From 5ea987bf48a3c404df7634122189537a292e1c54 Mon Sep 17 00:00:00 2001 From: Byungjin Park Date: Wed, 7 Feb 2024 18:08:11 +0900 Subject: [PATCH] Support transit gateway vpc attachments for subnet-group module --- VERSION | 2 +- modules/subnet-group/README.md | 3 +++ modules/subnet-group/integrations.tf | 32 +++++++++++++++++++++++++ modules/subnet-group/outputs.tf | 19 +++++++++++++++ modules/subnet-group/variables.tf | 35 ++++++++++++++++++++++++++++ 5 files changed, 90 insertions(+), 1 deletion(-) diff --git a/VERSION b/VERSION index f176c94..9eb2aa3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.31.1 +0.32.0 diff --git a/modules/subnet-group/README.md b/modules/subnet-group/README.md index 44309eb..f7a92d6 100644 --- a/modules/subnet-group/README.md +++ b/modules/subnet-group/README.md @@ -41,6 +41,7 @@ This module creates following resources. | [aws_db_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | | [aws_dms_replication_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dms_replication_subnet_group) | resource | | [aws_docdb_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_subnet_group) | resource | +| [aws_ec2_transit_gateway_vpc_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource | | [aws_elasticache_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource | | [aws_memorydb_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/memorydb_subnet_group) | resource | | [aws_neptune_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_subnet_group) | resource | @@ -75,6 +76,7 @@ This module creates following resources. | [shares](#input\_shares) | (Optional) A list of resource shares via RAM (Resource Access Manager). | 
list(object({
    name = optional(string)

    permissions = optional(set(string), ["AWSRAMDefaultPermissionSubnet"])

    external_principals_allowed = optional(bool, false)
    principals                  = optional(set(string), [])

    tags = optional(map(string), {})
  }))
| `[]` | no | | [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | | [timeouts](#input\_timeouts) | (Optional) How long to wait for the subnet group to be created/deleted. | 
object({
    create = optional(string, "10m")
    delete = optional(string, "20m")
  })
| `{}` | no | +| [transit\_gateway\_attachments](#input\_transit\_gateway\_attachments) | (Optional) A list of configurations for Transit Gateway VPC attachments. Each block of `transit_gateway_attachments` as defined below.
(Required) `name` - The name of the Transit Gateway VPC attachment.
(Required) `transit_gateway` - The ID of the Transit Gateway.
(Optional) `appliance_mode_enabled` - Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.
(Optional) `dns_support_enabled` - Whether to enable Domain Name System resolution for VPCs attached to this transit gateway. Defaults to `true`.
(Optional) `ipv6_enabled` - Whether to enable IPv6 support. Defaults to `false`.
(Optional) `default_association_route_table_enabled` - Whether to automatically associate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
(Optional) `default_propagation_route_table_enabled` - Whether to automatically propagate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
(Optional) `tags` - A map of tags to add to the vpc association. | 
list(object({
    name                                    = string
    transit_gateway                         = string
    appliance_mode_enabled                  = optional(bool, false)
    dns_support_enabled                     = optional(bool, true)
    ipv6_enabled                            = optional(bool, false)
    default_association_route_table_enabled = optional(bool, false)
    default_propagation_route_table_enabled = optional(bool, false)

    tags = optional(map(string), {})
  }))
| `[]` | no | ## Outputs @@ -104,5 +106,6 @@ This module creates following resources. | [sharing](#output\_sharing) | The configuration for sharing of subnets in the subnet group.
`status` - An indication of whether subnets are shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`.
`shares` - The list of resource shares via RAM (Resource Access Manager). | | [subnets](#output\_subnets) | A list of subnets of the subnet group. | | [subnets\_by\_az](#output\_subnets\_by\_az) | A map of subnets of the subnet group which are grouped by availability zone id. | +| [transit\_gateway\_attachments](#output\_transit\_gateway\_attachments) | The configuration of Transit Gateway VPC attachments. | | [vpc\_id](#output\_vpc\_id) | The ID of the VPC which the subnet group belongs to. | diff --git a/modules/subnet-group/integrations.tf b/modules/subnet-group/integrations.tf index f1eae91..d042a5e 100644 --- a/modules/subnet-group/integrations.tf +++ b/modules/subnet-group/integrations.tf @@ -1,3 +1,35 @@ +################################################### +# VPC Attachments for Transit Gateway +################################################### + +resource "aws_ec2_transit_gateway_vpc_attachment" "this" { + for_each = { + for attachment in var.transit_gateway_attachments : + attachment.name => attachment + } + + vpc_id = var.vpc_id + subnet_ids = values(aws_subnet.this)[*].id + + transit_gateway_id = each.value.transit_gateway + + appliance_mode_support = each.value.appliance_mode_enabled ? "enable" : "disable" + dns_support = each.value.dns_support_enabled ? "enable" : "disable" + ipv6_support = each.value.ipv6_enabled ? "enable" : "disable" + transit_gateway_default_route_table_association = each.value.default_association_route_table_enabled + transit_gateway_default_route_table_propagation = each.value.default_propagation_route_table_enabled + + tags = merge( + { + "Name" = each.key + }, + local.module_tags, + var.tags, + each.value.tags, + ) +} + + ################################################### # Subnet Group for DAX ################################################### diff --git a/modules/subnet-group/outputs.tf b/modules/subnet-group/outputs.tf index be882b7..980f36d 100644 --- a/modules/subnet-group/outputs.tf +++ b/modules/subnet-group/outputs.tf @@ -111,6 +111,25 @@ output "dns_config" { } } +output "transit_gateway_attachments" { + description = < { + name = name + transit_gateway = attachment.transit_gateway_id + + appliance_mode_enabled = attachment.appliance_mode_support == "enable" + dns_support_enabled = attachment.dns_support == "enable" + ipv6_enabled = attachment.ipv6_support == "enable" + default_association_route_table_enabled = attachment.transit_gateway_default_route_table_association + default_propagation_route_table_enabled = attachment.transit_gateway_default_route_table_propagation + } + } +} + output "dax_subnet_group" { description = <