feat: Added seperate example for slave and master account

clouddrove · Sep 7, 2023 · 8191005 · 8191005
1 parent 8253f55
commit 8191005
Show file tree

Hide file tree

Showing 12 changed files with 254 additions and 72 deletions.
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -9,7 +9,11 @@ jobs:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
       working_directory: './_example/single_account/'
-  different-account-example:
+  main-account-example:
     uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
     with:
-      working_directory: './_example/multi_account/'
+      working_directory: './_example/multi_account/main_account/'
+  slave-account-example:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    with:
+      working_directory: './_example/multi_account/slave_account/'
diff --git a/.gitignore b/.gitignore
@@ -2,5 +2,6 @@
 *.tfstate
 *.tfstate.backup
 .terraform
+.terraform.*
 .idea
 *.iml
diff --git a/README.yaml b/README.yaml
@@ -45,18 +45,12 @@ usage : |-
   ```hcl
   module "transit-gateway" {
     depends_on                      = [module.vpc, module.subnets]
-    source                          = "./../../"
+    source                          = "clouddrove/transit-gateway/aws"
     name                            = "app"
     environment                     = "test"
     tgw_create                      = true
     amazon_side_asn                 = 64512
-    auto_accept_shared_attachments  = "enable"
-    default_route_table_propagation = "enable"
     description                     = "This transit Gateway create for testing purpose"
-    #TGW Share
-    resource_share_enable                    = true
-    resource_share_allow_external_principals = true
-    resource_share_account_ids               = ["xxxxxxxxxxxx"]
     # VPC Attachements
     vpc_attachments = {
       vpc1 = {
@@ -82,28 +76,68 @@ usage : |-
   ```
 
