NEW: sharing transit gateway via RAM
This commit is contained in:
@@ -0,0 +1 @@
|
||||
{"ID":"2e5ae993-50c7-cc5c-4e72-ab5e9005771e","Operation":"OperationTypeApply","Info":"","Who":"kn@ism.zoo.lo","Version":"0.12.29","Created":"2020-11-06T10:41:09.3951206Z","Path":"terraform.tfstate"}
|
||||
@@ -0,0 +1,18 @@
|
||||
resource "random_string" "string" {
|
||||
length = 4
|
||||
special = false
|
||||
}
|
||||
|
||||
resource "random_integer" "number" {
|
||||
min = 1000
|
||||
max = 9999
|
||||
}
|
||||
|
||||
output "string" {
|
||||
value = random_string.string.result
|
||||
}
|
||||
|
||||
output "number" {
|
||||
value = random_integer.number.result
|
||||
}
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
output tgw-id {
|
||||
value = aws_ec2_transit_gateway.tgw01.id
|
||||
}
|
||||
|
||||
output tgw-invite-arn {
|
||||
value = aws_ram_resource_share.ram-share.arn
|
||||
}
|
||||
|
||||
output tgw-invite-principal {
|
||||
value = aws_ram_principal_association.ram-invite.principal
|
||||
}
|
||||
|
||||
output shared-tgw-id {
|
||||
value = split("/", aws_ram_resource_association.tg-share.resource_arn)[1]
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
provider "aws" {
|
||||
region = "ap-southeast-1"
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_version = "> 0.12, < 0.13"
|
||||
required_providers {
|
||||
aws = "~> 3.6.0"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,30 @@
|
||||
resource "aws_ec2_transit_gateway" "tgw01" {
|
||||
description = "test transit gateway"
|
||||
auto_accept_shared_attachments = "enable"
|
||||
default_route_table_association = "enable"
|
||||
default_route_table_propagation = "enable"
|
||||
dns_support = "enable"
|
||||
tags = local.default-tags
|
||||
}
|
||||
|
||||
resource "aws_ec2_transit_gateway_vpc_attachment" "tgw-attach" {
|
||||
subnet_ids = module.vpc01.private_subnets
|
||||
transit_gateway_id = aws_ec2_transit_gateway.tgw01.id
|
||||
vpc_id = module.vpc01.vpc_id
|
||||
}
|
||||
|
||||
resource "aws_ram_resource_share" "ram-share" {
|
||||
name = "rslab-dplab"
|
||||
allow_external_principals = true
|
||||
tags = local.default-tags
|
||||
}
|
||||
|
||||
resource "aws_ram_resource_association" "tg-share" {
|
||||
resource_arn = aws_ec2_transit_gateway.tgw01.arn
|
||||
resource_share_arn = aws_ram_resource_share.ram-share.arn
|
||||
}
|
||||
|
||||
resource "aws_ram_principal_association" "ram-invite" {
|
||||
principal = var.tgw-target-account
|
||||
resource_share_arn = aws_ram_resource_share.ram-share.arn
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
variable "aws_access_key" {}
|
||||
variable "aws_secret_key" {}
|
||||
|
||||
variable "vpc-cidr" {}
|
||||
|
||||
variable aws-region {}
|
||||
variable owner {}
|
||||
variable project {}
|
||||
variable environment {}
|
||||
variable application {}
|
||||
variable terraformmode {}
|
||||
|
||||
locals {
|
||||
default-tags = {
|
||||
terraform = var.terraformmode
|
||||
environment = var.environment
|
||||
project = var.project
|
||||
application = var.application
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
variable tgw-target-account {}
|
||||
@@ -0,0 +1,52 @@
|
||||
data "aws_availability_zones" "available" {}
|
||||
|
||||
locals {
|
||||
subnet_start = cidrsubnets(var.vpc-cidr, 4, 4)
|
||||
}
|
||||
|
||||
module "random" {
|
||||
source = "./m.random"
|
||||
}
|
||||
|
||||
module "vpc01" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
version = "2.47.0"
|
||||
|
||||
