From a2658330679725b1e816b398a28d253e901249ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Sun, 23 Oct 2022 13:59:42 +0200 Subject: [PATCH 1/7] adding cloud wan support --- .header.md | 76 +++++++++++- README.md | 90 +++++++++++++- data.tf | 10 +- examples/cloud_wan/.header.md | 10 ++ examples/cloud_wan/.terraform-docs.yaml | 21 ++++ examples/cloud_wan/README.md | 57 +++++++++ examples/cloud_wan/cwan_policy.tf | 63 ++++++++++ examples/cloud_wan/main.tf | 99 ++++++++++++++++ examples/cloud_wan/outputs.tf | 26 +++++ examples/cloud_wan/providers.tf | 36 ++++++ examples/cloud_wan/variables.tf | 13 +++ main.tf | 149 ++++++++++++++++++++++-- outputs.tf | 26 +++++ variables.tf | 60 ++++++++++ 14 files changed, 719 insertions(+), 17 deletions(-) create mode 100644 examples/cloud_wan/.header.md create mode 100644 examples/cloud_wan/.terraform-docs.yaml create mode 100644 examples/cloud_wan/README.md create mode 100644 examples/cloud_wan/cwan_policy.tf create mode 100644 examples/cloud_wan/main.tf create mode 100644 examples/cloud_wan/outputs.tf create mode 100644 examples/cloud_wan/providers.tf create mode 100644 examples/cloud_wan/variables.tf diff --git a/.header.md b/.header.md index 16b71be79..fb7cc4c46 100644 --- a/.header.md +++ b/.header.md @@ -41,7 +41,7 @@ module "vpc" { ## Reserved Subnet Key Names -There are 2 reserved keys for subnet key names in var.subnets corresponding to types "public" and "transit_gateway". Other custom subnet key names are valid are and those subnets will be private subnets. +There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit_gateway", and "core_network". Other custom subnet key names are valid are and those subnets will be private subnets. ```terraform transit_gateway_id = <> @@ -86,6 +86,33 @@ subnets = { } ``` +```terraform +core_network = { + id = <> + arn = <> +} +core_network_routes = { + workload = "pl-123" +} + +subnets = { + workload = { + name_prefix = "workload-private" + netmask = 24 + } + + core_network = { + netmask = 28 + ipv6_support = false + require_acceptance = true + accept_attachment = true + + tags = { + env = "prod" + } +} +``` + ## Updating a VPC with new or removed subnets If using `netmask` to calculate subnets and you wish to either add or remove subnets (ex: adding / removing an AZ), you may have to change from using `netmask` for some subnets and set to explicit instead. Private subnets are always calculated before public. @@ -207,6 +234,51 @@ or `export AWS_DEFAULT_REGION=<>` -## Contributing +## Error creating routes to Core Network + +Error: + +> error creating Route in Route Table (rtb-xxx) with destination (YYY): InvalidCoreNetworkArn.NotFound: The core network arn 'arn:aws:networkmanager::XXXX:core-network/core-network-YYYYY' does not exist. + +This happens when the Core Network's VPC attachment requires acceptance, so it's not possible to create the routes in the VPC until the attachment is accepted. Check the following: + +* If the VPC attachment requires acceptance and you want the module to automatically accept it, configure `require_acceptance` and `accept_attachment` to `true`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = true + accept_attachment = true + } +} +``` + +* If the VPC attachment requires acceptance but you want to accept it outside the module, first configure `require_acceptance` to `true` and `accept_attachment` to `false`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = true + accept_attachment = true + } +} +``` + +After you apply and the attachment is accepted (outside the module), change the subnet configuration with `require_acceptance` to `false`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = false + } +} +``` + +* Alternatively, you can also not configure any subnet route (`var.core_network_routes`) to the Core Network until the attachment gets accepted. + +# Contributing Please see our [developer documentation](https://github.com/aws-ia/terraform-aws-vpc/blob/main/contributing.md) for guidance on contributing to this module diff --git a/README.md b/README.md index bfeab9841..34ee248e0 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ module "vpc" { ## Reserved Subnet Key Names -There are 2 reserved keys for subnet key names in var.subnets corresponding to types "public" and "transit\_gateway". Other custom subnet key names are valid are and those subnets will be private subnets. +There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit\_gateway", and "core\_network". Other custom subnet key names are valid are and those subnets will be private subnets. ```terraform transit_gateway_id = <> @@ -87,6 +87,33 @@ subnets = { } ``` +```terraform +core_network = { + id = <> + arn = <> +} +core_network_routes = { + workload = "pl-123" +} + +subnets = { + workload = { + name_prefix = "workload-private" + netmask = 24 + } + + core_network = { + netmask = 28 + ipv6_support = false + require_acceptance = true + accept_attachment = true + + tags = { + env = "prod" + } +} +``` + ## Updating a VPC with new or removed subnets If using `netmask` to calculate subnets and you wish to either add or remove subnets (ex: adding / removing an AZ), you may have to change from using `netmask` for some subnets and set to explicit instead. Private subnets are always calculated before public. @@ -208,7 +235,52 @@ or `export AWS_DEFAULT_REGION=<>` -## Contributing +## Error creating routes to Core Network + +Error: + +> error creating Route in Route Table (rtb-xxx) with destination (YYY): InvalidCoreNetworkArn.NotFound: The core network arn 'arn:aws:networkmanager::XXXX:core-network/core-network-YYYYY' does not exist. + +This happens when the Core Network's VPC attachment requires acceptance, so it's not possible to create the routes in the VPC until the attachment is accepted. Check the following: + +* If the VPC attachment requires acceptance and you want the module to automatically accept it, configure `require_acceptance` and `accept_attachment` to `true`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = true + accept_attachment = true + } +} +``` + +* If the VPC attachment requires acceptance but you want to accept it outside the module, first configure `require_acceptance` to `true` and `accept_attachment` to `false`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = true + accept_attachment = true + } +} +``` + +After you apply and the attachment is accepted (outside the module), change the subnet configuration with `require_acceptance` to `false`. + +```terraform +subnets = { + core_network = { + netmaks = 28 + require_acceptance = false + } +} +``` + +* Alternatively, you can also not configure any subnet route (`var.core_network_routes`) to the Core Network until the attachment gets accepted. + +# Contributing Please see our [developer documentation](https://github.com/aws-ia/terraform-aws-vpc/blob/main/contributing.md) for guidance on contributing to this module @@ -245,19 +317,27 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws | [aws_eip.nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | | [aws_internet_gateway.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource | | [aws_nat_gateway.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway) | resource | +| [aws_networkmanager_attachment_accepter.cwan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_attachment_accepter) | resource | +| [aws_networkmanager_vpc_attachment.cwan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_vpc_attachment) | resource | +| [aws_route.cwan_to_nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_route.private_to_cwan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.private_to_nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.private_to_tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_route.public_to_cwan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.public_to_igw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.public_to_tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | | [aws_route.tgw_to_nat](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_subnet.cwan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_subnet.tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | | [aws_vpc_ipv4_cidr_block_association.secondary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource | +| [awscc_ec2_route_table.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | | [awscc_ec2_route_table.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | | [awscc_ec2_route_table.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | | [awscc_ec2_route_table.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_subnet_route_table_association.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | | [awscc_ec2_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | | [awscc_ec2_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | | [awscc_ec2_subnet_route_table_association.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | @@ -270,8 +350,10 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws |------|-------------|------|---------|:--------:| | [az\_count](#input\_az\_count) | Searches region for # of AZs to use and takes a slice based on count. Assume slice is sorted a-z. | `number` | n/a | yes | | [name](#input\_name) | Name to give VPC. Note: does not effect subnet names, which get assigned name based on name\_prefix. | `string` | n/a | yes | -| [subnets](#input\_subnets) | Configuration of subnets to build in VPC. 1 Subnet per AZ is created. Subnet types are defined as maps with the available keys: "private", "public", "transit\_gateway". Each Subnet type offers its own set of available arguments detailed below.

