Merge pull request #317 from lorengordon/feat/tgw-association-propaga…

…tion
plus3it · Dec 20, 2023 · d60ead4 · d60ead4
2 parents c7d9f34 + 48f3f28
commit d60ead4
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 2 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 3.0.1
+current_version = 3.1.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [3.1.0](https://github.com/plus3it/terraform-aws-tardigrade-vpn-connection/releases/tag/3.1.0)
+
+**Released**: 2023.12.20
+
+**Summary**:
+
+*   Support creating transit gateway route table associations and propagations
+    for the vpn connection
+
 ### [3.0.1](https://github.com/plus3it/terraform-aws-tardigrade-vpn-connection/releases/tag/3.0.1)
 
 **Released**: 2023.12.20

diff --git a/README.md b/README.md
@@ -43,7 +43,7 @@ make mockstack/clean
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_vpn_connection"></a> [vpn\_connection](#input\_vpn\_connection) | n/a | <pre>object({<br>    name               = string<br>    static_routes_only = optional(bool, false)<br>    tags               = optional(map(string), {})<br>    type               = optional(string, "ipsec.1")<br><br>    transit_gateway_id = optional(string)<br>    vpn_gateway_id     = optional(string)<br><br>    enable_acceleration                     = optional(bool)<br>    outside_ip_address_type                 = optional(string)<br>    transport_transit_gateway_attachment_id = optional(string)<br>    tunnel_inside_ip_version                = optional(string)<br><br>    local_ipv4_network_cidr = optional(string)<br>    local_ipv6_network_cidr = optional(string)<br><br>    remote_ipv4_network_cidr = optional(string)<br>    remote_ipv6_network_cidr = optional(string)<br><br>    tunnel1_inside_cidr                     = optional(string)<br>    tunnel1_inside_ipv6_cidr                = optional(string)<br>    tunnel1_preshared_key                   = optional(string)<br>    tunnel1_dpd_timeout_action              = optional(string)<br>    tunnel1_dpd_timeout_seconds             = optional(number)<br>    tunnel1_enable_tunnel_lifecycle_control = optional(bool)<br>    tunnel1_ike_versions                    = optional(list(string))<br>    tunnel1_rekey_fuzz_percentage           = optional(number)<br>    tunnel1_rekey_margin_time_seconds       = optional(number)<br>    tunnel1_replay_window_size              = optional(number)<br>    tunnel1_startup_action                  = optional(string)<br><br>    tunnel1_phase1_dh_group_numbers      = optional(list(number))<br>    tunnel1_phase1_encryption_algorithms = optional(list(string))<br>    tunnel1_phase1_integrity_algorithms  = optional(list(string))<br>    tunnel1_phase1_lifetime_seconds      = optional(number)<br><br>    tunnel1_phase2_dh_group_numbers      = optional(list(number))<br>    tunnel1_phase2_encryption_algorithms = optional(list(string))<br>    tunnel1_phase2_integrity_algorithms  = optional(list(string))<br>    tunnel1_phase2_lifetime_seconds      = optional(number)<br><br>    tunnel1_log_options = optional(object({<br>      cloudwatch_log_options = optional(object({<br>        log_group_arn     = optional(string)<br>        log_enabled       = optional(bool, true)<br>        log_output_format = optional(string, "json")<br>      }), {})<br><br>      cloudwatch_log_group = optional(object({<br>        kms_key_id        = optional(string)<br>        log_group_class   = optional(string, "INFREQUENT_ACCESS")<br>        retention_in_days = optional(number, 30)<br>        skip_destroy      = optional(bool, false)<br>        tags              = optional(map(string), {})<br>      }), {})<br>    }), {})<br><br>    tunnel2_inside_cidr                     = optional(string)<br>    tunnel2_inside_ipv6_cidr                = optional(string)<br>    tunnel2_preshared_key                   = optional(string)<br>    tunnel2_dpd_timeout_action              = optional(string)<br>    tunnel2_dpd_timeout_seconds             = optional(number)<br>    tunnel2_enable_tunnel_lifecycle_control = optional(bool)<br>    tunnel2_ike_versions                    = optional(list(string))<br>    tunnel2_rekey_fuzz_percentage           = optional(number)<br>    tunnel2_rekey_margin_time_seconds       = optional(number)<br>    tunnel2_replay_window_size              = optional(number)<br>    tunnel2_startup_action                  = optional(string)<br><br>    tunnel2_phase1_dh_group_numbers      = optional(list(number))<br>    tunnel2_phase1_encryption_algorithms = optional(list(string))<br>    tunnel2_phase1_integrity_algorithms  = optional(list(string))<br>    tunnel2_phase1_lifetime_seconds      = optional(number)<br><br>    tunnel2_phase2_dh_group_numbers      = optional(list(number))<br>    tunnel2_phase2_encryption_algorithms = optional(list(string))<br>    tunnel2_phase2_integrity_algorithms  = optional(list(string))<br>    tunnel2_phase2_lifetime_seconds      = optional(number)<br><br>    tunnel2_log_options = optional(object({<br>      cloudwatch_log_options = optional(object({<br>        log_group_arn     = optional(string)<br>        log_enabled       = optional(bool, true)<br>        log_output_format = optional(string, "json")<br>      }), {})<br><br>      cloudwatch_log_group = optional(object({<br>        kms_key_id        = optional(string)<br>        log_group_class   = optional(string, "INFREQUENT_ACCESS")<br>        retention_in_days = optional(number, 30)<br>        skip_destroy      = optional(bool, false)<br>        tags              = optional(map(string), {})<br>      }), {})<br>    }), {})<br><br>    customer_gateway = object({<br>      name            = string<br>      bgp_asn         = string<br>      certificate_arn = optional(string)<br>      device_name     = optional(string)<br>      ip_address      = optional(string)<br>      tags            = optional(map(string))<br>      type            = optional(string, "ipsec.1")<br>    })<br><br>    routes = optional(list(object({<br>      name                   = string<br>      destination_cidr_block = string<br>    })), [])<br>  })</pre> | n/a | yes |
