From 3e43084c11bd73315b75ff8af61097c411d7bf80 Mon Sep 17 00:00:00 2001 From: Pablo Sanchez Carmona Date: Wed, 1 Mar 2023 11:57:19 +0100 Subject: [PATCH 1/4] adding support for Cloud WAN Appliance mode in attachment --- .header.md | 15 ++++----- README.md | 17 ++++++----- examples/cloud_wan/main.tf | 54 +++++++++++++++------------------ examples/cloud_wan/outputs.tf | 4 +-- examples/cloud_wan/providers.tf | 17 ++--------- main.tf | 3 +- variables.tf | 5 ++- 7 files changed, 52 insertions(+), 63 deletions(-) diff --git a/.header.md b/.header.md index d922126..e9a566a 100644 --- a/.header.md +++ b/.header.md @@ -102,10 +102,11 @@ subnets = { } core_network = { - netmask = 28 - ipv6_support = false - require_acceptance = true - accept_attachment = true + netmask = 28 + ipv6_support = false + appliance_mode_support = false + require_acceptance = true + accept_attachment = true tags = { env = "prod" @@ -226,7 +227,7 @@ This happens when the Core Network's VPC attachment requires acceptance, so it's ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = true accept_attachment = true } @@ -238,7 +239,7 @@ subnets = { ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = true accept_attachment = true } @@ -250,7 +251,7 @@ After you apply and the attachment is accepted (outside the module), change the ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = false } } diff --git a/README.md b/README.md index 7da6393..7856122 100644 --- a/README.md +++ b/README.md @@ -103,10 +103,11 @@ subnets = { } core_network = { - netmask = 28 - ipv6_support = false - require_acceptance = true - accept_attachment = true + netmask = 28 + ipv6_support = false + appliance_mode_support = false + require_acceptance = true + accept_attachment = true tags = { env = "prod" @@ -227,7 +228,7 @@ This happens when the Core Network's VPC attachment requires acceptance, so it's ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = true accept_attachment = true } @@ -239,7 +240,7 @@ subnets = { ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = true accept_attachment = true } @@ -251,7 +252,7 @@ After you apply and the attachment is accepted (outside the module), change the ```terraform subnets = { core_network = { - netmaks = 28 + netmask = 28 require_acceptance = false } } @@ -327,7 +328,7 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws |------|-------------|------|---------|:--------:| | [az\_count](#input\_az\_count) | Searches region for # of AZs to use and takes a slice based on count. Assume slice is sorted a-z. | `number` | n/a | yes | | [name](#input\_name) | Name to give VPC. Note: does not effect subnet names, which get assigned name based on name\_prefix. | `string` | n/a | yes | -| [subnets](#input\_subnets) | Configuration of subnets to build in VPC. 1 Subnet per AZ is created. Subnet types are defined as maps with the available keys: "private", "public", "transit\_gateway". Each Subnet type offers its own set of available arguments detailed below.

**Attributes shared across subnet types:**
- `cidrs` = (Optional\|list(string)) **Cannot set if `netmask` is set.** List of CIDRs to set to subnets. Count of CIDRs defined must match quatity of azs in `az_count`.
- `netmask` = (Optional\|Int) Netmask of the `var.cidr_block` to calculate for each subnet. **Cannot set if `cidrs` is set.**
- `name_prefix` = (Optional\|String) A string prefix to use for the name of your subnet and associated resources. Subnet type key name is used if omitted (aka private, public, transit\_gateway). Example `name_prefix = "private"` for `var.subnets.private` is redundant.
- `tags` = (Optional\|map(string)) Tags to set on the subnet and associated resources.

**Any private subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.

**public subnet type options:**
- All shared keys above
- `nat_gateway_configuration` = (Optional\|string) Determines if NAT Gateways should be created and in how many AZs. Valid values = `"none"`, `"single_az"`, `"all_azs"`. Default = "none". Must also set `var.subnets.private.connect_to_public_natgw = true`.

