From f47f7e9c7f663522b3c22edb5a5452044598eac3 Mon Sep 17 00:00:00 2001 From: Gert van den Berg Date: Fri, 18 Jul 2025 11:54:55 +0200 Subject: [PATCH 1/4] Add support for specifying the region for version 6+ of the AWS provider --- README.md | 5 ++- examples/multi-region/README.md | 67 ++++++++++++++++++++++++++++++ examples/multi-region/main.tf | 47 +++++++++++++++++++++ examples/multi-region/outputs.tf | 1 + examples/multi-region/variables.tf | 0 examples/multi-region/versions.tf | 10 +++++ main.tf | 24 +++++++++++ variables.tf | 6 +++ versions.tf | 2 +- 9 files changed, 159 insertions(+), 3 deletions(-) create mode 100644 examples/multi-region/README.md create mode 100644 examples/multi-region/main.tf create mode 100644 examples/multi-region/outputs.tf create mode 100644 examples/multi-region/variables.tf create mode 100644 examples/multi-region/versions.tf diff --git a/README.md b/README.md index 53900ce..1353395 100644 --- a/README.md +++ b/README.md @@ -69,13 +69,13 @@ module "vpc" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 4.4 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.4 | +| [aws](#provider\_aws) | >= 6.0 | ## Modules @@ -119,6 +119,7 @@ No modules. | [ram\_principals](#input\_ram\_principals) | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | `list(string)` | `[]` | no | | [ram\_resource\_share\_arn](#input\_ram\_resource\_share\_arn) | ARN of RAM resource share | `string` | `""` | no | | [ram\_tags](#input\_ram\_tags) | Additional tags for the RAM | `map(string)` | `{}` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [share\_tgw](#input\_share\_tgw) | Whether to share your transit gateway with other accounts | `bool` | `true` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [tgw\_default\_route\_table\_tags](#input\_tgw\_default\_route\_table\_tags) | Additional tags for the Default TGW route table | `map(string)` | `{}` | no | diff --git a/examples/multi-region/README.md b/examples/multi-region/README.md new file mode 100644 index 0000000..dd795ad --- /dev/null +++ b/examples/multi-region/README.md @@ -0,0 +1,67 @@ +# Complete AWS Transit Gateway example + +Configuration in this directory creates two AWS Transit Gateways in different regions. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.4 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [tgw](#module\_tgw) | ../../ | n/a | +| [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a | +| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) | +| [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table | +| [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier | +| [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway | +| [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table | +| [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination | +| [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes | +| [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers | +| [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway | +| [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway | +| [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier | +| [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes | +| [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers | +| [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes | +| [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers | +| [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma | +| [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share | + diff --git a/examples/multi-region/main.tf b/examples/multi-region/main.tf new file mode 100644 index 0000000..c6aa451 --- /dev/null +++ b/examples/multi-region/main.tf @@ -0,0 +1,47 @@ +provider "aws" { + region = local.region1 +} + +locals { + name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}" + region1 = "eu-west-1" + region2 = "eu-north-1" + + tags = { + Example = local.name + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-transit-gateway" + } +} + +################################################################################ +# Transit Gateway Module +################################################################################ + +module "tgw_region1" { + source = "../../" + + region = local.region1 + + name = local.name + description = "My TGW in ${local.region1}" + amazon_side_asn = 64532 + + share_tgw = false + + tags = local.tags +} + +module "tgw_region2" { + source = "../../" + + region = local.region2 + + name = "${local.name}-peer" + description = "My TGW in ${local.region2}" + amazon_side_asn = 64532 + + share_tgw = false + + tags = local.tags +} diff --git a/examples/multi-region/outputs.tf b/examples/multi-region/outputs.tf new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/examples/multi-region/outputs.tf @@ -0,0 +1 @@ + diff --git a/examples/multi-region/variables.tf b/examples/multi-region/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/examples/multi-region/versions.tf b/examples/multi-region/versions.tf new file mode 100644 index 0000000..46b7087 --- /dev/null +++ b/examples/multi-region/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.4" + } + } +} diff --git a/main.tf b/main.tf index 8fbec96..da97814 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,8 @@ locals { resource "aws_ec2_transit_gateway" "this" { count = var.create_tgw ? 