This module creates the transit gateway network resources.
The following resources will be created:
- Direct Connect Data resource
- AWS Organization Data resource
- Direct Connect Gateway
- Direct Connect Gateway Association
- Direct Connect Transit Virtual Interface
- Transit Gateway
- Transit Gateway Blackhole Route
- Transit Gateway Route
- Transit Gateway VPC Attachment
- Resource Access Manager (RAM) Resource Share
- Resource Access Manager (RAM) Resource Association
- Resource Access Manager (RAM) Principal Association
- SSM Security String Parameter
module "transit_gateway" {
source = "git::https://github.com/DNXLabs/terraform-aws-transit-gateway.git?ref=1.0.0"
name = local.workspace.org_name
account_name = local.workspace.account_name
transit_gateway_account_id = local.workspace.transit_gateway.attachment.transit_gateway_account_id
allowed_prefixes = try(local.workspace.transit_gateway.allowed_prefixes, [])
dns_support = try(local.workspace.transit_gateway.dns_support, "enable")
attachment = try(local.workspace.transit_gateway.attachment.enabled, false)
transit_gateway_enabled = try(local.workspace.transit_gateway.enabled, false)
vpc_id = module.network[0].vpc_id
subnet_ids = module.network[0].private_subnet_ids
private_route_table_id = module.network[0].private_route_table_id[0]
public_route_table_id = module.network[0].public_route_table_id
private_network_acl_id = module.network[0].private_nacl_id
public_network_acl_id = module.network[0].public_nacl_id
dx_connection = try(local.workspace.transit_gateway.dx_connection, [])
direct_connect_gateway_asn = try(local.workspace.transit_gateway.direct_connect_gateway_asn, "64512")
transit_gateway_asn = try(local.workspace.transit_gateway.transit_gateway_asn, "64513")
public_route = try(local.workspace.transit_gateway.attachment.public_route, [])
private_route = try(local.workspace.transit_gateway.attachment.private_route, [])
}
Name | Version |
---|---|
terraform | >= 0.12.0 |
aws | >= 4.4.0 |
random | >= 2.1.0 |
tls | >= 3.1.0 |
Name | Version |
---|---|
aws | >= 4.4.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
account_name | Name of the AWS account. | string |
n/a | yes |
allowed_prefixes | VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured. | list(string) |
[] |
no |
attachment | Create VPC Attachment to Transit Gateway | bool |
false |
no |
default_route_table_association | Whether resource attachments are automatically associated with the default association route table. Valid values: disable, enable. Default value: enable. | string |
"enable" |
no |
default_route_table_propagation | Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: disable, enable. Default value: enable. | string |
"enable" |
no |
direct_connect_gateway_asn | The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294. | number |
n/a | yes |
dns_support | Whether DNS support is enabled. Valid values: disable, enable. Default value: enable. | string |
"enable" |
no |
dx_connection | The name of the connection to retrieve. | list(any) |
[] |
no |
name | Name prefix for the resources of this stack | string |
n/a | yes |
private_network_acl_id | Private Network ACL ID | string |
n/a | yes |
private_route | Private Destination CIDR blocks for NACL definition | list(object({ |
n/a | yes |
private_route_table_id | Private Route Table Identifier | string |
n/a | yes |
public_network_acl_id | Public Network ACL ID | string |
n/a | yes |
public_route | Public Destination CIDR blocks for NACL definition | list(object({ |
n/a | yes |
public_route_table_id | Public Route Table Identifier | string |
n/a | yes |
ram_organization_association | Controls if a resource share of the transit gateway to AWS Organizations should be created. | bool |
true |
no |
secure_network_acl_id | Secure Network ACL ID | string |
n/a | yes |
secure_route | Secure Destination CIDR blocks for NACL definition | list(object({ |
n/a | yes |
secure_route_table_id | Secure Route Table Identifier | string |
n/a | yes |
subnet_ids | Identifiers of EC2 Subnets. | list(any) |
[] |
no |
tags | Extra tags to attach to resources | map(string) |
{} |
no |
transit_gateway_account_id | Identifier of the AWS account that owns the EC2 Transit Gateway. | string |
n/a | yes |
transit_gateway_asn | Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. Default value: 64512. | number |
64512 |
no |
transit_gateway_default_route_table_association | Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | bool |
true |
no |
transit_gateway_default_route_table_propagation | Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | bool |
true |
no |
transit_gateway_enabled | Enable or disable Transit Gateway | bool |
n/a | yes |
vpc_id | Identifier of EC2 VPC. | string |
n/a | yes |
Name | Description |
---|---|
private_nacls | n/a |
public_nacls | n/a |
secure_nacls | n/a |
transit_attachment_account_owner_id | Transit Gateway attachment AWS Account owner |
transit_attachment_id | Transit Gateway attachment |
transit_gateway_account_owner_id | Transit Gateway AWS account ID owner |
transit_gateway_cidr_blocks | Transit Gateway CIDR blocks |
transit_gateway_default_route_table_id | Transit Gateway route table id default |
transit_gateway_id | Transit Gateway ID |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.