+| <a name="input_vpn_connection"></a> [vpn\_connection](#input\_vpn\_connection) | n/a | <pre>object({<br>    name               = string<br>    static_routes_only = optional(bool, false)<br>    tags               = optional(map(string), {})<br>    type               = optional(string, "ipsec.1")<br><br>    transit_gateway_id = optional(string)<br>    vpn_gateway_id     = optional(string)<br><br>    enable_acceleration                     = optional(bool)<br>    outside_ip_address_type                 = optional(string)<br>    transport_transit_gateway_attachment_id = optional(string)<br>    tunnel_inside_ip_version                = optional(string)<br><br>    local_ipv4_network_cidr = optional(string)<br>    local_ipv6_network_cidr = optional(string)<br><br>    remote_ipv4_network_cidr = optional(string)<br>    remote_ipv6_network_cidr = optional(string)<br><br>    tunnel1_inside_cidr                     = optional(string)<br>    tunnel1_inside_ipv6_cidr                = optional(string)<br>    tunnel1_preshared_key                   = optional(string)<br>    tunnel1_dpd_timeout_action              = optional(string)<br>    tunnel1_dpd_timeout_seconds             = optional(number)<br>    tunnel1_enable_tunnel_lifecycle_control = optional(bool)<br>    tunnel1_ike_versions                    = optional(list(string))<br>    tunnel1_rekey_fuzz_percentage           = optional(number)<br>    tunnel1_rekey_margin_time_seconds       = optional(number)<br>    tunnel1_replay_window_size              = optional(number)<br>    tunnel1_startup_action                  = optional(string)<br><br>    tunnel1_phase1_dh_group_numbers      = optional(list(number))<br>    tunnel1_phase1_encryption_algorithms = optional(list(string))<br>    tunnel1_phase1_integrity_algorithms  = optional(list(string))<br>    tunnel1_phase1_lifetime_seconds      = optional(number)<br><br>    tunnel1_phase2_dh_group_numbers      = optional(list(number))<br>    tunnel1_phase2_encryption_algorithms = optional(list(string))<br>    tunnel1_phase2_integrity_algorithms  = optional(list(string))<br>    tunnel1_phase2_lifetime_seconds      = optional(number)<br><br>    tunnel1_log_options = optional(object({<br>      cloudwatch_log_options = optional(object({<br>        log_group_arn     = optional(string)<br>        log_enabled       = optional(bool, true)<br>        log_output_format = optional(string, "json")<br>      }), {})<br><br>      cloudwatch_log_group = optional(object({<br>        kms_key_id        = optional(string)<br>        log_group_class   = optional(string, "INFREQUENT_ACCESS")<br>        retention_in_days = optional(number, 30)<br>        skip_destroy      = optional(bool, false)<br>        tags              = optional(map(string), {})<br>      }), {})<br>    }), {})<br><br>    tunnel2_inside_cidr                     = optional(string)<br>    tunnel2_inside_ipv6_cidr                = optional(string)<br>    tunnel2_preshared_key                   = optional(string)<br>    tunnel2_dpd_timeout_action              = optional(string)<br>    tunnel2_dpd_timeout_seconds             = optional(number)<br>    tunnel2_enable_tunnel_lifecycle_control = optional(bool)<br>    tunnel2_ike_versions                    = optional(list(string))<br>    tunnel2_rekey_fuzz_percentage           = optional(number)<br>    tunnel2_rekey_margin_time_seconds       = optional(number)<br>    tunnel2_replay_window_size              = optional(number)<br>    tunnel2_startup_action                  = optional(string)<br><br>    tunnel2_phase1_dh_group_numbers      = optional(list(number))<br>    tunnel2_phase1_encryption_algorithms = optional(list(string))<br>    tunnel2_phase1_integrity_algorithms  = optional(list(string))<br>    tunnel2_phase1_lifetime_seconds      = optional(number)<br><br>    tunnel2_phase2_dh_group_numbers      = optional(list(number))<br>    tunnel2_phase2_encryption_algorithms = optional(list(string))<br>    tunnel2_phase2_integrity_algorithms  = optional(list(string))<br>    tunnel2_phase2_lifetime_seconds      = optional(number)<br><br>    tunnel2_log_options = optional(object({<br>      cloudwatch_log_options = optional(object({<br>        log_group_arn     = optional(string)<br>        log_enabled       = optional(bool, true)<br>        log_output_format = optional(string, "json")<br>      }), {})<br><br>      cloudwatch_log_group = optional(object({<br>        kms_key_id        = optional(string)<br>        log_group_class   = optional(string, "INFREQUENT_ACCESS")<br>        retention_in_days = optional(number, 30)<br>        skip_destroy      = optional(bool, false)<br>        tags              = optional(map(string), {})<br>      }), {})<br>    }), {})<br><br>    customer_gateway = object({<br>      name            = string<br>      bgp_asn         = string<br>      certificate_arn = optional(string)<br>      device_name     = optional(string)<br>      ip_address      = optional(string)<br>      tags            = optional(map(string))<br>      type            = optional(string, "ipsec.1")<br>    })<br><br>    routes = optional(list(object({<br>      name                   = string<br>      destination_cidr_block = string<br>    })), [])<br><br>    transit_gateway_route_table_association = optional(object({<br>      transit_gateway_route_table_id = string<br>    }))<br><br>    transit_gateway_route_table_propagations = optional(list(object({<br>      name                           = string<br>      transit_gateway_route_table_id = string<br>    })), [])<br>  })</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -117,6 +117,20 @@ resource "aws_vpn_connection_route" "this" {
   vpn_connection_id      = aws_vpn_connection.this.id
 }
 
