpn_ecmp_support` = (Optional\|string) Whever VPN ECMP support is enabled. Valid values: `disable` or `enable` (default).
- `tags` = (Optional\|map(string)) Key-value tags to apply to the Transit Gateway. | `any` | `null` | no |
+| [network\_definition](#input\_network\_definition) | "Definition of the IPv4 CIDR configuration. The definition is done by using two variables:"
- `type` = (string) Defines the type of network definition provided. It has to be either `CIDR` (Supernet's CIDR Block) or `PREFIX_LIST` (prefix list ID containing all the CIDR blocks of the network)
- `value` = (string) Either a Supernet's CIDR Block or a prefix list ID. This value needs to be consistent with the `type` provided in this variable. | object({
type = string
value = string
}) | n/a | yes |
+| [spoke\_vpcs](#input\_spoke\_vpcs) | Variable is used to provide the Hub and Spoke module the neccessary information about the Spoke VPCs created. Within this variable, a map of routing domains is expected. The *key* of each map will defined that specific routing domain (e.g. prod, nonprod, etc.) and a Transit Gateway Route Table for that routing domain will be created. Inside each routing domain definition, you can define a map of VPCs with the following attributes:
- `vpc_id` = (Optional\|string) VPC ID. *This value is not used in this version of the module, we keep it as placehoder when adding support for centralized VPC endpoints*.
- `transit_gateway_attachment_id` = (Optional\|string) Transit Gateway VPC attachment ID.
To get more information of the format of the variables, check the section "Spoke VPCs" in the README. | `any` | `{}` | no |
+| [transit\_gateway\_attributes](#input\_transit\_gateway\_attributes) | Attributes about the new Transit Gateway to create. **If you specify this value, transit\_gateway\_id can't be set**:
- `name` = (Optional\|string) Name to apply to the new Transit Gateway.
- `description` = (Optional\|string) Description of the Transit Gateway
- `amazon_side_asn` = (Optional\|number) Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is `64512` to `65534` for 16-bit ASNs and `4200000000` to `4294967294` for 32-bit ASNs. It is recommended to configure one to avoid ASN overlap. Default value: `64512`.
- `auto_accept_shared_attachments` = (Optional\|string) Wheter the attachment requests are automatically accepted. Valid values: `disable` (default) or `enable`.
- `dns_support` = (Optional\|string) Wheter DNS support is enabled. Valid values: `disable` or `enable` (default).
- `multicast_support` = (Optional\|string) Wheter Multicas support is enabled. Valid values: `disable` (default) or `enable`.
- `transit_gateway_cidr_blocks` = (Optional\|list(string)) One or more IPv4/IPv6 CIDR blocks for the Transit Gateway. Must be a size /24 for IPv4 CIDRs, and /64 for IPv6 CIDRs.
- `vpn_ecmp_support` = (Optional\|string) Whever VPN ECMP support is enabled. Valid values: `disable` or `enable` (default).
- `tags` = (Optional\|map(string)) Key-value tags to apply to the Transit Gateway. | `any` | `{}` | no |
| [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit Gateway ID. **If you specify this value, transit\_gateway\_attributes can't be set**. | `string` | `null` | no |
## Outputs
diff --git a/examples/central_egress_ingress/main.tf b/examples/central_egress_ingress/main.tf
index d5ee0f3..c6502cd 100644
--- a/examples/central_egress_ingress/main.tf
+++ b/examples/central_egress_ingress/main.tf
@@ -18,7 +18,8 @@ resource "aws_ec2_transit_gateway" "tgw" {
# Hub and Spoke module - we only centralize the Egress and Ingress traffic
module "hub-and-spoke" {
- source = "../.."
