NEW: sharing transit gateway via RAM

2020-11-06 18:53:20 +08:00
parent 2588e761b3
commit 90e6acc97d
12 changed files with 227 additions and 0 deletions
@@ -0,0 +1 @@
 {"ID":"2e5ae993-50c7-cc5c-4e72-ab5e9005771e","Operation":"OperationTypeApply","Info":"","Who":"kn@ism.zoo.lo","Version":"0.12.29","Created":"2020-11-06T10:41:09.3951206Z","Path":"terraform.tfstate"}
@@ -0,0 +1,18 @@
 resource "random_string" "string" {
  length  = 4
  special = false
 }
 resource "random_integer" "number" {
  min     = 1000
  max     = 9999
 }
 output "string" {
 	value = random_string.string.result
 }
 output "number" {
 	value = random_integer.number.result
 }
@@ -0,0 +1,15 @@
 output tgw-id {
  value = aws_ec2_transit_gateway.tgw01.id
 }
 output tgw-invite-arn {
  value = aws_ram_resource_share.ram-share.arn
 }
 output tgw-invite-principal {
  value = aws_ram_principal_association.ram-invite.principal
 }
 output shared-tgw-id {
  value = split("/", aws_ram_resource_association.tg-share.resource_arn)[1]
 }
@@ -0,0 +1,10 @@
 provider "aws" {
  region = "ap-southeast-1"
 }
 terraform {
  required_version = "> 0.12, < 0.13"
  required_providers {
    aws = "~> 3.6.0"
  }
 }
@@ -0,0 +1,30 @@
 resource "aws_ec2_transit_gateway" "tgw01" {
  description = "test transit gateway"
  auto_accept_shared_attachments = "enable"
  default_route_table_association = "enable"
  default_route_table_propagation = "enable"
  dns_support = "enable"
  tags = local.default-tags
 }
 resource "aws_ec2_transit_gateway_vpc_attachment" "tgw-attach" {
  subnet_ids         = module.vpc01.private_subnets
  transit_gateway_id = aws_ec2_transit_gateway.tgw01.id
  vpc_id             = module.vpc01.vpc_id
 }
 resource "aws_ram_resource_share" "ram-share" {
  name                      = "rslab-dplab"
  allow_external_principals = true
  tags = local.default-tags
 }
 resource "aws_ram_resource_association" "tg-share" {
  resource_arn       = aws_ec2_transit_gateway.tgw01.arn
  resource_share_arn = aws_ram_resource_share.ram-share.arn
 }
 resource "aws_ram_principal_association" "ram-invite" {
  principal          = var.tgw-target-account
  resource_share_arn = aws_ram_resource_share.ram-share.arn
 }
@@ -0,0 +1,23 @@
 variable "aws_access_key" {}
 variable "aws_secret_key" {}
 variable "vpc-cidr" {}
 variable aws-region {}
 variable owner {}
 variable project {}
 variable environment {}
 variable application {}
 variable terraformmode {}
 locals {
  default-tags = {
    terraform       = var.terraformmode
    environment     = var.environment
    project         = var.project
    application     = var.application
  }
 }
 variable tgw-target-account {}
@@ -0,0 +1,52 @@
 data "aws_availability_zones" "available" {}
 locals {
  subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
 }
 module "random" {
  source = "./m.random"
 }
 module "vpc01" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.47.0"
  name                 = "demo-vpc-${module.random.number}"
  cidr                 = var.vpc-cidr
  azs                  = data.aws_availability_zones.available.names
  private_subnets      = cidrsubnets(local.subnet_start[0], 4, 4)
  public_subnets       = cidrsubnets(local.subnet_start[1], 4, 4)
  enable_nat_gateway   = false
  single_nat_gateway   = true
  enable_dns_hostnames = true
  # this is kinda slow
  #  enable_ssm_endpoint              = true
  #  ssm_endpoint_private_dns_enabled = true
  #  ssm_endpoint_security_group_ids  = [aws_security_group.endpoint-sg.id]
  #  ssm_endpoint_subnet_ids          = module.vpc01.public_subnets
  tags = local.default-tags
 }
 resource "aws_security_group" "endpoint-sg" {
  name   = "endpoint-sg"
  vpc_id = module.vpc01.vpc_id
  ingress {
    description = "Allow within VPC"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [module.vpc01.vpc_cidr_block]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = local.default-tags
 }
@@ -0,0 +1,19 @@
 output vpc-id {
  value = data.aws_vpc.vpc1.id
 }
 output share-name {
  value = aws_ram_resource_share_accepter.tgw-accepter.share_name
 }
 output share-status {
  value = aws_ram_resource_share_accepter.tgw-accepter.status
 }
 output shared-resources {
  value = aws_ram_resource_share_accepter.tgw-accepter.resources
 }
 output tgw-id {
  value = data.aws_ec2_transit_gateway.shared-tgw.id
 }
@@ -0,0 +1,12 @@
 provider "aws" {
  region = var.aws-region
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
 }
 terraform {
  required_version = "> 0.12, < 0.13"
  required_providers {
    aws = "~> 3.6.0"
  }
 }
@@ -0,0 +1,25 @@
 resource "aws_ram_resource_share_accepter" "tgw-accepter" {
  share_arn = "arn:aws:ram:ap-southeast-1:573340405480:resource-share/70e66c50-c169-4f31-a199-f3a09adb27ce"
  lifecycle {
    ignore_changes = all
  }
 }
 locals {
  tgw-id = split("/", aws_ram_resource_share_accepter.tgw-accepter.resources[0])[1]
 }
 data "aws_ec2_transit_gateway" shared-tgw {
  id = local.tgw-id
 }
 data "aws_subnet_ids" subnet-ids {
  vpc_id = data.aws_vpc.vpc1.id
 }
 resource "aws_ec2_transit_gateway_vpc_attachment" tgw-attach {
  vpc_id = data.aws_vpc.vpc1.id
  subnet_ids = [tolist(data.aws_subnet_ids.subnet-ids.ids)[0]]
  transit_gateway_id = data.aws_ec2_transit_gateway.shared-tgw.id
  tags = local.default-tags
 }
@@ -0,0 +1,18 @@
 variable "aws_access_key" {}
 variable "aws_secret_key" {}
 variable aws-region {}
 variable owner {}
 variable project {}
 variable environment {}
 variable application {}
 variable terraformmode {}
 locals {
  default-tags = {
    terraform       = var.terraformmode
    environment     = var.environment
    project         = var.project
    application     = var.application
  }
 }
@@ -0,0 +1,4 @@
 data aws_vpc vpc1 {
  id = "vpc-d151e0b4"
 }
		`@@ -0,0 +1 @@`
							`{"ID":"2e5ae993-50c7-cc5c-4e72-ab5e9005771e","Operation":"OperationTypeApply","Info":"","Who":"kn@ism.zoo.lo","Version":"0.12.29","Created":"2020-11-06T10:41:09.3951206Z","Path":"terraform.tfstate"}`