From 7a555e1ed5759c44f2541ea061d1ef3806d8a4c5 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 5 Nov 2024 14:52:05 -0500 Subject: [PATCH 01/23] Allowing for multiple vEdge instances to be created --- modules/aws/vendor/velocloud/main.tf | 4 ++-- modules/aws/vendor/velocloud/variables.tf | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index 5debc5d6..5fbb7351 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -17,7 +17,7 @@ data "aws_region" "current" {} data "aws_ami" "velocloud" { most_recent = true name_regex = "VeloCloud VCE ${var.velocloud_version}*" - owners = ["679593333241"] + owners = ["679593333241"] # VMware filter { name = "state" @@ -186,7 +186,7 @@ resource "aws_instance" "ec2_instance" { volume_tags = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) })) tags = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) })) user_data = var.user_data != null ? var.user_data : base64encode(templatefile("${path.module}/user_data.tftpl", { - velocloud_activation_key = var.velocloud_activation_key + velocloud_activation_key = element(var.velocloud_activation_keys, count.index) velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors velocloud_orchestrator = var.velocloud_orchestrator })) diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf index 89436ff3..0efddd59 100644 --- a/modules/aws/vendor/velocloud/variables.tf +++ b/modules/aws/vendor/velocloud/variables.tf @@ -199,12 +199,12 @@ variable "root_ebs_volume_encrypted" { default = true } -variable "velocloud_activation_key" { +variable "velocloud_activation_keys" { description = "(Required) The activation key for the VeloCloud instance(s)." - type = string + type = list(string) validation { - condition = can(regex("^[A-Z0-9-]{19}$", var.velocloud_activation_key)) - error_message = "The activation key must be 16 characters long with hyphens every 4 characters and contain only uppercase alphanumeric characters and hyphens. Example (AAA1-2BBB-3C3C-44D4)" + condition = alltrue([for key in var.velocloud_activation_keys : can(regex("^[A-Z0-9-]{19}$", key))]) + error_message = "Each activation key must be 19 characters long with hyphens every 4 characters and contain only uppercase alphanumeric characters and hyphens. Example (AAA1-2BBB-3C3C-44D4)" } } From bb5e4054ff4f2e2e927af6ea51e5d49b2928576e Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 5 Nov 2024 19:59:08 +0000 Subject: [PATCH 02/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/vendor/velocloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index 69489765..8ca45ce9 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -190,7 +190,7 @@ No modules. | [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no | | [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "prod",
  "role": "sdwan",
  "terraform": "true"
}
| no | | [user\_data](#input\_user\_data) | (Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user\_data cloud-init configuration for you. This allows specifying custom cloud-init scripting. | `string` | `null` | no | -| [velocloud\_activation\_key](#input\_velocloud\_activation\_key) | (Required) The activation key for the VeloCloud instance(s). | `string` | n/a | yes | +| [velocloud\_activation\_keys](#input\_velocloud\_activation\_keys) | (Required) The activation key for the VeloCloud instance(s). | `list(string)` | n/a | yes | | [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no | | [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no | | [velocloud\_orchestrator](#input\_velocloud\_orchestrator) | (Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com | `string` | n/a | yes | From c8e96cc97553e951982fc456a3f665c583e78880 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 5 Nov 2024 17:22:05 -0500 Subject: [PATCH 03/23] updated readme --- modules/aws/vendor/velocloud/README.md | 4 ++-- modules/aws/vendor/velocloud/main.tf | 16 ++++++++-------- modules/aws/vendor/velocloud/variables.tf | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index 8ca45ce9..9c9be7e0 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -72,7 +72,7 @@ module "aws_prod_sdwan" { number = 1 public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids - velocloud_activation_key = "1234-5678-90AB-CDEF" + velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true velocloud_lan_cidr_blocks = ["0.0.0.0/0"] @@ -99,7 +99,7 @@ module "aws_prod_sdwan" { number = 1 public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids - velocloud_activation_key = "1234-5678-90AB-CDEF" + velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true velocloud_lan_cidr_blocks = ["0.0.0.0/0"] diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index 5fbb7351..e3bbbc32 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -122,13 +122,13 @@ resource "aws_security_group" "sdwan_wan_sg" { ############################################ resource "aws_eip" "wan_external_ip" { - count = var.number + count = var.quantity domain = "vpc" tags = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) })) } resource "aws_eip_association" "wan_external_ip" { - count = var.number + count = var.quantity allocation_id = element(aws_eip.wan_external_ip[*].id, count.index) network_interface_id = element(aws_network_interface.public_nic[*].id, count.index) } @@ -139,7 +139,7 @@ resource "aws_eip_association" "wan_external_ip" { resource "aws_network_interface" "mgmt_nic" { # Ge1 is the management interface in VeloCloud and attached at eth0 - count = var.number + count = var.quantity description = var.mgmt_nic_description private_ips = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)] security_groups = [aws_security_group.sdwan_mgmt_sg.id] @@ -150,7 +150,7 @@ resource "aws_network_interface" "mgmt_nic" { resource "aws_network_interface" "public_nic" { # Ge2 is the public interface