**Attributes shared across subnet types:**
- `cidrs` = (Optional\|list(string)) **Cannot set if `netmask` is set.** List of CIDRs to set to subnets. Count of CIDRs defined must match quatity of azs in `az_count`.
- `netmask` = (Optional\|Int) Netmask of the `var.cidr_block` to calculate for each subnet. **Cannot set if `cidrs` is set.**
- `name_prefix` = (Optional\|String) A string prefix to use for the name of your subnet and associated resources. Subnet type key name is used if omitted (aka private, public, transit\_gateway). Example `name_prefix = "private"` for `var.subnets.private` is redundant.
- `tags` = (Optional\|map(string)) Tags to set on the subnet and associated resources.

**Any private subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.

**public subnet type options:**
- All shared keys above
- `nat_gateway_configuration` = (Optional\|string) Determines if NAT Gateways should be created and in how many AZs. Valid values = `"none"`, `"single_az"`, `"all_azs"`. Default = "none". Must also set `var.subnets.private.connect_to_public_natgw = true`.

**transit\_gateway subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `transit_gateway_default_route_table_association` = (Optional\|bool) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_default_route_table_propagation` = (Optional\|bool) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_appliance_mode_support` = (Optional\|string) Whether Appliance Mode is enabled. If enabled, a traffic flow between a source and a destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable` (default) and `enable`.
- `transit_gateway_dns_support` = (Optional\|string) DNS Support is used if you need the VPC to resolve public IPv4 DNS host names to private IPv4 addresses when queried from instances in another VPC attached to the transit gateway. Valid values: `enable` (default) and `disable`.

Example:
subnets = {
  public = {
    netmask                   = 24
    nat_gateway_configuration = "single_az"
  }

  private = {
    netmask                  = 24
    connect_to_public_natgw  = true
  }

  transit_gateway = {
    netmask                                         = 24
    connect_to_public_natgw                         = true
    transit_gateway_default_route_table_association = true
    transit_gateway_default_route_table_propagation = true
  }
}
| `any` | n/a | yes | +| [subnets](#input\_subnets) | Configuration of subnets to build in VPC. 1 Subnet per AZ is created. Subnet types are defined as maps with the available keys: "private", "public", "transit\_gateway". Each Subnet type offers its own set of available arguments detailed below.

**Attributes shared across subnet types:**
- `cidrs` = (Optional\|list(string)) **Cannot set if `netmask` is set.** List of CIDRs to set to subnets. Count of CIDRs defined must match quatity of azs in `az_count`.
- `netmask` = (Optional\|Int) Netmask of the `var.cidr_block` to calculate for each subnet. **Cannot set if `cidrs` is set.**
- `name_prefix` = (Optional\|String) A string prefix to use for the name of your subnet and associated resources. Subnet type key name is used if omitted (aka private, public, transit\_gateway). Example `name_prefix = "private"` for `var.subnets.private` is redundant.
- `tags` = (Optional\|map(string)) Tags to set on the subnet and associated resources.

**Any private subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.

**public subnet type options:**
- All shared keys above
- `nat_gateway_configuration` = (Optional\|string) Determines if NAT Gateways should be created and in how many AZs. Valid values = `"none"`, `"single_az"`, `"all_azs"`. Default = "none". Must also set `var.subnets.private.connect_to_public_natgw = true`.

**transit\_gateway subnet type options:**
- All shared keys above
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `transit_gateway_default_route_table_association` = (Optional\|bool) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_default_route_table_propagation` = (Optional\|bool) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways.
- `transit_gateway_appliance_mode_support` = (Optional\|string) Whether Appliance Mode is enabled. If enabled, a traffic flow between a source and a destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable` (default) and `enable`.
- `transit_gateway_dns_support` = (Optional\|string) DNS Support is used if you need the VPC to resolve public IPv4 DNS host names to private IPv4 addresses when queried from instances in another VPC attached to the transit gateway. Valid values: `enable` (default) and `disable`.

**core\_network subnet type options:**
- All shared keys abovce
- `connect_to_public_natgw` = (Optional\|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`.
- `ipv6_support` = (Optional\|bool) Boolean whether IPv6 is supported or not in the Cloud WAN's VPC attachment. Default to `false`.
- `require_acceptance` = (Optional\|bool) Boolean whether the core network VPC attachment to create requires acceptance or not. Defaults to `false`.
- `accept_attachment` = (Optional\|bool) Boolean whether the core network VPC attachment is accepted or not in the segment. Only valid if `require_acceptance` is set to `true`. Defaults to `true`.

Example:
subnets = {
  public = {
    netmask                   = 24
    nat_gateway_configuration = "single_az"
  }

  private = {
    netmask                  = 24
    connect_to_public_natgw  = true
  }

  transit_gateway = {
    netmask                                         = 24
    connect_to_public_natgw                         = true
    transit_gateway_default_route_table_association = true
    transit_gateway_default_route_table_propagation = true
  }

  core_network = {
    netmask                 = 24
    connect_to_public_natgw = true
    ipv6_support            = true
    require_acceptance      = true
    accept_attachment       = true
  }
}
| `any` | n/a | yes | | [cidr\_block](#input\_cidr\_block) | CIDR range to assign to VPC if creating VPC or to associte as a secondary CIDR. Overridden by var.vpc\_id output from data.aws\_vpc. | `string` | `null` | no | +| [core\_network](#input\_core\_network) | AWS Cloud WAN's core network information - to create a VPC attachment. Required when `cloud_wan` subnet is defined. Two attributes are required: the `id` and `arn` of the resource. | 
object({
    id  = string
    arn = string
  })
| 
{
  "arn": null,
  "id": null
}
| no | +| [core\_network\_routes](#input\_core\_network\_routes) | Configuration of route(s) to AWS Cloud WAN's core network.
For each `public` and/or `private` subnets named in the `subnets` variable, optionally create routes from the subnet to the core network.
You can specify either a CIDR range or a prefix-list-id that you want routed to the core network.
Example:
core_network_routes = {
  public  = "10.0.0.0/8"
  private = "pl-123"
}
| `any` | `{}` | no | | [tags](#input\_tags) | Tags to apply to all resources. | `map(string)` | `{}` | no | | [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit gateway id to attach the VPC to. Required when `transit_gateway` subnet is defined. | `string` | `null` | no | | [transit\_gateway\_routes](#input\_transit\_gateway\_routes) | Configuration of route(s) to transit gateway.
For each `public` and/or `private` subnets named in the `subnets` variable,
Optionally create routes from the subnet to transit gateway. Specify the CIDR range or a prefix-list-id that you want routed to the transit gateway.
Example:
transit_gateway_routes = {
  public  = "10.0.0.0/8"
  private = "pl-123"
}
| `any` | `{}` | no | @@ -290,6 +372,8 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws | Name | Description | |------|-------------| | [azs](#output\_azs) | List of AZs where subnets are created. | +| [core\_network\_attachment](#output\_core\_network\_attachment) | AWS Cloud WAN's core network attachment. Full output of aws\_networkmanager\_vpc\_attachment. | +| [core\_network\_subnet\_attributes\_by\_az](#output\_core\_network\_subnet\_attributes\_by\_az) | Map of all core\_network subnets containing their attributes.

