Merge pull request #374 from lorengordon/feat/peering-enhancements

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.2.0
+current_version = 2.3.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

CHANGELOG.md

@@ -4,29 +4,32 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
-### 2.2.0
+### [2.3.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.3.0)
 
-**Commit Delta**: [Change from 2.1.0 release](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/compare/2.1.0..2.2.0)
+**Released**: 2024.08.20
+
+**Summary**:
+
+*   Manages tgw route table associations for tgw peering connections
+*   Supports `options` input for peering attachment resource
+
+### [2.2.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.2.0)
 
 **Released**: 2023.07.18
 
 **Summary**:
 
 *   Supports auto-accept configurations for cross-account vpc attachments
 
-### 2.1.0
-
-**Commit Delta**: [Change from 2.0.0 release](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/compare/2.0.0..2.1.0)
+### [2.1.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.1.0)
 
 **Released**: 2022.03.29
 
 **Summary**:
 
 *   Supports creating VPC Attachments in appliance mode using the argument, `appliance_mode_support`.
 
-### 2.0.0
-
-**Commit Delta**: [Change from 1.0.2 release](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/compare/1.0.2..2.0.0)
+### [2.0.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.0.0)
 
 **Released**: 2021.12.29
 
@@ -39,9 +42,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 *   Bumps minimum terraform version to 0.15 for the cross-account and cross-region
     modules.
 
-### 0.0.0
-
-**Commit Delta**: N/A
+### [0.0.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/0.0.0)
 
 **Released**: 2019.11.13
 

modules/cross-region-peering-attachment/README.md

@@ -26,8 +26,11 @@ No resources.
 | <a name="input_peer_region"></a> [peer\_region](#input\_peer\_region) | Region of EC2 Transit Gateway to peer with | `string` | n/a | yes |
 | <a name="input_peer_transit_gateway_id"></a> [peer\_transit\_gateway\_id](#input\_peer\_transit\_gateway\_id) | ID of the Transit Gateway to peer with | `string` | n/a | yes |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | ID of the Transit Gateway | `string` | n/a | yes |
+| <a name="input_options"></a> [options](#input\_options) | Object of options for the TGW peering attachment | <pre>object({<br>    dynamic_routing = optional(string)<br>  })</pre> | `null` | no |
 | <a name="input_peer_account_id"></a> [peer\_account\_id](#input\_peer\_account\_id) | ID of the AWS account that owns the Transit Gateway peer | `string` | `null` | no |
+| <a name="input_peer_transit_gateway_route_table_association"></a> [peer\_transit\_gateway\_route\_table\_association](#input\_peer\_transit\_gateway\_route\_table\_association) | ID of the Peer Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to the TGW peering attachments | `map(string)` | `{}` | no |
+| <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 
 ## Outputs
 

modules/cross-region-peering-attachment/main.tf

@@ -1,20 +1,31 @@
 module "peering_attachment" {
   source = "../peering-attachment"
 
-  peer_account_id         = var.peer_account_id
-  peer_region             = var.peer_region
-  peer_transit_gateway_id = var.peer_transit_gateway_id
   transit_gateway_id      = var.transit_gateway_id
-  tags                    = var.tags
+  peer_transit_gateway_id = var.peer_transit_gateway_id
+  peer_region             = var.peer_region
+
+  options         = var.options
+  peer_account_id = var.peer_account_id
+  tags            = var.tags
+
+  # Associate the Peering attachment with a TGW route table, while establishing
+  # a depenency between the accepter and the association
+  transit_gateway_route_table_association = var.transit_gateway_route_table_association != null ? {
+    transit_gateway_attachment_id  = module.peering_accepter.peering_attachment_accepter.id
+    transit_gateway_route_table_id = var.transit_gateway_route_table_association.transit_gateway_route_table_id
+  } : null
 }
 
 module "peering_accepter" {
   source = "../peering-accepter"
+
   providers = {
     aws = aws.peer
   }
 
