diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2e66574..35684aa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -30,7 +30,7 @@ updates: open-pull-requests-limit: 3 - package-ecosystem: "terraform" # See documentation for possible values - directory: "/_example/single-account" # Location of package manifests + directory: "/_example/single_account" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -43,7 +43,7 @@ updates: open-pull-requests-limit: 3 - package-ecosystem: "terraform" # See documentation for possible values - directory: "/_example/different-account" # Location of package manifests + directory: "/_example/multi_account" # Location of package manifests schedule: interval: "weekly" # Add assignees diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index ad75382..37527b8 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -8,8 +8,8 @@ jobs: single-account-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: - working_directory: './_example/single-account/' + working_directory: './_example/single_account/' different-account-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: - working_directory: './_example/different-account/' + working_directory: './_example/multi_account/' diff --git a/README.yaml b/README.yaml index 3c4b0b0..90836d2 100644 --- a/README.yaml +++ b/README.yaml @@ -26,7 +26,7 @@ badges: url: "LICENSE.md" prerequesties: - - name: Terraform 1.4.6 + - name: Terraform 1.5.6 url: https://learn.hashicorp.com/terraform/getting-started/install.html # description of this project @@ -43,46 +43,67 @@ usage : |- ### Transit Gateway For Single Account ```hcl - module "transit-gateway" { - source = "clouddrove/transit-gateway/aws" - name = "transit-gateway" - environment = "test" - enable = true - tgw_create = true - - amazon_side_asn = 64512 - auto_accept_shared_attachments = "enable" - default_route_table_propagation = "enable" - description = "This transit Gateway create for testung purpose" - - #TGW Share - resource_share_enable = false - resource_share_allow_external_principals = true - resource_share_account_ids = ["XXXXXXXXXXXXX"] - - # VPC Attachements - vpc_attachement_create = false # Enable After once create the subnets - vpc_id = module.vpc.vpc_id - destination_cidr_block = [ "10.0.0.0/8", "172.16.0.0/12"] - } + module "transit-gateway" { + depends_on = [module.vpc, module.subnets] + source = "./../../" + name = "app" + environment = "test" + tgw_create = true + amazon_side_asn = 64512 + auto_accept_shared_attachments = "enable" + default_route_table_propagation = "enable" + description = "This transit Gateway create for testing purpose" + #TGW Share + resource_share_enable = true + resource_share_allow_external_principals = true + resource_share_account_ids = ["xxxxxxxxxxxx"] + # VPC Attachements + vpc_attachments = { + vpc1 = { + vpc_id = module.vpc.vpc_id + subnet_ids = module.subnets.public_subnet_id + transit_gateway_default_route_table_association = true + transit_gateway_default_route_table_propagation = true + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets.public_route_tables_id + #destination_cidr = ["10.11.0.0/16"] + }, + vpc2 = { + vpc_id = module.vpc_other.vpc_id + subnet_ids = module.subnets_other.public_subnet_id + transit_gateway_default_route_table_association = false + transit_gateway_default_route_table_propagation = false + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets_other.public_route_tables_id + #destination_cidr = ["31.0.0.0/16", "53.0.0.0/16"] + } + } + } ``` - ### Transit Gateway Diffrent AWS Account + ### Transit Gateway for Multi AWS Account ```hcl - module "transit-gateway" { - source = "clouddrove/transit-gateway/aws" - name = "transit-gateway" - environment = "test" - - #Transit gateway invitation accepter - aws_ram_resource_share_accepter = true - resource_share_arn = "arn:aws:ram:eu-west-1:XXXXXXXXXXX:resource-share/XXXXXXXXXXXXXXXXXXXXXXXXXX" - - # VPC Attachements - vpc_attachement_create = false # Enable After once create the subnets - vpc_id = module.vpc.vpc_id - use_existing_transit_gateway_id = true - transit_gateway_id = "tgw-XXXXXXXXXXX" - destination_cidr_block = ["10.0.0.0/8", "172.16.0.0/12"] - } + module "transit_gateway" { + depends_on = [module.vpc, module.subnets] + source = "./../../" + name = "app" + environment = "test" + tgw_create = false + #TGW Share + aws_ram_resource_share_accepter = true + resource_share_arn = "arn:aws:ram:eu-west-1:xxxxxxxxxx:resource-share/xxxxxxxxxxxxxxxxxxxxxxxxxx" + # VPC Attachements + transit_gateway_id = "tgw-xxxxxxxxxxx" + vpc_attachments = { + vpc1 = { + vpc_id = module.vpc.vpc_id + subnet_ids = module.subnets.public_subnet_id + transit_gateway_default_route_table_association = true + transit_gateway_default_route_table_propagation = true + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets.public_route_tables_id + #destination_cidr = ["10.10.0.0/16"] + } + } + } ``` diff --git a/_example/different-account/example.tf b/_example/different-account/example.tf deleted file mode 100644 index 46a991d..0000000 --- a/_example/different-account/example.tf +++ /dev/null @@ -1,147 +0,0 @@ -provider "aws" { - region = "eu-west-2" -} - -provider "aws" { - alias = "test" - assume_role { - role_arn = "" - } - region = "eu-west-2" -} -locals { - name = "app" - environment = "test" - other_name = "app_1" - other_environment = "test_1" -} - -##------------------------------------------------------------------------------ -## VPC module call. -##------------------------------------------------------------------------------ -module "vpc" { - source = "clouddrove/vpc/aws" - version = "2.0.0" - name = local.name - environment = local.environment - cidr_block = "10.10.0.0/16" -} - -##------------------------------------------------------------------------------ -## Subnet module call. -##------------------------------------------------------------------------------ -module "subnets" { - source = "clouddrove/subnet/aws" - version = "2.0.0" - name = local.name - environment = local.environment - availability_zones = ["eu-west-2a", "eu-west-2b"] - vpc_id = module.vpc.vpc_id - type = "public" - igw_id = module.vpc.igw_id - nat_gateway_enabled = false - cidr_block = module.vpc.vpc_cidr_block - ipv6_cidr_block = module.vpc.ipv6_cidr_block -} - -##------------------------------------------------------------------------------ -## Other-vpc module call. -##------------------------------------------------------------------------------ -module "vpc_other" { - source = "clouddrove/vpc/aws" - version = "2.0.0" - name = local.other_name - environment = local.other_environment - cidr_block = "192.168.0.0/16" -} - -##------------------------------------------------------------------------------ -## Other-subnet module call. -##------------------------------------------------------------------------------ -module "subnets_other" { - source = "clouddrove/subnet/aws" - version = "2.0.0" - name = local.other_name - environment = local.other_environment - availability_zones = ["eu-west-2a", "eu-west-2b"] - vpc_id = module.vpc_other.vpc_id - type = "public" - igw_id = module.vpc_other.igw_id - nat_gateway_enabled = false - cidr_block = module.vpc_other.vpc_cidr_block - -} - -##------------------------------------------------------------------------------ -## transit-gateway module call. -##------------------------------------------------------------------------------ -module "transit-gateway" { - depends_on = [module.vpc, module.subnets] - source = "./../../" - name = local.name - environment = local.environment - tgw_create = true - amazon_side_asn = 64512 - auto_accept_shared_attachments = "enable" - default_route_table_propagation = "enable" - description = "This transit Gateway create for testing purpose" - #TGW Share - resource_share_enable = true - resource_share_allow_external_principals = true - resource_share_account_ids = [""] - # VPC Attachements - vpc_attachments = { - vpc1 = { - vpc_id = module.vpc.vpc_id - subnet_ids = module.subnets.public_subnet_id - transit_gateway_default_route_table_association = false - transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets.public_route_tables_id - destination_cidr = ["30.0.0.0/16", "50.0.0.0/16"] - }, - vpc2 = { - vpc_id = module.vpc_other.vpc_id - subnet_ids = module.subnets_other.public_subnet_id - transit_gateway_default_route_table_association = false - transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets_other.public_route_tables_id - destination_cidr = ["31.0.0.0/16", "53.0.0.0/16"] - } } -} - -##------------------------------------------------------------------------------ -## Transit-gateway module call for diff account. -##------------------------------------------------------------------------------ -module "transit-gateway" { - depends_on = [module.vpc, module.subnets] - source = "./../../" - name = local.name - environment = local.environment - tgw_create = false - amazon_side_asn = 64512 - auto_accept_shared_attachments = "enable" - default_route_table_propagation = "enable" - description = "This transit Gateway create for testing purpose" - #TGW Share - resource_share_enable = true - resource_share_allow_external_principals = true - resource_share_account_ids = [""] - # VPC Attachements - vpc_attachments = { - vpc1 = { - vpc_id = module.vpc.vpc_id - subnet_ids = module.subnets.public_subnet_id - transit_gateway_default_route_table_association = false - transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets.public_route_tables_id - destination_cidr = ["30.0.0.0/16", "50.0.0.0/16"] - }, - vpc2 = { - vpc_id = module.vpc_other.vpc_id - subnet_ids = module.subnets_other.public_subnet_id - transit_gateway_default_route_table_association = false - transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets_other.public_route_tables_id - destination_cidr = ["31.0.0.0/16", "53.0.0.0/16"] - } } -} diff --git a/_example/multi_account/example.tf b/_example/multi_account/example.tf new file mode 100644 index 0000000..1447833 --- /dev/null +++ b/_example/multi_account/example.tf @@ -0,0 +1,71 @@ +provider "aws" { + region = "eu-west-2" +} + +provider "aws" { + alias = "test" + assume_role { + role_arn = "" + } + region = "eu-west-2" +} + +locals { + name = "app_1" + environment = "test" +} + +##------------------------------------------------------------------------------ +## VPC module call. +##------------------------------------------------------------------------------ +module "vpc" { + source = "clouddrove/vpc/aws" + version = "2.0.0" + name = local.name + environment = local.environment + cidr_block = "10.11.0.0/16" +} + +##------------------------------------------------------------------------------ +## Subnet module call. +##------------------------------------------------------------------------------ +module "subnets" { + source = "clouddrove/subnet/aws" + version = "2.0.0" + name = local.name + environment = local.environment + availability_zones = ["eu-west-2a", "eu-west-2b"] + vpc_id = module.vpc.vpc_id + type = "public" + igw_id = module.vpc.igw_id + nat_gateway_enabled = false + cidr_block = module.vpc.vpc_cidr_block + ipv6_cidr_block = module.vpc.ipv6_cidr_block +} + +##------------------------------------------------------------------------------ +## Transit-gateway module call for diff account. +##------------------------------------------------------------------------------ +module "transit_gateway" { + depends_on = [module.vpc, module.subnets] + source = "./../../" + name = local.name + environment = local.environment + tgw_create = false + #TGW Share + aws_ram_resource_share_accepter = true + resource_share_arn = "arn:aws:ram:eu-west-1:xxxxxxxxxx:resource-share/xxxxxxxxxxxxxxxxxxxxxxxxxx" + # VPC Attachements + transit_gateway_id = "tgw-xxxxxxxxxxx" + vpc_attachments = { + vpc1 = { + vpc_id = module.vpc.vpc_id + subnet_ids = module.subnets.public_subnet_id + transit_gateway_default_route_table_association = true + transit_gateway_default_route_table_propagation = true + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets.public_route_tables_id + #destination_cidr = ["10.10.0.0/16"] + } + } +} diff --git a/_example/different-account/outputs.tf b/_example/multi_account/outputs.tf similarity index 100% rename from _example/different-account/outputs.tf rename to _example/multi_account/outputs.tf diff --git a/_example/different-account/versions.tf b/_example/multi_account/versions.tf similarity index 100% rename from _example/different-account/versions.tf rename to _example/multi_account/versions.tf diff --git a/_example/single-account/example.tf b/_example/single_account/example.tf similarity index 81% rename from _example/single-account/example.tf rename to _example/single_account/example.tf index 74ff25d..6b7ed37 100644 --- a/_example/single-account/example.tf +++ b/_example/single_account/example.tf @@ -75,28 +75,32 @@ module "transit-gateway" { environment = local.environment tgw_create = true amazon_side_asn = 64512 - auto_accept_shared_attachments = "disable" + auto_accept_shared_attachments = "enable" default_route_table_propagation = "enable" description = "This transit Gateway create for testing purpose" #TGW Share - resource_share_enable = false + resource_share_enable = true resource_share_allow_external_principals = true + resource_share_account_ids = ["xxxxxxxxxxxx"] # VPC Attachements vpc_attachments = { vpc1 = { vpc_id = module.vpc.vpc_id subnet_ids = module.subnets.public_subnet_id - transit_gateway_default_route_table_association = false - transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets.public_route_tables_id - destination_cidr = ["30.0.0.0/16", "50.0.0.0/16"] + transit_gateway_default_route_table_association = true + transit_gateway_default_route_table_propagation = true + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets.public_route_tables_id + #destination_cidr = ["10.11.0.0/16"] }, vpc2 = { vpc_id = module.vpc_other.vpc_id subnet_ids = module.subnets_other.public_subnet_id transit_gateway_default_route_table_association = false transit_gateway_default_route_table_propagation = false - vpc_route_table_ids = module.subnets_other.public_route_tables_id - destination_cidr = ["31.0.0.0/16", "53.0.0.0/16"] - } } + # Below should be uncommented only when vpc and subnet are already deployed. + #vpc_route_table_ids = module.subnets_other.public_route_tables_id + #destination_cidr = ["31.0.0.0/16", "53.0.0.0/16"] + } + } } diff --git a/_example/single-account/outputs.tf b/_example/single_account/outputs.tf similarity index 91% rename from _example/single-account/outputs.tf rename to _example/single_account/outputs.tf index ed4d3d1..c45dad7 100644 --- a/_example/single-account/outputs.tf +++ b/_example/single_account/outputs.tf @@ -37,3 +37,8 @@ output "ram_resource_share_id" { value = module.transit-gateway.ram_resource_share_id description = "The Amazon Resource Name (ARN) of the resource share" } + +output "resource_share_arn" { + value = module.transit-gateway.resource_share_arn + description = "The ARN of the RAM." +} \ No newline at end of file diff --git a/_example/single-account/versions.tf b/_example/single_account/versions.tf similarity index 100% rename from _example/single-account/versions.tf rename to _example/single_account/versions.tf diff --git a/main.tf b/main.tf index 39d5f85..f68ed78 100644 --- a/main.tf +++ b/main.tf @@ -33,6 +33,7 @@ resource "aws_ec2_transit_gateway" "main" { ## Get information on an EC2 Transit Gateway VPC Attachment. ##------------------------------------------------------------------------------ resource "aws_ec2_transit_gateway_vpc_attachment" "main" { + depends_on = [aws_ram_resource_share_accepter.receiver_accept] for_each = var.enable ? var.vpc_attachments : {} transit_gateway_id = var.transit_gateway_id != null ? var.transit_gateway_id : aws_ec2_transit_gateway.main[0].id subnet_ids = each.value.subnet_ids