+ source = "aws-ia/network-hubandspoke"
+ version = "1.0.1"
identifier = var.identifier
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
diff --git a/examples/central_egress_ingress/providers.tf b/examples/central_egress_ingress/providers.tf
index 1586890..2a1a5fd 100644
--- a/examples/central_egress_ingress/providers.tf
+++ b/examples/central_egress_ingress/providers.tf
@@ -4,6 +4,7 @@
# --- examples/central_egress_ingress/providers.tf ---
terraform {
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
@@ -14,9 +15,6 @@ terraform {
version = ">= 0.15.0"
}
}
-
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
}
# AWS Providers configuration - AWS Region indicated in root/variables.tf
diff --git a/examples/central_inspection/main.tf b/examples/central_inspection/main.tf
index 682859c..f450f9c 100644
--- a/examples/central_inspection/main.tf
+++ b/examples/central_inspection/main.tf
@@ -5,7 +5,8 @@
# Hub and Spoke module - we only centralize the Inspection
module "hub-and-spoke" {
- source = "../.."
+ source = "aws-ia/network-hubandspoke"
+ version = "1.0.1"
identifier = var.identifier
transit_gateway_attributes = {
diff --git a/examples/central_inspection/providers.tf b/examples/central_inspection/providers.tf
index 5f6d554..df0f681 100644
--- a/examples/central_inspection/providers.tf
+++ b/examples/central_inspection/providers.tf
@@ -4,6 +4,7 @@
# --- examples/central_inspection/providers.tf ---
terraform {
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
@@ -14,9 +15,6 @@ terraform {
version = ">= 0.15.0"
}
}
-
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
}
# AWS Providers configuration - AWS Region indicated in root/variables.tf
diff --git a/examples/central_shared_services/main.tf b/examples/central_shared_services/main.tf
index 03f1c64..a28c755 100644
--- a/examples/central_shared_services/main.tf
+++ b/examples/central_shared_services/main.tf
@@ -18,7 +18,8 @@ resource "aws_ec2_transit_gateway" "tgw" {
# Hub and Spoke module - we only centralize the Shared Services and Hybrid DNS VPCs
module "hub-and-spoke" {
- source = "../.."
+ source = "aws-ia/network-hubandspoke"
+ version = "1.0.1"
identifier = var.identifier
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
diff --git a/examples/central_shared_services/providers.tf b/examples/central_shared_services/providers.tf
index d628602..1012872 100644
--- a/examples/central_shared_services/providers.tf
+++ b/examples/central_shared_services/providers.tf
@@ -4,6 +4,7 @@
# --- examples/central_shared_services/providers.tf ---
terraform {
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
@@ -14,9 +15,6 @@ terraform {
version = ">= 0.15.0"
}
}
-
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
}
# AWS Providers configuration - AWS Region indicated in root/variables.tf
diff --git a/main.tf b/main.tf
index cf725d5..937d44a 100644
--- a/main.tf
+++ b/main.tf
@@ -27,7 +27,7 @@ module "central_vpcs" {
for_each = var.central_vpcs
source = "aws-ia/vpc/aws"
- version = "= 3.0.0"
+ version = "= 3.0.1"
name = try(each.value.name, each.key)
vpc_id = try(each.value.vpc_id, null)
@@ -268,7 +268,7 @@ module "aws_network_firewall" {
count = local.create_anfw ? 1 : 0
source = "aws-ia/networkfirewall/aws"
- version = "= 0.0.1"
+ version = "= 0.0.2"
network_firewall_name = var.central_vpcs.inspection.aws_network_firewall.name
network_firewall_policy = var.central_vpcs.inspection.aws_network_firewall.policy_arn
diff --git a/providers.tf b/providers.tf
index d944803..f240de6 100644
--- a/providers.tf
+++ b/providers.tf
@@ -4,6 +4,7 @@
# --- root/providers.tf ---
terraform {
+ required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
@@ -14,7 +15,4 @@ terraform {
version = ">= 0.15.0"
}
}
-
- required_version = ">= 0.15.0"
- experiments = [module_variable_optional_attrs]
}