-  peering_attachment_id = module.peering_attachment.peering_attachment.id
+  peering_attachment_id                   = module.peering_attachment.peering_attachment.id
+  transit_gateway_route_table_association = var.peer_transit_gateway_route_table_association
 
   tags = var.tags
 }

modules/cross-region-peering-attachment/variables.tf

@@ -19,8 +19,37 @@ variable "peer_account_id" {
   default     = null
 }
 
+variable "peer_transit_gateway_route_table_association" {
+  description = "ID of the Peer Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table)"
+  type = object({
+    transit_gateway_route_table_id = string
+  })
+  default = null
+}
+
+variable "options" {
+  description = "Object of options for the TGW peering attachment"
+  type = object({
+    dynamic_routing = optional(string)
+  })
+  default = null
+
+  validation {
+    condition     = var.options != null && try(var.options.dynamic_routing, null) != null ? contains(["enable", "disable"], var.options.dynamic_routing) : true
+    error_message = "`var.options.dynamic_routing` must be one of: \"enable\", \"disable\"."
+  }
+}
+
 variable "tags" {
   description = "Map of tags to apply to the TGW peering attachments"
   type        = map(string)
   default     = {}
 }
+
+variable "transit_gateway_route_table_association" {
+  description = "ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table)"
+  type = object({
+    transit_gateway_route_table_id = string
+  })
+  default = null
+}

modules/peering-accepter/README.md

@@ -27,6 +27,7 @@ Terraform module for managing a Transit Gateway Peering Attachment Accepter.
 |------|-------------|------|---------|:--------:|
 | <a name="input_peering_attachment_id"></a> [peering\_attachment\_id](#input\_peering\_attachment\_id) | ID of the TGW peering attachment | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to the TGW peering attachment | `map(string)` | `{}` | no |
+| <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 
 ## Outputs
 

modules/peering-accepter/main.tf

@@ -3,3 +3,10 @@ resource "aws_ec2_transit_gateway_peering_attachment_accepter" "this" {
 
   tags = var.tags
 }
+
+resource "aws_ec2_transit_gateway_route_table_association" "this" {
+  count = var.transit_gateway_route_table_association != null ? 1 : 0
+
+  transit_gateway_attachment_id  = aws_ec2_transit_gateway_peering_attachment_accepter.this.id
+  transit_gateway_route_table_id = var.transit_gateway_route_table_association.transit_gateway_route_table_id
+}

modules/peering-accepter/variables.tf

@@ -8,3 +8,11 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "transit_gateway_route_table_association" {
+  description = "ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table)"
+  type = object({
+    transit_gateway_route_table_id = string
+  })
+  default = null
+}

modules/peering-attachment/README.md

@@ -28,13 +28,16 @@ Terraform module for managing a Transit Gateway Peering Attachment.
 | <a name="input_peer_region"></a> [peer\_region](#input\_peer\_region) | Region of EC2 Transit Gateway to peer with | `string` | n/a | yes |
 | <a name="input_peer_transit_gateway_id"></a> [peer\_transit\_gateway\_id](#input\_peer\_transit\_gateway\_id) | ID of the Transit Gateway to peer with | `string` | n/a | yes |
 | <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | ID of the Transit Gateway | `string` | n/a | yes |
+| <a name="input_options"></a> [options](#input\_options) | Object of options for the TGW peering attachment | <pre>object({<br>    dynamic_routing = optional(string)<br>  })</pre> | `null` | no |
 | <a name="input_peer_account_id"></a> [peer\_account\_id](#input\_peer\_account\_id) | ID of the AWS account that owns the Transit Gateway peer | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to the TGW peering attachment | `map(string)` | `{}` | no |
+| <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_peering_attachment"></a> [peering\_attachment](#output\_peering\_attachment) | Object with the Transit Gateway peering attachment attributes |
+| <a name="output_route_table_association"></a> [route\_table\_association](#output\_route\_table\_association) | Object with the Transit Gateway route table association attributes |
 
 <!-- END TFDOCS -->

modules/peering-attachment/main.tf

@@ -4,4 +4,18 @@ resource "aws_ec2_transit_gateway_peering_attachment" "this" {
   peer_transit_gateway_id = var.peer_transit_gateway_id
   transit_gateway_id      = var.transit_gateway_id
   tags                    = var.tags
+
+  dynamic "options" {
+    for_each = var.options != null ? [var.options] : []
+    content {
+      dynamic_routing = options.value.dynamic_routing
+    }
+  }
+}
+
+resource "aws_ec2_transit_gateway_route_table_association" "this" {
+  count = var.transit_gateway_route_table_association != null ? 1 : 0
+
+  transit_gateway_attachment_id  = aws_ec2_transit_gateway_peering_attachment.this.id
+  transit_gateway_route_table_id = var.transit_gateway_route_table_association.transit_gateway_route_table_id
 }