**transit\_gateway subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `transit_gateway_default_route_table_association` = (Optional\|bool) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_default_route_table_propagation` = (Optional\|bool) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_appliance_mode_support` = (Optional\|string) Whether Appliance Mode is enabled. If enabled, a traffic flow between a source and a destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable` (default) and `enable`.
- `transit_gateway_dns_support` = (Optional\|string) DNS Support is used if you need the VPC to resolve public IPv4 DNS host names to private IPv4 addresses when queried from instances in another VPC attached to the transit gateway. Valid values: `enable` (default) and `disable`.

**core\_network subnet type options:**
- All shared keys abovce
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `ipv6_support` = (Optional\|bool) Boolean whether IPv6 is supported or not in the Cloud WAN's VPC attachment. Default to `false`.
- `require_acceptance` = (Optional\|bool) Boolean whether the core network VPC attachment to create requires acceptance or not. Defaults to `false`.
- `accept_attachment` = (Optional\|bool) Boolean whether the core network VPC attachment is accepted or not in the segment. Only valid if `require_acceptance` is set to `true`. Defaults to `true`.

Example:
subnets = {
  public = {
    netmask                   = 24
    nat_gateway_configuration = "single_az"
  }

  private = {
    netmask                  = 24
    connect_to_public_natgw  = true
  }

  transit_gateway = {
    netmask                                         = 24
    connect_to_public_natgw                         = true
    transit_gateway_default_route_table_association = true
    transit_gateway_default_route_table_propagation = true
  }

  core_network = {
    netmask                 = 24
    connect_to_public_natgw = true
    ipv6_support            = true
    require_acceptance      = true
    accept_attachment       = true
  }
}
| `any` | n/a | yes | +| [subnets](#input\_subnets) | Configuration of subnets to build in VPC. 1 Subnet per AZ is created. Subnet types are defined as maps with the available keys: "private", "public", "transit\_gateway". Each Subnet type offers its own set of available arguments detailed below.

**Attributes shared across subnet types:**
- `cidrs` = (Optional\|list(string)) **Cannot set if `netmask` is set.** List of CIDRs to set to subnets. Count of CIDRs defined must match quatity of azs in `az_count`.
- `netmask` = (Optional\|Int) Netmask of the `var.cidr_block` to calculate for each subnet. **Cannot set if `cidrs` is set.**
- `name_prefix` = (Optional\|String) A string prefix to use for the name of your subnet and associated resources. Subnet type key name is used if omitted (aka private, public, transit\_gateway). Example `name_prefix = "private"` for `var.subnets.private` is redundant.
- `tags` = (Optional\|map(string)) Tags to set on the subnet and associated resources.

**Any private subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.

**public subnet type options:**
- All shared keys above
- `nat_gateway_configuration` = (Optional\|string) Determines if NAT Gateways should be created and in how many AZs. Valid values = `"none"`, `"single_az"`, `"all_azs"`. Default = "none". Must also set `var.subnets.private.connect_to_public_natgw = true`.

**transit\_gateway subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `transit_gateway_default_route_table_association` = (Optional\|bool) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_default_route_table_propagation` = (Optional\|bool) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_appliance_mode_support` = (Optional\|string) Whether Appliance Mode is enabled. If enabled, a traffic flow between a source and a destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable` (default) and `enable`.
- `transit_gateway_dns_support` = (Optional\|string) DNS Support is used if you need the VPC to resolve public IPv4 DNS host names to private IPv4 addresses when queried from instances in another VPC attached to the transit gateway. Valid values: `enable` (default) and `disable`.

**core\_network subnet type options:**
- All shared keys abovce
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `ipv6_support` = (Optional\|bool) Boolean whether IPv6 is supported or not in the Cloud WAN's VPC attachment. Default to `false`.
- `appliance_mode_support` = (Optional\|bool) Indicates whether appliance mode is supported. If enabled, traffic flow between a source and destination use the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.
- `require_acceptance` = (Optional\|bool) Boolean whether the core network VPC attachment to create requires acceptance or not. Defaults to `false`.
- `accept_attachment` = (Optional\|bool) Boolean whether the core network VPC attachment is accepted or not in the segment. Only valid if `require_acceptance` is set to `true`. Defaults to `true`.

