Awesome
AWS Transit Gateway Terraform module
Terraform module which creates Transit Gateway resources on AWS.
Usage with VPC module
module "tgw" {
source = "terraform-aws-modules/transit-gateway/aws"
version = "~> 2.0"
name = "my-tgw"
description = "My TGW shared with several other AWS accounts"
enable_auto_accept_shared_attachments = true
vpc_attachments = {
vpc = {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
dns_support = true
ipv6_support = true
tgw_routes = [
{
destination_cidr_block = "30.0.0.0/16"
},
{
blackhole = true
destination_cidr_block = "40.0.0.0/20"
}
]
}
}
ram_allow_external_principals = true
ram_principals = [307990089504]
tags = {
Purpose = "tgw-complete-example"
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 3.0"
name = "my-vpc"
cidr = "10.10.0.0/16"
azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
private_subnet_ipv6_prefixes = [0, 1, 2]
}
Examples
- Complete example shows TGW in combination with the VPC module and Resource Access Manager (RAM).
- Multi-account example shows TGW resources shared with different AWS accounts (via Resource Access Manager (RAM)).
Requirements
| Name | Version |
|---|---|
| <a name="requirement_terraform"></a> terraform | >= 0.13.1 |
| <a name="requirement_aws"></a> aws | >= 4.4 |
Providers
| Name | Version |
|---|---|
| <a name="provider_aws"></a> aws | >= 4.4 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_ec2_tag.this | resource |
| aws_ec2_transit_gateway.this | resource |
| aws_ec2_transit_gateway_route.this | resource |
| aws_ec2_transit_gateway_route_table.this | resource |
| aws_ec2_transit_gateway_route_table_association.this | resource |
| aws_ec2_transit_gateway_route_table_propagation.this | resource |
| aws_ec2_transit_gateway_vpc_attachment.this | resource |
| aws_ram_principal_association.this | resource |
| aws_ram_resource_association.this | resource |
| aws_ram_resource_share.this | resource |
| aws_ram_resource_share_accepter.this | resource |
| aws_route.this | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| <a name="input_amazon_side_asn"></a> amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN. | string | null | no |
| <a name="input_create_tgw"></a> create_tgw | Controls if TGW should be created (it affects almost all resources) | bool | true | no |
| <a name="input_create_tgw_routes"></a> create_tgw_routes | Controls if TGW Route Table / Routes should be created | bool | true | no |
| <a name="input_description"></a> description | Description of the EC2 Transit Gateway | string | null | no |
| <a name="input_enable_auto_accept_shared_attachments"></a> enable_auto_accept_shared_attachments | Whether resource attachment requests are automatically accepted | bool | false | no |
| <a name="input_enable_default_route_table_association"></a> enable_default_route_table_association | Whether resource attachments are automatically associated with the default association route table | bool | true | no |
| <a name="input_enable_default_route_table_propagation"></a> enable_default_route_table_propagation | Whether resource attachments automatically propagate routes to the default propagation route table | bool | true | no |
| <a name="input_enable_dns_support"></a> enable_dns_support | Should be true to enable DNS support in the TGW | bool | true | no |
| <a name="input_enable_multicast_support"></a> enable_multicast_support | Whether multicast support is enabled | bool | false | no |
| <a name="input_enable_vpn_ecmp_support"></a> enable_vpn_ecmp_support | Whether VPN Equal Cost Multipath Protocol support is enabled | bool | true | no |
| <a name="input_name"></a> name | Name to be used on all the resources as identifier | string | "" | no |
| <a name="input_ram_allow_external_principals"></a> ram_allow_external_principals | Indicates whether principals outside your organization can be associated with a resource share. | bool | false | no |
| <a name="input_ram_name"></a> ram_name | The name of the resource share of TGW | string | "" | no |
| <a name="input_ram_principals"></a> ram_principals | A list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | list(string) | [] | no |
| <a name="input_ram_resource_share_arn"></a> ram_resource_share_arn | ARN of RAM resource share | string | "" | no |
| <a name="input_ram_tags"></a> ram_tags | Additional tags for the RAM | map(string) | {} | no |