name = "demo-vpc-${module.random.number}"
|
||||
cidr = var.vpc-cidr
|
||||
azs = data.aws_availability_zones.available.names
|
||||
private_subnets = cidrsubnets(local.subnet_start[0], 4, 4)
|
||||
public_subnets = cidrsubnets(local.subnet_start[1], 4, 4)
|
||||
enable_nat_gateway = false
|
||||
single_nat_gateway = true
|
||||
enable_dns_hostnames = true
|
||||
|
||||
# this is kinda slow
|
||||
# enable_ssm_endpoint = true
|
||||
# ssm_endpoint_private_dns_enabled = true
|
||||
# ssm_endpoint_security_group_ids = [aws_security_group.endpoint-sg.id]
|
||||
# ssm_endpoint_subnet_ids = module.vpc01.public_subnets
|
||||
|
||||
tags = local.default-tags
|
||||
|
||||
}
|
||||
|
||||
resource "aws_security_group" "endpoint-sg" {
|
||||
name = "endpoint-sg"
|
||||
vpc_id = module.vpc01.vpc_id
|
||||
ingress {
|
||||
description = "Allow within VPC"
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = [module.vpc01.vpc_cidr_block]
|
||||
}
|
||||
egress {
|
||||
from_port = 0
|
||||
to_port = 0
|
||||
protocol = "-1"
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
}
|
||||
tags = local.default-tags
|
||||
}
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
output vpc-id {
|
||||
value = data.aws_vpc.vpc1.id
|
||||
}
|
||||
|
||||
output share-name {
|
||||
value = aws_ram_resource_share_accepter.tgw-accepter.share_name
|
||||
}
|
||||
|
||||
output share-status {
|
||||
value = aws_ram_resource_share_accepter.tgw-accepter.status
|
||||
}
|
||||
|
||||
output shared-resources {
|
||||
value = aws_ram_resource_share_accepter.tgw-accepter.resources
|
||||
}
|
||||
|
||||
output tgw-id {
|
||||
value = data.aws_ec2_transit_gateway.shared-tgw.id
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
provider "aws" {
|
||||
region = var.aws-region
|
||||
access_key = var.aws_access_key
|
||||
secret_key = var.aws_secret_key
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_version = "> 0.12, < 0.13"
|
||||
required_providers {
|
||||
aws = "~> 3.6.0"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
resource "aws_ram_resource_share_accepter" "tgw-accepter" {
|
||||
share_arn = "arn:aws:ram:ap-southeast-1:573340405480:resource-share/70e66c50-c169-4f31-a199-f3a09adb27ce"
|
||||
lifecycle {
|
||||
ignore_changes = all
|
||||
}
|
||||
}
|
||||
|
||||
locals {
|
||||
tgw-id = split("/", aws_ram_resource_share_accepter.tgw-accepter.resources[0])[1]
|
||||
}
|
||||
|
||||
data "aws_ec2_transit_gateway" shared-tgw {
|
||||
id = local.tgw-id
|
||||
}
|
||||
|
||||
data "aws_subnet_ids" subnet-ids {
|
||||
vpc_id = data.aws_vpc.vpc1.id
|
||||
}
|
||||
|
||||
resource "aws_ec2_transit_gateway_vpc_attachment" tgw-attach {
|
||||
vpc_id = data.aws_vpc.vpc1.id
|
||||
subnet_ids = [tolist(data.aws_subnet_ids.subnet-ids.ids)[0]]
|
||||
transit_gateway_id = data.aws_ec2_transit_gateway.shared-tgw.id
|
||||
tags = local.default-tags
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
variable "aws_access_key" {}
|
||||
variable "aws_secret_key" {}
|
||||
|
||||
variable aws-region {}
|
||||
variable owner {}
|
||||
variable project {}
|
||||
variable environment {}
|
||||
variable application {}
|
||||
variable terraformmode {}
|
||||
|
||||
locals {
|
||||
default-tags = {
|
||||
terraform = var.terraformmode
|
||||
environment = var.environment
|
||||
project = var.project
|
||||
application = var.application
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
data aws_vpc vpc1 {
|
||||
id = "vpc-d151e0b4"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user