Example:
subnets = {
  public = {
    netmask                   = 24
    nat_gateway_configuration = "single_az"
  }

  private = {
    netmask                  = 24
    connect_to_public_natgw  = true
  }

  transit_gateway = {
    netmask                                         = 24
    connect_to_public_natgw                         = true
    transit_gateway_default_route_table_association = true
    transit_gateway_default_route_table_propagation = true
  }

  core_network = {
    netmask                 = 24
    connect_to_public_natgw = true
    ipv6_support            = true
    appliance_mode_support  = true
    require_acceptance      = true
    accept_attachment       = true
  }
}
| `any` | n/a | yes | | [cidr\_block](#input\_cidr\_block) | CIDR range to assign to VPC if creating VPC or to associte as a secondary CIDR. Overridden by var.vpc\_id output from data.aws\_vpc. | `string` | `null` | no | | [core\_network](#input\_core\_network) | AWS Cloud WAN's core network information - to create a VPC attachment. Required when `cloud_wan` subnet is defined. Two attributes are required: the `id` and `arn` of the resource. | 
object({
    id  = string
    arn = string
  })
| 
{
  "arn": null,
  "id": null
}
| no | | [core\_network\_routes](#input\_core\_network\_routes) | Configuration of route(s) to AWS Cloud WAN's core network.
For each `public` and/or `private` subnets named in the `subnets` variable, optionally create routes from the subnet to the core network.
You can specify either a CIDR range or a prefix-list-id that you want routed to the core network.
Example:
core_network_routes = {
  public  = "10.0.0.0/8"
  private = "pl-123"
}
| `any` | `{}` | no | diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index 6591d0a..2df0fd9 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,21 +1,19 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 3.0.2" + #source = "aws-ia/vpc/aws" + #version = ">= 3.0.2" - providers = { - aws = aws.awsnvirginia - awscc = awscc.awsccnvirginia - } + source = "../.." + providers = { aws = aws.awsnvirginia } name = "nvirginia-vpc" cidr_block = "10.0.0.0/24" az_count = 2 core_network = { - id = awscc_networkmanager_core_network.core_network.core_network_id - arn = awscc_networkmanager_core_network.core_network.core_network_arn + id = aws_networkmanager_core_network.core_network.id + arn = aws_networkmanager_core_network.core_network.arn } core_network_routes = { workload = "0.0.0.0/0" @@ -24,10 +22,11 @@ module "nvirginia_vpc" { subnets = { workload = { netmask = 28 } core_network = { - netmask = 28 - ipv6_support = false - require_acceptance = true - accept_attachment = true + netmask = 28 + ipv6_support = false + appliance_mode_support = true + require_acceptance = true + accept_attachment = true tags = { env = "prod" @@ -38,21 +37,19 @@ module "nvirginia_vpc" { # VPC module (Ireland) module "ireland_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 3.0.2" + #source = "aws-ia/vpc/aws" + #version = ">= 3.0.2" - providers = { - aws = aws.awsireland - awscc = awscc.awsccireland - } + source = "../.." + providers = { aws = aws.awsireland } name = "ireland-vpc" cidr_block = "10.0.1.0/24" az_count = 2 core_network = { - id = awscc_networkmanager_core_network.core_network.core_network_id - arn = awscc_networkmanager_core_network.core_network.core_network_arn + id = aws_networkmanager_core_network.core_network.id + arn = aws_networkmanager_core_network.core_network.arn } core_network_routes = { workload = "0.0.0.0/0" @@ -73,22 +70,21 @@ module "ireland_vpc" { } # Global Network -resource "awscc_networkmanager_global_network" "global_network" { - provider = awscc.awsccnvirginia +resource "aws_networkmanager_global_network" "global_network" { + provider = aws.awsnvirginia description = "Global Network - VPC module" } # Core Network -resource "awscc_networkmanager_core_network" "core_network" { - provider = awscc.awsccnvirginia +resource "aws_networkmanager_core_network" "core_network" { + provider = aws.awsnvirginia description = "Core Network - VPC module" - global_network_id = awscc_networkmanager_global_network.global_network.id + global_network_id = aws_networkmanager_global_network.global_network.id policy_document = jsonencode(jsondecode(data.aws_networkmanager_core_network_policy_document.policy.json)) - tags = [{ - key = "Name", - value = "Core Network - VPC module" - }] + tags = { + Name = "Core Network - VPC module" + } } diff --git a/examples/cloud_wan/outputs.tf b/examples/cloud_wan/outputs.tf index 24842a1..187fb4b 100644 --- a/examples/cloud_wan/outputs.tf +++ b/examples/cloud_wan/outputs.tf @@ -9,12 +9,12 @@ output "vpcs" { output "global_network" { description = "Global Network ID." - value = awscc_networkmanager_global_network.global_network.id + value = aws_networkmanager_global_network.global_network.id } output "core_network" { description = "Core Network ID." - value = awscc_networkmanager_core_network.core_network.core_network_id + value = aws_networkmanager_core_network.core_network.id } output "core_network_vpc_attachments" { diff --git a/examples/cloud_wan/providers.tf b/examples/cloud_wan/providers.tf index 3834e68..4738b69 100644 --- a/examples/cloud_wan/providers.tf +++ b/examples/cloud_wan/providers.tf @@ -6,31 +6,18 @@ terraform { source = "hashicorp/aws" version = ">= 4.27.0" } - awscc = { - source = "hashicorp/awscc" - version = ">= 0.36.0" - } } } -# Provider definitios for N. Virginia Region +# Provider definition for N. Virginia Region provider "aws" { region = var.cloud_wan_regions.nvirginia alias = "awsnvirginia" } -provider "awscc" { - region = var.cloud_wan_regions.nvirginia - alias = "awsccnvirginia" -} - -# Provider definitios for Ireland Region +# Provider definition for Ireland Region provider "aws" { region = var.cloud_wan_regions.ireland alias = "awsireland" } -provider "awscc" { - region = var.cloud_wan_regions.ireland - alias = "awsccireland" -} diff --git a/main.tf b/main.tf index 1eb79de..1dc6812 100644 --- a/main.tf +++ b/main.tf @@ -356,7 +356,8 @@ resource "aws_networkmanager_vpc_attachment" "cwan" { vpc_arn = local.vpc.arn options { - ipv6_support = try(var.subnets.core_nework.ipv6_support, false) + ipv6_support = try(var.subnets.core_nework.ipv6_support, false) + appliance_mode_support = try(var.subnets.core_network.appliance_mode_support, false) } tags = merge( diff --git a/variables.tf b/variables.tf index 8cf1051..c8110f4 100644 --- a/variables.tf +++ b/variables.tf @@ -102,6 +102,7 @@ variable "subnets" { - All shared keys abovce - `connect_to_public_natgw` = (Optional|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`. - `ipv6_support` = (Optional|bool) Boolean whether IPv6 is supported or not in the Cloud WAN's VPC attachment. Default to `false`. + - `appliance_mode_support` = (Optional|bool) Indicates whether appliance mode is supported. If enabled, traffic flow between a source and destination use the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`. - `require_acceptance` = (Optional|bool) Boolean whether the core network VPC attachment to create requires acceptance or not. Defaults to `false`. - `accept_attachment` = (Optional|bool) Boolean whether the core network VPC attachment is accepted or not in the segment. Only valid if `require_acceptance` is set to `true`. Defaults to `true`. @@ -129,6 +130,7 @@ variable "subnets" { netmask = 24 connect_to_public_natgw = true ipv6_support = true + appliance_mode_support = true require_acceptance = true accept_attachment = true } @@ -167,13 +169,14 @@ EOF # All var.subnets.core_network valid keys validation { - error_message = "Invalid key in core_network subnets. Valid options include: \"cidrs\", \"netmask\", \"name_prefix\", \"ipv6_support\", \"require_acceptance\", \"accept_attachment\", \"tags\"." + error_message = "Invalid key in core_network subnets. Valid options include: \"cidrs\", \"netmask\", \"name_prefix\", \"ipv6_support\", \"appliance_mode_support\", \"require_acceptance\", \"accept_attachment\", \"tags\"." condition = length(setsubtract(keys(try(var.subnets.core_network, {})), [ "cidrs", "netmask", "name_prefix", "connect_to_public_natgw", "ipv6_support", + "appliance_mode_support", "require_acceptance", "accept_attachment", "tags" From bb4101b6b640c54afbc002fdf547533e1248eb4c Mon Sep 17 00:00:00 2001 From: Pablo Sanchez Carmona Date: Wed, 1 Mar 2023 12:39:35 +0100 Subject: [PATCH 2/4] minor changes in example --- examples/cloud_wan/main.tf | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index 2df0fd9..c5c265b 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,10 +1,8 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - #source = "aws-ia/vpc/aws" - #version = ">= 3.0.2" - - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 4.0.0" providers = { aws = aws.awsnvirginia } name = "nvirginia-vpc" @@ -37,10 +35,8 @@ module "nvirginia_vpc" { # VPC module (Ireland) module "ireland_vpc" { - #source = "aws-ia/vpc/aws" - #version = ">= 3.0.2" - - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 4.0.0" providers = { aws = aws.awsireland } name = "ireland-vpc" From 60387bd3bf1c5fba71925e9c5b5bc70df604baf3 Mon Sep 17 00:00:00 2001 From: Pablo Sanchez Carmona Date: Wed, 1 Mar 2023 12:46:12 +0100 Subject: [PATCH 3/4] fmt --- examples/cloud_wan/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index c5c265b..bb89aa5 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,8 +1,8 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 4.0.0" + source = "aws-ia/vpc/aws" + version = ">= 4.0.0" providers = { aws = aws.awsnvirginia } name = "nvirginia-vpc" @@ -35,8 +35,8 @@ module "nvirginia_vpc" { # VPC module (Ireland) module "ireland_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 4.0.0" + source = "aws-ia/vpc/aws" + version = ">= 4.0.0" providers = { aws = aws.awsireland } name = "ireland-vpc" From 3188371dbe2e48bae814f55dc159f33997a464e5 Mon Sep 17 00:00:00 2001 From: Pablo Sanchez Carmona Date: Thu, 9 Mar 2023 23:50:50 +0100 Subject: [PATCH 4/4] minor updates - examples documentation --- examples/cloud_wan/README.md | 11 +++-- examples/public_private_flow_logs/README.md | 2 +- examples/transit_gateway/.header.md | 9 ++++ examples/transit_gateway/.terraform-docs.yaml | 21 +++++++++ examples/transit_gateway/README.md | 45 +++++++++++++++++++ examples/transit_gateway/main.tf | 5 +-- 6 files changed, 83 insertions(+), 10 deletions(-) create mode 100644 examples/transit_gateway/.header.md create mode 100644 examples/transit_gateway/.terraform-docs.yaml create mode 100644 examples/transit_gateway/README.md diff --git a/examples/cloud_wan/README.md b/examples/cloud_wan/README.md index 8dc62c1..8f1edde 100644 --- a/examples/cloud_wan/README.md +++ b/examples/cloud_wan/README.md @@ -16,28 +16,27 @@ This example shows how you can use this module with `core_network` subnets, and |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 4.27.0 | -| [awscc](#requirement\_awscc) | >= 0.36.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.27.0 | -| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | >= 0.36.0 | +| [aws.awsnvirginia](#provider\_aws.awsnvirginia) | >= 4.27.