Add option to provide a VPN gateway to share gateways with multiple VPN connections #25
Conversation
|
Since it is not looking like this is going to be merged, but we need some additional features. The source branch will contain more than just the initially mentioned change. If people still want to get this moving, you can mention me and/or look at the 0.7.2 tag on my fork which was from before the additional stuff. |
There was a problem hiding this comment.
@paulvandenburg these look like legit changes and I'd be happy to help you get them upstreamed -- I've made a bunch of requests, some small, some large. Check them out, let me know if you have any questions and we can work to move this forward. Thanks for the contribution and I hope we can get this merged!
| @@ -4,26 +4,30 @@ locals { | |||
|
|
|||
| # https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html | |||
| resource "aws_vpn_gateway" "default" { | |||
| count = local.enabled ? 1 : 0 | |||
| count = var.vpn_gateway_id != null ? 0 : (local.enabled ? 1 : 0) | |||
There was a problem hiding this comment.
Can we pull this out to a local like so?
locals {
vpn_gateway_enabled = local.enabled && var.vpn_gateway_id == null
}
# usage
count = local.vpn_gateway_enabled ? 1 : 0
| vpc_id = var.vpc_id | ||
| amazon_side_asn = var.vpn_gateway_amazon_side_asn | ||
| tags = module.this.tags | ||
| } | ||
|
|
||
| # https://www.terraform.io/docs/providers/aws/r/customer_gateway.html | ||
| resource "aws_customer_gateway" "default" { | ||
| count = local.enabled ? 1 : 0 | ||
| count = local.enabled && var.customer_gateway_id == null ? 1 : 0 |
There was a problem hiding this comment.
Same here, let's pull this up into a local.
| tags = merge( | ||
| module.this.tags, | ||
| var.customer_gateway_name_override != null ? { Name = var.customer_gateway_name_override } : {}, | ||
| { ip = var.customer_gateway_ip_address } | ||
| ) |
There was a problem hiding this comment.
We typically like to avoid supporting name overrides (it happens for sure, but I like to avoid it) because even if you're not following the module.this conventions you can create the name by just passing name. That said, I'd consider this without the ip tag. You can pass that in via the tags variable if you're interested in including that as a specific tag.
Mind cleaning this up a bit and just consuming the module so that your use-case fits or is there a specific need here that I'm missing?
| } | ||
|
|
||
| # https://www.terraform.io/docs/providers/aws/r/vpn_connection.html | ||
| resource "aws_vpn_connection" "default" { | ||
| count = local.enabled ? 1 : 0 | ||
| vpn_gateway_id = join("", aws_vpn_gateway.default.*.id) | ||
| customer_gateway_id = join("", aws_customer_gateway.default.*.id) | ||
| vpn_gateway_id = var.vpn_gateway_id != null ? var.vpn_gateway_id : join("", aws_vpn_gateway.default.*.id) |
There was a problem hiding this comment.
I like to see this logic done elsewhere, particularly when it's reused like you do below. Let's pull this to a local like so:
locals {
vpn_gateway_id = coalesce(var.vpn_gateway_id, join("", aws_vpn_gateway.default.*.id))
}Then you can just reference the local and avoid the duplication of logic.
| vpn_gateway_id = join("", aws_vpn_gateway.default.*.id) | ||
| customer_gateway_id = join("", aws_customer_gateway.default.*.id) | ||
| vpn_gateway_id = var.vpn_gateway_id != null ? var.vpn_gateway_id : join("", aws_vpn_gateway.default.*.id) | ||
| customer_gateway_id = var.customer_gateway_id == null ? join("", aws_customer_gateway.default.*.id) : var.customer_gateway_id |
| # https://www.terraform.io/docs/providers/aws/r/vpn_gateway_route_propagation.html | ||
| resource "aws_vpn_gateway_route_propagation" "default" { | ||
| count = local.enabled ? length(var.route_table_ids) : 0 | ||
| vpn_gateway_id = join("", aws_vpn_gateway.default.*.id) | ||
| vpn_gateway_id = var.vpn_gateway_id != null ? var.vpn_gateway_id : join("", aws_vpn_gateway.default.*.id) |
| @@ -3,11 +3,28 @@ variable "vpc_id" { | |||
| description = "The ID of the VPC to which the Virtual Private Gateway will be attached" | |||
| } | |||
|
|
|||
| variable "vpn_gateway_id" { | |||
| description = "VPN gateway to use if you want to share a virtual private gateway with multiple VPN connections" | |||
There was a problem hiding this comment.
| description = "VPN gateway to use if you want to share a virtual private gateway with multiple VPN connections" | |
| description = "VPN gateway to use if you want to share a virtual private gateway with multiple VPN connections" | |
| type = string |
| type = bool | ||
| description = "Enable logging for the VPN tunnel" | ||
| default = true |
There was a problem hiding this comment.
| default = true | |
| default = false |
| variable "vpn_tunnel_logging_retention" { | ||
| type = number | ||
| description = "Logging retention for the VPN tunnel" |
There was a problem hiding this comment.
| description = "Logging retention for the VPN tunnel" | |
| description = "Logging retention for the VPN tunnel in days." |
| } | ||
|
|
||
| variable "vpn_tunnel_logging_retention" { |
There was a problem hiding this comment.
Please be sure to run a terraform fmt locally before committing your changes. Thanks!
|
@paulvandenburg see my comments from 2 weeks ago to get this moving along -- Thanks! |
Gowiem
added
enhancement
|
This pull request now has conflicts. Could you fix it @paulvandenburg? 🙏 |
|
This PR has been closed due to inactivity and merge conflicts. |
|
Thanks @paulvandenburg for creating this pull request! A maintainer will review your changes shortly. Please don't be discouraged if it takes a while. While you wait, make sure to review our contributor guidelines. Tip Need help or want to ask for a PR review to be expedited?Join us on Slack in the |
|
Important Cloud Posse Engineering Team Review RequiredThis pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes. To expedite this process, reach out to us on Slack in the |
mergify
bot
removed
conflict
what
why
If you want to use this new feature, you need to create the VPN gateway elsewhere in terraform and then pass along the ID.
sample
Sample usage could look like this:
Which will create the various VPN connections you need while only using 1 VPN gateway.