1 : 0 + region = var.region + description = coalesce(var.description, var.name) amazon_side_asn = var.amazon_side_asn default_route_table_association = var.enable_default_route_table_association ? "enable" : "disable" @@ -55,6 +57,8 @@ resource "aws_ec2_transit_gateway" "this" { resource "aws_ec2_tag" "this" { for_each = { for k, v in local.tgw_default_route_table_tags_merged : k => v if var.create_tgw && var.enable_default_route_table_association } + region = var.region + resource_id = aws_ec2_transit_gateway.this[0].association_default_route_table_id key = each.key value = each.value @@ -67,6 +71,8 @@ resource "aws_ec2_tag" "this" { resource "aws_ec2_transit_gateway_vpc_attachment" "this" { for_each = var.vpc_attachments + region = var.region + transit_gateway_id = var.create_tgw ? aws_ec2_transit_gateway.this[0].id : each.value.tgw_id vpc_id = each.value.vpc_id subnet_ids = each.value.subnet_ids @@ -95,6 +101,8 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "this" { resource "aws_ec2_transit_gateway_route_table" "this" { count = var.create_tgw && var.create_tgw_routes ? 1 : 0 + region = var.region + transit_gateway_id = aws_ec2_transit_gateway.this[0].id tags = merge( @@ -107,6 +115,8 @@ resource "aws_ec2_transit_gateway_route_table" "this" { resource "aws_ec2_transit_gateway_route" "this" { count = var.create_tgw_routes ? length(local.vpc_attachments_with_routes) : 0 + region = var.region + destination_cidr_block = local.vpc_attachments_with_routes[count.index][1].destination_cidr_block blackhole = try(local.vpc_attachments_with_routes[count.index][1].blackhole, null) @@ -120,6 +130,8 @@ resource "aws_route" "this" { tgw_id = x.tgw_id } } + region = var.region + route_table_id = each.key destination_cidr_block = try(each.value.ipv6_support, false) ? null : each.value["cidr"] destination_ipv6_cidr_block = try(each.value.ipv6_support, false) ? each.value["cidr"] : null @@ -133,6 +145,8 @@ resource "aws_ec2_transit_gateway_route_table_association" "this" { for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_association, true) != true } + region = var.region + # Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id) @@ -143,6 +157,8 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" { for k, v in var.vpc_attachments : k => v if var.create_tgw && var.create_tgw_routes && try(v.transit_gateway_default_route_table_propagation, true) != true } + region = var.region + # Create association if it was not set already by aws_ec2_transit_gateway_vpc_attachment resource transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[each.key].id transit_gateway_route_table_id = var.create_tgw ? aws_ec2_transit_gateway_route_table.this[0].id : try(each.value.transit_gateway_route_table_id, var.transit_gateway_route_table_id) @@ -155,6 +171,8 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" { resource "aws_ram_resource_share" "this" { count = var.create_tgw && var.share_tgw ? 1 : 0 + region = var.region + name = coalesce(var.ram_name, var.name) allow_external_principals = var.ram_allow_external_principals @@ -168,6 +186,8 @@ resource "aws_ram_resource_share" "this" { resource "aws_ram_resource_association" "this" { count = var.create_tgw && var.share_tgw ? 1 : 0 + region = var.region + resource_arn = aws_ec2_transit_gateway.this[0].arn resource_share_arn = aws_ram_resource_share.this[0].id } @@ -175,6 +195,8 @@ resource "aws_ram_resource_association" "this" { resource "aws_ram_principal_association" "this" { count = var.create_tgw && var.share_tgw ? length(var.ram_principals) : 0 + region = var.region + principal = var.ram_principals[count.index] resource_share_arn = aws_ram_resource_share.this[0].arn } @@ -182,5 +204,7 @@ resource "aws_ram_principal_association" "this" { resource "aws_ram_resource_share_accepter" "this" { count = !var.create_tgw && var.share_tgw ? 1 : 0 + region = var.region + share_arn = var.ram_resource_share_arn } diff --git a/variables.tf b/variables.tf index da01c9d..7e2899e 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,12 @@ variable "tags" { default = {} } +variable "region" { + description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration" + type = string + default = null +} + ################################################################################ # Transit Gateway ################################################################################ diff --git a/versions.tf b/versions.tf index 03533eb..07eaa21 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.4" + version = ">= 6.0" } } } From 268235be96266945c0330b7bc8f203534599c7bd Mon Sep 17 00:00:00 2001 From: Gert van den Berg <1136567+mohag@users.noreply.github.com> Date: Thu, 28 Aug 2025 18:48:30 +0200 Subject: [PATCH 2/4] Update examples/multi-region/versions.tf Co-authored-by: Marc Tamsky --- examples/multi-region/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/multi-region/versions.tf b/examples/multi-region/versions.tf index 46b7087..aaf26b8 100644 --- a/examples/multi-region/versions.tf +++ b/examples/multi-region/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.4" + version = ">= 6.0" } } } From e4c7507c8312aae57590150b4c84419a40aadab8 Mon Sep 17 00:00:00 2001 From: Gert van den Berg Date: Fri, 29 Aug 2025 11:22:05 +0200 Subject: [PATCH 3/4] Set