+resource "aws_ec2_transit_gateway_route_table_association" "this" {
+  count = var.vpn_connection.transit_gateway_route_table_association != null ? 1 : 0
+
+  transit_gateway_attachment_id  = aws_vpn_connection.this.transit_gateway_attachment_id
+  transit_gateway_route_table_id = var.vpn_connection.transit_gateway_route_table_association.transit_gateway_route_table_id
+}
+
+resource "aws_ec2_transit_gateway_route_table_propagation" "this" {
+  for_each = { for route_table in var.vpn_connection.transit_gateway_route_table_propagations : route_table.name => route_table }
+
+  transit_gateway_attachment_id  = aws_vpn_connection.this.transit_gateway_attachment_id
+  transit_gateway_route_table_id = each.value.transit_gateway_route_table_id
+}
+
 resource "aws_cloudwatch_log_group" "tunnel1" {
   count = var.vpn_connection.tunnel1_log_options != null ? (var.vpn_connection.tunnel1_log_options.cloudwatch_log_group != null ? 1 : 0) : 0
 
@@ -148,3 +162,4 @@ resource "aws_cloudwatch_log_group" "tunnel2" {
     }
   )
 }
+
diff --git a/variables.tf b/variables.tf
@@ -109,5 +109,14 @@ variable "vpn_connection" {
       name                   = string
       destination_cidr_block = string
     })), [])
+
+    transit_gateway_route_table_association = optional(object({
+      transit_gateway_route_table_id = string
+    }))
+
+    transit_gateway_route_table_propagations = optional(list(object({
+      name                           = string
+      transit_gateway_route_table_id = string
+    })), [])
   })
 }