in VeloCloud and attached at eth1 - count = var.number + count = var.quantity description = var.public_nic_description private_ips = var.public_ips == null ? null : [element(var.public_ips, count.index)] security_groups = [aws_security_group.sdwan_wan_sg.id] @@ -161,7 +161,7 @@ resource "aws_network_interface" "public_nic" { resource "aws_network_interface" "private_nic" { # Ge3 is the private interface in VeloCloud and attached at eth2 - count = var.number + count = var.quantity description = var.private_nic_description private_ips = var.private_ips == null ? null : [element(var.private_ips, count.index)] security_groups = [aws_security_group.velocloud_lan_sg.id] @@ -176,7 +176,7 @@ resource "aws_network_interface" "private_nic" { resource "aws_instance" "ec2_instance" { ami = var.ami_id != null ? var.ami_id : data.aws_ami.velocloud.id - count = var.number + count = var.quantity ebs_optimized = var.ebs_optimized hibernation = var.hibernation iam_instance_profile = var.iam_instance_profile @@ -239,7 +239,7 @@ resource "aws_cloudwatch_metric_alarm" "instance" { alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" alarm_name = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.number + count = var.quantity datapoints_to_alarm = 2 dimensions = { InstanceId = element(aws_instance.ec2_instance[*].id, count.index) @@ -265,7 +265,7 @@ resource "aws_cloudwatch_metric_alarm" "system" { alarm_description = "EC2 instance StatusCheckFailed_System alarm" alarm_name = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.number + count = var.quantity datapoints_to_alarm = 2 dimensions = { InstanceId = element(aws_instance.ec2_instance[*].id, count.index) diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf index 0efddd59..11fb0217 100644 --- a/modules/aws/vendor/velocloud/variables.tf +++ b/modules/aws/vendor/velocloud/variables.tf @@ -240,7 +240,7 @@ variable "tags" { } } -variable "number" { +variable "quantity" { description = "(Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1" type = number default = 1 From 4efe0cc19d78b23cef15847a770b0e986293a87d Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 5 Nov 2024 22:22:41 +0000 Subject: [PATCH 04/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/vendor/velocloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index 9c9be7e0..34a53b02 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -175,13 +175,13 @@ No modules. | [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic Ge1 in VeloCloud"` | no | | [mgmt\_sg\_name](#input\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_mgmt_sg"` | no | | [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no | -| [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no | | [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no | | [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN private nic Ge3 in VeloCloud"` | no | | [private\_subnet\_ids](#input\_private\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes | | [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | `null` | no | | [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic Ge2 in VeloCloud"` | no | | [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes | +| [quantity](#input\_quantity) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no | | [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no | | [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `8` | no | | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no | From 24b9cadb475d296b8a0e1e54329d76b87cc206db Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 5 Nov 2024 17:36:47 -0500 Subject: [PATCH 05/23] modified the readme based on the quantity --- modules/aws/vendor/velocloud/README.md | 31 ++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index 34a53b02..b77c4f2c 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -69,9 +69,9 @@ module "aws_prod_sdwan" { source = "github.com/zachreborn/terraform-modules//modules/aws/vendor/velocloud" key_name = module.keypair.key_name - number = 1 public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids + quantity = 1 velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true @@ -96,9 +96,9 @@ module "aws_prod_sdwan" { ami_id = "ami-123456789e" key_name = module.keypair.key_name - number = 1 public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids + quantity = 1 velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true @@ -115,6 +115,33 @@ module "aws_prod_sdwan" { } ``` +### Redundant vEdge's Example +This example creates two VeloCloud vEdge instance in the VPC of your choosing. The instances will have a NIC in up to three subnets: public, private, and management. The public subnet will have an EIP attached to it. The instances will utilize the Velocloud variables to automatically activate against the Orchestrator. The AMI ID is provided to use a custom AMI. +``` +module "aws_prod_sdwan" { + source = "github.com/zachreborn/terraform-modules//modules/aws/vendor/velocloud" + + ami_id = "ami-123456789e" + key_name = module.keypair.key_name + public_subnet_ids = module.vpc.public_subnet_ids + private_subnet_ids = module.vpc.private_subnet_ids + quantity = 2 + velocloud_activation_keys = ["1234-5678-90AB-CDEF", "1234-5678-90AB-GHIJ"] + velocloud_orchestrator = "vco.example.com" + velocloud_ignore_cert_errors = true + velocloud_lan_cidr_blocks = ["0.0.0.0/0"] + vpc_id = module.vpc.vpc_id + tags = { + terraform = "true" + created_by = "Zachary Hill" + environment = "prod" + project = "aws_poc" + backup = "true" + role = "sdwan" + } +} +``` + _For more examples, please refer to the [Documentation](https://github.com/zachreborn/terraform-modules)_

(back to top)

