module added

_examples/single-account/main.tf

@@ -3,7 +3,7 @@ locals {
   environment = "network"
   region      = "us-east-1"
   domain      = "identos.ca"
-  role_arn    = "arn:aws:iam::123456789012:role/role-name"
+  role_arn    = "arn:aws:iam::924144197303:role/identos-test-sw-role"
   cidr_block  = "10.10.0.0/16"
   subnet_type = "private"
 
@@ -15,12 +15,15 @@ provider "aws" {
 
 provider "aws" {
   alias = "networking"
-  # assume_role {
-  #   role_arn = local.role_arn
-  # }
+  assume_role {
+    role_arn = local.role_arn
+  }
   region = local.region
 }
 module "CT" {
+  providers = {
+    aws.networking = aws.networking
+  }
   source      = "../../"
   name        = local.name
   environment = local.environment
@@ -33,7 +36,7 @@ module "CT" {
   subnet_type = local.subnet_type
 
   ## SECURTIY-GROUP
-  ssh_ingress_allow_ip = [local.cidr_block]
+  ssh_ingress_allow_ip        = [local.cidr_block]
   http_https_ingress_allow_ip = [local.cidr_block]
 
   ## ACM
@@ -42,4 +45,7 @@ module "CT" {
   ## Route53
   record_enabled = true
   records        = []
+
+  ## TGW-HUB
+  hub_destination_cidr = ["10.11.0.0/16"]
 }

main.tf

@@ -82,31 +82,56 @@ module "http_https" {
 
 ##----------------------------------------------TRANSIT-GATEWAY----------------------------------------------------##
 module "tgw_hub" {
-  source                          = "clouddrove/transit-gateway/aws"
-  version                         = "2.0.0"
-
-  depends_on                      = [module.vpc, module.subnet]
-  name                            = var.name
-  environment                     = var.environment
-  tgw_create                      = var.tgw_create
-  amazon_side_asn                 = var.amazon_side_asn
-  auto_accept_shared_attachments  = var.auto_accept_shared_attachments
-  default_route_table_propagation = var.default_route_table_propagation
-  description                     = var.description
+  source  = "clouddrove/transit-gateway/aws"
+  version = "2.0.0"
+
+  enable                         = var.tgw_hub_enable
+  depends_on                     = [module.vpc, module.subnet]
+  name                           = var.name
+  environment                    = var.environment
+  tgw_create                     = var.hub_tgw_create
+  auto_accept_shared_attachments = var.hub_auto_accept_shared_attachments
+  description                    = var.description
   #TGW Share
   resource_share_enable                    = var.resource_share_enable
   resource_share_allow_external_principals = var.resource_share_allow_external_principals
-  # resource_share_account_ids               = var.resource_share_account_ids
+  resource_share_account_ids               = var.resource_share_account_ids
+  # VPC Attachements
+  vpc_attachments = {
+    vpc1 = {
+      vpc_id                                          = module.vpc.vpc_id
+      subnet_ids                                      = module.subnet.private_subnet_id
+      transit_gateway_default_route_table_association = var.transit_gateway_default_route_table_association
+      transit_gateway_default_route_table_propagation = var.transit_gateway_default_route_table_propagation
+      vpc_route_table_ids                             = module.subnet.private_route_tables_id
+      destination_cidr                                = var.hub_destination_cidr
+    }
+  }
+}
+
+module "tgw_spoke" {
+  source  = "clouddrove/transit-gateway/aws"
+  version = "2.0.0"
+
+  enable      = var.tgw_spoke_enable
+  depends_on  = [module.vpc, module.subnet]
+  name        = var.name
+  environment = var.environment
+  tgw_create  = var.spoke_tgw_create
+  description = var.description
+  #TGW Share
+  aws_ram_resource_share_accepter = var.aws_ram_resource_share_accepter
+  resource_share_arn              = var.resource_share_arn
   # VPC Attachements
+  transit_gateway_id = "tgw-gdfeffdsfdsfdf" #var.transit_gateway_id
   vpc_attachments = {
     vpc1 = {
       vpc_id                                          = module.vpc.vpc_id
       subnet_ids                                      = module.subnet.private_subnet_id
       transit_gateway_default_route_table_association = var.transit_gateway_default_route_table_association
       transit_gateway_default_route_table_propagation = var.transit_gateway_default_route_table_propagation
-      # Below should be uncommented only when vpc and subnet are already deployed.
-      vpc_route_table_ids = module.dmz_subnet.public_route_tables_id
-      destination_cidr    = var.destination_cidr_1
+      vpc_route_table_ids                             = module.subnet.public_route_tables_id
+      destination_cidr                                = var.spoke_destination_cidr
     }
   }
 }