Example:
core_network_subnet_attributes = {
  "us-east-1a" = {
    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"
    "assign_ipv6_address_on_creation" = false
    ...
    
  }
  "us-east-1b" = {...)
}
| | [nat\_gateway\_attributes\_by\_az](#output\_nat\_gateway\_attributes\_by\_az) | Map of nat gateway resource attributes by AZ.

Example:
nat_gateway_attributes_by_az = {
  "us-east-1a" = {
    "allocation_id" = "eipalloc-0e8b20303eea88b13"
    "connectivity_type" = "public"
    "id" = "nat-0fde39f9550f4abb5"
    "network_interface_id" = "eni-0d422727088bf9a86"
    "private_ip" = "10.0.3.40"
    "public_ip" = <>
    "subnet_id" = "subnet-0f11c92e439c8ab4a"
    "tags" = tomap({
      "Name" = "nat-my-public-us-east-1a"
    })
    "tags_all" = tomap({
      "Name" = "nat-my-public-us-east-1a"
    })
  }
  "us-east-1b" = { ... }
}
| | [natgw\_id\_per\_az](#output\_natgw\_id\_per\_az) | Map of nat gateway IDs for each resource. Will be duplicate ids if your var.subnets.public.nat\_gateway\_configuration = "single\_az".

Example:
natgw_id_per_az = {
  "us-east-1a" = {
    "id" = "nat-0fde39f9550f4abb5"
  }
  "us-east-1b" = {
    "id" = "nat-0fde39f9550f4abb5"
   }
}
| | [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | Map of all private subnets containing their attributes.

Example:
private_subnet_attributes = {
  "private/us-east-1a" = {
    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"
    "assign_ipv6_address_on_creation" = false
    ...
    
