refactor: aws_vpn_gateway to aws_ec2_transit_gateway

honestbank · Sep 5, 2022 · 4179579 · 4179579
1 parent 678d5f4
commit 4179579
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 13 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -15,7 +15,7 @@ repos:
       - id: detect-aws-credentials
         args: ["--allow-missing-credentials"]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.74.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+    rev: v1.74.2 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/aws-hybrid-vpn-gcp/README.md b/aws-hybrid-vpn-gcp/README.md
@@ -15,18 +15,18 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.52 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 4.10 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.12 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | >= 4.10 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.74.2 |
-| <a name="provider_google"></a> [google](#provider\_google) | 4.11.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.12 |
+| <a name="provider_google"></a> [google](#provider\_google) | >= 4.10 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.1 |
 
 ## Modules
 
@@ -37,6 +37,8 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_customer_gateway.hybrid_customer_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |
+| [aws_ec2_transit_gateway.hybrid_vpn_transit_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway) | resource |
+| [aws_ec2_transit_gateway_vpc_attachment.vpc_transit_gateway_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource |
 | [aws_vpn_connection.hybrid_vpn_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |
 | [aws_vpn_gateway.hybrid_vpn_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | resource |
 | [aws_vpn_gateway_route_propagation.gcp_routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |
@@ -58,7 +60,7 @@ No modules.
 | <a name="input_gcp_network_id"></a> [gcp\_network\_id](#input\_gcp\_network\_id) | ID of the GCP VPC network to connect the VPN to (must be the same network as gcp\_network\_name) | `string` | n/a | yes |
 | <a name="input_gcp_network_name"></a> [gcp\_network\_name](#input\_gcp\_network\_name) | Name of the GCP VPC network to connect the VPN to | `string` | n/a | yes |
 | <a name="input_gcp_subnetwork_name"></a> [gcp\_subnetwork\_name](#input\_gcp\_subnetwork\_name) | GCP subnet to connect the VPN to | `string` | n/a | yes |
-| <a name="input_name"></a> [name](#input\_name) | Name of the Hybrid VPN deployment, used in various resources to uniquely identify them | `string` | `"test"` | no |
+| <a name="input_resource_suffix"></a> [resource\_suffix](#input\_resource\_suffix) | String used in various resources to suffix resource names related to this VPN setup | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/aws-hybrid-vpn-gcp/aws-vpn.tf b/aws-hybrid-vpn-gcp/aws-vpn.tf
@@ -1,3 +1,4 @@
+# TODO: remove
 resource "aws_vpn_gateway" "hybrid_vpn_gateway" {
   amazon_side_asn = local.aws_bgp_asn
 
@@ -8,6 +9,10 @@ resource "aws_vpn_gateway" "hybrid_vpn_gateway" {
   }
 }
 
+resource "aws_ec2_transit_gateway" "hybrid_vpn_transit_gateway" {
+  amazon_side_asn = local.aws_bgp_asn
+}
+
 resource "aws_customer_gateway" "hybrid_customer_gateway" {
   for_each = local.gcp_public_ips_set
 
@@ -23,9 +28,10 @@ resource "aws_customer_gateway" "hybrid_customer_gateway" {
 resource "aws_vpn_connection" "hybrid_vpn_connection" {
   for_each = local.gcp_public_ips_set
 
-  vpn_gateway_id                       = aws_vpn_gateway.hybrid_vpn_gateway.id
+  transit_gateway_id = aws_ec2_transit_gateway.hybrid_vpn_transit_gateway.id
+
   customer_gateway_id                  = aws_customer_gateway.hybrid_customer_gateway[each.value].id
-  type                                 = "ipsec.1"
+  type                                 = aws_customer_gateway.hybrid_customer_gateway.type
   tunnel1_inside_cidr                  = local.vpn_tunnel_inside_cidrs[tonumber(each.value)][0]
   tunnel2_inside_cidr                  = local.vpn_tunnel_inside_cidrs[tonumber(each.value)][1]
   tunnel1_preshared_key                = random_password.psk[local.aws_vpn_tunnel_psk_index_map[tonumber(each.value)][0]].result
@@ -48,6 +54,26 @@ resource "aws_vpn_connection" "hybrid_vpn_connection" {
   }
 }
 
+resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_transit_gateway_attachment" {
+  subnet_ids         = var.aws_subnet_ids
+  transit_gateway_id = aws_ec2_transit_gateway.hybrid_vpn_transit_gateway.id
+  vpc_id             = var.aws_vpc_id
+}
+
+# TODO: update
+#resource "aws_ec2_transit_gateway_route" "example" {
+#  destination_cidr_block         = "0.0.0.0/0"
+#  transit_gateway_attachment_id  = aws_ec2_transit_gateway_vpc_attachment.example.id
+#  transit_gateway_route_table_id = aws_ec2_transit_gateway.example.association_default_route_table_id
+#}
+
+resource "aws_ec2_transit_gateway_route_table" "vpn_transit_gateway_route_table" {
+  transit_gateway_id = aws_ec2_transit_gateway.hybrid_vpn_transit_gateway.id
+}
+
+# TODO: `aws_ec2_transit_gateway_route_table_association` and `aws_ec2_transit_gateway_route_table_propagation`
+# See example: https://github.com/mikemowgli/terraform-aws-transit-gateway/blob/master/deploy.tf (the code is 4 years old though)
+# Very helpful for understanding route tables: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html
 data "aws_route_tables" "vpc_route_tables" {
   vpc_id = var.aws_vpc_id
 }

diff --git a/makefile b/makefile
@@ -7,5 +7,7 @@ validate:
 	terraform fmt --recursive
 
 docs:
-	terraform-docs .
-	terraform-docs -c .terraform-docs.yml ./aws-hybrid-vpn-gcp
+	rm -rf aws-hybrid-vpn-gcp/*/.terraform aws-hybrid-vpn-gcp/*/.terraform.lock.hcl
+	rm -rf modules/*/.terraform modules/*/.terraform.lock.hcl
+
+	terraform-docs -c .terraform-docs.yml .