Refine route-table module

tedilabs · Oct 30, 2023 · 9f36d80 · 9f36d80
1 parent cef1088
commit 9f36d80
Show file tree

Hide file tree

Showing 6 changed files with 392 additions and 100 deletions.
diff --git a/modules/route-table/README.md b/modules/route-table/README.md
@@ -14,14 +14,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.11 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.23.1 |
 
 ## Modules
 
@@ -50,28 +50,34 @@ This module creates following resources.
 | <a name="input_name"></a> [name](#input\_name) | (Required) Desired name for the route table resources. | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required) The ID of the VPC which the route table belongs to. | `string` | n/a | yes |
 | <a name="input_gateways"></a> [gateways](#input\_gateways) | (Optional) A list of gateway IDs to associate with the route table. Only support Internet Gateway and Virtual Private Gateway. | `list(string)` | `[]` | no |
-| <a name="input_ipv4_routes"></a> [ipv4\_routes](#input\_ipv4\_routes) | (Optional) A list of route rules for IPv4 CIDRs. | `list(map(string))` | `[]` | no |
-| <a name="input_ipv6_routes"></a> [ipv6\_routes](#input\_ipv6\_routes) | (Optional) A list of route rules for IPv6 CIDRs. | `list(map(string))` | `[]` | no |
-| <a name="input_is_main"></a> [is\_main](#input\_is\_main) | (Optional) Whether to set this route table as the main route table. | `bool` | `false` | no |
+| <a name="input_ipv4_routes"></a> [ipv4\_routes](#input\_ipv4\_routes) | (Optional) A list of route rules for destinations to IPv4 CIDRs. Each block of `ipv4_routes` as defined below.<br>    (Required) `destination` - The destination IPv4 CIDR block of the route rule.<br>    (Required) `target` - A configuration of the target of the route rule. `target` as defined below.<br>      (Required) `type` - The type of the target of the route rule. Valid values are `CARRIER_GATEWAY`, `CORE_GATEWAY`, `EGRESS_ONLY_INTERNET_GATEWAY`, `INTERNET_GATEWAY`, `VPN_GATEWAY`, `LOCAL_GATEWAY`, `NAT_GATEWAY`, `NETWORK_INTERFACE`, `TRANSIT_GATEWAY`, `VPC_ENDPOINT`, `VPC_PEERING_CONNECTION`.<br>      (Required) `id` - The ID of the target of the route rule. | <pre>list(object({<br>    destination = string<br><br>    target = object({<br>      type = string<br>      id   = string<br>    })<br>  }))</pre> | `[]` | no |
+| <a name="input_ipv6_routes"></a> [ipv6\_routes](#input\_ipv6\_routes) | (Optional) A list of route rules for destinations to IPv6 CIDRs. Each block of `ipv6_routes` as defined below.<br>    (Required) `destination` - The destination IPv6 CIDR block of the route rule.<br>    (Required) `target` - A configuration of the target of the route rule. `target` as defined below.<br>      (Required) `type` - The type of the target of the route rule. Valid values are `CARRIER_GATEWAY`, `CORE_GATEWAY`, `EGRESS_ONLY_INTERNET_GATEWAY`, `INTERNET_GATEWAY`, `VPN_GATEWAY`, `LOCAL_GATEWAY`, `NAT_GATEWAY`, `NETWORK_INTERFACE`, `TRANSIT_GATEWAY`, `VPC_ENDPOINT`, `VPC_PEERING_CONNECTION`.<br>      (Required) `id` - The ID of the target of the route rule. | <pre>list(object({<br>    destination = string<br><br>    target = object({<br>      type = string<br>      id   = string<br>    })<br>  }))</pre> | `[]` | no |
+| <a name="input_is_main"></a> [is\_main](#input\_is\_main) | (Optional) Whether to set this route table as the main route table. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
-| <a name="input_prefix_list_routes"></a> [prefix\_list\_routes](#input\_prefix\_list\_routes) | (Optional) A list of route rules for Managed Prefix List. | `list(map(string))` | `[]` | no |