  }
  "us-east-1b" = {...)
}
| diff --git a/data.tf b/data.tf index 1e9852dae..44ccada92 100644 --- a/data.tf +++ b/data.tf @@ -19,7 +19,7 @@ locals { # - subnets map contains arbitrary amount of subnet "keys" which are both defined as the subnets type and default name (unless name_prefix is provided). # - resource name labels for subnet use the key as private subnet keys are constructed - singleton_subnet_types = ["public", "transit_gateway"] + singleton_subnet_types = ["public", "transit_gateway", "core_network"] private_subnet_names = setsubtract(local.subnet_keys, local.singleton_subnet_types) # constructed list of /az @@ -35,6 +35,14 @@ locals { subnets_tgw_routed = keys(var.transit_gateway_routes) private_subnet_key_names_tgw_routed = [for subnet in local.private_per_az : subnet if contains(local.subnets_tgw_routed, split("/", subnet)[0])] + # support variables for core_network_routes + subnets_cwan_routed = keys(var.core_network_routes) + private_subnet_key_names_cwan_routes = [for subnet in local.private_per_az : subnet if contains(local.subnets_cwan_routed, split("/", subnet)[0])] + require_acceptance = try(var.subnets.core_network.require_acceptance, false) # value to default + accept_attachment = try(var.subnets.core_network.accept_attachment, true) # value to default + create_acceptance = (local.require_acceptance == true && local.accept_attachment == true) + create_cwan_routes = (local.require_acceptance == false) || local.create_acceptance + ################################################################## # NAT configurations options, maps user string input to HCL usable values. selected based on nat_gateway_configuration # null = none diff --git a/examples/cloud_wan/.header.md b/examples/cloud_wan/.header.md new file mode 100644 index 000000000..043fad840 --- /dev/null +++ b/examples/cloud_wan/.header.md @@ -0,0 +1,10 @@ +# Creating AWS Cloud WAN's VPC attachment + +This example shows how you can use this module with `core_network` subnets, and AWS Cloud WAN's VPC attachment. This examples creates the following: + +* Global Network and Core Network. +* Core Network's policy (in `cwan_policy.tf`), creating two segments (prod and nonprod) in two AWS Regions (*us-east-1* and *eu-west-1*). The *prod* segments needs acceptance for the attachments. +* The VPC module creates the following (in two AWS Regions): + * Two sets of subnets (workloads and core_network) + * Cloud WAN's VPC attachment - with attachment acceptance for the VPC to associate to the *prod* segment. + * Routing to Core Network (0.0.0.0/0) in workload subnets. \ No newline at end of file diff --git a/examples/cloud_wan/.terraform-docs.yaml b/examples/cloud_wan/.terraform-docs.yaml new file mode 100644 index 000000000..6dc99de86 --- /dev/null +++ b/examples/cloud_wan/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: .header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + lockfile: false + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace diff --git a/examples/cloud_wan/README.md b/examples/cloud_wan/README.md new file mode 100644 index 000000000..f168f6e8d --- /dev/null +++ b/examples/cloud_wan/README.md @@ -0,0 +1,57 @@ + +# Creating AWS Cloud WAN's VPC attachment + +This example shows how you can use this module with `core_network` subnets, and AWS Cloud WAN's VPC attachment. This examples creates the following: + +* Global Network and Core Network. +* Core Network's policy (in `cwan_policy.tf`), creating two segments (prod and nonprod) in two AWS Regions (*us-east-1* and *eu-west-1*). The *prod* segments needs acceptance for the attachments. +* The VPC module creates the following (in two AWS Regions): + * Two sets of subnets (workloads and core\_network) + * Cloud WAN's VPC attachment - with attachment acceptance for the VPC to associate to the *prod* segment. + * Routing to Core Network (0.0.0.0/0) in workload subnets. + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [aws](#requirement\_aws) | >= 4.27.0 | +| [awscc](#requirement\_awscc) | >= 0.25.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.27.0 | +| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | >= 0.25.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [ireland\_vpc](#module\_ireland\_vpc) | ../.. | n/a | +| [nvirginia\_vpc](#module\_nvirginia\_vpc) | ../.. | n/a | + +## Resources + +| Name | Type | +|------|------| +| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_core_network) | resource | +| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_global_network) | resource | +| [aws_networkmanager_core_network_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/networkmanager_core_network_policy_document) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cloud\_wan\_regions](#input\_cloud\_wan\_regions) | AWS Regions to create in Cloud WAN's core network. | 
object({
    nvirginia = string
    ireland   = string
  })
| 
{
  "ireland": "eu-west-1",
  "nvirginia": "us-east-1"
}
| no | + +## Outputs + +| Name | Description | +|------|-------------| +| [core\_network](#output\_core\_network) | Core Network ID. | +| [core\_network\_vpc\_attachments](#output\_core\_network\_vpc\_attachments) | Core Network VPC attachments. | +| [global\_network](#output\_global\_network) | Global Network ID. | +| [vpcs](#output\_vpcs) | VPCs created. | + \ No newline at end of file diff --git a/examples/cloud_wan/cwan_policy.tf b/examples/cloud_wan/cwan_policy.tf new file mode 100644 index 000000000..def0edce8 --- /dev/null +++ b/examples/cloud_wan/cwan_policy.tf @@ -0,0 +1,63 @@ + +data "aws_networkmanager_core_network_policy_document" "policy" { + core_network_configuration { + vpn_ecmp_support = true + asn_ranges = ["64515-64520"] + + edge_locations { + location = var.cloud_wan_regions.nvirginia + asn = 64515 + } + + edge_locations { + location = var.cloud_wan_regions.ireland + asn = 64516 + } + } + + segments { + name = "prod" + description = "Segment for production traffic" + require_attachment_acceptance = true + } + + segments { + name = "nonprod" + description = "Segment for non-production traffic" + require_attachment_acceptance = false + } + + attachment_policies { + rule_number = 100 + condition_logic = "or" + + conditions { + type = "tag-value" + operator = "equals" + key = "env" + value = "prod" + } + + action { + association_method = "constant" + segment = "prod" + } + } + + attachment_policies { + rule_number = 200 + condition_logic = "or" + + conditions { + type = "tag-value" + operator = "equals" + key = "env" + value = "nonprod" + } + + action { + association_method = "constant" + segment = "nonprod" + } + } +} \ No newline at end of file diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf new file mode 100644 index 000000000..f516e0aa6 --- /dev/null +++ b/examples/cloud_wan/main.tf @@ -0,0 +1,99 @@ + +# VPC module (North Virginia) +module "nvirginia_vpc" { + source = "aws-ia/vpc/aws" + version = ">= 3.0.2" + + providers = { + aws = aws.awsnvirginia + awscc = awscc.awsccnvirginia + } + + name = "nvirginia-vpc" + cidr_block = "10.0.0.0/24" + az_count = 2 + + core_network = { + id = awscc_networkmanager_core_network.core_network.core_network_id + arn = awscc_networkmanager_core_network.core_network.core_network_arn + } + core_network_routes = { + workload = "0.0.0.0/0" + } + + subnets = { + workload = { netmask = 28 } + core_network = { + netmask = 28 + ipv6_support = false + require_acceptance = true + accept_attachment = true + + tags = { + env = "prod" + } + } + } +} + +# VPC module (Ireland) +module "ireland_vpc" { + source = "aws-ia/vpc/aws" + version = ">= 3.0.2" + + providers = { + aws = aws.awsireland + awscc = awscc.awsccireland + } + + name = "ireland-vpc" + cidr_block = "10.0.1.0/24" + az_count = 2 + + core_network = { + id = awscc_networkmanager_core_network.core_network.core_network_id + arn = awscc_networkmanager_core_network.core_network.core_network_arn + } + core_network_routes = { + workload = "0.0.0.0/0" + } + + subnets = { + workload = { netmask = 28 } + core_network = { + netmask = 28 + ipv6_support = false + require_acceptance = false + + tags = { + env = "nonprod" + } + } + } +} + +# Global Network +resource "awscc_networkmanager_global_network" "global_network" { + provider = awscc.awsccnvirginia + + description = "Global Network - VPC module" + + tags = [{ + Key = "Name", + Value = "Global Network - VPC module" + }] +} + +# Core Network +resource "awscc_networkmanager_core_network" "core_network" { + provider = awscc.awsccnvirginia + + description = "Core Network - VPC module" + global_network_id = awscc_networkmanager_global_network.global_network.id + policy_document = jsonencode(jsondecode(data.aws_networkmanager_core_network_policy_document.policy.json)) + + tags = [{ + key = "Name", + value = "Core Network - VPC module" + }] +} \ No newline at end of file diff --git a/examples/cloud_wan/outputs.tf b/examples/cloud_wan/outputs.tf new file mode 100644 index 000000000..24842a1db --- /dev/null +++ b/examples/cloud_wan/outputs.tf @@ -0,0 +1,26 @@ + +output "vpcs" { + description = "VPCs created." + value = { + nvirginia = module.nvirginia_vpc.vpc_attributes.id + ireland = module.ireland_vpc.vpc_attributes.id + } +} + +output "global_network" { + description = "Global Network ID." + value = awscc_networkmanager_global_network.global_network.id +} + +output "core_network" { + description = "Core Network ID." + value = awscc_networkmanager_core_network.core_network.core_network_id +} + +output "core_network_vpc_attachments" { + description = "Core Network VPC attachments." + value = { + nvirginia = module.nvirginia_vpc.core_network_attachment.id + ireland = module.ireland_vpc.core_network_attachment.id + } +} \ No newline at end of file diff --git a/examples/cloud_wan/providers.tf b/examples/cloud_wan/providers.tf new file mode 100644 index 000000000..15862e914 --- /dev/null +++ b/examples/cloud_wan/providers.tf @@ -0,0 +1,36 @@ + +terraform { + required_version = ">= 1.3.