diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 7e9a6e8..4c21154 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -19,10 +19,11 @@ jobs:
- name: "make test"
run: |
- make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}"
+ make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}"
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }}
- TF_VAR_role_to_assume: ${{ secrets.role_to_assume }}
+ TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }}
+ TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }}
+ TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 5408906..834b9a9 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -40,10 +40,11 @@ jobs:
- name: "make test"
run: |
- make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}"
+ make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}"
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }}
- TF_VAR_role_to_assume: ${{ secrets.role_to_assume }}
+ TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }}
+ TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }}
+ TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }}
diff --git a/Makefile b/Makefile
index 55a3e50..7fc6f36 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,10 @@ TF_MODULES = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/)))
# -------------------------------------------------------------------------------------------------
# Container versions
# -------------------------------------------------------------------------------------------------
-TF_VERSION = 0.13.7
-TFDOCS_VERSION = 0.16.0-0.31
-FL_VERSION = 0.4
-JL_VERSION = 1.6.0-0.5
+TF_VERSION = 1.5.7
+TFDOCS_VERSION = 0.16.0-0.34
+FL_VERSION = latest-0.8
+JL_VERSION = 1.6.0-0.14
# -------------------------------------------------------------------------------------------------
diff --git a/README.md b/README.md
index 2a56655..dc15ff3 100644
--- a/README.md
+++ b/README.md
@@ -45,14 +45,14 @@ Obviously, all the [supported authentication][6] methods can also be used.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13 |
-| [aws](#requirement\_aws) | >= 4 |
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 4 |
+| [aws](#provider\_aws) | >= 5 |
## Modules
@@ -75,12 +75,11 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [allowed\_account\_id](#input\_allowed\_account\_id) | AWS account ID for which this module can be executed | `string` | n/a | yes |
| [cgw\_bgp\_asn](#input\_cgw\_bgp\_asn) | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). | `string` | n/a | yes |
| [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes |
| [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes |
+| [transit\_gateway\_hub\_account\_id](#input\_transit\_gateway\_hub\_account\_id) | AWS account ID of Transit Gateway owner | `string` | n/a | yes |
| [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes |
-| [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no |
| [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no |
| [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no |
| [tags](#input\_tags) | Map of custom tags for the provisioned resources | `map(string)` | `{}` | no |
diff --git a/data.tf b/data.tf
index 7eb5c85..a67bfb3 100644
--- a/data.tf
+++ b/data.tf
@@ -11,7 +11,7 @@ data "aws_ec2_transit_gateway" "this" {
filter {
name = "owner-id"
- values = [var.allowed_account_id]
+ values = [var.transit_gateway_hub_account_id]
}
filter {
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 778b516..dd789a0 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -3,7 +3,10 @@
## Requirements
-No requirements.
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5 |
## Providers
@@ -13,6 +16,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
+| [tgw](#module\_tgw) | github.com/flaconi/terraform-aws-transit-gateway-hub.git | v1.6.0 |
| [vpn](#module\_vpn) | ../../ | n/a |
## Resources
@@ -28,6 +32,7 @@ No resources.
| [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes |
| [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes |
| [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes |
+| [transit\_gateway\_satellite\_account\_id](#input\_transit\_gateway\_satellite\_account\_id) | AWS account ID for which the module should share TGW resource | `string` | n/a | yes |
| [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no |
| [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no |
| [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no |
@@ -42,6 +47,7 @@ No resources.
| Name | Description |
|------|-------------|
| [customer\_gateway\_id](#output\_customer\_gateway\_id) | ID of the Customer Gateway |
+| [transit\_gateway\_id](#output\_transit\_gateway\_id) | ID of the used Transit Gateway |
| [vpn\_connection](#output\_vpn\_connection) | VPN connection details |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index a450a67..544db62 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,21 +1,24 @@
-# The Transit Gateway (hub) has already been created in AWS, as a fixture for
-# this test case due to not being able to use 'depends_on' on Terraform modules
-module "vpn" {
- source = "../../"
+module "tgw" {
+ source = "github.com/flaconi/terraform-aws-transit-gateway-hub.git?ref=v1.6.0"
- providers = { aws = aws }
+ name = var.transit_gateway_hub_name
- role_to_assume = var.role_to_assume
- allowed_account_id = var.allowed_account_id
+ aws_account_id_hub = var.allowed_account_id
+ aws_account_id_satellite = [var.transit_gateway_satellite_account_id]
+}
+
+module "vpn" {
+ source = "../../"
name = var.name
cgw_bgp_asn = var.cgw_bgp_asn
cgw_ip_address = var.cgw_ip_address