From b709be0c2212b99d45773dbc7776c13417f59931 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Fri, 15 Nov 2024 10:43:04 -0500 Subject: [PATCH 06/23] added comment task --- modules/aws/transit_gateway_connect_peer/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/aws/transit_gateway_connect_peer/main.tf b/modules/aws/transit_gateway_connect_peer/main.tf index 36427401..3df100d5 100644 --- a/modules/aws/transit_gateway_connect_peer/main.tf +++ b/modules/aws/transit_gateway_connect_peer/main.tf @@ -9,6 +9,7 @@ terraform { } resource "aws_ec2_transit_gateway_connect_peer" "peer" { + # Convert to for_each bgp_asn = var.bgp_asn inside_cidr_blocks = var.inside_cidr_blocks peer_address = var.peer_address From e682ef8d7addbcc136c58ea60f8315cc73861d79 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Mon, 18 Nov 2024 20:10:00 -0500 Subject: [PATCH 07/23] converted transit_gateway_connect_peer to for_each --- .../aws/transit_gateway_connect_peer/main.tf | 10 ++--- .../transit_gateway_connect_peer/variables.tf | 45 +++++++++++-------- 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/main.tf b/modules/aws/transit_gateway_connect_peer/main.tf index 3df100d5..f7deee07 100644 --- a/modules/aws/transit_gateway_connect_peer/main.tf +++ b/modules/aws/transit_gateway_connect_peer/main.tf @@ -9,11 +9,11 @@ terraform { } resource "aws_ec2_transit_gateway_connect_peer" "peer" { - # Convert to for_each - bgp_asn = var.bgp_asn - inside_cidr_blocks = var.inside_cidr_blocks - peer_address = var.peer_address + for_each = var.peers + bgp_asn = each.value.bgp_asn + inside_cidr_blocks = each.value.inside_cidr_blocks + peer_address = each.value.peer_address tags = merge(tomap({ Name = var.name }), var.tags) transit_gateway_attachment_id = var.transit_gateway_attachment_id - transit_gateway_address = var.transit_gateway_address + transit_gateway_address = each.value.transit_gateway_address } diff --git a/modules/aws/transit_gateway_connect_peer/variables.tf b/modules/aws/transit_gateway_connect_peer/variables.tf index d608c18d..6a140f33 100644 --- a/modules/aws/transit_gateway_connect_peer/variables.tf +++ b/modules/aws/transit_gateway_connect_peer/variables.tf @@ -1,22 +1,29 @@ -variable "bgp_asn" { - type = number - description = "(Optional) The BGP ASN number assigned customer device. If not provided, it will use the same BGP ASN as is associated with Transit Gateway." - default = 64512 -} - -variable "inside_cidr_blocks" { - type = list(string) - description = "(Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway)" -} - variable "name" { type = string description = "(Required) The name of the transit gateway" } -variable "peer_address" { - type = string - description = "(Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit_gateway_address" +variable "peers" { + type = map(object({ + bgp_asn = optional(number, 64512) # (Optional) The BGP ASN number assigned customer device. If not provided, it will use the same BGP ASN as is associated with Transit Gateway. + inside_cidr_blocks = list(string) # (Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway) + peer_address = string # (Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit_gateway_address + transit_gateway_address = optional(string) # (Optional) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks. + })) + description = "(Required) A map of Transit Gateway Connect Peers, where the key is the name of the peer and the value is a map of peer configuration options." + # Example: + # var.peers = { + # "sdwan_vedge_1" = { + # bgp_asn = 64513 + # inside_cidr_blocks = ["169.254.6.0/29"] + # peer_address = "10.200.0.157" + # } + # "sdwan_vedge_1" = { + # bgp_asn = 64513 + # inside_cidr_blocks = ["169.254.7.0/29"] + # peer_address = "10.200.0.180" + # } + # } } variable "tags" { @@ -29,11 +36,11 @@ variable "tags" { } } -variable "transit_gateway_address" { - type = string - description = "(Optional) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks" - default = null -} +# variable "transit_gateway_address" { +# type = string +# description = "(Optional) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks" +# default = null +# } variable "transit_gateway_attachment_id" { type = string From 1265534395be644fed23c2335e3e09ea49cad6db Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 01:10:42 +0000 Subject: [PATCH 08/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/transit_gateway_connect_peer/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index 82312129..66bbdfa2 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -111,12 +111,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [bgp\_asn](#input\_bgp\_asn) | (Optional) The BGP ASN number assigned customer device. If not provided, it will use the same BGP ASN as is associated with Transit Gateway. | `number` | `64512` | no | -| [inside\_cidr\_blocks](#input\_inside\_cidr\_blocks) | (Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway) | `list(string)` | n/a | yes | | [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes | -| [peer\_address](#input\_peer\_address) | (Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit\_gateway\_address | `string` | n/a | yes | +| [peers](#input\_peers) | (Required) A map of Transit Gateway Connect Peers, where the key is the name of the peer and the value is a map of peer configuration options. | 
map(object({
    bgp_asn                 = optional(number, 64512) # (Optional) The BGP ASN number assigned customer device. If not provided, it will use the same BGP ASN as is associated with Transit Gateway.
    inside_cidr_blocks      = list(string)            # (Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway)
    peer_address            = string                  # (Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit_gateway_address
    transit_gateway_address = optional(string)        # (Optional) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks.
