diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a6cd369..11084f7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.1
+ rev: v1.100.0
hooks:
- id: terraform_fmt
- id: terraform_docs
@@ -23,7 +23,7 @@ repos:
- '--args=--only=terraform_workspace_remote'
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v5.0.0
+ rev: v6.0.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
diff --git a/README.md b/README.md
index 53900ce..0d4abd9 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,6 @@ Terraform module which creates Transit Gateway resources on AWS.
```hcl
module "tgw" {
source = "terraform-aws-modules/transit-gateway/aws"
- version = "~> 2.0"
name = "my-tgw"
description = "My TGW shared with several other AWS accounts"
@@ -16,8 +15,8 @@ module "tgw" {
vpc_attachments = {
vpc = {
- vpc_id = module.vpc.vpc_id
- subnet_ids = module.vpc.private_subnets
+ vpc_id = "vpc-1234556abcdef"
+ subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
dns_support = true
ipv6_support = true
@@ -26,7 +25,7 @@ module "tgw" {
destination_cidr_block = "30.0.0.0/16"
},
{
- blackhole = true
+ blackhole = true
destination_cidr_block = "40.0.0.0/20"
}
]
@@ -34,28 +33,13 @@ module "tgw" {
}
ram_allow_external_principals = true
- ram_principals = [307990089504]
+ ram_principals = [307990089504]
tags = {
- Purpose = "tgw-complete-example"
+ Terraform = "true"
+ Environment = "dev"
}
}
-
-module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
- version = "~> 3.0"
-
- name = "my-vpc"
-
- cidr = "10.10.0.0/16"
-
- azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
- private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
-
- enable_ipv6 = true
- private_subnet_assign_ipv6_address_on_creation = true
- private_subnet_ipv6_prefixes = [0, 1, 2]
-}
```
## Examples
@@ -68,14 +52,14 @@ module "vpc" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13.1 |
-| [aws](#requirement\_aws) | >= 4.4 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 4.4 |
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
@@ -119,13 +103,14 @@ No modules.
| [ram\_principals](#input\_ram\_principals) | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | `list(string)` | `[]` | no |
| [ram\_resource\_share\_arn](#input\_ram\_resource\_share\_arn) | ARN of RAM resource share | `string` | `""` | no |
| [ram\_tags](#input\_ram\_tags) | Additional tags for the RAM | `map(string)` | `{}` | no |
+| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
| [share\_tgw](#input\_share\_tgw) | Whether to share your transit gateway with other accounts | `bool` | `true` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [tgw\_default\_route\_table\_tags](#input\_tgw\_default\_route\_table\_tags) | Additional tags for the Default TGW route table | `map(string)` | `{}` | no |
| [tgw\_route\_table\_tags](#input\_tgw\_route\_table\_tags) | Additional tags for the TGW route table | `map(string)` | `{}` | no |
| [tgw\_tags](#input\_tgw\_tags) | Additional tags for the TGW | `map(string)` | `{}` | no |
| [tgw\_vpc\_attachment\_tags](#input\_tgw\_vpc\_attachment\_tags) | Additional tags for VPC attachments | `map(string)` | `{}` | no |
-| [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | `map(string)` | `{}` | no |
+| [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | object({
create = optional(bool)
update = optional(bool)
delete = optional(bool)
}) | `null` | no |
| [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6 | `list(string)` | `[]` | no |
| [transit\_gateway\_route\_table\_id](#input\_transit\_gateway\_route\_table\_id) | Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs | `string` | `null` | no |
| [vpc\_attachments](#input\_vpc\_attachments) | Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. | `any` | `{}` | no |
diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 0000000..8d54b3d
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,5 @@
+# Examples
+
+The examples provided demonstrate different cluster configurations that users can create with the modules provided.
+
+Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc.