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.27.0" + } + awscc = { + source = "hashicorp/awscc" + version = ">= 0.25.0" + } + } +} + +# Provider definitios for N. Virginia Region +provider "aws" { + region = var.cloud_wan_regions.nvirginia + alias = "awsnvirginia" +} + +provider "awscc" { + region = var.cloud_wan_regions.nvirginia + alias = "awsccnvirginia" +} + +# Provider definitios for Ireland Region +provider "aws" { + region = var.cloud_wan_regions.ireland + alias = "awsireland" +} + +provider "awscc" { + region = var.cloud_wan_regions.ireland + alias = "awsccireland" +} \ No newline at end of file diff --git a/examples/cloud_wan/variables.tf b/examples/cloud_wan/variables.tf new file mode 100644 index 000000000..151b679f9 --- /dev/null +++ b/examples/cloud_wan/variables.tf @@ -0,0 +1,13 @@ + +variable "cloud_wan_regions" { + description = "AWS Regions to create in Cloud WAN's core network." + type = object({ + nvirginia = string + ireland = string + }) + + default = { + nvirginia = "us-east-1" + ireland = "eu-west-1" + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index 9547a2913..9425466dd 100644 --- a/main.tf +++ b/main.tf @@ -7,6 +7,7 @@ module "calculate_subnets" { subnets = var.subnets } +# VPC RESOURCE (and secondary CIDR blocks - if configured) resource "aws_vpc" "main" { count = local.create_vpc ? 1 : 0 @@ -23,6 +24,7 @@ resource "aws_vpc" "main" { ) } +# Secondary CIDR blocks - if configured resource "aws_vpc_ipv4_cidr_block_association" "secondary" { count = (var.vpc_secondary_cidr && !local.create_vpc) ? 1 : 0 @@ -31,8 +33,9 @@ resource "aws_vpc_ipv4_cidr_block_association" "secondary" { ipv4_ipam_pool_id = var.vpc_ipv4_ipam_pool_id } -# Public Subnets +# PUBLIC SUBNET CONFIGURATION +# Public Subnets resource "aws_subnet" "public" { for_each = contains(local.subnet_keys, "public") ? toset(local.azs) : toset([]) @@ -47,6 +50,7 @@ resource "aws_subnet" "public" { ) } +# Public subnet Route Table and association resource "awscc_ec2_route_table" "public" { for_each = contains(local.subnet_keys, "public") ? toset(local.azs) : toset([]) @@ -59,6 +63,14 @@ resource "awscc_ec2_route_table" "public" { ) } +resource "awscc_ec2_subnet_route_table_association" "public" { + for_each = contains(local.subnet_keys, "public") ? toset(local.azs) : toset([]) + + subnet_id = aws_subnet.public[each.key].id + route_table_id = awscc_ec2_route_table.public[each.key].id +} + +# Elastic IP - used in NAT gateways (if configured) resource "aws_eip" "nat" { for_each = toset(local.nat_configuration) vpc = true @@ -70,6 +82,7 @@ resource "aws_eip" "nat" { ) } +# NAT gateways (if configured) resource "aws_nat_gateway" "main" { for_each = toset(local.nat_configuration) @@ -87,6 +100,7 @@ resource "aws_nat_gateway" "main" { ] } +# Internet gateway (if public subnets are created) resource "aws_internet_gateway" "main" { count = contains(local.subnet_keys, "public") ? 1 : 0 vpc_id = local.vpc.id @@ -98,6 +112,7 @@ resource "aws_internet_gateway" "main" { ) } +# Route: from public subnets to the Internet gateway resource "aws_route" "public_to_igw" { for_each = contains(local.subnet_keys, "public") ? toset(local.azs) : toset([]) @@ -106,13 +121,7 @@ resource "aws_route" "public_to_igw" { gateway_id = aws_internet_gateway.main[0].id } -resource "awscc_ec2_subnet_route_table_association" "public" { - for_each = contains(local.subnet_keys, "public") ? toset(local.azs) : toset([]) - - subnet_id = aws_subnet.public[each.key].id - route_table_id = awscc_ec2_route_table.public[each.key].id -} - +# Route: from public subnets to the Transit Gateway (if configured in var.transit_gateway_routes) resource "aws_route" "public_to_tgw" { for_each = (contains(local.subnet_keys, "public") && contains(local.subnets_tgw_routed, "public")) ? toset(local.azs) : toset([]) @@ -123,8 +132,25 @@ resource "aws_route" "public_to_tgw" { route_table_id = awscc_ec2_route_table.public[each.key].id } -# Private Subnets +# Route: from public subnets to AWS Cloud WAN's core network (if configured in var.core_network_routes) +resource "aws_route" "public_to_cwan" { + for_each = (contains(local.subnet_keys, "public") && contains(local.subnets_cwan_routed, "public") && local.create_cwan_routes) ? toset(local.azs) : toset([]) + + destination_cidr_block = can(regex("^pl-", var.core_network_routes["public"])) ? null : var.core_network_routes["public"] + destination_prefix_list_id = can(regex("^pl-", var.core_network_routes["public"])) ? var.core_network_routes["public"] : null + core_network_arn = var.core_network.arn + route_table_id = awscc_ec2_route_table.public[each.key].id + + depends_on = [ + aws_networkmanager_vpc_attachment.cwan, + aws_networkmanager_attachment_accepter.cwan + ] +} + +# PRIVATE SUBNETS CONFIGURATION + +# Private Subnets resource "aws_subnet" "private" { for_each = toset(try(local.private_per_az, [])) @@ -144,6 +170,7 @@ resource "aws_subnet" "private" { ] } +# Private subnet Route Table and association resource "awscc_ec2_route_table" "private" { for_each = toset(try(local.private_per_az, [])) @@ -163,6 +190,7 @@ resource "awscc_ec2_subnet_route_table_association" "private" { route_table_id = awscc_ec2_route_table.private[each.key].id } +# Route: from the private subnet to the NAT gateway (if Internet access configured) resource "aws_route" "private_to_nat" { for_each = toset(try(local.private_subnet_names_nat_routed, [])) @@ -172,6 +200,7 @@ resource "aws_route" "private_to_nat" { nat_gateway_id = local.nat_per_az[split("/", each.key)[1]].id } +# Route: from private subnets to the Transit Gateway (if configured in var.transit_gateway_routes) resource "aws_route" "private_to_tgw" { for_each = toset(local.private_subnet_key_names_tgw_routed) @@ -182,8 +211,28 @@ resource "aws_route" "private_to_tgw" { transit_gateway_id = var.transit_gateway_id } -# Transit Gateway Subnets +# Route: from private subnets to AWS Cloud WAN's core network (if configured in var.core_network_routes) +resource "aws_route" "private_to_cwan" { + for_each = { + for k, v in toset(local.private_subnet_key_names_cwan_routes) : k => v + if local.create_cwan_routes + } + + destination_cidr_block = can(regex("^pl-", var.core_network_routes[split("/", each.key)[0]])) ? null : var.core_network_routes[split("/", each.key)[0]] + destination_prefix_list_id = can(regex("^pl-", var.core_network_routes[split("/", each.key)[0]])) ? var.core_network_routes[split("/", each.key)[0]] : null + core_network_arn = var.core_network.arn + route_table_id = awscc_ec2_route_table.private[each.key].id + + depends_on = [ + aws_networkmanager_vpc_attachment.cwan, + aws_networkmanager_attachment_accepter.cwan + ] +} + +# TRANSIT GATEWAY SUBNET CONFIGURATION + +# Transit Gateway Subnets resource "aws_subnet" "tgw" { for_each = contains(local.subnet_keys, "transit_gateway") ? toset(local.azs) : toset([]) @@ -199,6 +248,7 @@ resource "aws_subnet" "tgw" { } +# Transit Gateway subnet Route Table and association resource "awscc_ec2_route_table" "tgw" { for_each = contains(local.subnet_keys, "transit_gateway") ? toset(local.azs) : toset([]) @@ -218,6 +268,7 @@ resource "awscc_ec2_subnet_route_table_association" "tgw" { route_table_id = awscc_ec2_route_table.tgw[each.key].id } +# Route: from transit_gateway subnet to NAT gateway (if Internet access configured) resource "aws_route" "tgw_to_nat" { for_each = (try(var.subnets.transit_gateway.connect_to_public_natgw == true, false) && contains(local.subnet_keys, "public")) ? toset(local.azs) : toset([]) @@ -228,6 +279,7 @@ resource "aws_route" "tgw_to_nat" { nat_gateway_id = local.nat_per_az[each.key].id } +# Transit Gateway VPC attachment resource "aws_ec2_transit_gateway_vpc_attachment" "tgw" { count = contains(local.subnet_keys, "transit_gateway") ? 