   ### Transit Gateway for Multi AWS Account
+  ### Main Account
   ```hcl
-  module "transit_gateway" {
-    depends_on  = [module.vpc, module.subnets]
-    source      = "./../../"
-    name        = "app"
-    environment = "test"
-    tgw_create  = false
-    #TGW Share
-    aws_ram_resource_share_accepter = true
-    resource_share_arn              = "arn:aws:ram:eu-west-1:xxxxxxxxxx:resource-share/xxxxxxxxxxxxxxxxxxxxxxxxxx"
-    # VPC Attachements
-    transit_gateway_id = "tgw-xxxxxxxxxxx"
-    vpc_attachments = {
-      vpc1 = {
-        vpc_id                                          = module.vpc.vpc_id
-        subnet_ids                                      = module.subnets.public_subnet_id
-        transit_gateway_default_route_table_association = true
-        transit_gateway_default_route_table_propagation = true
-        # Below should be uncommented only when vpc and subnet are already deployed.
-        #vpc_route_table_ids                             = module.subnets.public_route_tables_id
-        #destination_cidr                                = ["10.10.0.0/16"]
-      } 
+    module "transit_gateway" {
+      depends_on                      = [module.vpc, module.subnets]
+      source                          = "clouddrove/transit-gateway/aws"
+      name                            = "app"
+      environment                     = "test"
+      tgw_create                      = true
+      amazon_side_asn                 = 64512
+      auto_accept_shared_attachments  = "enable"
+      default_route_table_propagation = "enable"
+      description                     = "This transit Gateway create for testing purpose"
+      #TGW Share
+      resource_share_enable                    = true
+      resource_share_allow_external_principals = true
+      resource_share_account_ids               = ["xxxxxxxxxxxx"]
+      # VPC Attachements
+      vpc_attachments = {
+        vpc1 = {
+          vpc_id                                          = module.vpc.vpc_id
+          subnet_ids                                      = module.subnets.public_subnet_id
+          transit_gateway_default_route_table_association = true
+          transit_gateway_default_route_table_propagation = true
+          # Below should be uncommented only when vpc and subnet are already deployed.
+          # vpc_route_table_ids                           = module.subnets.public_route_tables_id
+          # destination_cidr                              = ["10.11.0.0/16"]
+        },
+        vpc2 = {
+          vpc_id                                          = module.vpc_other.vpc_id
+          subnet_ids                                      = module.subnets_other.public_subnet_id
+          transit_gateway_default_route_table_association = false
+          transit_gateway_default_route_table_propagation = false
+          # Below should be uncommented only when vpc and subnet are already deployed.
+          #vpc_route_table_ids                            = module.subnets_other.public_route_tables_id
+          #destination_cidr                               = ["31.0.0.0/16", "53.0.0.0/16"]
+        }
+      }
+    }
+  ```
+  ### Slave Account
+  ```hcl
+    module "transit_gateway_peer" {
+      depends_on  = [module.vpc, module.subnets]
+      source      = "clouddrove/transit-gateway/aws"
+      name        = "app"
+      environment = "test"
+      tgw_create  = false
+      #TGW Share
+      aws_ram_resource_share_accepter = true
+      resource_share_arn              = "arn:aws:ram:eu-west-1:xxxxxxxxxx:resource-share/xxxxxxxxxxxxxxxxxxxxxxxxxx"
+      # VPC Attachements
+      transit_gateway_id = "tgw-xxxxxxxxxxx"
+      vpc_attachments = {
+        vpc1 = {
+          vpc_id                                          = module.vpc.vpc_id
+          subnet_ids                                      = module.subnets.public_subnet_id
+          transit_gateway_default_route_table_association = true
+          transit_gateway_default_route_table_propagation = true
+          # Below should be uncommented only when vpc and subnet are already deployed.
+          #vpc_route_table_ids                            = module.subnets.public_route_tables_id
+          #destination_cidr                               = ["10.10.0.0/16"]
+        }
+      }
     }
-  }
   ```
diff --git a/_example/multi_account/main_account/example.tf b/_example/multi_account/main_account/example.tf
@@ -0,0 +1,111 @@
+provider "aws" {
+  region = "eu-west-2"
+}
+
+locals {
+  name              = "app"
+  environment       = "test"
+  other_name        = "app_1"
+  other_environment = "test_1"
+}
+
+##------------------------------------------------------------------------------
+# VPC module call.
+##------------------------------------------------------------------------------
+module "vpc" {
+  source      = "clouddrove/vpc/aws"
+  version     = "2.0.0"
+  name        = local.name
+  environment = local.environment
+  cidr_block  = "10.10.0.0/16"
+}
+
+##------------------------------------------------------------------------------
+# Subnet module call.
+##------------------------------------------------------------------------------
+#tfsec:ignore:aws-ec2-no-excessive-port-access # Ingnored because these are basic examples, it can be changed via varibales as per requirement. 
+#tfsec:ignore:aws-ec2-no-public-ingress-acl # Ingnored because these are basic examples, it can be changed via varibales as per requirement. 
+module "subnets" {
+  source              = "clouddrove/subnet/aws"
+  version             = "2.0.0"
+  name                = local.name
+  environment         = local.environment
+  availability_zones  = ["eu-west-2a", "eu-west-2b"]
+  vpc_id              = module.vpc.vpc_id
+  type                = "public"
+  igw_id              = module.vpc.igw_id
+  nat_gateway_enabled = false