- transit_gateway_hub_name = var.transit_gateway_hub_name
- static_routes_only = var.static_routes_only
- static_routes_destinations = var.static_routes_destinations
+ transit_gateway_hub_name = var.transit_gateway_hub_name
+ transit_gateway_hub_account_id = var.allowed_account_id
+ static_routes_only = var.static_routes_only
+ static_routes_destinations = var.static_routes_destinations
tunnel1_inside_cidr = var.tunnel1_inside_cidr
tunnel2_inside_cidr = var.tunnel2_inside_cidr
@@ -23,4 +26,6 @@ module "vpn" {
tunnel2_preshared_key = var.tunnel2_preshared_key
tags = var.tags
+
+ depends_on = [module.tgw]
}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index 04e2d89..ab50ed5 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -1,3 +1,8 @@
+output "transit_gateway_id" {
+ description = "ID of the used Transit Gateway"
+ value = module.tgw.transit_gateway_id
+}
+
output "customer_gateway_id" {
description = "ID of the Customer Gateway"
value = module.vpn.customer_gateway_id
diff --git a/examples/complete/variables.auto.tfvars b/examples/complete/variables.auto.tfvars
index aba6164..150e3d8 100644
--- a/examples/complete/variables.auto.tfvars
+++ b/examples/complete/variables.auto.tfvars
@@ -3,7 +3,7 @@ name = "test-vpn"
cgw_bgp_asn = 65000
cgw_ip_address = "1.1.1.1"
-transit_gateway_hub_name = "test-tgw-fixture"
+transit_gateway_hub_name = "test-vpn-tgw"
static_routes_only = true
static_routes_destinations = [
"192.168.0.0/24",
@@ -15,7 +15,6 @@ tunnel2_inside_cidr = "169.254.7.0/30"
tunnel1_preshared_key = "heregoessomesupersecure.pre_shar3d_k3y"
tunnel2_preshared_key = "Andwehaveanother._0n3"
-
tags = {
purpose = "testing-vpn"
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
deleted file mode 120000
index 505ce0c..0000000
--- a/examples/complete/variables.tf
+++ /dev/null
@@ -1 +0,0 @@
-../../variables.tf
\ No newline at end of file
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
new file mode 100644
index 0000000..e222d8c
--- /dev/null
+++ b/examples/complete/variables.tf
@@ -0,0 +1,77 @@
+variable "allowed_account_id" {
+ description = "AWS account ID for which this module can be executed"
+ type = string
+}
+
+variable "role_to_assume" {
+ description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)"
+ type = string
+ default = ""
+}
+
+variable "name" {
+ description = "Generic name to be given to the provisioned resources"
+ type = string
+}
+variable "tags" {
+ description = "Map of custom tags for the provisioned resources"
+ type = map(string)
+ default = {}
+}
+
+variable "cgw_bgp_asn" {
+ description = "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)."
+ type = string
+}
+
+variable "cgw_ip_address" {
+ description = "IP address of the client VPN endpoint"
+ type = string
+}
+
+variable "transit_gateway_hub_name" {
+ description = "Name of the Transit Gateway to attach the VPN to"
+ type = string
+}
+
+variable "transit_gateway_satellite_account_id" {
+ description = "AWS account ID for which the module should share TGW resource"
+ type = string
+}
+
+variable "static_routes_only" {
+ description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP"
+ type = bool
+ default = false
+}
+
+variable "static_routes_destinations" {
+ description = "List of CIDRs to be routed into the VPN tunnel."
+ type = list(string)
+ default = []
+}
+
+# https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnTunnelOptionsSpecification.html
+variable "tunnel1_inside_cidr" {
+ description = "A size /30 CIDR block from the 169.254.0.0/16 range"
+ type = string
+ default = null
+}
+
+variable "tunnel2_inside_cidr" {
+ description = "A size /30 CIDR block from the 169.254.0.0/16 range"
+ type = string
+ default = null
+}
+
+variable "tunnel1_preshared_key" {
+ description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
+ type = string
+ default = null
+}
+
+variable "tunnel2_preshared_key" {
+ description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
+ type = string
+ default = null
+}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
new file mode 100644
index 0000000..5ef3c40
--- /dev/null
+++ b/examples/complete/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5"
+ }
+ }
+ required_version = ">= 1.0"
+}
diff --git a/variables.tf b/variables.tf
index ff8f1dd..02a212d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,14 +1,3 @@
-variable "allowed_account_id" {
- description = "AWS account ID for which this module can be executed"
- type = string
-}
-
-variable "role_to_assume" {
- description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)"
- type = string
- default = ""
-}
-
variable "name" {
description = "Generic name to be given to the provisioned resources"
type = string
@@ -34,6 +23,11 @@ variable "transit_gateway_hub_name" {
type = string
}
+variable "transit_gateway_hub_account_id" {
+ description = "AWS account ID of Transit Gateway owner"
+ type = string
+}
+
variable "static_routes_only" {
description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP"
type = bool
@@ -61,12 +55,12 @@ variable "tunnel2_inside_cidr" {
variable "tunnel1_preshared_key" {
description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
- default = null
type = string
+ default = null
}
variable "tunnel2_preshared_key" {
description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
- default = null
type = string
+ default = null
}
diff --git a/versions.tf b/versions.tf
index 716ce4e..5ef3c40 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,8 +2,8 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4"
+ version = ">= 5"
}
}
- required_version = ">= 0.13"
+ required_version = ">= 1.0"
}