diff --git a/examples/complete/README.md b/examples/complete/README.md
index b4ef9c3..d56669e 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -19,24 +19,28 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 4.4 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [tgw](#module\_tgw) | ../../ | n/a |
-| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 1f372a8..fcf5126 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -2,14 +2,20 @@ provider "aws" {
region = local.region
}
+data "aws_availability_zones" "available" {}
+
locals {
- name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}"
region = "eu-west-1"
+ name = "ex-${basename(path.cwd)}"
+
+ vpc1_cidr = "10.10.0.0/16"
+ vpc2_cidr = "10.20.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
tags = {
+ Name = local.name
Example = local.name
- GithubRepo = "terraform-aws-eks"
- GithubOrg = "terraform-aws-transit-gateway"
+ Repository = "https://github.com/terraform-aws-modules/terraform-aws-transit-gateway"
}
}
@@ -87,13 +93,13 @@ module "tgw" {
module "vpc1" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
- name = "${local.name}-vpc1"
- cidr = "10.10.0.0/16"
+ name = "${local.name}-1"
+ cidr = local.vpc1_cidr
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc1_cidr, 8, k)]
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
@@ -104,13 +110,13 @@ module "vpc1" {
module "vpc2" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
- name = "${local.name}-vpc2"
- cidr = "10.20.0.0/16"
+ name = "${local.name}-2"
+ cidr = local.vpc2_cidr
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc2_cidr, 8, k)]
enable_ipv6 = false
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 46b7087..db13b0a 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4.4"
+ version = ">= 6.0"
}
}
}
diff --git a/examples/multi-account/README.md b/examples/multi-account/README.md
index d3726ee..c2e1417 100644
--- a/examples/multi-account/README.md
+++ b/examples/multi-account/README.md
@@ -19,12 +19,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 4.4 |
+| [terraform](#requirement\_terraform) | >= 1.5.7 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
@@ -32,12 +34,14 @@ No providers.
|------|--------|---------|
| [tgw](#module\_tgw) | ../../ | n/a |
| [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a |
-| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/multi-account/main.tf b/examples/multi-account/main.tf
index 56e0b70..4e2af65 100644
--- a/examples/multi-account/main.tf
+++ b/examples/multi-account/main.tf
@@ -8,14 +8,20 @@ provider "aws" {
alias = "peer"
}
+data "aws_availability_zones" "available" {}
+
locals {
- name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}"
region = "eu-west-1"
+ name = "ex-${basename(path.cwd)}"
+
+ vpc1_cidr = "10.10.0.0/16"
+ vpc2_cidr = "10.20.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
tags = {
+ Name = local.name
Example = local.name
- GithubRepo = "terraform-aws-eks"
- GithubOrg = "terraform-aws-transit-gateway"
+ Repository = "https://github.com/terraform-aws-modules/terraform-aws-transit-gateway"
}
}
@@ -131,13 +137,13 @@ module "tgw_peer" {
module "vpc1" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
- name = "${local.name}-vpc1"
- cidr = "10.10.0.0/16"
+ name = "${local.name}-1"
+ cidr = local.vpc1_cidr
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc1_cidr, 8, k)]
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
@@ -146,20 +152,15 @@ module "vpc1" {
tags = local.tags
}
-
module "vpc2" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
-
- providers = {
- aws = aws.peer
- }
+ version = "~> 6.0"
- name = "${local.name}-vpc2"
- cidr = "10.20.0.0/16"
+ name = "${local.name}-2"
+ cidr = local.vpc2_cidr
- azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
- private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
+ azs = local.azs
+ private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc2_cidr, 8, k)]
enable_ipv6 = false
diff --git a/examples/multi-account/versions.tf b/examples/multi-account/versions.tf
index 46b7087..db13b0a 100644
--- a/examples/multi-account/versions.tf
+++ b/examples/multi-account/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4.4"
+ version = ">= 6.0"
}
}
}
diff --git a/main.tf b/main.tf
index 8fbec96..8925638 100644
--- a/main.tf
+++ b/main.tf
@@ -28,6 +28,8 @@ locals {
resource "aws_ec2_transit_gateway" "this" {
count = var.create_tgw ? 1 : 0
+ region = var.region
+
description = coalesce(var.description, var.name)
amazon_side_asn = var.amazon_side_asn
default_route_table_association = var.enable_default_route_table_association ? "enable" : "disable"
@@ -39,10 +41,13 @@ resource "aws_ec2_transit_gateway" "this" {
transit_gateway_cidr_blocks = var.transit_gateway_cidr_blocks
security_group_referencing_support = var.enable_sg_referencing_support ? "enable" : "disable"
- timeouts {
- create = try(var.timeouts.create, null)
- update = try(var.timeouts.update, null)
- delete = try(var.timeouts.delete, null)
