From 936c9783e1d0fd87bbbeddb8e948b0625fba2823 Mon Sep 17 00:00:00 2001 From: Ronaldo Umanaruiz Date: Mon, 24 Feb 2025 17:37:02 -0700 Subject: [PATCH 1/2] Decouple associations from propagations An attachment can be associated to only one table but propagated to multiple route tables, hence creating separate variables to manage both --- modules/route-table/main.tf | 8 ++++---- modules/route-table/variables.tf | 24 ++++++++++++++---------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/modules/route-table/main.tf b/modules/route-table/main.tf index b9e7437..bebcf32 100644 --- a/modules/route-table/main.tf +++ b/modules/route-table/main.tf @@ -14,7 +14,7 @@ resource "aws_ec2_transit_gateway_route_table" "this" { } resource "aws_ec2_transit_gateway_route_table_association" "this" { - for_each = { for k, v in var.associations : k => v if var.create } + for_each = { for a in var.associations : a.transit_gateway_attachment_id => a if var.create } transit_gateway_attachment_id = each.value.transit_gateway_attachment_id transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.this[0].id @@ -22,9 +22,9 @@ resource "aws_ec2_transit_gateway_route_table_association" "this" { } resource "aws_ec2_transit_gateway_route_table_propagation" "this" { - for_each = { for k, v in var.associations : k => v if var.create && try(v.propagate_route_table, false) } + for_each = { for p in var.propagations : p => p if var.create } - transit_gateway_attachment_id = each.value.transit_gateway_attachment_id + transit_gateway_attachment_id = each.value transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.this[0].id } @@ -33,7 +33,7 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "this" { ################################################################################ resource "aws_ec2_transit_gateway_route" "this" { - for_each = { for k, v in var.routes : k => v if var.create } + for_each = { for route in var.static_routes : route.destination_cidr_block => route if var.create } destination_cidr_block = each.value.destination_cidr_block blackhole = each.value.blackhole diff --git a/modules/route-table/variables.tf b/modules/route-table/variables.tf index 137a4e8..98aed71 100644 --- a/modules/route-table/variables.tf +++ b/modules/route-table/variables.tf @@ -21,33 +21,37 @@ variable "tags" { ################################################################################ variable "transit_gateway_id" { - description = "The ID of the EC2 Transit Gateway" + description = "The ID of the EC2 Transit Gateway for the route table" type = string - default = "" } variable "associations" { - description = "A map of transit gateway attachment IDs to associate with the Transit Gateway route table" - type = map(object({ - transit_gateway_attachment_id = optional(string) + description = "List of Transit Gateway Attachments ids to associate to the route table" + type = list(object({ + transit_gateway_attachment_id = string replace_existing_association = optional(bool) - propagate_route_table = optional(bool, false) })) - default = {} + default = [] +} + +variable "propagations" { + description = "List of Transit Gateway Attachments ids to propagate to the route table" + type = list(string) + default = [] } ################################################################################ # Route(s) ################################################################################ -variable "routes" { +variable "static_routes" { description = "A map of Transit Gateway routes to create in the route table" - type = map(object({ + type = list(object({ destination_cidr_block = string blackhole = optional(bool, false) transit_gateway_attachment_id = optional(string) })) - default = {} + default = [] } variable "vpc_routes" { From 39759aad1a74c69f06e4449b444669869d86c011 Mon Sep 17 00:00:00 2001 From: Ronaldo Umanaruiz Date: Mon, 24 Feb 2025 17:47:29 -0700 Subject: [PATCH 2/2] Update docs --- modules/route-table/README.md | 27 +++++++++++++++------------ modules/route-table/variables.tf | 4 ++-- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/modules/route-table/README.md b/modules/route-table/README.md index 338623d..e8a5d38 100644 --- a/modules/route-table/README.md +++ b/modules/route-table/README.md @@ -20,18 +20,20 @@ module "transit_gateway_route_table" { name = "example" transit_gateway_id = module.transit_gateway.id - associations = { - vpc1 = { + associations = [ + { transit_gateway_attachment_id = module.transit_gateway.vpc_attachments["vpc1"].id - propagate_route_table = true - } - vpc2 = { + replace_existing_association = true + }, + { transit_gateway_attachment_id = module.transit_gateway.vpc_attachments["vpc2"].id - propagate_route_table = true - } - } + }, + ] + + propagations = [ module.transit_gateway.vpc_attachments["vpc1"].id, module.transit_gateway.vpc_attachments["vpc2"].id ] + - routes = { + static_routes = { blackhole = { blackhole = true destination_cidr_block = "0.0.0.0/0" @@ -93,12 +95,13 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [associations](#input\_associations) | A map of transit gateway attachment IDs to associate with the Transit Gateway route table | 
map(object({
    transit_gateway_attachment_id = optional(string)
    replace_existing_association  = optional(bool)
    propagate_route_table         = optional(bool, false)
  }))
| `{}` | no | +| [associations](#input\_associations) | List of Transit Gateway Attachments ids to associate to the route table | 
list(object({
    transit_gateway_attachment_id = string
    replace_existing_association  = optional(bool)
  }))
| `[]` | no | | [create](#input\_create) | Controls if resources should be created (it affects almost all resources) | `bool` | `true` | no | | [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no | -| [routes](#input\_routes) | A map of Transit Gateway routes to create in the route table | 
map(object({
    destination_cidr_block        = string
    blackhole                     = optional(bool, false)
    transit_gateway_attachment_id = optional(string)
  }))
| `{}` | no | +| [propagations](#input\_propagations) | List of Transit Gateway Attachments ids to propagate to the route table | `list(string)` | `[]` | no | +| [static\_routes](#input\_static\_routes) | A map of Transit Gateway routes to create in the route table | 
list(object({
    destination_cidr_block        = string
    blackhole                     = optional(bool, false)
    transit_gateway_attachment_id = optional(string)
  }))
| `[]` | no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | -| [transit\_gateway\_id](#input\_transit\_gateway\_id) | The ID of the EC2 Transit Gateway | `string` | `""` | no | +| [transit\_gateway\_id](#input\_transit\_gateway\_id) | The ID of the EC2 Transit Gateway for the route table | `string` | n/a | yes | | [vpc\_routes](#input\_vpc\_routes) | A map of VPC routes to create in the route table provided | 
map(object({
    route_table_id              = string
    destination_cidr_block      = optional(string)
    destination_ipv6_cidr_block = optional(string)
  }))
| `{}` | no | ## Outputs diff --git a/modules/route-table/variables.tf b/modules/route-table/variables.tf index 98aed71..d4f485d 100644 --- a/modules/route-table/variables.tf +++ b/modules/route-table/variables.tf @@ -36,8 +36,8 @@ variable "associations" { variable "propagations" { description = "List of Transit Gateway Attachments ids to propagate to the route table" - type = list(string) - default = [] + type = list(string) + default = [] } ################################################################################