Remove obsolete variables

.github/workflows/master.yml

@@ -19,10 +19,11 @@ jobs:
 
       - name: "make test"
         run: |
-          make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}"
+          make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}"
         env:
           AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }}
-          TF_VAR_role_to_assume: ${{ secrets.role_to_assume }}
+          TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }}
+          TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }}
+          TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }}

.github/workflows/terraform.yml

@@ -40,10 +40,11 @@ jobs:
 
       - name: "make test"
         run: |
-          make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume}"
+          make test ARGS="-var allowed_account_id=${TF_VAR_allowed_account_id} -var role_to_assume=${TF_VAR_role_to_assume} -var transit_gateway_satellite_account_id=${TF_VAR_satellite_account_id}"
         env:
           AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          TF_VAR_allowed_account_id: ${{ secrets.allowed_account_id }}
-          TF_VAR_role_to_assume: ${{ secrets.role_to_assume }}
+          TF_VAR_allowed_account_id: ${{ secrets.AWS_ACCOUNT_ID_HUB }}
+          TF_VAR_role_to_assume: ${{ secrets.ROLE_TO_ASSUME }}
+          TF_VAR_satellite_account_id: ${{ secrets.AWS_ACCOUNT_ID_SATELLITE }}

Makefile

@@ -11,10 +11,10 @@ TF_MODULES  = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/)))
 # -------------------------------------------------------------------------------------------------
 # Container versions
 # -------------------------------------------------------------------------------------------------
-TF_VERSION      = 0.13.7
-TFDOCS_VERSION  = 0.16.0-0.31
-FL_VERSION      = 0.4
-JL_VERSION      = 1.6.0-0.5
+TF_VERSION      = 1.5.7
+TFDOCS_VERSION  = 0.16.0-0.34
+FL_VERSION      = latest-0.8
+JL_VERSION      = 1.6.0-0.14
 
 
 # -------------------------------------------------------------------------------------------------

README.md

@@ -45,14 +45,14 @@ Obviously, all the [supported authentication][6] methods can also be used.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5 |
 
 ## Modules
 
@@ -75,12 +75,11 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_allowed_account_id"></a> [allowed\_account\_id](#input\_allowed\_account\_id) | AWS account ID for which this module can be executed | `string` | n/a | yes |
 | <a name="input_cgw_bgp_asn"></a> [cgw\_bgp\_asn](#input\_cgw\_bgp\_asn) | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). | `string` | n/a | yes |
 | <a name="input_cgw_ip_address"></a> [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes |
+| <a name="input_transit_gateway_hub_account_id"></a> [transit\_gateway\_hub\_account\_id](#input\_transit\_gateway\_hub\_account\_id) | AWS account ID of Transit Gateway owner | `string` | n/a | yes |
 | <a name="input_transit_gateway_hub_name"></a> [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes |
-| <a name="input_role_to_assume"></a> [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no |
 | <a name="input_static_routes_destinations"></a> [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no |
 | <a name="input_static_routes_only"></a> [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of custom tags for the provisioned resources | `map(string)` | `{}` | no |

data.tf

@@ -11,7 +11,7 @@ data "aws_ec2_transit_gateway" "this" {
 
   filter {
     name   = "owner-id"
-    values = [var.allowed_account_id]
+    values = [var.transit_gateway_hub_account_id]
   }
 
   filter {

examples/complete/README.md

@@ -3,7 +3,10 @@
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5 |
 
 ## Providers
 
@@ -13,6 +16,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_tgw"></a> [tgw](#module\_tgw) | github.com/flaconi/terraform-aws-transit-gateway-hub.git | v1.6.0 |
 | <a name="module_vpn"></a> [vpn](#module\_vpn) | ../../ | n/a |
 
 ## Resources
@@ -28,6 +32,7 @@ No resources.
 | <a name="input_cgw_ip_address"></a> [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes |
 | <a name="input_transit_gateway_hub_name"></a> [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes |
+| <a name="input_transit_gateway_satellite_account_id"></a> [transit\_gateway\_satellite\_account\_id](#input\_transit\_gateway\_satellite\_account\_id) | AWS account ID for which the module should share TGW resource | `string` | n/a | yes |
 | <a name="input_role_to_assume"></a> [role\_to\_assume](#input\_role\_to\_assume) | IAM role name to assume (eg. ASSUME-ROLE-HUB) | `string` | `""` | no |
 | <a name="input_static_routes_destinations"></a> [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no |
 | <a name="input_static_routes_only"></a> [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no |
@@ -42,6 +47,7 @@ No resources.
 | Name | Description |
 |------|-------------|
 | <a name="output_customer_gateway_id"></a> [customer\_gateway\_id](#output\_customer\_gateway\_id) | ID of the Customer Gateway |
+| <a name="output_transit_gateway_id"></a> [transit\_gateway\_id](#output\_transit\_gateway\_id) | ID of the used Transit Gateway |
 | <a name="output_vpn_connection"></a> [vpn\_connection](#output\_vpn\_connection) | VPN connection details |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/complete/main.tf

@@ -1,26 +1,31 @@
-# The Transit Gateway (hub) has already been created in AWS, as a fixture for
-# this test case due to not being able to use 'depends_on' on Terraform modules
-module "vpn" {
-  source = "../../"
+module "tgw" {
+  source = "github.com/flaconi/terraform-aws-transit-gateway-hub.git?ref=v1.6.0"
 