  }))
| n/a | yes | | [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | -| [transit\_gateway\_address](#input\_transit\_gateway\_address) | (Optional) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer\_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks | `string` | `null` | no | | [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | (Required) The Transit Gateway Connect | `string` | n/a | yes | ## Outputs From bc750a472c8d23d9bccac63b2894f4f75871d57b Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Mon, 18 Nov 2024 20:50:52 -0500 Subject: [PATCH 09/23] updated for_each to use maps --- .../transit_gateway_connect_peer/README.md | 14 ++++++- .../transit_gateway_connect_peer/outputs.tf | 42 +++++++++---------- .../transit_gateway_connect_peer/variables.tf | 4 +- 3 files changed, 35 insertions(+), 25 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index 66bbdfa2..c85054e5 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -68,10 +68,20 @@ module "transit_gateway_sdwan_connect_peer" { source = "github.com/zachreborn/terraform-modules//modules/aws/transit_gateway_connect_peer" - bgp_asn = 64513 - inside_cidr_blocks = "169.254.6.0/29" name = "sdwan_peer" peer_address = "10.100.1.10" + peers = { + "sdwan_vedge_1" = { + bgp_asn = 64513 + inside_cidr_blocks = ["169.254.6.0/29"] + peer_address = "10.200.0.157" + } + "sdwan_vedge_1" = { + bgp_asn = 64513 + inside_cidr_blocks = ["169.254.6.8/29"] + peer_address = "10.200.0.180" + } + } transit_gateway_address = "10.255.1.11" transit_gateway_attachment_id = module.transit_gateway_sdwan_connect.id } diff --git a/modules/aws/transit_gateway_connect_peer/outputs.tf b/modules/aws/transit_gateway_connect_peer/outputs.tf index d597b4e6..844b03f9 100644 --- a/modules/aws/transit_gateway_connect_peer/outputs.tf +++ b/modules/aws/transit_gateway_connect_peer/outputs.tf @@ -1,39 +1,39 @@ -output "arn" { - description = "The ARN of the transit gateway connect peer" - value = aws_ec2_transit_gateway_connect_peer.peer.arn +output "arns" { + description = "A list of ARNs of the transit gateway connect peers." + value = aws_ec2_transit_gateway_connect_peer.peer[*].arn } -output "bgp_asn" { - description = "The BGP ASN of the connect peer." - value = aws_ec2_transit_gateway_connect_peer.peer.bgp_asn +output "bgp_asns" { + description = "A map of BGP ASNs of the connect peers." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.bgp_asn } } -output "bgp_peer_address" { - description = "The BGP peer address within the connect tunnel. This is the address peering with the transit gateway." - value = aws_ec2_transit_gateway_connect_peer.peer.bgp_peer_address +output "bgp_peer_addresses" { + description = "A map of BGP peer address within the connect tunnels. This is the address peering with the transit gateway." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.peer_address } } output "bgp_transit_gateway_addresses" { - description = "The BGP transit gateway address within the connect tunnel. This is the address of the transit gateway." - value = aws_ec2_transit_gateway_connect_peer.peer.bgp_transit_gateway_addresses + description = "A map of the BGP transit gateway addresses within the connect tunnel. This is the address of the transit gateway." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.transit_gateway_address } } -output "id" { - description = "The ID of the Transit Gateway Connect Peer" - value = aws_ec2_transit_gateway_connect_peer.peer.id +output "ids" { + description = "A list of the IDs of the Transit Gateway Connect Peers" + value = aws_ec2_transit_gateway_connect_peer.peer[*].id } output "inside_cidr_blocks" { description = "The CIDR blocks associated with the inside IP addresses of the connect peer." - value = aws_ec2_transit_gateway_connect_peer.peer.inside_cidr_blocks + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.inside_cidr_blocks } } -output "peer_address" { - description = "The IP address of the connect peer." - value = aws_ec2_transit_gateway_connect_peer.peer.peer_address +output "peer_addresses" { + description = "A map of the IP address of the connect peers." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.peer_address } } -output "transit_gateway_address" { - description = "The IP address of the transit gateway. This is the IP used to connect to the transit gateway." - value = aws_ec2_transit_gateway_connect_peer.peer.transit_gateway_address +output "transit_gateway_addresses" { + description = "A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.transit_gateway_address } } \ No newline at end of file diff --git a/modules/aws/transit_gateway_connect_peer/variables.tf b/modules/aws/transit_gateway_connect_peer/variables.tf index 6a140f33..bf53da7d 100644 --- a/modules/aws/transit_gateway_connect_peer/variables.tf +++ b/modules/aws/transit_gateway_connect_peer/variables.tf @@ -12,7 +12,7 @@ variable "peers" { })) description = "(Required) A map of Transit Gateway Connect Peers, where the key is the name of the peer and the value is a map of peer configuration options." # Example: - # var.peers = { + # peers = { # "sdwan_vedge_1" = { # bgp_asn = 64513 # inside_cidr_blocks = ["169.254.6.0/29"] @@ -20,7 +20,7 @@ variable "peers" { # } # "sdwan_vedge_1" = { # bgp_asn = 64513 - # inside_cidr_blocks = ["169.254.7.0/29"] + # inside_cidr_blocks = ["169.254.6.8/29"] # peer_address = "10.200.0.180" # } # } From be1fd728159c4fa115850258a4beb6da7f62483d Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 01:51:26 +0000 Subject: [PATCH 10/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/transit_gateway_connect_peer/README.md | 14 +++++++------- .../aws/transit_gateway_connect_peer/outputs.tf | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index c85054e5..2b494ef8 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -130,14 +130,14 @@ No modules. | Name | Description | |------|-------------| -| [arn](#output\_arn) | The ARN of the transit gateway connect peer | -| [bgp\_asn](#output\_bgp\_asn) | The BGP ASN of the connect peer. | -| [bgp\_peer\_address](#output\_bgp\_peer\_address) | The BGP peer address within the connect tunnel. This is the address