From 3f7fa3ffa413da1b2e0a283ad94103a3c1168f11 Mon Sep 17 00:00:00 2001
From: Loren Gordon <lorengordon@users.noreply.github.com>
Date: Mon, 7 Oct 2024 15:31:29 -0700
Subject: [PATCH] Supports configuring vpc routes to prefix list destinations

---
 modules/cross-account-vpc-attachment/variables.tf | 5 +++--
 modules/vpc-accepter/main.tf                      | 1 +
 modules/vpc-accepter/variables.tf                 | 5 +++--
 modules/vpc-attachment/main.tf                    | 1 +
 modules/vpc-attachment/variables.tf               | 5 +++--
 variables.tf                                      | 9 +++++----
 6 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/modules/cross-account-vpc-attachment/variables.tf b/modules/cross-account-vpc-attachment/variables.tf
index 40b1be4..7a701da 100644
--- a/modules/cross-account-vpc-attachment/variables.tf
+++ b/modules/cross-account-vpc-attachment/variables.tf
@@ -112,8 +112,9 @@ variable "vpc_routes" {
     name                        = string
     provider                    = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
   validation {
diff --git a/modules/vpc-accepter/main.tf b/modules/vpc-accepter/main.tf
index 322a8da..c68b51f 100644
--- a/modules/vpc-accepter/main.tf
+++ b/modules/vpc-accepter/main.tf
@@ -29,6 +29,7 @@ resource "aws_route" "this" {
   route_table_id              = each.value.route_table_id
   destination_cidr_block      = each.value.destination_cidr_block
   destination_ipv6_cidr_block = each.value.destination_ipv6_cidr_block
+  destination_prefix_list_id  = each.value.destination_prefix_list_id
   transit_gateway_id          = var.auto_accept_shared_attachments == "disable" ? aws_ec2_transit_gateway_vpc_attachment_accepter.this[0].transit_gateway_id : data.aws_ec2_transit_gateway_attachment.this[0].transit_gateway_id
 }
 
diff --git a/modules/vpc-accepter/variables.tf b/modules/vpc-accepter/variables.tf
index 8e6ed45..6840368 100644
--- a/modules/vpc-accepter/variables.tf
+++ b/modules/vpc-accepter/variables.tf
@@ -55,8 +55,9 @@ variable "vpc_routes" {
     # `name` is used as for_each key
     name                        = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
 }
diff --git a/modules/vpc-attachment/main.tf b/modules/vpc-attachment/main.tf
index 73d9056..d832628 100644
--- a/modules/vpc-attachment/main.tf
+++ b/modules/vpc-attachment/main.tf
@@ -44,6 +44,7 @@ resource "aws_route" "this" {
   route_table_id              = each.value.route_table_id
   destination_cidr_block      = each.value.destination_cidr_block
   destination_ipv6_cidr_block = each.value.destination_ipv6_cidr_block
+  destination_prefix_list_id  = each.value.destination_prefix_list_id
   transit_gateway_id          = aws_ec2_transit_gateway_vpc_attachment.this.transit_gateway_id
 }
 
diff --git a/modules/vpc-attachment/variables.tf b/modules/vpc-attachment/variables.tf
index 71e0425..24a2c87 100644
--- a/modules/vpc-attachment/variables.tf
+++ b/modules/vpc-attachment/variables.tf
@@ -96,8 +96,9 @@ variable "vpc_routes" {
     # `name` is used as for_each key
     name                        = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
 }
diff --git a/variables.tf b/variables.tf
index c252517..51d70bb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -129,13 +129,14 @@ variable "vpc_attachments" {
     dns_support            = string
     ipv6_support           = string
     tags                   = map(string)
-    vpc_routes = list(object({
+    vpc_routes = optional(list(object({
       # `name` is used as for_each key
       name                        = string
       route_table_id              = string
-      destination_cidr_block      = string
-      destination_ipv6_cidr_block = string
-    }))
+      destination_cidr_block      = optional(string)
+      destination_ipv6_cidr_block = optional(string)
+      destination_prefix_list_id  = optional(string)
+    })), [])
     transit_gateway_default_route_table_association = bool
     transit_gateway_default_route_table_propagation = bool
     # name from `route_tables` or id of a pre-existing route table