modules/peering-attachment/outputs.tf

@@ -2,3 +2,8 @@ output "peering_attachment" {
   description = "Object with the Transit Gateway peering attachment attributes"
   value       = aws_ec2_transit_gateway_peering_attachment.this
 }
+
+output "route_table_association" {
+  description = "Object with the Transit Gateway route table association attributes"
+  value       = var.transit_gateway_route_table_association != null ? aws_ec2_transit_gateway_route_table_association.this[0] : null
+}

modules/peering-attachment/variables.tf

@@ -19,8 +19,29 @@ variable "peer_account_id" {
   default     = null
 }
 
+variable "options" {
+  description = "Object of options for the TGW peering attachment"
+  type = object({
+    dynamic_routing = optional(string)
+  })
+  default = null
+
+  validation {
+    condition     = var.options != null && try(var.options.dynamic_routing, null) != null ? contains(["enable", "disable"], var.options.dynamic_routing) : true
+    error_message = "`var.options.dynamic_routing` must be one of: \"enable\", \"disable\"."
+  }
+}
+
 variable "tags" {
   description = "Map of tags to apply to the TGW peering attachment"
   type        = map(string)
   default     = {}
 }
+
+variable "transit_gateway_route_table_association" {
+  description = "ID of the Transit Gateway route table to associate with the Peering attachment (an attachment can be associated with a single TGW route table)"
+  type = object({
+    transit_gateway_route_table_id = string
+  })
+  default = null
+}

tests/cross-account-vpc-attachment-auto-acceptor/prereq/main.tf

@@ -2,7 +2,7 @@ resource "random_string" "this" {
   length  = 6
   upper   = false
   special = false
-  number  = false
+  numeric = false
 }
 
 output "test_id" {

tests/cross-account-vpc-attachment/prereq/main.tf

@@ -2,7 +2,7 @@ resource "random_string" "this" {
   length  = 6
   upper   = false
   special = false
-  number  = false
+  numeric = false
 }
 
 output "test_id" {

tests/cross-region-peering-attachment/main.tf

@@ -22,6 +22,19 @@ module "peering_attachment" {
   peer_transit_gateway_id = module.tgw_peer.transit_gateway.id
   transit_gateway_id      = module.tgw.transit_gateway.id
 
+  peer_transit_gateway_route_table_association = {
+    transit_gateway_route_table_id = module.tgw_peer.route_tables["tardigrade-testing-${local.id}"].route_table.id
+  }
+
+  transit_gateway_route_table_association = {
+    transit_gateway_route_table_id = module.tgw.route_tables["tardigrade-testing-${local.id}"].route_table.id
+  }
+
+  # Although the API claims suport for the dynamic routing option, it will fail
+  # if set to anything other than null. Leaving the option in place to match the
+  # API spec, and to support future updates.
+  options = null
+
   tags = {
     Name = "tardigrade-testing-${local.id}"
   }
@@ -32,6 +45,16 @@ module "tgw" {
 
   description = "tardigrade-tgw-${local.id}"
 
+  default_route_table_association = "disable"
+  default_route_table_propagation = "disable"
+
+  route_tables = [
+    {
+      name = "tardigrade-testing-${local.id}"
+      tags = {}
+    },
+  ]
+
   tags = {
     Name = "tardigrade-testing-${local.id}"
   }
@@ -45,6 +68,16 @@ module "tgw_peer" {
 
   description = "tardigrade-tgw-${local.id}"
 
+  default_route_table_association = "disable"
+  default_route_table_propagation = "disable"
+
+  route_tables = [
+    {
+      name = "tardigrade-testing-${local.id}"
+      tags = {}
+    },
+  ]
+
   tags = {
     Name = "tardigrade-testing-${local.id}"
   }

tests/cross-region-peering-attachment/prereq/main.tf

@@ -2,7 +2,7 @@ resource "random_string" "this" {
   length  = 6
   upper   = false
   special = false
-  number  = false
+  numeric = false
 }
 
 output "test_id" {

tests/tgw/prereq/main.tf

@@ -2,7 +2,7 @@ resource "random_string" "this" {
   length  = 6
   upper   = false
   special = false
-  number  = false
+  numeric = false
 }
 
 output "test_id" {