peering with the transit gateway. | -| [bgp\_transit\_gateway\_addresses](#output\_bgp\_transit\_gateway\_addresses) | The BGP transit gateway address within the connect tunnel. This is the address of the transit gateway. | -| [id](#output\_id) | The ID of the Transit Gateway Connect Peer | +| [arns](#output\_arns) | A list of ARNs of the transit gateway connect peers. | +| [bgp\_asns](#output\_bgp\_asns) | A map of BGP ASNs of the connect peers. | +| [bgp\_peer\_addresses](#output\_bgp\_peer\_addresses) | A map of BGP peer address within the connect tunnels. This is the address peering with the transit gateway. | +| [bgp\_transit\_gateway\_addresses](#output\_bgp\_transit\_gateway\_addresses) | A map of the BGP transit gateway addresses within the connect tunnel. This is the address of the transit gateway. | +| [ids](#output\_ids) | A list of the IDs of the Transit Gateway Connect Peers | | [inside\_cidr\_blocks](#output\_inside\_cidr\_blocks) | The CIDR blocks associated with the inside IP addresses of the connect peer. | -| [peer\_address](#output\_peer\_address) | The IP address of the connect peer. | -| [transit\_gateway\_address](#output\_transit\_gateway\_address) | The IP address of the transit gateway. This is the IP used to connect to the transit gateway. | +| [peer\_addresses](#output\_peer\_addresses) | A map of the IP address of the connect peers. | +| [transit\_gateway\_addresses](#output\_transit\_gateway\_addresses) | A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway. | diff --git a/modules/aws/transit_gateway_connect_peer/outputs.tf b/modules/aws/transit_gateway_connect_peer/outputs.tf index 844b03f9..227b46de 100644 --- a/modules/aws/transit_gateway_connect_peer/outputs.tf +++ b/modules/aws/transit_gateway_connect_peer/outputs.tf @@ -25,7 +25,7 @@ output "ids" { output "inside_cidr_blocks" { description = "The CIDR blocks associated with the inside IP addresses of the connect peer." - value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.inside_cidr_blocks } + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.inside_cidr_blocks } } output "peer_addresses" { From f8bfc385bf14632d85aba8176185040ad3084d20 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Mon, 18 Nov 2024 21:02:54 -0500 Subject: [PATCH 11/23] outputs are all maps --- modules/aws/transit_gateway_connect_peer/outputs.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/outputs.tf b/modules/aws/transit_gateway_connect_peer/outputs.tf index 227b46de..1a71085c 100644 --- a/modules/aws/transit_gateway_connect_peer/outputs.tf +++ b/modules/aws/transit_gateway_connect_peer/outputs.tf @@ -1,6 +1,6 @@ output "arns" { - description = "A list of ARNs of the transit gateway connect peers." - value = aws_ec2_transit_gateway_connect_peer.peer[*].arn + description = "A map of ARNs of the transit gateway connect peers." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.arn } } output "bgp_asns" { @@ -19,8 +19,8 @@ output "bgp_transit_gateway_addresses" { } output "ids" { - description = "A list of the IDs of the Transit Gateway Connect Peers" - value = aws_ec2_transit_gateway_connect_peer.peer[*].id + description = "A map of the IDs of the Transit Gateway Connect Peers" + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.id } } output "inside_cidr_blocks" { From 04c48f5210eb5a083ee3afc4d60604a6a2a5770b Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 02:03:32 +0000 Subject: [PATCH 12/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/transit_gateway_connect_peer/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index 2b494ef8..2b07b886 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -130,11 +130,11 @@ No modules. | Name | Description | |------|-------------| -| [arns](#output\_arns) | A list of ARNs of the transit gateway connect peers. | +| [arns](#output\_arns) | A map of ARNs of the transit gateway connect peers. | | [bgp\_asns](#output\_bgp\_asns) | A map of BGP ASNs of the connect peers. | | [bgp\_peer\_addresses](#output\_bgp\_peer\_addresses) | A map of BGP peer address within the connect tunnels. This is the address peering with the transit gateway. | | [bgp\_transit\_gateway\_addresses](#output\_bgp\_transit\_gateway\_addresses) | A map of the BGP transit gateway addresses within the connect tunnel. This is the address of the transit gateway. | -| [ids](#output\_ids) | A list of the IDs of the Transit Gateway Connect Peers | +| [ids](#output\_ids) | A map of the IDs of the Transit Gateway Connect Peers | | [inside\_cidr\_blocks](#output\_inside\_cidr\_blocks) | The CIDR blocks associated with the inside IP addresses of the connect peer. | | [peer\_addresses](#output\_peer\_addresses) | A map of the IP address of the connect peers. | | [transit\_gateway\_addresses](#output\_transit\_gateway\_addresses) | A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway. | From 48dad497edc4f6b732b2db6c6d7f7cb318167255 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 17:06:41 -0500 Subject: [PATCH 13/23] converted cloudwatch alarms to for_each --- modules/aws/vendor/velocloud/main.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index e3bbbc32..da445695 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -234,15 +234,15 @@ resource "aws_instance" "ec2_instance" { ##################### resource "aws_cloudwatch_metric_alarm" "instance" { + for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = [] alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" - alarm_name = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index)) + alarm_name = format("%s-instance-alarm", each.value.id) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.quantity datapoints_to_alarm = 2 dimensions = { - InstanceId = element(aws_instance.ec2_instance[*].id, count.index) + InstanceId = each.value.id } evaluation_periods = "2" insufficient_data_actions = [] @@ -260,15 +260,15 @@ resource "aws_cloudwatch_metric_alarm" "instance" { ##################### resource "aws_cloudwatch_metric_alarm" "system" { + for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] alarm_description = "EC2 instance StatusCheckFailed_System alarm" - alarm_name = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index)) + alarm_name = format("%s-system-alarm", each.value.id) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.quantity datapoints_to_alarm = 2 dimensions = { - InstanceId = element(aws_instance.ec2_instance[*].id, count.index) + InstanceId = each.value.id } evaluation_periods = "2" insufficient_data_actions = [] From 774a751a2d41f7054c2238beb2de86a919571197 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 17:12:48 -0500 Subject: [PATCH 14/23] toset() for the cloudwatch for_each --- modules/aws/vendor/velocloud/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index da445695..9b1eb158 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -234,7 +234,7 @@ resource "aws_instance" "ec2_instance" { ##################### resource "aws_cloudwatch_metric_alarm" "instance" { - for_each = aws_instance.ec2_instance + for_each = toset(aws_instance.ec2_instance) actions_enabled = true alarm_actions = [] alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" @@ -260,7 +260,7 @@ resource "aws_cloudwatch_metric_alarm" "instance" { ##################### resource "aws_cloudwatch_metric_alarm" "system" { - for_each = aws_instance.ec2_instance + for_each = toset(aws_instance.ec2_instance) actions_enabled = true alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] alarm_description = "EC2 instance StatusCheckFailed_System alarm" From 3fed7d78bf9ddd6d8cfbcd1974abc75e260a6609 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 17:23:01 -0500 Subject: [PATCH 15/23] Revert "toset() for the cloudwatch for_each" This reverts commit 774a751a2d41f7054c2238beb2de86a919571197. --- modules/aws/vendor/velocloud/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index 9b1eb158..da445695 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -234,7 +234,7 @@ resource "aws_instance" "ec2_instance" { ##################### resource "aws_cloudwatch_metric_alarm" "instance" { - for_each = toset(aws_instance.ec2_instance) + for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = [] alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" @@ -260,7 +260,7 @@ resource "aws_cloudwatch_metric_alarm" "instance" { ##################### resource "aws_cloudwatch_metric_alarm" "system" { - for_each = toset(aws_instance.ec2_instance) + for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] alarm_description = "EC2 instance StatusCheckFailed_System alarm" From 9f24fda877edefc73340f6f864438183f7c9f7c3 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 17:23:13 -0500 Subject: [PATCH 16/23] Revert "converted cloudwatch alarms to for_each" This reverts commit 48dad497edc4f6b732b2db6c6d7f7cb318167255. --- modules/aws/vendor/velocloud/main.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index da445695..e3bbbc32 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -234,15 +234,15 @@ resource "aws_instance" "ec2_instance" { ##################### resource "aws_cloudwatch_metric_alarm" "instance" { - for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = [] alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" - alarm_name = format("%s-instance-alarm", each.value.id) + alarm_name = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" + count = var.quantity datapoints_to_alarm = 2 dimensions = { - InstanceId = each.value.id + InstanceId = element(aws_instance.ec2_instance[*].id, count.index) } evaluation_periods = "2" insufficient_data_actions = [] @@ -260,15 +260,15 @@ resource "aws_cloudwatch_metric_alarm" "instance" { ##################### resource "aws_cloudwatch_metric_alarm" "system" { - for_each = aws_instance.ec2_instance actions_enabled = true alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] alarm_description = "EC2 instance StatusCheckFailed_System alarm" - alarm_name = format("%s-system-alarm", each.value.id) + alarm_name = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" + count = var.quantity datapoints_to_alarm = 2 dimensions = { - InstanceId = each.value.id + InstanceId = element(aws_instance.ec2_instance[*].id, count.index) } evaluation_periods = "2" insufficient_data_actions = [] From 011028fad8b085bae44af1a6f1611b42834338f1 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 18:13:45 -0500 Subject: [PATCH 17/23] cleanup of outputs --- .../transit_gateway_connect_peer/outputs.tf | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/outputs.tf b/modules/aws/transit_gateway_connect_peer/outputs.tf index 1a71085c..f11bef49 100644 --- a/modules/aws/transit_gateway_connect_peer/outputs.tf +++ b/modules/aws/transit_gateway_connect_peer/outputs.tf @@ -8,16 +8,6 @@ output "bgp_asns" { value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.bgp_asn } } -output "bgp_peer_addresses" { - description = "A map of BGP peer address within the connect tunnels. This is the address peering with the transit gateway." - value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.peer_address } -} - -output "bgp_transit_gateway_addresses" { - description = "A map of the BGP transit gateway addresses within the connect tunnel. This is the address of the transit gateway." - value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.transit_gateway_address } -} - output "ids" { description = "A map of the IDs of the Transit Gateway Connect Peers" value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.id } @@ -36,4 +26,16 @@ output "peer_addresses" { output "transit_gateway_addresses" { description = "A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway." value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.transit_gateway_address } +} + +# Complex Outputs +output "peer_configurations" { + description = "A map of the transit gateway connect peer configurations." + value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => { + bgp_asn = value.bgp_asn + insider_cidr_blocks = value.inside_cidr_blocks + peer_address = value.peer_address + transit_gateway_address = value.transit_gateway_address + } + } } \ No newline at end of file From 8909922f4f7f6a1cf7a33f48078ecd0fa4811c46 Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 23:14:20 +0000 Subject: [PATCH 