+ dynamic "timeouts" {
+ for_each = var.timeouts == null ? [] : [var.timeouts]
+ content {
+ create = timeouts.value.create
+ update = timeouts.value.update
+ delete = timeouts.value.delete
+ }
}
tags = merge(
@@ -55,6 +60,8 @@ resource "aws_ec2_transit_gateway" "this" {
resource "aws_ec2_tag" "this" {
for_each = { for k, v in local.tgw_default_route_table_tags_merged : k => v if var.create_tgw && var.enable_default_route_table_association }
+ region = var.region
+
resource_id = aws_ec2_transit_gateway.this[0].association_default_route_table_id
key = each.key
value = each.value
@@ -67,6 +74,8 @@ resource "aws_ec2_tag" "this" {
resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
for_each = var.vpc_attachments
+ region = var.region
+
transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.value.tgw_id
vpc_id = each.value.vpc_id
subnet_ids = each.value.subnet_ids
@@ -95,6 +104,8 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
resource "aws_ec2_transit_gateway_route_table" "this" {
count = var.create_tgw && var.create_tgw_routes ? 1 : 0
+ region = var.region
+
transit_gateway_id = aws_ec2_transit_gateway.this[0].id
tags = merge(
@@ -107,6 +118,8 @@ resource "aws_ec2_transit_gateway_route_table" "this" {
resource "aws_ec2_transit_gateway_route" "this" {
count = var.create_tgw_routes ? length(local.vpc_attachments_with_routes) : 0
+ region = var.region
+
destination_cidr_block = local.vpc_attachments_with_routes[count.index][1].destination_cidr_block
blackhole = try(local.vpc_attachments_with_routes[count.index][1].blackhole, null)
@@ -120,6 +133,8 @@ resource "aws_route" "this" {
tgw_id = x.tgw_id
} }
+ region = var.region
+
route_table_id = each.key
destination_cidr_block = try(each.value.ipv6_support, false) ? null : each.value["cidr"]
destination_ipv6_cidr_block = try(each.value.ipv6_support, false) ? each.value["cidr"] : null
@@ -133,6 +148,8 @@ resource "aws_ec2_transit_gateway_route_table_association" "this" {
for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_association, true) != true
}
+ region = var.region
+
# Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id
transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id)
@@ -143,6 +160,8 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" {
for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_propagation, true) != true
}
+ region = var.region
+
# Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id
transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id)
@@ -152,15 +171,21 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" {
# Resource Access Manager
################################################################################
+locals {
+ ram_name = coalesce(var.ram_name, var.name)
+}
+
resource "aws_ram_resource_share" "this" {
count = var.create_tgw && var.share_tgw ? 1 : 0
- name = coalesce(var.ram_name, var.name)
+ region = var.region
+
+ name = local.ram_name
allow_external_principals = var.ram_allow_external_principals
tags = merge(
var.tags,
- { Name = coalesce(var.ram_name, var.name) },
+ { Name = local.ram_name },
var.ram_tags,
)
}
@@ -168,6 +193,8 @@ resource "aws_ram_resource_share" "this" {
resource "aws_ram_resource_association" "this" {
count = var.create_tgw && var.share_tgw ? 1 : 0
+ region = var.region
+
resource_arn = aws_ec2_transit_gateway.this[0].arn
resource_share_arn = aws_ram_resource_share.this[0].id
}
@@ -175,6 +202,8 @@ resource "aws_ram_resource_association" "this" {
resource "aws_ram_principal_association" "this" {
count = var.create_tgw && var.share_tgw ? length(var.ram_principals) : 0
+ region = var.region
+
principal = var.ram_principals[count.index]
resource_share_arn = aws_ram_resource_share.this[0].arn
}
@@ -182,5 +211,7 @@ resource "aws_ram_principal_association" "this" {
resource "aws_ram_resource_share_accepter" "this" {
count = !var.create_tgw && var.share_tgw ? 1 : 0
+ region = var.region
+
share_arn = var.ram_resource_share_arn
}
diff --git a/variables.tf b/variables.tf
index da01c9d..83e29c8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -10,6 +10,12 @@ variable "tags" {
default = {}
}
+variable "region" {
+ description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+ type = string
+ default = null
+}
+
################################################################################
# Transit Gateway
################################################################################
@@ -76,8 +82,12 @@ variable "transit_gateway_cidr_blocks" {
variable "timeouts" {
description = "Create, update, and delete timeout configurations for the transit gateway"
- type = map(string)
- default = {}
+ type = object({
+ create = optional(bool)
+ update = optional(bool)
+ delete = optional(bool)
+ })
+ default = null
}
variable "tgw_tags" {
diff --git a/versions.tf b/versions.tf
index 03533eb..db13b0a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 0.13.1"
+ required_version = ">= 1.5.7"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4.4"
+ version = ">= 6.0"
}
}
}