1 : 0 @@ -248,8 +300,83 @@ resource "aws_ec2_transit_gateway_route_table_association" "tgw" { transit_gateway_route_table_id = var.subnets.transit_gateway.transit_gateway_route_table_id } -# Flow Logs +# CORE NETWORK SUBNET CONFIGURATION + +# Core Network Subnets +resource "aws_subnet" "cwan" { + for_each = contains(local.subnet_keys, "core_network") ? toset(local.azs) : toset([]) + + availability_zone = each.key + vpc_id = local.vpc.id + cidr_block = local.calculated_subnets["core_network"][each.key] + + tags = merge( + { Name = "${local.subnet_names["core_network"]}-${each.key}" }, + module.tags.tags_aws, + try(module.subnet_tags["core_network"].tags_aws, {}) + ) +} + +# Core Network subnet Route Table and association +resource "awscc_ec2_route_table" "cwan" { + for_each = contains(local.subnet_keys, "core_network") ? toset(local.azs) : toset([]) + + vpc_id = local.vpc.id + + tags = concat( + [{ "key" = "Name", "value" = "${local.subnet_names["core_network"]}-${each.key}" }], + module.tags.tags, + try(module.subnet_tags["core_network"].tags, []) + ) +} + +resource "awscc_ec2_subnet_route_table_association" "cwan" { + for_each = contains(local.subnet_keys, "core_network") ? toset(local.azs) : toset([]) + + subnet_id = aws_subnet.cwan[each.key].id + route_table_id = awscc_ec2_route_table.cwan[each.key].id +} + +# Route: from core_network subnet to NAT gateway (if Internet access configured) +resource "aws_route" "cwan_to_nat" { + for_each = (try(var.subnets.core_network.connect_to_public_natgw == true, false) && contains(local.subnet_keys, "public")) ? toset(local.azs) : toset([]) + + route_table_id = awscc_ec2_route_table.cwan[each.key].id + destination_cidr_block = "0.0.0.0/0" + # try to get nat for AZ, else use singular nat + nat_gateway_id = local.nat_per_az[each.key].id +} + +# AWS Cloud WAN's Core Network VPC attachment +resource "aws_networkmanager_vpc_attachment" "cwan" { + count = contains(local.subnet_keys, "core_network") ? 1 : 0 + + core_network_id = var.core_network.id + subnet_arns = values(aws_subnet.cwan)[*].arn + vpc_arn = local.vpc.arn + + options { + ipv6_support = try(var.subnets.core_nework.ipv6_support, false) + } + + tags = merge( + { Name = "${var.name}-vpc_attachment" }, + module.subnet_tags["core_network"].tags_aws + ) +} + +# Core Network's attachment acceptance (if required) +resource "aws_networkmanager_attachment_accepter" "cwan" { + count = contains(local.subnet_keys, "core_network") && local.create_acceptance ? 1 : 0 + + attachment_id = aws_networkmanager_vpc_attachment.cwan[0].id + attachment_type = "VPC" +} + +# Core Network VPC attachment acceptance (if required) +# TO ADD +# FLOW LOGS module "flow_logs" { count = local.create_flow_logs ? 1 : 0 diff --git a/outputs.tf b/outputs.tf index 22451e5eb..572defb9b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -13,6 +13,11 @@ output "transit_gateway_attachment_id" { value = try(aws_ec2_transit_gateway_vpc_attachment.tgw[0].id, null) } +output "core_network_attachment" { + description = "AWS Cloud WAN's core network attachment. Full output of aws_networkmanager_vpc_attachment." + value = try(aws_networkmanager_vpc_attachment.cwan[0], null) +} + output "private_subnet_attributes_by_az" { value = try(aws_subnet.private, null) description = <<-EOF @@ -73,12 +78,33 @@ output "tgw_subnet_attributes_by_az" { EOF } +output "core_network_subnet_attributes_by_az" { + value = try(aws_subnet.cwan, null) + description = <<-EOF + Map of all core_network subnets containing their attributes. + + Example: + ``` + core_network_subnet_attributes = { + "us-east-1a" = { + "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519" + "assign_ipv6_address_on_creation" = false + ... + + } + "us-east-1b" = {...) + } + ``` +EOF +} + output "rt_attributes_by_type_by_az" { value = { # TODO: omit keys if value is null "private" = awscc_ec2_route_table.private, "public" = awscc_ec2_route_table.public "transit_gateway" = awscc_ec2_route_table.tgw + "core_network" = awscc_ec2_route_table.cwan } description = <<-EOF Map of route tables by type => az => route table attributes. Example usage: module.vpc.route_table_by_subnet_type.private.id diff --git a/variables.tf b/variables.tf index ec76b60f0..96f8e69fe 100644 --- a/variables.tf +++ b/variables.tf @@ -98,6 +98,13 @@ variable "subnets" { - `transit_gateway_appliance_mode_support` = (Optional|string) Whether Appliance Mode is enabled. If enabled, a traffic flow between a source and a destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable` (default) and `enable`. - `transit_gateway_dns_support` = (Optional|string) DNS Support is used if you need the VPC to resolve public IPv4 DNS host names to private IPv4 addresses when queried from instances in another VPC attached to the transit gateway. Valid values: `enable` (default) and `disable`. + **core_network subnet type options:** + - All shared keys abovce + - `connect_to_public_natgw` = (Optional|string) Determines if routes to NAT Gateways should be created. Specify the CIDR range or a prefix-list-id that you want routed to nat gateway. Usually `0.0.0.0/0`. Must also set `var.subnets.public.nat_gateway_configuration`. + - `ipv6_support` = (Optional|bool) Boolean whether IPv6 is supported or not in the Cloud WAN's VPC attachment. Default to `false`. + - `require_acceptance` = (Optional|bool) Boolean whether the core network VPC attachment to create requires acceptance or not. Defaults to `false`. + - `accept_attachment` = (Optional|bool) Boolean whether the core network VPC attachment is accepted or not in the segment. Only valid if `require_acceptance` is set to `true`. Defaults to `true`. + Example: ``` subnets = { @@ -117,6 +124,14 @@ variable "subnets" { transit_gateway_default_route_table_association = true transit_gateway_default_route_table_propagation = true } + + core_network = { + netmask = 24 + connect_to_public_natgw = true + ipv6_support = true + require_acceptance = true + accept_attachment = true + } } ``` EOF @@ -150,6 +165,21 @@ EOF ])) == 0 } + # All var.subnets.core_network valid keys + validation { + error_message = "Invalid key in core_network subnets. Valid options include: \"cidrs\", \"netmask\", \"name_prefix\", \"ipv6_support\", \"require_acceptance\", \"accept_attachment\", \"tags\"." + condition = length(setsubtract(keys(try(var.subnets.core_network, {})), [ + "cidrs", + "netmask", + "name_prefix", + "connect_to_public_natgw", + "ipv6_support", + "require_acceptance", + "accept_attachment", + "tags" + ])) == 0 + } + validation { error_message = "Each subnet type must contain only 1 key: `cidrs` or `netmask`." condition = alltrue([for subnet_type, v in var.subnets : length(setintersection(keys(v), ["cidrs", "netmask"])) == 1]) @@ -223,3 +253,33 @@ EOF type = any default = {} } + +variable "core_network" { + type = object({ + id = string + arn = string + }) + description = "AWS Cloud WAN's core network information - to create a VPC attachment. Required when `cloud_wan` subnet is defined. Two attributes are required: the `id` and `arn` of the resource." + + default = { + id = null + arn = null + } +} + +variable "core_network_routes" { + description = <<-EOF + Configuration of route(s) to AWS Cloud WAN's core network. + For each `public` and/or `private` subnets named in the `subnets` variable, optionally create routes from the subnet to the core network. + You can specify either a CIDR range or a prefix-list-id that you want routed to the core network. + Example: + ``` + core_network_routes = { + public = "10.0.0.0/8" + private = "pl-123" + } + ``` +EOF + type = any + default = {} +} From 2fd43f7566073e56d17fdd04f78e7b20e53cb71b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Sun, 23 Oct 2022 14:11:02 +0200 Subject: [PATCH 2/7] adding cloud wan support --- test/examples_cloud_wan_test.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 test/examples_cloud_wan_test.go diff --git a/test/examples_cloud_wan_test.go b/test/examples_cloud_wan_test.go new file mode 100644 index 000000000..117b9c649 --- /dev/null +++ b/test/examples_cloud_wan_test.go @@ -0,0 +1,17 @@ +package test + +import ( + "testing" + + "github.com/gruntwork-io/terratest/modules/terraform" +) + +func TestExamplesTransitGateway(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/cloud_wan", + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) +} \ No newline at end of file From 9cfbdfb2bad909cd6854c1971a9a7b884ee57225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Mon, 24 Oct 2022 17:40:50 +0200 Subject: [PATCH 3/7] small updates - cwan support --- README.md | 22 +++++++++++----------- examples/cloud_wan/README.md | 8 ++++---- examples/cloud_wan/main.tf | 12 ++++++------ examples/cloud_wan/providers.tf | 2 +- providers.tf | 2 +- test/examples_cloud_wan_test.go | 2 +- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 34ee248e0..e423b1d84 100644 --- a/README.md +++ b/README.md @@ -290,14 +290,14 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 3.73.0 | -| [awscc](#requirement\_awscc) | >= 0.15.0 | +| [awscc](#requirement\_awscc) | = 0.33.