+| <a name="input_prefix_list_routes"></a> [prefix\_list\_routes](#input\_prefix\_list\_routes) | (Optional) A list of route rules for destinations to Prefix Lists. Each block of `prefix_list_routes` as defined below.<br>    (Required) `name` - The name of the route rule.<br>    (Required) `destination` - The destination Prefix List of the route rule.<br>    (Required) `target` - A configuration of the target of the route rule. `target` as defined below.<br>      (Required) `type` - The type of the target of the route rule. Valid values are `CARRIER_GATEWAY`, `CORE_GATEWAY`, `EGRESS_ONLY_INTERNET_GATEWAY`, `INTERNET_GATEWAY`, `VPN_GATEWAY`, `LOCAL_GATEWAY`, `NAT_GATEWAY`, `NETWORK_INTERFACE`, `TRANSIT_GATEWAY`, `VPC_ENDPOINT`, `VPC_PEERING_CONNECTION`.<br>      (Required) `id` - The ID of the target of the route rule. | <pre>list(object({<br>    name        = string<br>    destination = string<br><br>    target = object({<br>      type = string<br>      id   = string<br>    })<br>  }))</pre> | `[]` | no |
 | <a name="input_propagating_vpn_gateways"></a> [propagating\_vpn\_gateways](#input\_propagating\_vpn\_gateways) | (Optional) A list of Virtual Private Gateway IDs to propagate routes from. | `list(string)` | `[]` | no |
 | <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | (Optional) A list of subnet IDs to associate with the route table. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | (Optional) How long to wait for the route table to be created/updated/deleted. | <pre>object({<br>    create = optional(string, "5m")<br>    update = optional(string, "2m")<br>    delete = optional(string, "5m")<br>  })</pre> | `{}` | no |
 | <a name="input_vpc_gateway_endpoints"></a> [vpc\_gateway\_endpoints](#input\_vpc\_gateway\_endpoints) | (Optional) A list of the VPC Endpoint IDs with which the Route Table will be associated. | `list(string)` | `[]` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the routing table. |
 | <a name="output_associated_gateways"></a> [associated\_gateways](#output\_associated\_gateways) | A list of gateway IDs which is associated with the route table. |
 | <a name="output_associated_subnets"></a> [associated\_subnets](#output\_associated\_subnets) | A list of subnet IDs which is associated with the route table. |
 | <a name="output_associated_vpc_gateway_endpoints"></a> [associated\_vpc\_gateway\_endpoints](#output\_associated\_vpc\_gateway\_endpoints) | A list of the VPC Gateway Endpoint IDs which is associated with the route table. |
 | <a name="output_id"></a> [id](#output\_id) | The ID of the routing table. |
+| <a name="output_ipv4_routes"></a> [ipv4\_routes](#output\_ipv4\_routes) | A list of route rules for destinations to IPv4 CIDRs. |
+| <a name="output_ipv6_routes"></a> [ipv6\_routes](#output\_ipv6\_routes) | A list of route rules for destinations to IPv6 CIDRs. |
 | <a name="output_is_main"></a> [is\_main](#output\_is\_main) | Whether to set this route table as the main route table. |
+| <a name="output_owner"></a> [owner](#output\_owner) | The ID of the AWS account that owns subnets in the routing table. |
+| <a name="output_prefix_list_routes"></a> [prefix\_list\_routes](#output\_prefix\_list\_routes) | A list of route rules for destinations to Prefix Lists. |
 | <a name="output_propagated_vpn_gateways"></a> [propagated\_vpn\_gateways](#output\_propagated\_vpn\_gateways) | A list of Virtual Private Gateway IDs which propagate routes from. |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC which the route table belongs to. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/route-table/main.tf b/modules/route-table/main.tf
@@ -14,93 +14,44 @@ locals {
   } : {}
 }
 
+
+###################################################
+# Route Table
+###################################################
+
 resource "aws_route_table" "this" {
   vpc_id = var.vpc_id
 