minimum version where the region is used to 6.0 --- examples/multi-region/README.md | 28 ++++------------------------ examples/multi-region/outputs.tf | 1 - 2 files changed, 4 insertions(+), 25 deletions(-) diff --git a/examples/multi-region/README.md b/examples/multi-region/README.md index dd795ad..41a2f19 100644 --- a/examples/multi-region/README.md +++ b/examples/multi-region/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.4 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers @@ -30,10 +30,8 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [tgw](#module\_tgw) | ../../ | n/a | -| [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a | -| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 | -| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [tgw\_region1](#module\_tgw\_region1) | ../../ | n/a | +| [tgw\_region2](#module\_tgw\_region2) | ../../ | n/a | ## Resources @@ -45,23 +43,5 @@ No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) | -| [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table | -| [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier | -| [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway | -| [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table | -| [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination | -| [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes | -| [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers | -| [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway | -| [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway | -| [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier | -| [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes | -| [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers | -| [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes | -| [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers | -| [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma | -| [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share | +No outputs. diff --git a/examples/multi-region/outputs.tf b/examples/multi-region/outputs.tf index 8b13789..e69de29 100644 --- a/examples/multi-region/outputs.tf +++ b/examples/multi-region/outputs.tf @@ -1 +0,0 @@ - From c2e91697a66fc72578336b2f411b308a1237b310 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 25 Sep 2025 16:04:02 -0500 Subject: [PATCH 4/4] feat!: Raise MSV of Terraform to `v1.5.7` --- .pre-commit-config.yaml | 4 +-- README.md | 32 +++++--------------- examples/README.md | 5 ++++ examples/complete/README.md | 16 ++++++---- examples/complete/main.tf | 32 +++++++++++--------- examples/complete/versions.tf | 4 +-- examples/multi-account/README.md | 16 ++++++---- examples/multi-account/main.tf | 37 +++++++++++------------ examples/multi-account/versions.tf | 4 +-- examples/multi-region/README.md | 47 ------------------------------ examples/multi-region/main.tf | 47 ------------------------------ examples/multi-region/outputs.tf | 0 examples/multi-region/variables.tf | 0 examples/multi-region/versions.tf | 10 ------- main.tf | 19 ++++++++---- variables.tf | 8 +++-- versions.tf | 2 +- 17 files changed, 97 insertions(+), 186 deletions(-) create mode 100644 examples/README.md delete mode 100644 examples/multi-region/README.md delete mode 100644 examples/multi-region/main.tf delete mode 100644 examples/multi-region/outputs.tf delete mode 100644 examples/multi-region/variables.tf delete mode 100644 examples/multi-region/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a6cd369..11084f7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.100.0 hooks: - id: terraform_fmt - id: terraform_docs @@ -23,7 +23,7 @@ repos: - '--args=--only=terraform_workspace_remote' - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 1353395..0d4abd9 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ Terraform module which creates Transit Gateway resources on AWS. ```hcl module "tgw" { source = "terraform-aws-modules/transit-gateway/aws" - version = "~> 2.0" name = "my-tgw" description = "My TGW shared with several other AWS accounts" @@ -16,8 +15,8 @@ module "tgw" { vpc_attachments = { vpc = { - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets + vpc_id = "vpc-1234556abcdef" + subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"] dns_support = true ipv6_support = true @@ -26,7 +25,7 @@ module "tgw" { destination_cidr_block = "30.0.0.0/16" }, { - blackhole = true + blackhole = true destination_cidr_block = "40.0.0.0/20" } ] @@ -34,28 +33,13 @@ module "tgw" { } ram_allow_external_principals = true - ram_principals = [307990089504] + ram_principals = [307990089504] tags = { - Purpose = "tgw-complete-example" + Terraform = "true" + Environment = "dev" } } - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 3.0" - - name = "my-vpc" - - cidr = "10.10.0.0/16" - - azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] - private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] - - enable_ipv6 = true - private_subnet_assign_ipv6_address_on_creation = true - private_subnet_ipv6_prefixes = [0, 1, 2] -} ``` ## Examples @@ -68,7 +52,7 @@ module "vpc" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | | [aws](#requirement\_aws) | >= 6.0 | ## Providers @@ -126,7 +110,7 @@ No modules. | [tgw\_route\_table\_tags](#input\_tgw\_route\_table\_tags) | Additional tags for the TGW route table | `map(string)` | `{}` | no | | [tgw\_tags](#input\_tgw\_tags) | Additional tags for the TGW | `map(string)` | `{}` | no | | [tgw\_vpc\_attachment\_tags](#input\_tgw\_vpc\_attachment\_tags) | Additional tags for VPC attachments | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | `map(string)` | `{}` | no | +| [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the transit gateway | 