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.73.0 | -| [awscc](#provider\_awscc) | >= 0.15.0 | +| [awscc](#provider\_awscc) | = 0.33.0 | ## Modules @@ -333,16 +333,16 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws | [aws_subnet.tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | | [aws_vpc_ipv4_cidr_block_association.secondary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource | -| [awscc_ec2_route_table.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_subnet_route_table_association.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_route_table.cwan](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.private](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.public](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.tgw](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_subnet_route_table_association.cwan](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.tgw](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | | [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [awscc_ec2_vpc.main](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/data-sources/ec2_vpc) | data source | +| [awscc_ec2_vpc.main](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/data-sources/ec2_vpc) | data source | ## Inputs diff --git a/examples/cloud_wan/README.md b/examples/cloud_wan/README.md index f168f6e8d..d8710b7d8 100644 --- a/examples/cloud_wan/README.md +++ b/examples/cloud_wan/README.md @@ -16,14 +16,14 @@ This example shows how you can use this module with `core_network` subnets, and |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 4.27.0 | -| [awscc](#requirement\_awscc) | >= 0.25.0 | +| [awscc](#requirement\_awscc) | = 0.33.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.27.0 | -| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | >= 0.25.0 | +| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | = 0.33.0 | ## Modules @@ -36,8 +36,8 @@ This example shows how you can use this module with `core_network` subnets, and | Name | Type | |------|------| -| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_core_network) | resource | -| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_global_network) | resource | +| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/networkmanager_core_network) | resource | +| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/networkmanager_global_network) | resource | | [aws_networkmanager_core_network_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/networkmanager_core_network_policy_document) | data source | ## Inputs diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index f516e0aa6..bc6b032d2 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,9 +1,9 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 3.0.2" - + #source = "aws-ia/vpc/aws" + #version = ">= 3.0.2" + source = "../.." providers = { aws = aws.awsnvirginia awscc = awscc.awsccnvirginia @@ -38,9 +38,9 @@ module "nvirginia_vpc" { # VPC module (Ireland) module "ireland_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 3.0.2" - + #source = "aws-ia/vpc/aws" + #version = ">= 3.0.2" + source = "../.." providers = { aws = aws.awsireland awscc = awscc.awsccireland diff --git a/examples/cloud_wan/providers.tf b/examples/cloud_wan/providers.tf index 15862e914..62df6a159 100644 --- a/examples/cloud_wan/providers.tf +++ b/examples/cloud_wan/providers.tf @@ -8,7 +8,7 @@ terraform { } awscc = { source = "hashicorp/awscc" - version = ">= 0.25.0" + version = "= 0.33.0" } } } diff --git a/providers.tf b/providers.tf index ddbf59713..376d37073 100644 --- a/providers.tf +++ b/providers.tf @@ -7,7 +7,7 @@ terraform { } awscc = { source = "hashicorp/awscc" - version = ">= 0.15.0" + version = "= 0.33.0" } } } diff --git a/test/examples_cloud_wan_test.go b/test/examples_cloud_wan_test.go index 117b9c649..c51345763 100644 --- a/test/examples_cloud_wan_test.go +++ b/test/examples_cloud_wan_test.go @@ -6,7 +6,7 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" ) -func TestExamplesTransitGateway(t *testing.T) { +func TestExamplesCloudWAN(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/cloud_wan", From caba136811074bbe29a1f59ef28959b86eff9a01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Mon, 24 Oct 2022 17:48:47 +0200 Subject: [PATCH 4/7] updating vpc module version --- examples/cloud_wan/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index bc6b032d2..e88f7375f 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,9 +1,9 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - #source = "aws-ia/vpc/aws" - #version = ">= 3.0.2" - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 3.0.2" + providers = { aws = aws.awsnvirginia awscc = awscc.awsccnvirginia From 72bd492767a4c0d00f71658d78a111510a23dd41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Fri, 28 Oct 2022 17:41:45 +0200 Subject: [PATCH 5/7] awscc version 0.36.0 - no error in core network policy --- examples/cloud_wan/main.tf | 11 +++-------- examples/cloud_wan/providers.tf | 2 +- examples/ipam/main.tf | 2 +- examples/public_private_flow_logs/main.tf | 2 +- examples/secondary_cidr/main.tf | 2 +- examples/transit_gateway/main.tf | 2 +- providers.tf | 2 +- 7 files changed, 9 insertions(+), 14 deletions(-) diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index e88f7375f..340e66d24 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,9 +1,9 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 3.0.2" - + # source = "aws-ia/vpc/aws" + # version = ">= 3.0.2" + source = "../.." providers = { aws = aws.awsnvirginia awscc = awscc.awsccnvirginia @@ -77,11 +77,6 @@ resource "awscc_networkmanager_global_network" "global_network" { provider = awscc.awsccnvirginia description = "Global Network - VPC module" - - tags = [{ - Key = "Name", - Value = "Global Network - VPC module" - }] } # Core Network diff --git a/examples/cloud_wan/providers.tf b/examples/cloud_wan/providers.tf index 62df6a159..e771c12df 100644 --- a/examples/cloud_wan/providers.tf +++ b/examples/cloud_wan/providers.tf @@ -8,7 +8,7 @@ terraform { } awscc = { source = "hashicorp/awscc" - version = "= 0.33.0" + version = ">= 0.36.0" } } } diff --git a/examples/ipam/main.tf b/examples/ipam/main.tf index f90020ff3..e5a9fbbed 100644 --- a/examples/ipam/main.tf +++ b/examples/ipam/main.tf @@ -1,6 +1,6 @@ module "vpc" { source = "aws-ia/vpc/aws" - version = ">= 3.0.1" + version = ">= 3.0.2" name = "ipam-vpc" az_count = 3 diff --git a/examples/public_private_flow_logs/main.tf b/examples/public_private_flow_logs/main.tf index 8403c4aad..c96083598 100644 --- a/examples/public_private_flow_logs/main.tf +++ b/examples/public_private_flow_logs/main.tf @@ -2,7 +2,7 @@ data "aws_availability_zones" "current" {} module "vpc" { source = "aws-ia/vpc/aws" - version = ">= 3.0.1" + version = ">= 3.0.2" name = "flowlogs" cidr_block = "10.0.0.0/20" diff --git a/examples/secondary_cidr/main.tf b/examples/secondary_cidr/main.tf index 93925e005..a2f7779ac 100644 --- a/examples/secondary_cidr/main.tf +++ b/examples/secondary_cidr/main.tf @@ -2,7 +2,7 @@ data "aws_region" "current" {} module "secondary" { source = "aws-ia/vpc/aws" - version = ">= 3.0.1" + version = ">= 3.0.2" name = "secondary-cidr" az_count = 2 diff --git a/examples/transit_gateway/main.tf b/examples/transit_gateway/main.tf index d850c50d2..e364c4f2d 100644 --- a/examples/transit_gateway/main.tf +++ b/examples/transit_gateway/main.tf @@ -2,7 +2,7 @@ data "aws_availability_zones" "current" {} module "vpc" { source = "aws-ia/vpc/aws" - version = ">= 3.0.1" + version = ">= 3.0.2" name = "tgw" cidr_block = "10.0.0.0/16" diff --git a/providers.tf b/providers.tf index 376d37073..8ecac7195 100644 --- a/providers.tf +++ b/providers.tf @@ -7,7 +7,7 @@ terraform { } awscc = { source = "hashicorp/awscc" - version = "= 0.33.0" + version = ">= 0.36.0" } } } From f48402832a31ab6e88dafe0e3e723a4ff4143826 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Fri, 28 Oct 2022 17:43:50 +0200 Subject: [PATCH 6/7] doc update --- README.md | 22 +++++++++---------- examples/cloud_wan/README.md | 12 +++++----- examples/cloud_wan/main.tf | 12 +++++----- examples/ipam/.terraform-docs.yaml | 21 ++++++++++++++++++ examples/ipam/README.md | 2 +- .../.terraform-docs.yaml | 21 ++++++++++++++++++ examples/public_private_flow_logs/README.md | 4 ++-- examples/secondary_cidr/.terraform-docs.yaml | 21 ++++++++++++++++++ examples/secondary_cidr/README.md | 2 +- 9 files changed, 90 insertions(+), 27 deletions(-) create mode 100644 examples/ipam/.terraform-docs.yaml create mode 100644 examples/public_private_flow_logs/.terraform-docs.yaml create mode 100644 examples/secondary_cidr/.terraform-docs.yaml diff --git a/README.md b/README.md index e423b1d84..63adb3786 100644 --- a/README.md +++ b/README.md @@ -290,14 +290,14 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 3.73.0 | -| [awscc](#requirement\_awscc) | = 0.33.0 | +| [awscc](#requirement\_awscc) | >= 0.36.