| <a name="input_share_tgw"></a> share_tgw | Whether to share your transit gateway with other accounts | bool | true | no |
| <a name="input_tags"></a> tags | A map of tags to add to all resources | map(string) | {} | no |
| <a name="input_tgw_default_route_table_tags"></a> tgw_default_route_table_tags | Additional tags for the Default TGW route table | map(string) | {} | no |
| <a name="input_tgw_route_table_tags"></a> tgw_route_table_tags | Additional tags for the TGW route table | map(string) | {} | no |
| <a name="input_tgw_tags"></a> tgw_tags | Additional tags for the TGW | map(string) | {} | no |
| <a name="input_tgw_vpc_attachment_tags"></a> tgw_vpc_attachment_tags | Additional tags for VPC attachments | map(string) | {} | no |
| <a name="input_timeouts"></a> timeouts | Create, update, and delete timeout configurations for the transit gateway | map(string) | {} | no |
| <a name="input_transit_gateway_cidr_blocks"></a> transit_gateway_cidr_blocks | One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6 | list(string) | [] | no |
| <a name="input_transit_gateway_route_table_id"></a> transit_gateway_route_table_id | Identifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWs | string | null | no |
| <a name="input_vpc_attachments"></a> vpc_attachments | Maps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform. | any | {} | no |
Outputs
| Name | Description |
|---|---|
| <a name="output_ec2_transit_gateway_arn"></a> ec2_transit_gateway_arn | EC2 Transit Gateway Amazon Resource Name (ARN) |
| <a name="output_ec2_transit_gateway_association_default_route_table_id"></a> ec2_transit_gateway_association_default_route_table_id | Identifier of the default association route table |
| <a name="output_ec2_transit_gateway_id"></a> ec2_transit_gateway_id | EC2 Transit Gateway identifier |
| <a name="output_ec2_transit_gateway_owner_id"></a> ec2_transit_gateway_owner_id | Identifier of the AWS account that owns the EC2 Transit Gateway |
| <a name="output_ec2_transit_gateway_propagation_default_route_table_id"></a> ec2_transit_gateway_propagation_default_route_table_id | Identifier of the default propagation route table |
| <a name="output_ec2_transit_gateway_route_ids"></a> ec2_transit_gateway_route_ids | List of EC2 Transit Gateway Route Table identifier combined with destination |
| <a name="output_ec2_transit_gateway_route_table_association"></a> ec2_transit_gateway_route_table_association | Map of EC2 Transit Gateway Route Table Association attributes |
| <a name="output_ec2_transit_gateway_route_table_association_ids"></a> ec2_transit_gateway_route_table_association_ids | List of EC2 Transit Gateway Route Table Association identifiers |
| <a name="output_ec2_transit_gateway_route_table_default_association_route_table"></a> ec2_transit_gateway_route_table_default_association_route_table | Boolean whether this is the default association route table for the EC2 Transit Gateway |
| <a name="output_ec2_transit_gateway_route_table_default_propagation_route_table"></a> ec2_transit_gateway_route_table_default_propagation_route_table | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
| <a name="output_ec2_transit_gateway_route_table_id"></a> ec2_transit_gateway_route_table_id | EC2 Transit Gateway Route Table identifier |
| <a name="output_ec2_transit_gateway_route_table_propagation"></a> ec2_transit_gateway_route_table_propagation | Map of EC2 Transit Gateway Route Table Propagation attributes |
| <a name="output_ec2_transit_gateway_route_table_propagation_ids"></a> ec2_transit_gateway_route_table_propagation_ids | List of EC2 Transit Gateway Route Table Propagation identifiers |
| <a name="output_ec2_transit_gateway_vpc_attachment"></a> ec2_transit_gateway_vpc_attachment | Map of EC2 Transit Gateway VPC Attachment attributes |
| <a name="output_ec2_transit_gateway_vpc_attachment_ids"></a> ec2_transit_gateway_vpc_attachment_ids | List of EC2 Transit Gateway VPC Attachment identifiers |
| <a name="output_ram_principal_association_id"></a> ram_principal_association_id | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
| <a name="output_ram_resource_share_id"></a> ram_resource_share_id | The Amazon Resource Name (ARN) of the resource share |
Authors
Module is maintained by Anton Babenko with help from these awesome contributors.
License
Apache 2 Licensed. See LICENSE for full details.