-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmain.tf
123 lines (85 loc) · 4.45 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
locals {
tgw_id = element(concat(aws_ec2_transit_gateway.this.*.id, [var.tgw_id]), 0)
tgw_arn = element(concat(aws_ec2_transit_gateway.this.*.arn, [var.tgw_arn]), 0)
tgw_attachment_id = element(concat(aws_ec2_transit_gateway_vpc_attachment.this.*.id, [var.tgw_attachment_id]), 0)
tgw_route_rtb = element(concat(aws_ec2_transit_gateway_route_table.this.*.id, [var.alt_tgw_route_table_id]), 0)
}
resource "aws_ec2_transit_gateway" "this" {
count = var.create_tgw ? 1 : 0
description = var.tgw_gateway_description
amazon_side_asn = var.tgw_amazon_side_asn
auto_accept_shared_attachments = var.tgw_auto_accept_shared_attachments
default_route_table_association = var.tgw_default_route_table_association
default_route_table_propagation = var.tgw_default_route_table_propagation
dns_support = var.tgw_dns_support
vpn_ecmp_support = var.tgw_vpn_ecmp_support
tags = var.tgw_tags
}
# Creates a gateway route table and associates with the Gateway
resource "aws_ec2_transit_gateway_route_table" "this" {
count = var.create_tgw_route_table ? 1 : 0
transit_gateway_id = local.tgw_id
tags = merge(var.default_tags, var.route_table_tags)
}
resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
count = var.attach_to_vpc ? 1 : 0
vpc_id = var.vpc_id != "" ? var.vpc_id : data.aws_vpc.default.id
subnet_ids = var.vpc_id != "" ? var.subnet_ids : data.aws_subnets.subnets.*[0].ids
transit_gateway_id = local.tgw_id
transit_gateway_default_route_table_association = var.tgw_route_table_association
transit_gateway_default_route_table_propagation = var.tgw_route_table_propagation
tags = merge(var.default_tags, var.tgw_tags)
}
resource "aws_ec2_transit_gateway_route_table_association" "this" {
count = var.create_tgw_route_table && var.add_tgw_route_table_association ? 1 : 0
transit_gateway_attachment_id = local.tgw_attachment_id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.this[0].id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.this]
}
resource "aws_ec2_transit_gateway_route_table_propagation" "this" {
count = var.create_tgw_route_table && var.add_tgw_route_table_propagation ? 1 : 0
transit_gateway_attachment_id = local.tgw_attachment_id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.this[0].id
depends_on = [aws_ec2_transit_gateway_route_table.this]
}
resource "aws_ec2_transit_gateway_route_table_association" "this_cross_account" {
count = var.attach_to_vpc && !var.create_tgw_route_table && var.use_cross_account_tgw_route_table && var.add_tgw_route_table_association ? 1 : 0
provider = aws.tgw_rt_owner
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[0].id
transit_gateway_route_table_id = var.alt_tgw_route_table_id
}
resource "aws_ec2_transit_gateway_route_table_propagation" "this_cross_account" {
count = var.attach_to_vpc && !var.create_tgw_route_table && var.use_cross_account_tgw_route_table && var.add_tgw_route_table_propagation ? 1 : 0
provider = aws.tgw_rt_owner
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.this[0].id
transit_gateway_route_table_id = var.alt_tgw_route_table_id
}
resource "aws_ec2_transit_gateway_route" "this" {
count = var.create_tgw_routes ? length(var.tgw_route) : 0
destination_cidr_block = var.tgw_route[count.index]
transit_gateway_attachment_id = local.tgw_attachment_id
transit_gateway_route_table_id = local.tgw_route_rtb
}
resource "aws_ec2_transit_gateway_prefix_list_reference" "this" {
count = var.create_tgw_routes ? length(var.tgw_prefix_list) : 0
prefix_list_id = var.tgw_prefix_list[count.index]
transit_gateway_attachment_id = local.tgw_attachment_id
transit_gateway_route_table_id = local.tgw_route_rtb
}
resource "aws_ram_resource_share" "this" {
count = var.share_tgw ? 1 : 0
name = var.ram_share_name
allow_external_principals = false
tags = var.ram_share_tags
}
resource "aws_ram_resource_association" "this" {
count = var.create_tgw && var.share_tgw ? 1 : 0
resource_arn = local.tgw_arn
resource_share_arn = aws_ram_resource_share.this[0].arn
}
// Todo not really a thing at the moment leave switched off.
resource "aws_ram_principal_association" "this" {
count = var.share_tgw ? 1 : 0
principal = data.aws_caller_identity.this.account_id
resource_share_arn = aws_ram_resource_share.this[0].arn
}