Terraform module which creates Transit Gateway resources on AWS.
module "tgw" {
source = "terraform-aws-modules/transit-gateway/aws"
version = "~> 2.0"
name = "my-tgw"
description = "My TGW shared with several other AWS accounts"
enable_auto_accept_shared_attachments = true
vpc_attachments = {
vpc = {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
dns_support = true
ipv6_support = true
tgw_routes = [
{
destination_cidr_block = "30.0.0.0/16"
},
{
blackhole = true
destination_cidr_block = "40.0.0.0/20"
}
]
add_routes = [
{
destination_cidr_block = "30.0.0.0/16"
route_table_ids = concat(module.vpc.public_route_table_ids, module.vpc.private_route_table_ids)
}
]
}
}
ram_allow_external_principals = true
ram_principals = [307990089504]
tags = {
Purpose = "tgw-complete-example"
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 3.0"
name = "my-vpc"
cidr = "10.10.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
private_subnet_ipv6_prefixes = [0, 1, 2]
}- Complete example shows TGW in combination with the VPC module and Resource Access Manager (RAM).
- Multi-account example shows TGW resources shared with different AWS accounts (via Resource Access Manager (RAM)).
When using the terraform-aws-modules/terraform-aws-vpc module, each subnet created will be associated with its own routing table. This makes the default VPC routing table unused. With the help of this additional block, we are creating routes in all provided route tables.
add_routes = [
{
destination_cidr_block = "10.0.0.0/8"
route_table_ids = concat(module.vpc.public_route_table_ids, module.vpc.private_route_table_ids)
}
]
| Name | Version |
|---|---|
| terraform | >= 0.12.26 |
| aws | >= 3.15.0 |
| Name | Version |
|---|---|
| aws | >= 3.15.0 |
No modules.
| Name | Type |
|---|---|
| aws_ec2_tag.this | resource |
| aws_ec2_transit_gateway.this | resource |
| aws_ec2_transit_gateway_route.this | resource |
| aws_ec2_transit_gateway_route_table.this | resource |
| aws_ec2_transit_gateway_route_table_association.this | resource |
| aws_ec2_transit_gateway_route_table_propagation.this | resource |
| aws_ec2_transit_gateway_vpc_attachment.this | resource |
| aws_ram_principal_association.this | resource |
| aws_ram_resource_association.this | resource |
| aws_ram_resource_share.this | resource |
| aws_ram_resource_share_accepter.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN. | string |
"64512" |
no |
| create_tgw | Controls if TGW should be created (it affects almost all resources) | bool |
true |
no |
| description | Description of the EC2 Transit Gateway | string |
null |
no |
| enable_auto_accept_shared_attachments | Whether resource attachment requests are automatically accepted | bool |
false |
no |
| enable_default_route_table_association | Whether resource attachments are automatically associated with the default association route table | bool |
true |
no |
| enable_default_route_table_propagation | Whether resource attachments automatically propagate routes to the default propagation route table | bool |
true |
no |
| enable_dns_support | Should be true to enable DNS support in the TGW | bool |
true |
no |
| enable_vpn_ecmp_support | Whether VPN Equal Cost Multipath Protocol support is enabled | bool |
true |
no |
| name | Name to be used on all the resources as identifier | string |
"" |
no |
| ram_allow_external_principals | Indicates whether principals outside your organization can be associated with a resource share. | bool |
false |
no |
| ram_name | The name of the resource share of TGW | string |
"" |
no |
| ram_principals | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | list(string) |
[] |
no |
| ram_resource_share_arn | ARN of RAM resource share | string |
"" |
no |
| ram_tags | Additional tags for the RAM | map(string) |
{} |
no |
| share_tgw | Whether to share your transit gateway with other accounts | bool |
true |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| tgw_default_route_table_tags | Additional tags for the Default TGW route table | map(string) |
{} |
no |
| tgw_route_table_tags | Additional tags for the TGW route table | map(string) |
{} |
no |
| tgw_tags | Additional tags for the TGW | map(string) |
{} |
no |
| tgw_vpc_attachment_tags | Additional tags for VPC attachments | map(string) |
{} |
no |
| transit_gateway_route_table_id | Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs | string |
null |
no |
| vpc_attachments | Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. | any |
{} |
no |
| Name | Description |
|---|---|
| ec2_transit_gateway_arn | EC2 Transit Gateway Amazon Resource Name (ARN) |
| ec2_transit_gateway_association_default_route_table_id | Identifier of the default association route table |
| ec2_transit_gateway_id | EC2 Transit Gateway identifier |
| ec2_transit_gateway_owner_id | Identifier of the AWS account that owns the EC2 Transit Gateway |
| ec2_transit_gateway_propagation_default_route_table_id | Identifier of the default propagation route table |
| ec2_transit_gateway_route_ids | List of EC2 Transit Gateway Route Table identifier combined with destination |
| ec2_transit_gateway_route_table_association | Map of EC2 Transit Gateway Route Table Association attributes |
| ec2_transit_gateway_route_table_association_ids | List of EC2 Transit Gateway Route Table Association identifiers |
| ec2_transit_gateway_route_table_default_association_route_table | Boolean whether this is the default association route table for the EC2 Transit Gateway |
| ec2_transit_gateway_route_table_default_propagation_route_table | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
| ec2_transit_gateway_route_table_id | EC2 Transit Gateway Route Table identifier |
| ec2_transit_gateway_route_table_propagation | Map of EC2 Transit Gateway Route Table Propagation attributes |
| ec2_transit_gateway_route_table_propagation_ids | List of EC2 Transit Gateway Route Table Propagation identifiers |
| ec2_transit_gateway_vpc_attachment | Map of EC2 Transit Gateway VPC Attachment attributes |
| ec2_transit_gateway_vpc_attachment_ids | List of EC2 Transit Gateway VPC Attachment identifiers |
| ram_principal_association_id | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
| ram_resource_share_id | The Amazon Resource Name (ARN) of the resource share |
Module is maintained by Anton Babenko with help from these awesome contributors.
Apache 2 Licensed. See LICENSE for full details.