-  providers = { aws = aws }
+  name = var.transit_gateway_hub_name
 
-  role_to_assume     = var.role_to_assume
-  allowed_account_id = var.allowed_account_id
+  aws_account_id_hub       = var.allowed_account_id
+  aws_account_id_satellite = [var.transit_gateway_satellite_account_id]
+}
+
+module "vpn" {
+  source = "../../"
 
   name = var.name
 
   cgw_bgp_asn    = var.cgw_bgp_asn
   cgw_ip_address = var.cgw_ip_address
 
-  transit_gateway_hub_name   = var.transit_gateway_hub_name
-  static_routes_only         = var.static_routes_only
-  static_routes_destinations = var.static_routes_destinations
+  transit_gateway_hub_name       = var.transit_gateway_hub_name
+  transit_gateway_hub_account_id = var.allowed_account_id
+  static_routes_only             = var.static_routes_only
+  static_routes_destinations     = var.static_routes_destinations
 
   tunnel1_inside_cidr   = var.tunnel1_inside_cidr
   tunnel2_inside_cidr   = var.tunnel2_inside_cidr
   tunnel1_preshared_key = var.tunnel1_preshared_key
   tunnel2_preshared_key = var.tunnel2_preshared_key
 
   tags = var.tags
+
+  depends_on = [module.tgw]
 }

examples/complete/outputs.tf

@@ -1,3 +1,8 @@
+output "transit_gateway_id" {
+  description = "ID of the used Transit Gateway"
+  value       = module.tgw.transit_gateway_id
+}
+
 output "customer_gateway_id" {
   description = "ID of the Customer Gateway"
   value       = module.vpn.customer_gateway_id

examples/complete/variables.auto.tfvars

@@ -3,7 +3,7 @@ name = "test-vpn"
 cgw_bgp_asn    = 65000
 cgw_ip_address = "1.1.1.1"
 
-transit_gateway_hub_name = "test-tgw-fixture"
+transit_gateway_hub_name = "test-vpn-tgw"
 static_routes_only       = true
 static_routes_destinations = [
   "192.168.0.0/24",
@@ -15,7 +15,6 @@ tunnel2_inside_cidr   = "169.254.7.0/30"
 tunnel1_preshared_key = "heregoessomesupersecure.pre_shar3d_k3y"
 tunnel2_preshared_key = "Andwehaveanother._0n3"
 
-
 tags = {
   purpose = "testing-vpn"
 }

examples/complete/variables.tf

@@ -0,0 +1,77 @@
+variable "allowed_account_id" {
+  description = "AWS account ID for which this module can be executed"
+  type        = string
+}
+
+variable "role_to_assume" {
+  description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)"
+  type        = string
+  default     = ""
+}
+
+variable "name" {
+  description = "Generic name to be given to the provisioned resources"
+  type        = string
+}
+variable "tags" {
+  description = "Map of custom tags for the provisioned resources"
+  type        = map(string)
+  default     = {}
+}
+
+variable "cgw_bgp_asn" {
+  description = "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)."
+  type        = string
+}
+
+variable "cgw_ip_address" {
+  description = "IP address of the client VPN endpoint"
+  type        = string
+}
+
+variable "transit_gateway_hub_name" {
+  description = "Name of the Transit Gateway to attach the VPN to"
+  type        = string
+}
+
+variable "transit_gateway_satellite_account_id" {
+  description = "AWS account ID for which the module should share TGW resource"
+  type        = string
+}
+
+variable "static_routes_only" {
+  description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP"
+  type        = bool
+  default     = false
+}
+
+variable "static_routes_destinations" {
+  description = "List of CIDRs to be routed into the VPN tunnel."
+  type        = list(string)
+  default     = []
+}
+
+# https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnTunnelOptionsSpecification.html
+variable "tunnel1_inside_cidr" {
+  description = "A size /30 CIDR block from the 169.254.0.0/16 range"
+  type        = string
+  default     = null
+}
+
+variable "tunnel2_inside_cidr" {
+  description = "A size /30 CIDR block from the 169.254.0.0/16 range"
+  type        = string
+  default     = null
+}
+
+variable "tunnel1_preshared_key" {
+  description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
+  type        = string
+  default     = null
+}
+
+variable "tunnel2_preshared_key" {
+  description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
+  type        = string
+  default     = null
+}

examples/complete/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5"
+    }
+  }
+  required_version = ">= 1.0"
+}

variables.tf

@@ -1,14 +1,3 @@
-variable "allowed_account_id" {
-  description = "AWS account ID for which this module can be executed"
-  type        = string
-}
-
-variable "role_to_assume" {
-  description = "IAM role name to assume (eg. ASSUME-ROLE-HUB)"
-  type        = string
-  default     = ""
-}
-
 variable "name" {
   description = "Generic name to be given to the provisioned resources"
   type        = string
@@ -34,6 +23,11 @@ variable "transit_gateway_hub_name" {
   type        = string
 }
 
+variable "transit_gateway_hub_account_id" {
+  description = "AWS account ID of Transit Gateway owner"
+  type        = string
+}
+
 variable "static_routes_only" {
   description = "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP"
   type        = bool
@@ -61,12 +55,12 @@ variable "tunnel2_inside_cidr" {
 
 variable "tunnel1_preshared_key" {
   description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
-  default     = null
   type        = string
+  default     = null
 }
 
 variable "tunnel2_preshared_key" {
   description = "Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_)"
-  default     = null
   type        = string
+  default     = null
 }

versions.tf

@@ -2,8 +2,8 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4"
+      version = ">= 5"
     }
   }
-  required_version = ">= 0.13"
+  required_version = ">= 1.0"
 }