+  cidr_block          = module.vpc.vpc_cidr_block
+  ipv6_cidr_block     = module.vpc.ipv6_cidr_block
+}
+
+##------------------------------------------------------------------------------
+## Other-vpc module call.
+##------------------------------------------------------------------------------
+module "vpc_other" {
+  source      = "clouddrove/vpc/aws"
+  version     = "2.0.0"
+  name        = local.other_name
+  environment = local.other_environment
+  cidr_block  = "192.168.0.0/16"
+}
+
+##------------------------------------------------------------------------------
+# Other-subnet module call.
+##------------------------------------------------------------------------------
+#tfsec:ignore:aws-ec2-no-excessive-port-access # Ingnored because these are basic examples, it can be changed via varibales as per requirement. 
+#tfsec:ignore:aws-ec2-no-public-ingress-acl # Ingnored because these are basic examples, it can be changed via varibales as per requirement. 
+module "subnets_other" {
+  source              = "clouddrove/subnet/aws"
+  version             = "2.0.0"
+  name                = local.other_name
+  environment         = local.other_environment
+  availability_zones  = ["eu-west-2a", "eu-west-2b"]
+  vpc_id              = module.vpc_other.vpc_id
+  type                = "public"
+  igw_id              = module.vpc_other.igw_id
+  nat_gateway_enabled = false
+  cidr_block          = module.vpc_other.vpc_cidr_block
+
+}
+
+##------------------------------------------------------------------------------
+## Transit-gateway module call.
+## Transit gateway configuration for main account where a central transit gateway will be hosted and shared with slave(other accounts)
+##------------------------------------------------------------------------------
+module "transit_gateway" {
+  depends_on                      = [module.vpc, module.subnets]
+  source                          = "./../../../"
+  name                            = local.name
+  environment                     = local.environment
+  tgw_create                      = true
+  amazon_side_asn                 = 64512
+  auto_accept_shared_attachments  = "enable"
+  default_route_table_propagation = "enable"
+  description                     = "This transit Gateway create for testing purpose"
+  #TGW Share
+  resource_share_enable                    = true
+  resource_share_allow_external_principals = true
+  resource_share_account_ids               = ["xxxxxxxxxxxx"]
+  # VPC Attachements
+  vpc_attachments = {
+    vpc1 = {
+      vpc_id                                          = module.vpc.vpc_id
+      subnet_ids                                      = module.subnets.public_subnet_id
+      transit_gateway_default_route_table_association = true
+      transit_gateway_default_route_table_propagation = true
+      # Below should be uncommented only when vpc and subnet are already deployed.
+      # vpc_route_table_ids                           = module.subnets.public_route_tables_id
+      # destination_cidr                              = ["10.11.0.0/16"]
+    },
+    vpc2 = {
+      vpc_id                                          = module.vpc_other.vpc_id
+      subnet_ids                                      = module.subnets_other.public_subnet_id
+      transit_gateway_default_route_table_association = false
+      transit_gateway_default_route_table_propagation = false
+      # Below should be uncommented only when vpc and subnet are already deployed.
+      #vpc_route_table_ids                            = module.subnets_other.public_route_tables_id
+      #destination_cidr                               = ["31.0.0.0/16", "53.0.0.0/16"]
+    }
+  }
+}
diff --git a/_example/multi_account/main_account/outputs.tf b/_example/multi_account/main_account/outputs.tf
@@ -0,0 +1,44 @@
+output "transit_gateway_id" {
+  value       = module.transit_gateway[*].transit_gateway_id
+  description = "The ID of the transit-gateway."
+}
+
+output "tags" {
+  value       = module.transit_gateway.tags
+  description = "A mapping of tags to assign to the transit-gateway."
+}
+
+output "ec2_transit_gateway_arn" {
+  value       = module.transit_gateway.ec2_transit_gateway_arn
+  description = "EC2 Transit Gateway Amazon Resource Name (ARN)"
+}
+
+output "ec2_transit_gateway_route_table_id" {
+  value       = module.transit_gateway.ec2_transit_gateway_route_table_id
+  description = "EC2 Transit Gateway Route Table identifier"
+}
+
+output "ec2_transit_gateway_owner_id" {
+  value       = module.transit_gateway.ec2_transit_gateway_owner_id
+  description = "Identifier of the AWS account that owns the EC2 Transit Gateway"
+}
+
+output "ec2_transit_gateway_association_default_route_table_id" {
+  value       = module.transit_gateway.ec2_transit_gateway_association_default_route_table_id
+  description = "Identifier of the default association route table"
+}
+
+output "ec2_transit_gateway_vpc_attachment_ids" {
+  value       = module.transit_gateway.ec2_transit_gateway_vpc_attachment_ids
+  description = "List of EC2 Transit Gateway VPC Attachment identifiers"
+}
+
+output "ram_resource_share_id" {
+  value       = module.transit_gateway.ram_resource_share_id
+  description = "The Amazon Resource Name (ARN) of the resource share"
+}
+
+output "resource_share_arn" {
+  value       = module.transit_gateway.resource_share_arn
+  description = "The ARN  of the RAM."
+}
diff --git a/_example/multi_account/versions.tf → ...le/multi_account/main_account/versions.tf b/_example/multi_account/versions.tf → ...le/multi_account/main_account/versions.tf
diff --git a/_example/multi_account/example.tf → ...le/multi_account/slave_account/example.tf b/_example/multi_account/example.tf → ...le/multi_account/slave_account/example.tf
@@ -2,14 +2,6 @@ provider "aws" {
   region = "eu-west-2"
 }
 