object({
    create = optional(bool)
    update = optional(bool)
    delete = optional(bool)
  })
| `null` | no | | [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6 | `list(string)` | `[]` | no | | [transit\_gateway\_route\_table\_id](#input\_transit\_gateway\_route\_table\_id) | Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs | `string` | `null` | no | | [vpc\_attachments](#input\_vpc\_attachments) | Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. | `any` | `{}` | no | diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..8d54b3d --- /dev/null +++ b/examples/README.md @@ -0,0 +1,5 @@ +# Examples + +The examples provided demonstrate different cluster configurations that users can create with the modules provided. + +Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc. diff --git a/examples/complete/README.md b/examples/complete/README.md index b4ef9c3..d56669e 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -19,24 +19,28 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.4 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.0 | ## Modules | Name | Source | Version | |------|--------|---------| | [tgw](#module\_tgw) | ../../ | n/a | -| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 | -| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 6.0 | +| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 6.0 | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | ## Inputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 1f372a8..fcf5126 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,14 +2,20 @@ provider "aws" { region = local.region } +data "aws_availability_zones" "available" {} + locals { - name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + name = "ex-${basename(path.cwd)}" + + vpc1_cidr = "10.10.0.0/16" + vpc2_cidr = "10.20.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) tags = { + Name = local.name Example = local.name - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-transit-gateway" + Repository = "https://github.com/terraform-aws-modules/terraform-aws-transit-gateway" } } @@ -87,13 +93,13 @@ module "tgw" { module "vpc1" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" + version = "~> 6.0" - name = "${local.name}-vpc1" - cidr = "10.10.0.0/16" + name = "${local.name}-1" + cidr = local.vpc1_cidr - azs = ["${local.region}a", "${local.region}b", "${local.region}c"] - private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc1_cidr, 8, k)] enable_ipv6 = true private_subnet_assign_ipv6_address_on_creation = true @@ -104,13 +110,13 @@ module "vpc1" { module "vpc2" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" + version = "~> 6.0" - name = "${local.name}-vpc2" - cidr = "10.20.0.0/16" + name = "${local.name}-2" + cidr = local.vpc2_cidr - azs = ["${local.region}a", "${local.region}b", "${local.region}c"] - private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"] + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc2_cidr, 8, k)] enable_ipv6 = false diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 46b7087..db13b0a 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.4" + version = ">= 6.0" } } } diff --git a/examples/multi-account/README.md b/examples/multi-account/README.md index d3726ee..c2e1417 100644 --- a/examples/multi-account/README.md +++ b/examples/multi-account/README.md @@ -19,12 +19,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.4 | +| [terraform](#requirement\_terraform) | >= 1.5.7 | +| [aws](#requirement\_aws) | >= 6.0 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 6.0 | ## Modules @@ -32,12 +34,14 @@ No providers. |------|--------|---------| | [tgw](#module\_tgw) | ../../ | n/a | | [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a | -| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 | -| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 | +| [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 6.0 | +| [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 6.0 | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | ## Inputs diff --git a/examples/multi-account/main.tf b/examples/multi-account/main.tf index 56e0b70..4e2af65 100644 --- a/examples/multi-account/main.tf +++ b/examples/multi-account/main.tf @@ -8,14 +8,20 @@ provider "aws" { alias = "peer" } +data "aws_availability_zones" "available" {} + locals { - name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}" region = "eu-west-1" + name = "ex-${basename(path.cwd)}" + + vpc1_cidr = "10.10.0.0/16" + vpc2_cidr = "10.20.