18/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/transit_gateway_connect_peer/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index 2b07b886..f6116764 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -132,11 +132,10 @@ No modules. |------|-------------| | [arns](#output\_arns) | A map of ARNs of the transit gateway connect peers. | | [bgp\_asns](#output\_bgp\_asns) | A map of BGP ASNs of the connect peers. | -| [bgp\_peer\_addresses](#output\_bgp\_peer\_addresses) | A map of BGP peer address within the connect tunnels. This is the address peering with the transit gateway. | -| [bgp\_transit\_gateway\_addresses](#output\_bgp\_transit\_gateway\_addresses) | A map of the BGP transit gateway addresses within the connect tunnel. This is the address of the transit gateway. | | [ids](#output\_ids) | A map of the IDs of the Transit Gateway Connect Peers | | [inside\_cidr\_blocks](#output\_inside\_cidr\_blocks) | The CIDR blocks associated with the inside IP addresses of the connect peer. | | [peer\_addresses](#output\_peer\_addresses) | A map of the IP address of the connect peers. | +| [peer\_configurations](#output\_peer\_configurations) | A map of the transit gateway connect peer configurations. | | [transit\_gateway\_addresses](#output\_transit\_gateway\_addresses) | A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway. | From ce0ed44fa647b047136b5496b7c1850e9a9bdf78 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 18:24:41 -0500 Subject: [PATCH 19/23] final peer connect outputs --- modules/aws/transit_gateway_connect_peer/outputs.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/aws/transit_gateway_connect_peer/outputs.tf b/modules/aws/transit_gateway_connect_peer/outputs.tf index f11bef49..c99618cb 100644 --- a/modules/aws/transit_gateway_connect_peer/outputs.tf +++ b/modules/aws/transit_gateway_connect_peer/outputs.tf @@ -1,3 +1,4 @@ +# Simple Outputs output "arns" { description = "A map of ARNs of the transit gateway connect peers." value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => value.arn } @@ -29,10 +30,11 @@ output "transit_gateway_addresses" { } # Complex Outputs -output "peer_configurations" { +output "configurations" { description = "A map of the transit gateway connect peer configurations." value = { for key, value in aws_ec2_transit_gateway_connect_peer.peer : key => { bgp_asn = value.bgp_asn + id = value.id insider_cidr_blocks = value.inside_cidr_blocks peer_address = value.peer_address transit_gateway_address = value.transit_gateway_address From 0a0409659f8dbe205e8cef89203b3e1f70e7bfaf Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 23:25:16 +0000 Subject: [PATCH 20/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/transit_gateway_connect_peer/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index f6116764..c7802368 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -132,10 +132,10 @@ No modules. |------|-------------| | [arns](#output\_arns) | A map of ARNs of the transit gateway connect peers. | | [bgp\_asns](#output\_bgp\_asns) | A map of BGP ASNs of the connect peers. | +| [configurations](#output\_configurations) | A map of the transit gateway connect peer configurations. | | [ids](#output\_ids) | A map of the IDs of the Transit Gateway Connect Peers | | [inside\_cidr\_blocks](#output\_inside\_cidr\_blocks) | The CIDR blocks associated with the inside IP addresses of the connect peer. | | [peer\_addresses](#output\_peer\_addresses) | A map of the IP address of the connect peers. | -| [peer\_configurations](#output\_peer\_configurations) | A map of the transit gateway connect peer configurations. | | [transit\_gateway\_addresses](#output\_transit\_gateway\_addresses) | A map of IP address of the transit gateway. This is the IP used to connect to the transit gateway. | From 14db69dc5c31095b22b65112e6e2dcc99f024a76 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 18:29:36 -0500 Subject: [PATCH 21/23] removed quantity in favor of `length(keys)` --- modules/aws/vendor/velocloud/main.tf | 16 ++++++++-------- modules/aws/vendor/velocloud/variables.tf | 8 +------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf index e3bbbc32..fe4b83b6 100644 --- a/modules/aws/vendor/velocloud/main.tf +++ b/modules/aws/vendor/velocloud/main.tf @@ -122,13 +122,13 @@ resource "aws_security_group" "sdwan_wan_sg" { ############################################ resource "aws_eip" "wan_external_ip" { - count = var.quantity + count = length(var.velocloud_activation_keys) domain = "vpc" tags = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) })) } resource "aws_eip_association" "wan_external_ip" { - count = var.quantity + count = length(var.velocloud_activation_keys) allocation_id = element(aws_eip.wan_external_ip[*].id, count.index) network_interface_id = element(aws_network_interface.public_nic[*].id, count.index) } @@ -139,7 +139,7 @@ resource "aws_eip_association" "wan_external_ip" { resource "aws_network_interface" "mgmt_nic" { # Ge1 is the management interface in VeloCloud and attached at eth0 - count = var.quantity + count = length(var.velocloud_activation_keys) description = var.mgmt_nic_description private_ips = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)] security_groups = [aws_security_group.sdwan_mgmt_sg.id] @@ -150,7 +150,7 @@ resource "aws_network_interface" "mgmt_nic" { resource "aws_network_interface" "public_nic" { # Ge2 is the public interface in VeloCloud and attached at eth1 - count = var.quantity + count = length(var.velocloud_activation_keys) description = var.public_nic_description private_ips = var.public_ips == null ? null : [element(var.public_ips, count.index)] security_groups = [aws_security_group.sdwan_wan_sg.id] @@ -161,7 +161,7 @@ resource "aws_network_interface" "public_nic" { resource "aws_network_interface" "private_nic" { # Ge3 is the private interface in VeloCloud and attached at eth2 - count = var.quantity + count = length(var.velocloud_activation_keys) description = var.private_nic_description private_ips = var.private_ips == null ? null : [element(var.private_ips, count.index)] security_groups = [aws_security_group.velocloud_lan_sg.id] @@ -176,7 +176,7 @@ resource "aws_network_interface" "private_nic" { resource "aws_instance" "ec2_instance" { ami = var.ami_id != null ? var.ami_id : data.aws_ami.velocloud.id - count = var.quantity + count = length(var.velocloud_activation_keys) ebs_optimized = var.ebs_optimized hibernation = var.hibernation iam_instance_profile = var.iam_instance_profile @@ -239,7 +239,7 @@ resource "aws_cloudwatch_metric_alarm" "instance" { alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" alarm_name = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.quantity + count = length(var.velocloud_activation_keys) datapoints_to_alarm = 2 dimensions = { InstanceId = element(aws_instance.ec2_instance[*].id, count.index) @@ -265,7 +265,7 @@ resource "aws_cloudwatch_metric_alarm" "system" { alarm_description = "EC2 instance StatusCheckFailed_System alarm" alarm_name = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index)) comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.quantity + count = length(var.velocloud_activation_keys) datapoints_to_alarm = 2 dimensions = { InstanceId = element(aws_instance.ec2_instance[*].id, count.index) diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf index 11fb0217..82f41a3f 100644 --- a/modules/aws/vendor/velocloud/variables.tf +++ b/modules/aws/vendor/velocloud/variables.tf @@ -200,7 +200,7 @@ variable "root_ebs_volume_encrypted" { } variable "velocloud_activation_keys" { - description = "(Required) The activation key for the VeloCloud instance(s)." + description = "(Required) The activation key for the VeloCloud instance(s). The quantity of keys also determines the quantity of instances to launch." type = list(string) validation { condition = alltrue([for key in var.velocloud_activation_keys : can(regex("^[A-Z0-9-]{19}$", key))]) @@ -239,9 +239,3 @@ variable "tags" { role = "sdwan" } } - -variable "quantity" { - description = "(Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1" - type = number - default = 1 -} \ No newline at end of file From aa197f472c1e6656970ac493345c761499e2ebbf Mon Sep 17 00:00:00 2001 From: zachreborn Date: Tue, 19 Nov 2024 23:30:26 +0000 Subject: [PATCH 22/23] Continuous Integration - terraform fmt and terraform-docs --- modules/aws/vendor/velocloud/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index b77c4f2c..b7fd9d83 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -208,7 +208,6 @@ No modules. | [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | `null` | no | | [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic Ge2 in VeloCloud"` | no | | [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes | -| [quantity](#input\_quantity) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no | | [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no | | [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `8` | no | | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no | @@ -217,7 +216,7 @@ No modules. | [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no | | [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "prod",
  "role": "sdwan",
  "terraform": "true"
}
| no | | [user\_data](#input\_user\_data) | (Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user\_data cloud-init configuration for you. This allows specifying custom cloud-init scripting. | `string` | `null` | no | -| [velocloud\_activation\_keys](#input\_velocloud\_activation\_keys) | (Required) The activation key for the VeloCloud instance(s). | `list(string)` | n/a | yes | +| [velocloud\_activation\_keys](#input\_velocloud\_activation\_keys) | (Required) The activation key for the VeloCloud instance(s). The quantity of keys also determines the quantity of instances to launch. | `list(string)` | n/a | yes | | [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no | | [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no | | [velocloud\_orchestrator](#input\_velocloud\_orchestrator) | (Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com | `string` | n/a | yes | From 1c457bfa3238d4fef507a4dcd94fca1e103fa86e Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Tue, 19 Nov 2024 18:33:15 -0500 Subject: [PATCH 23/23] updated readme to match the appropriate module --- modules/aws/transit_gateway_connect_peer/README.md | 7 +++---- modules/aws/vendor/velocloud/README.md | 3 --- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index c7802368..c3fbe85f 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -64,12 +64,12 @@ ## Usage ### Simple Example +This example creates two redundant connect peers with two different peers, such as two Velocloud vEdge instances. ``` module "transit_gateway_sdwan_connect_peer" { - source = "github.com/zachreborn/terraform-modules//modules/aws/transit_gateway_connect_peer" + source = "github.com/zachreborn/terraform-modules//modules/aws/transit_gateway_connect_peer" - name = "sdwan_peer" - peer_address = "10.100.1.10" + name = "sdwan_peer" peers = { "sdwan_vedge_1" = { bgp_asn = 64513 @@ -82,7 +82,6 @@ module "transit_gateway_sdwan_connect_peer" { peer_address = "10.200.0.180" } } - transit_gateway_address = "10.255.1.11" transit_gateway_attachment_id = module.transit_gateway_sdwan_connect.id } ``` diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md index b7fd9d83..4e2ab606 100755 --- a/modules/aws/vendor/velocloud/README.md +++ b/modules/aws/vendor/velocloud/README.md @@ -71,7 +71,6 @@ module "aws_prod_sdwan" { key_name = module.keypair.key_name public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids - quantity = 1 velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true @@ -98,7 +97,6 @@ module "aws_prod_sdwan" { key_name = module.keypair.key_name public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids - quantity = 1 velocloud_activation_keys = ["1234-5678-90AB-CDEF"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true @@ -125,7 +123,6 @@ module "aws_prod_sdwan" { key_name = module.keypair.key_name public_subnet_ids = module.vpc.public_subnet_ids private_subnet_ids = module.vpc.private_subnet_ids - quantity = 2 velocloud_activation_keys = ["1234-5678-90AB-CDEF", "1234-5678-90AB-GHIJ"] velocloud_orchestrator = "vco.example.com" velocloud_ignore_cert_errors = true