+  timeouts {
+    create = var.timeouts.create
+    update = var.timeouts.update
+    delete = var.timeouts.delete
+  }
+
   tags = merge(
     {
       "Name" = local.metadata.name
     },
     local.module_tags,
     var.tags,
   )
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_main_route_table_association" "this" {
   count = var.is_main ? 1 : 0
 
   vpc_id         = var.vpc_id
   route_table_id = aws_route_table.this.id
-}
-
-
-###################################################
-# Routes
-###################################################
-
-# INFO: Not supported attributes
-# - `instance_id` (Deprecated)
-resource "aws_route" "ipv4" {
-  for_each = {
-    for route in var.ipv4_routes :
-    route.cidr_block => route
-  }
-
-  route_table_id         = aws_route_table.this.id
-  destination_cidr_block = each.key
-
-  carrier_gateway_id        = try(each.value.carrier_gateway_id, null)
-  core_network_arn          = try(each.value.core_network_arn, null)
-  egress_only_gateway_id    = try(each.value.egress_only_gateway_id, null)
-  gateway_id                = try(each.value.gateway_id, null)
-  local_gateway_id          = try(each.value.local_gateway_id, null)
-  nat_gateway_id            = try(each.value.nat_gateway_id, null)
-  network_interface_id      = try(each.value.network_interface_id, null)
-  transit_gateway_id        = try(each.value.transit_gateway_id, null)
-  vpc_endpoint_id           = try(each.value.vpc_endpoint_id, null)
-  vpc_peering_connection_id = try(each.value.vpc_peering_connection_id, null)
-}
 
-resource "aws_route" "ipv6" {
-  for_each = {
-    for route in var.ipv6_routes :
-    route.cidr => route
+  timeouts {
+    create = var.timeouts.create
+    update = var.timeouts.update
+    delete = var.timeouts.delete
   }
-
-  route_table_id              = aws_route_table.this.id
-  destination_ipv6_cidr_block = each.key
-
-  carrier_gateway_id        = try(each.value.carrier_gateway_id, null)
-  core_network_arn          = try(each.value.core_network_arn, null)
-  egress_only_gateway_id    = try(each.value.egress_only_gateway_id, null)
-  gateway_id                = try(each.value.gateway_id, null)
-  local_gateway_id          = try(each.value.local_gateway_id, null)
-  nat_gateway_id            = try(each.value.nat_gateway_id, null)
-  network_interface_id      = try(each.value.network_interface_id, null)
-  transit_gateway_id        = try(each.value.transit_gateway_id, null)
-  vpc_endpoint_id           = try(each.value.vpc_endpoint_id, null)
-  vpc_peering_connection_id = try(each.value.vpc_peering_connection_id, null)
-}
-
-resource "aws_route" "prefix_list" {
-  for_each = {
-    for route in var.prefix_list_routes :
-    route.id => route
-  }
-
-  route_table_id             = aws_route_table.this.id
-  destination_prefix_list_id = each.key
-
-  carrier_gateway_id        = try(each.value.carrier_gateway_id, null)
-  core_network_arn          = try(each.value.core_network_arn, null)
-  egress_only_gateway_id    = try(each.value.egress_only_gateway_id, null)
-  gateway_id                = try(each.value.gateway_id, null)
-  local_gateway_id          = try(each.value.local_gateway_id, null)
-  nat_gateway_id            = try(each.value.nat_gateway_id, null)
-  network_interface_id      = try(each.value.network_interface_id, null)
-  transit_gateway_id        = try(each.value.transit_gateway_id, null)
-  vpc_endpoint_id           = try(each.value.vpc_endpoint_id, null)
-  vpc_peering_connection_id = try(each.value.vpc_peering_connection_id, null)
 }
 
 

diff --git a/modules/route-table/outputs.tf b/modules/route-table/outputs.tf
@@ -8,6 +8,100 @@ output "id" {
   value       = aws_route_table.this.id
 }
 