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) tags = { + Name = local.name Example = local.name - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-transit-gateway" + Repository = "https://github.com/terraform-aws-modules/terraform-aws-transit-gateway" } } @@ -131,13 +137,13 @@ module "tgw_peer" { module "vpc1" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" + version = "~> 6.0" - name = "${local.name}-vpc1" - cidr = "10.10.0.0/16" + name = "${local.name}-1" + cidr = local.vpc1_cidr - azs = ["${local.region}a", "${local.region}b", "${local.region}c"] - private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc1_cidr, 8, k)] enable_ipv6 = true private_subnet_assign_ipv6_address_on_creation = true @@ -146,20 +152,15 @@ module "vpc1" { tags = local.tags } - module "vpc2" { source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - providers = { - aws = aws.peer - } + version = "~> 6.0" - name = "${local.name}-vpc2" - cidr = "10.20.0.0/16" + name = "${local.name}-2" + cidr = local.vpc2_cidr - azs = ["${local.region}a", "${local.region}b", "${local.region}c"] - private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"] + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc2_cidr, 8, k)] enable_ipv6 = false diff --git a/examples/multi-account/versions.tf b/examples/multi-account/versions.tf index 46b7087..db13b0a 100644 --- a/examples/multi-account/versions.tf +++ b/examples/multi-account/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.0" + required_version = ">= 1.5.7" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.4" + version = ">= 6.0" } } } diff --git a/examples/multi-region/README.md b/examples/multi-region/README.md deleted file mode 100644 index 41a2f19..0000000 --- a/examples/multi-region/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Complete AWS Transit Gateway example - -Configuration in this directory creates two AWS Transit Gateways in different regions. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 6.0 | - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [tgw\_region1](#module\_tgw\_region1) | ../../ | n/a | -| [tgw\_region2](#module\_tgw\_region2) | ../../ | n/a | - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. - diff --git a/examples/multi-region/main.tf b/examples/multi-region/main.tf deleted file mode 100644 index c6aa451..0000000 --- a/examples/multi-region/main.tf +++ /dev/null @@ -1,47 +0,0 @@ -provider "aws" { - region = local.region1 -} - -locals { - name = "ex-tgw-${replace(basename(path.cwd), "_", "-")}" - region1 = "eu-west-1" - region2 = "eu-north-1" - - tags = { - Example = local.name - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-transit-gateway" - } -} - -################################################################################ -# Transit Gateway Module -################################################################################ - -module "tgw_region1" { - source = "../../" - - region = local.region1 - - name = local.name - description = "My TGW in ${local.region1}" - amazon_side_asn = 64532 - - share_tgw = false - - tags = local.tags -} - -module "tgw_region2" { - source = "../../" - - region = local.region2 - - name = "${local.name}-peer" - description = "My TGW in ${local.region2}" - amazon_side_asn = 64532 - - share_tgw = false - - tags = local.tags -} diff --git a/examples/multi-region/outputs.tf b/examples/multi-region/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/multi-region/variables.tf b/examples/multi-region/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/examples/multi-region/versions.tf b/examples/multi-region/versions.tf deleted file mode 100644 index aaf26b8..0000000 --- a/examples/multi-region/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 6.0" - } - } -} diff --git a/main.tf b/main.tf index da97814..8925638 100644 --- a/main.tf +++ b/main.tf @@ -41,10 +41,13 @@ resource "aws_ec2_transit_gateway" "this" { transit_gateway_cidr_blocks = var.transit_gateway_cidr_blocks security_group_referencing_support = var.enable_sg_referencing_support ? "enable" : "disable" - timeouts { - create = try(var.timeouts.create, null) - update = try(var.timeouts.update, null) - delete = try(var.timeouts.delete, null) + dynamic "timeouts" { + for_each = var.timeouts == null ? [] : [var.timeouts] + content { + create = timeouts.value.create + update = timeouts.value.update + delete = timeouts.value.delete + } } tags = merge( @@ -168,17 +171,21 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" { # Resource Access Manager ################################################################################ +locals { + ram_name = coalesce(var.ram_name, var.name) +} + resource "aws_ram_resource_share" "this" { count = var.create_tgw && var.share_tgw ? 1 : 0 region = var.region - name = coalesce(var.ram_name, var.name) + name = local.ram_name allow_external_principals = var.ram_allow_external_principals tags = merge( var.tags, - { Name = coalesce(var.ram_name, var.name) }, + { Name = local.ram_name }, var.ram_tags, ) } diff --git a/variables.tf b/variables.tf index 7e2899e..83e29c8 100644 --- a/variables.tf +++ b/variables.tf @@ -82,8 +82,12 @@ variable "transit_gateway_cidr_blocks" { variable "timeouts" { description = "Create, update, and delete timeout configurations for the transit gateway" - type = map(string) - default = {} + type = object({ + create = optional(bool) + update = optional(bool) + delete = optional(bool) + }) + default = null } variable "tgw_tags" { diff --git a/versions.tf b/versions.tf index 07eaa21..db13b0a 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.1" + required_version = ">= 1.5.7" required_providers { aws = {