-provider "aws" {
-  alias = "test"
-  assume_role {
-    role_arn = ""
-  }
-  region = "eu-west-2"
-}
-
 locals {
   name        = "app_1"
   environment = "test"
@@ -47,10 +39,11 @@ module "subnets" {
 
 ##------------------------------------------------------------------------------
 ## Transit-gateway module call for diff account. 
+## Transit gateway configuration for slave account. This account will share/use a central transit gateway hosted in main account. 
 ##------------------------------------------------------------------------------
-module "transit_gateway" {
+module "transit_gateway_peer" {
   depends_on  = [module.vpc, module.subnets]
-  source      = "./../../"
+  source      = "./../../../"
   name        = local.name
   environment = local.environment
   tgw_create  = false
@@ -66,8 +59,8 @@ module "transit_gateway" {
       transit_gateway_default_route_table_association = true
       transit_gateway_default_route_table_propagation = true
       # Below should be uncommented only when vpc and subnet are already deployed.
-      #vpc_route_table_ids                             = module.subnets.public_route_tables_id
-      #destination_cidr                                = ["10.10.0.0/16"]
+      #vpc_route_table_ids                            = module.subnets.public_route_tables_id
+      #destination_cidr                               = ["10.10.0.0/16"]
     }
   }
 }
diff --git a/_example/multi_account/outputs.tf → ...le/multi_account/slave_account/outputs.tf b/_example/multi_account/outputs.tf → ...le/multi_account/slave_account/outputs.tf
@@ -1,19 +1,19 @@
 output "tags" {
-  value       = module.transit_gateway.tags
+  value       = module.transit_gateway_peer.tags
   description = "A mapping of tags to assign to the transit-gateway."
 }
 
 output "ram_resource_share_id" {
-  value       = module.transit_gateway.ram_resource_share_id
+  value       = module.transit_gateway_peer.ram_resource_share_id
   description = "The Amazon Resource Name (ARN) of the resource share"
 }
 
 output "ec2_transit_gateway_association_default_route_table_id" {
-  value       = module.transit_gateway.ec2_transit_gateway_association_default_route_table_id
+  value       = module.transit_gateway_peer.ec2_transit_gateway_association_default_route_table_id
   description = "Identifier of the default association route table"
 }
 
 output "ec2_transit_gateway_vpc_attachment_ids" {
-  value       = module.transit_gateway.ec2_transit_gateway_vpc_attachment_ids
+  value       = module.transit_gateway_peer.ec2_transit_gateway_vpc_attachment_ids
   description = "List of EC2 Transit Gateway VPC Attachment identifiers"
 }
diff --git a/_example/multi_account/slave_account/versions.tf b/_example/multi_account/slave_account/versions.tf
@@ -0,0 +1,11 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.5.4"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.10"
+    }
+  }
+}
diff --git a/_example/single_account/example.tf b/_example/single_account/example.tf
@@ -70,22 +70,16 @@ module "subnets_other" {
 }
 
 ##------------------------------------------------------------------------------
-## transit-gateway module call.
+## Transit-gateway module call.
 ##------------------------------------------------------------------------------
 module "transit_gateway" {
-  depends_on                      = [module.vpc, module.subnets]
-  source                          = "./../../"
-  name                            = local.name
-  environment                     = local.environment
-  tgw_create                      = true
-  amazon_side_asn                 = 64512
-  auto_accept_shared_attachments  = "enable"
-  default_route_table_propagation = "enable"
-  description                     = "This transit Gateway create for testing purpose"
-  #TGW Share
-  resource_share_enable                    = true
-  resource_share_allow_external_principals = true
-  resource_share_account_ids               = ["xxxxxxxxxxxx"]
+  depends_on      = [module.vpc, module.subnets]
+  source          = "./../../"
+  name            = local.name
+  environment     = local.environment
+  tgw_create      = true
+  amazon_side_asn = 64512
+  description     = "This transit Gateway create for testing purpose"
   # VPC Attachements
   vpc_attachments = {
     vpc1 = {