Merge pull request #376 from lorengordon/feat/prefix-list-references

plus3it · Aug 26, 2024 · c2eeae2 · c2eeae2
2 parents c914f33 + a5de2a5
commit c2eeae2
Show file tree

Hide file tree

Showing 11 changed files with 157 additions and 4 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.3.1
+current_version = 2.4.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [2.4.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.4.0)
+
+**Released**: 2024.08.26
+
+**Summary**:
+
+*   Supports associating managed prefix lists to a transit gateway route table
+
 ### [2.3.1](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.3.1)
 
 **Released**: 2024.08.21

diff --git a/README.md b/README.md
@@ -57,6 +57,7 @@ This module includes several submodules for different workflows and use cases.
 | <a name="input_default_route_table_propagation"></a> [default\_route\_table\_propagation](#input\_default\_route\_table\_propagation) | Whether resource attachments automatically propagate routes to the default propagation route table (valid values: disable, enable) | `string` | `"enable"` | no |
 | <a name="input_description"></a> [description](#input\_description) | Description of the EC2 Transit Gateway | `string` | `null` | no |
 | <a name="input_dns_support"></a> [dns\_support](#input\_dns\_support) | Whether DNS support is enabled (valid values: disable, enable) | `string` | `"enable"` | no |
+| <a name="input_prefix_list_references"></a> [prefix\_list\_references](#input\_prefix\_list\_references) | List of TGW prefix list references to add to TGW route tables | <pre>list(object({<br>    # `name` used as for_each key<br>    name           = string<br>    prefix_list_id = string<br>    # name from `route_tables` or id of a pre-existing route table<br>    transit_gateway_route_table = string<br><br>    blackhole           = optional(bool, false)<br>    default_route_table = optional(bool, false)<br>    # name from `vpc_attachments` or id of a pre-existing tgw attachment<br>    transit_gateway_attachment = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_route_tables"></a> [route\_tables](#input\_route\_tables) | List of TGW route tables to create with the transit gateway | <pre>list(object({<br>    # `name` used as for_each key<br>    name = string<br>    tags = map(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_routes"></a> [routes](#input\_routes) | List of TGW routes to add to TGW route tables | <pre>list(object({<br>    # `name` used as for_each key<br>    name                   = string<br>    blackhole              = bool<br>    default_route_table    = bool<br>    destination_cidr_block = string<br>    # name from `vpc_attachments` or id of a pre-existing tgw attachment<br>    transit_gateway_attachment = string<br>    # name from `route_tables` or id of a pre-existing route table<br>    transit_gateway_route_table = string<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to the TGW and associated resources | `map(string)` | `{}` | no |
@@ -67,6 +68,7 @@ This module includes several submodules for different workflows and use cases.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_prefix_list_references"></a> [prefix\_list\_references](#output\_prefix\_list\_references) | Map of TGW prefix list reference objects |
 | <a name="output_route_tables"></a> [route\_tables](#output\_route\_tables) | Map of TGW route table objects |
 | <a name="output_routes"></a> [routes](#output\_routes) | Map of TGW route objects |
 | <a name="output_transit_gateway"></a> [transit\_gateway](#output\_transit\_gateway) | Object with attributes of the Transit Gateway |

diff --git a/main.tf b/main.tf
@@ -39,6 +39,24 @@ module "routes" {
   )
 }
 
+module "prefix_list_references" {
+  source   = "./modules/prefix-list-reference"
+  for_each = { for prefix_list_reference in var.prefix_list_references : prefix_list_reference.name => prefix_list_reference }
+
+  prefix_list_id = each.value.prefix_list_id
+  blackhole      = each.value.blackhole
+
+  transit_gateway_route_table_id = each.value.default_route_table ? aws_ec2_transit_gateway.this.association_default_route_table_id : each.value.transit_gateway_route_table == null ? null : coalesce(
+    contains(var.route_tables[*].name, each.value.transit_gateway_route_table) ? module.route_tables[each.value.transit_gateway_route_table].route_table.id : null,
+    each.value.transit_gateway_route_table,
+  )
+
+  transit_gateway_attachment_id = each.value.transit_gateway_attachment == null ? null : coalesce(
+    contains(var.vpc_attachments[*].name, each.value.transit_gateway_attachment) ? module.vpc_attachments[each.value.transit_gateway_attachment].vpc_attachment.id : null,
+    each.value.transit_gateway_attachment,
+  )
+}
+
 module "vpc_attachments" {
   source   = "./modules/vpc-attachment"
   for_each = { for attachment in var.vpc_attachments : attachment.name => attachment }