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.73.0 | -| [awscc](#provider\_awscc) | = 0.33.0 | +| [awscc](#provider\_awscc) | >= 0.36.0 | ## Modules @@ -333,16 +333,16 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws | [aws_subnet.tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | | [aws_vpc_ipv4_cidr_block_association.secondary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource | -| [awscc_ec2_route_table.cwan](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.private](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.public](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_route_table.tgw](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_route_table) | resource | -| [awscc_ec2_subnet_route_table_association.cwan](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | -| [awscc_ec2_subnet_route_table_association.tgw](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_route_table.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_route_table.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_route_table) | resource | +| [awscc_ec2_subnet_route_table_association.cwan](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | +| [awscc_ec2_subnet_route_table_association.tgw](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/ec2_subnet_route_table_association) | resource | | [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | -| [awscc_ec2_vpc.main](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/data-sources/ec2_vpc) | data source | +| [awscc_ec2_vpc.main](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/data-sources/ec2_vpc) | data source | ## Inputs diff --git a/examples/cloud_wan/README.md b/examples/cloud_wan/README.md index d8710b7d8..8dc62c1a5 100644 --- a/examples/cloud_wan/README.md +++ b/examples/cloud_wan/README.md @@ -16,28 +16,28 @@ This example shows how you can use this module with `core_network` subnets, and |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 4.27.0 | -| [awscc](#requirement\_awscc) | = 0.33.0 | +| [awscc](#requirement\_awscc) | >= 0.36.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.27.0 | -| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | = 0.33.0 | +| [awscc.awsccnvirginia](#provider\_awscc.awsccnvirginia) | >= 0.36.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [ireland\_vpc](#module\_ireland\_vpc) | ../.. | n/a | -| [nvirginia\_vpc](#module\_nvirginia\_vpc) | ../.. | n/a | +| [ireland\_vpc](#module\_ireland\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | +| [nvirginia\_vpc](#module\_nvirginia\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | ## Resources | Name | Type | |------|------| -| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/networkmanager_core_network) | resource | -| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/0.33.0/docs/resources/networkmanager_global_network) | resource | +| [awscc_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_core_network) | resource | +| [awscc_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/networkmanager_global_network) | resource | | [aws_networkmanager_core_network_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/networkmanager_core_network_policy_document) | data source | ## Inputs diff --git a/examples/cloud_wan/main.tf b/examples/cloud_wan/main.tf index 340e66d24..d4e453cb1 100644 --- a/examples/cloud_wan/main.tf +++ b/examples/cloud_wan/main.tf @@ -1,9 +1,9 @@ # VPC module (North Virginia) module "nvirginia_vpc" { - # source = "aws-ia/vpc/aws" - # version = ">= 3.0.2" - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 3.0.2" + providers = { aws = aws.awsnvirginia awscc = awscc.awsccnvirginia @@ -38,9 +38,9 @@ module "nvirginia_vpc" { # VPC module (Ireland) module "ireland_vpc" { - #source = "aws-ia/vpc/aws" - #version = ">= 3.0.2" - source = "../.." + source = "aws-ia/vpc/aws" + version = ">= 3.0.2" + providers = { aws = aws.awsireland awscc = awscc.awsccireland diff --git a/examples/ipam/.terraform-docs.yaml b/examples/ipam/.terraform-docs.yaml new file mode 100644 index 000000000..6dc99de86 --- /dev/null +++ b/examples/ipam/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: .header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + lockfile: false + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace diff --git a/examples/ipam/README.md b/examples/ipam/README.md index 0ce724cd4..e4f75f241 100644 --- a/examples/ipam/README.md +++ b/examples/ipam/README.md @@ -16,7 +16,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [ipam\_base\_for\_example\_only](#module\_ipam\_base\_for\_example\_only) | ../../test/hcl_fixtures/ipam_base | n/a | -| [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 3.0.0 | +| [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | ## Resources diff --git a/examples/public_private_flow_logs/.terraform-docs.yaml b/examples/public_private_flow_logs/.terraform-docs.yaml new file mode 100644 index 000000000..6dc99de86 --- /dev/null +++ b/examples/public_private_flow_logs/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: .header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + lockfile: false + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace diff --git a/examples/public_private_flow_logs/README.md b/examples/public_private_flow_logs/README.md index e4d159252..ee779449f 100644 --- a/examples/public_private_flow_logs/README.md +++ b/examples/public_private_flow_logs/README.md @@ -9,7 +9,7 @@ At this point, only cloud-watch logs are support, pending: https://github.com/aw | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.15.0 | +| [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 3.73.0 | ## Providers @@ -22,7 +22,7 @@ At this point, only cloud-watch logs are support, pending: https://github.com/aw | Name | Source | Version | |------|--------|---------| -| [vpc](#module\_vpc) | ../.. | n/a | +| [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 3.0.2 | ## Resources diff --git a/examples/secondary_cidr/.terraform-docs.yaml b/examples/secondary_cidr/.terraform-docs.yaml new file mode 100644 index 000000000..6dc99de86 --- /dev/null +++ b/examples/secondary_cidr/.terraform-docs.yaml @@ -0,0 +1,21 @@ +formatter: markdown +header-from: .header.md +settings: + anchor: true + color: true + default: true + escape: true + html: true + indent: 2 + required: true + sensitive: true + type: true + lockfile: false + +sort: + enabled: true + by: required + +output: + file: README.md + mode: replace diff --git a/examples/secondary_cidr/README.md b/examples/secondary_cidr/README.md index de0e4e44d..93b8e5d00 100644 --- a/examples/secondary_cidr/README.md +++ b/examples/secondary_cidr/README.md @@ -23,7 +23,7 @@ No requirements. | Name | Source | Version | |------|--------|---------| -| [secondary](#module\_secondary) | aws-ia/vpc/aws | >= 2.0.0 | +| [secondary](#module\_secondary) | aws-ia/vpc/aws | >= 3.0.2 | ## Resources From 85ae4ef747b5757de7543654868c76f4ac4c9713 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20S=C3=A1nchez=20Carmona?= Date: Mon, 14 Nov 2022 19:46:15 +0100 Subject: [PATCH 7/7] minor change in README --- .header.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.header.md b/.header.md index fb7cc4c46..b7474f01e 100644 --- a/.header.md +++ b/.header.md @@ -41,7 +41,7 @@ module "vpc" { ## Reserved Subnet Key Names -There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit_gateway", and "core_network". Other custom subnet key names are valid are and those subnets will be private subnets. +There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit_gateway", and "core_network" [(an AWS Cloud WAN feature)](https://docs.aws.amazon.com/vpc/latest/cloudwan/cloudwan-networks-working-with.html). Other custom subnet key names are valid are and those subnets will be private subnets. ```terraform transit_gateway_id = <> diff --git a/README.md b/README.md index 63adb3786..84052844a 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ module "vpc" { ## Reserved Subnet Key Names -There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit\_gateway", and "core\_network". Other custom subnet key names are valid are and those subnets will be private subnets. +There are 3 reserved keys for subnet key names in var.subnets corresponding to types "public", "transit\_gateway", and "core\_network" [(an AWS Cloud WAN feature)](https://docs.aws.amazon.com/vpc/latest/cloudwan/cloudwan-networks-working-with.html). Other custom subnet key names are valid are and those subnets will be private subnets. ```terraform transit_gateway_id = <>