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [ireland\_vpc](#module\_ireland\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | -| [nvirginia\_vpc](#module\_nvirginia\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | +| [ireland\_vpc](#module\_ireland\_vpc) | aws-ia/vpc/aws | >= 4.0.0 | +| [nvirginia\_vpc](#module\_nvirginia\_vpc) | aws-ia/vpc/aws | >= 4.0.0 | ## Resources | Name | Type | |------|------| -| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_core_network) | resource | -| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_global_network) | resource | +| [aws_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_core_network) | resource | +| [aws_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_global_network) | resource | | [aws_networkmanager_core_network_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/networkmanager_core_network_policy_document) | data source | ## Inputs diff --git a/examples/public_private_flow_logs/README.md b/examples/public_private_flow_logs/README.md index ee77944..1066fef 100644 --- a/examples/public_private_flow_logs/README.md +++ b/examples/public_private_flow_logs/README.md @@ -22,7 +22,7 @@ At this point, only cloud-watch logs are support, pending: https://github.com/aw | Name | Source | Version | |------|--------|---------| -| [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | +| [vpc](#module\_vpc) | ../.. | n/a | ## Resources diff --git a/examples/transit_gateway/.header.md b/examples/transit_gateway/.header.md new file mode 100644 index 0000000..14a9c0b --- /dev/null +++ b/examples/transit_gateway/.header.md @@ -0,0 +1,9 @@ +# Creating AWS Transit Gateway VPC attachment + +This example shows how you can use this module with `transit_gateway` subnets, and AWS Transit Gateway VPC attachment. This examples creates the following: + +* AWS Transit Gateway. +* The VPC module creates the following: + * Four sets of subnets (*public*, *private_with_egress*, *truly_private*, and *transit_gateway*) + * Transit Gateway VPC attachment. + * Routing to Transit Gateway attachment from *public* and *private_with_egress* subnets. \ No newline at end of file diff --git a/examples/transit_gateway/.terraform-docs.yaml b/examples/transit_gateway/.terraform-docs.yaml new file mode 100644 index 0000000..6dc99de --- /dev/null +++ b/examples/transit_gateway/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: .header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + lockfile: false + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace diff --git a/examples/transit_gateway/README.md b/examples/transit_gateway/README.md new file mode 100644 index 0000000..dcb706a --- /dev/null +++ b/examples/transit_gateway/README.md @@ -0,0 +1,45 @@ + +# Creating AWS Transit Gateway VPC attachment + +This example shows how you can use this module with `transit_gateway` subnets, and AWS Transit Gateway VPC attachment. This examples creates the following: + +* AWS Transit Gateway. +* The VPC module creates the following: + * Four sets of subnets (*public*, *private\_with\_egress*, *truly\_private*, and *transit\_gateway*) + * Transit Gateway VPC attachment. + * Routing to Transit Gateway attachment from *public* and *private\_with\_egress* subnets. + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [tgw\_base\_for\_example\_only](#module\_tgw\_base\_for\_example\_only) | ../../test/hcl_fixtures/transit_gateway_base | n/a | +| [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 4.0.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [private\_subnets\_tags\_length](#output\_private\_subnets\_tags\_length) | Count of private subnet tags for a single az. | +| [tgw\_subnets\_tags\_length](#output\_tgw\_subnets\_tags\_length) | Count of tgw subnet tags for a single az. | + \ No newline at end of file diff --git a/examples/transit_gateway/main.tf b/examples/transit_gateway/main.tf index 0efb2ec..e2fed68 100644 --- a/examples/transit_gateway/main.tf +++ b/examples/transit_gateway/main.tf @@ -1,9 +1,8 @@ data "aws_availability_zones" "current" {} module "vpc" { - # source = "aws-ia/vpc/aws" - # version = ">= 3.0.2" - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 4.0.0" name = "tgw" cidr_block = "10.0.0.0/16"