+output "arn" {
+  description = "The ARN of the routing table."
+  value       = aws_route_table.this.arn
+}
+
+output "owner" {
+  description = "The ID of the AWS account that owns subnets in the routing table."
+  value       = aws_route_table.this.owner_id
+}
+
+output "is_main" {
+  description = "Whether to set this route table as the main route table."
+  value       = var.is_main
+}
+
+output "ipv4_routes" {
+  description = "A list of route rules for destinations to IPv4 CIDRs."
+  value = [
+    for route in var.ipv4_routes : {
+      destination = route.destination
+      target = {
+        id    = aws_route.ipv4[route.destination].id,
+        state = aws_route.ipv4[route.destination].state,
+        type  = route.target.type
+        id = coalesce(
+          aws_route.ipv4[route.destination].carrier_gateway_id,
+          aws_route.ipv4[route.destination].core_network_arn,
+          aws_route.ipv4[route.destination].egress_only_gateway_id,
+          aws_route.ipv4[route.destination].gateway_id,
+          aws_route.ipv4[route.destination].local_gateway_id,
+          aws_route.ipv4[route.destination].nat_gateway_id,
+          aws_route.ipv4[route.destination].network_interface_id,
+          aws_route.ipv4[route.destination].transit_gateway_id,
+          aws_route.ipv4[route.destination].vpc_endpoint_id,
+          aws_route.ipv4[route.destination].vpc_peering_connection_id,
+        )
+      }
+    }
+  ]
+}
+
+output "ipv6_routes" {
+  description = "A list of route rules for destinations to IPv6 CIDRs."
+  value = [
+    for route in var.ipv6_routes : {
+      destination = route.destination
+      target = {
+        id    = aws_route.ipv6[route.destination].id,
+        state = aws_route.ipv6[route.destination].state,
+        type  = route.target.type
+        id = coalesce(
+          aws_route.ipv6[route.destination].carrier_gateway_id,
+          aws_route.ipv6[route.destination].core_network_arn,
+          aws_route.ipv6[route.destination].egress_only_gateway_id,
+          aws_route.ipv6[route.destination].gateway_id,
+          aws_route.ipv6[route.destination].local_gateway_id,
+          aws_route.ipv6[route.destination].nat_gateway_id,
+          aws_route.ipv6[route.destination].network_interface_id,
+          aws_route.ipv6[route.destination].transit_gateway_id,
+          aws_route.ipv6[route.destination].vpc_endpoint_id,
+          aws_route.ipv6[route.destination].vpc_peering_connection_id,
+        )
+      }
+    }
+  ]
+}
+
+output "prefix_list_routes" {
+  description = "A list of route rules for destinations to Prefix Lists."
+  value = [
+    for route in var.prefix_list_routes : {
+      destination = route.destination
+      target = {
+        id    = aws_route.prefix_list[route.destination].id,
+        state = aws_route.prefix_list[route.destination].state,
+        type  = route.target.type
+        id = coalesce(
+          aws_route.prefix_list[route.destination].carrier_gateway_id,
+          aws_route.prefix_list[route.destination].core_network_arn,
+          aws_route.prefix_list[route.destination].egress_only_gateway_id,
+          aws_route.prefix_list[route.destination].gateway_id,
+          aws_route.prefix_list[route.destination].local_gateway_id,
+          aws_route.prefix_list[route.destination].nat_gateway_id,
+          aws_route.prefix_list[route.destination].network_interface_id,
+          aws_route.prefix_list[route.destination].transit_gateway_id,
+          aws_route.prefix_list[route.destination].vpc_endpoint_id,
+          aws_route.prefix_list[route.destination].vpc_peering_connection_id,
+        )
+      }
+    }
+  ]
+}
+
+
 output "associated_subnets" {
   description = "A list of subnet IDs which is associated with the route table."
   value       = aws_route_table_association.subnets[*].subnet_id
@@ -28,7 +122,3 @@ output "propagated_vpn_gateways" {
   value       = values(aws_vpn_gateway_route_propagation.this)[*].vpn_gateway_id
 }
 
-output "is_main" {
-  description = "Whether to set this route table as the main route table."
-  value       = var.is_main
-}