diff --git a/modules/prefix-list-reference/README.md b/modules/prefix-list-reference/README.md
@@ -0,0 +1,32 @@
+<!-- BEGIN TFDOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_prefix_list_id"></a> [prefix\_list\_id](#input\_prefix\_list\_id) | ID of the prefix list to reference | `string` | n/a | yes |
+| <a name="input_transit_gateway_route_table_id"></a> [transit\_gateway\_route\_table\_id](#input\_transit\_gateway\_route\_table\_id) | ID of the route table to associate with the prefix list | `string` | n/a | yes |
+| <a name="input_blackhole"></a> [blackhole](#input\_blackhole) | Boolean indicating whether to drop traffic that matches this prefix list | `bool` | `false` | no |
+| <a name="input_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | ID of the attachment to associate with the prefix list | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_route"></a> [route](#output\_route) | Object with the Transit Gateway prefix list reference attributes |
+
+<!-- END TFDOCS -->
diff --git a/modules/prefix-list-reference/main.tf b/modules/prefix-list-reference/main.tf
@@ -0,0 +1,7 @@
+resource "aws_ec2_transit_gateway_prefix_list_reference" "this" {
+  prefix_list_id                 = var.prefix_list_id
+  transit_gateway_route_table_id = var.transit_gateway_route_table_id
+
+  blackhole                     = var.blackhole
+  transit_gateway_attachment_id = var.transit_gateway_attachment_id
+}
diff --git a/modules/prefix-list-reference/outputs.tf b/modules/prefix-list-reference/outputs.tf
@@ -0,0 +1,4 @@
+output "route" {
+  description = "Object with the Transit Gateway prefix list reference attributes"
+  value       = aws_ec2_transit_gateway_prefix_list_reference.this
+}
diff --git a/modules/prefix-list-reference/variables.tf b/modules/prefix-list-reference/variables.tf
@@ -0,0 +1,24 @@
+variable "prefix_list_id" {
+  description = "ID of the prefix list to reference"
+  type        = string
+  nullable    = false
+}
+
+variable "transit_gateway_route_table_id" {
+  description = "ID of the route table to associate with the prefix list"
+  type        = string
+  nullable    = false
+}
+
+variable "blackhole" {
+  description = "Boolean indicating whether to drop traffic that matches this prefix list"
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "transit_gateway_attachment_id" {
+  description = "ID of the attachment to associate with the prefix list"
+  type        = string
+  default     = null
+}
diff --git a/outputs.tf b/outputs.tf
@@ -17,3 +17,8 @@ output "routes" {
   description = "Map of TGW route objects"
   value       = module.routes
 }
+
+output "prefix_list_references" {
+  description = "Map of TGW prefix list reference objects"
+  value       = module.prefix_list_references
+}
diff --git a/tests/tgw/main.tf b/tests/tgw/main.tf
@@ -14,9 +14,10 @@ module "tgw" {
   dns_support                     = "enable"
   vpn_ecmp_support                = "disable"
 
-  route_tables    = local.route_tables
-  routes          = local.routes
-  vpc_attachments = local.vpc_attachments
+  prefix_list_references = local.prefix_list_references
+  route_tables           = local.route_tables
+  routes                 = local.routes
+  vpc_attachments        = local.vpc_attachments
 
   tags = {
     Name = "tardigrade-testing-${local.id}"
@@ -26,6 +27,24 @@ module "tgw" {
 locals {
   id = data.terraform_remote_state.prereq.outputs.test_id.result
 
+  prefix_list_references = [
+    {
+      # name used as for_each key
+      name                        = "foo-${local.id}"
+      prefix_list_id              = aws_ec2_managed_prefix_list.this.id
+      blackhole                   = false
+      transit_gateway_attachment  = "foo-${local.id}"
+      transit_gateway_route_table = "foo-${local.id}"
+    },
+    {
+      name                        = "bar-${local.id}"
+      prefix_list_id              = aws_ec2_managed_prefix_list.this.id
+      blackhole                   = false
+      transit_gateway_attachment  = "foo-${local.id}"
+      transit_gateway_route_table = "bar-${local.id}"
+    }
+  ]
+
   route_tables = [
     {
       # name used as for_each key
@@ -152,6 +171,23 @@ module "vpc2" {
   private_subnets = ["10.1.1.0/24", "10.1.2.0/24"]
 }
 
+resource "aws_ec2_managed_prefix_list" "this" {
+  name = "foo-prefix-list-${local.id}"
+
+  address_family = "IPv4"
+  max_entries    = 100
+
+  tags = {
+    Test = "tardigrade-testing-${local.id}"
+  }
+}
+
+resource "aws_ec2_managed_prefix_list_entry" "one" {
+  cidr           = "10.1.5.0/24"
+  description    = "foo-cidr5"
+  prefix_list_id = aws_ec2_managed_prefix_list.this.id
+}
+
 data "terraform_remote_state" "prereq" {
   backend = "local"
   config = {

diff --git a/variables.tf b/variables.tf
@@ -66,6 +66,23 @@ variable "vpn_ecmp_support" {
   }
 }
 
+variable "prefix_list_references" {
+  description = "List of TGW prefix list references to add to TGW route tables"
+  type = list(object({
+    # `name` used as for_each key
+    name           = string
+    prefix_list_id = string
+    # name from `route_tables` or id of a pre-existing route table
+    transit_gateway_route_table = string
+
+    blackhole           = optional(bool, false)
+    default_route_table = optional(bool, false)
+    # name from `vpc_attachments` or id of a pre-existing tgw attachment
+    transit_gateway_attachment = optional(string)
+  }))
+  default = []
+}
+
 variable "route_tables" {
   description = "List of TGW route tables to create with the transit gateway"
   type = list(object({