diff --git a/fast/stages/2-networking-c-nva/vpn-onprem.tf b/fast/stages/2-networking-c-nva/vpn-onprem.tf index 0365808890..b2314de17d 100644 --- a/fast/stages/2-networking-c-nva/vpn-onprem.tf +++ b/fast/stages/2-networking-c-nva/vpn-onprem.tf @@ -21,12 +21,15 @@ locals { bgp_peer_options_onprem = local.enable_onprem_vpn == false ? null : { for k, v in var.vpn_onprem_configs : k => v.adv == null ? null : { - advertise_groups = [] - advertise_ip_ranges = { - for adv in(v.adv == null ? [] : v.adv.custom) : - var.custom_adv[adv] => adv + custom_advertise = try(v.adv.default, false) ? null : { + all_subnets = false + all_vpc_subnets = false + all_peer_vpc_subnets = false + ip_ranges = { + for adv in(v.adv == null ? [] : v.adv.custom) : + var.custom_adv[adv] => adv + } } - advertise_mode = try(v.adv.default, false) ? "DEFAULT" : "CUSTOM" route_priority = null } } @@ -49,11 +52,10 @@ module "landing-to-onprem-ew1-vpn" { tunnels = { for t in var.vpn_onprem_configs.landing-trusted-ew1.tunnels : "remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => { - bgp_peer = { + bgp_peer = merge({ address = cidrhost(t.session_range, 1) asn = t.peer_asn - } - bgp_peer_options = local.bgp_peer_options_onprem.landing-trusted-ew1 + }, local.bgp_peer_options_onprem.landing-trusted-ew1) bgp_session_range = "${cidrhost(t.session_range, 2)}/30" peer_external_gateway_interface = t.peer_external_gateway_interface shared_secret = t.secret @@ -79,11 +81,10 @@ module "landing-to-onprem-ew4-vpn" { tunnels = { for t in var.vpn_onprem_configs.landing-trusted-ew4.tunnels : "remote-${t.vpn_gateway_interface}-${t.peer_external_gateway_interface}" => { - bgp_peer = { + bgp_peer = merge({ address = cidrhost(t.session_range, 1) asn = t.peer_asn - } - bgp_peer_options = local.bgp_peer_options_onprem.landing-trusted-ew4 + }, local.bgp_peer_options_onprem.landing-trusted-ew4) bgp_session_range = "${cidrhost(t.session_range, 2)}/30" peer_external_gateway_interface = t.peer_external_gateway_interface shared_secret = t.secret