variables.tf

@@ -65,14 +65,14 @@ variable "subnet_type" {
 
 ##----------------------------------------------SECURITY-GROUP----------------------------------------------------##
 variable "ssh_ingress_allow_ip" {
-  type = list(string)
-  default = [ "" ]
+  type        = list(string)
+  default     = [""]
   description = "List of IP's to allowed for http_https traffic"
 }
 
 variable "http_https_ingress_allow_ip" {
-  type = list(string)
-  default = [ "" ]
+  type        = list(string)
+  default     = [""]
   description = "List of IP's to allowed for http_https traffic"
 }
 
@@ -104,6 +104,104 @@ variable "http_https_egress_rule" {
   description = "Egress rules with only cidr_blockd. Should be used when new security group is been deployed."
 }
 
+##----------------------------------------------TRANSIT-GATEWAY----------------------------------------------------##
+variable "tgw_hub_enable" {
+  type        = bool
+  default     = true
+  description = "Enable subnet to create or not."
+}
+
+variable "hub_tgw_create" {
+  type        = bool
+  default     = true
+  description = "Whether or not to create a Transit Gateway."
+}
+
+variable "hub_auto_accept_shared_attachments" {
+  type        = string
+  default     = "enable"
+  description = "Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable."
+}
+
+variable "description" {
+  type        = string
+  default     = ""
+  description = "This transit Gateway is created for centerlised vpc peering"
+}
+
+variable "resource_share_enable" {
+  type        = bool
+  default     = true
+  description = "Whether or not to create a Resource Share for the Transit Gateway."
+}
+
+variable "resource_share_allow_external_principals" {
+  type        = bool
+  default     = true
+  description = "Whether or not to allow external principals for the Resource Share for the Transit Gateway."
+}
+
+variable "resource_share_account_ids" {
+  type        = list(any)
+  default     = []
+  description = "Ids of the account where the Transit Gateway should be shared."
+}
+
+variable "hub_destination_cidr" {
+  type        = list(any)
+  default     = []
+  description = "The destination CIDR block (VPC 1)."
+}
+
+variable "transit_gateway_default_route_table_association" {
+  type        = bool
+  default     = true
+  description = "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true."
+}
+
+variable "transit_gateway_default_route_table_propagation" {
+  type        = bool
+  default     = true
+  description = "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true."
+}
+
+## SPOKE
+variable "tgw_spoke_enable" {
+  type        = bool
+  default     = false
+  description = "Enable subnet to create or not."
+}
+
+variable "spoke_tgw_create" {
+  type        = bool
+  default     = false
+  description = "Whether or not to create a Transit Gateway."
+}
+
+variable "aws_ram_resource_share_accepter" {
+  type        = bool
+  default     = true
+  description = "Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable."
+}
+
+variable "resource_share_arn" {
+  type        = string
+  default     = ""
+  description = "Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable."
+}
+
+variable "spoke_destination_cidr" {
+  type        = list(any)
+  default     = []
+  description = "The destination CIDR block (VPC 1)."
+}
+
+variable "transit_gateway_id" {
+  type        = string
+  default     = null
+  description = "The ID of gateway id."
+}
+
 ##----------------------------------------------ACM----------------------------------------------------##
 variable "domain" {
   type        = string