How to create a AWS Transit Gateway

Terraform module which creates Transit Gateway resources on AWS.

Usage with VPC module

module "tgw" {
source = "terraform-aws-modules/transit-gateway/aws"
version = "~> 2.0"
name = "my-tgw"
description = "My TGW shared with several other AWS accounts"
enable_auto_accept_shared_attachments = true vpc_attachments = {
vpc = {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
dns_support = true
ipv6_support = true
tgw_routes = [
{
destination_cidr_block = "30.0.0.0/16"
},
{
blackhole = true
destination_cidr_block = "40.0.0.0/20"
}
]
}
}
ram_allow_external_principals = true
ram_principals = [307990089504]
tags = {
Purpose = "tgw-complete-example"
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 3.0"
name = "my-vpc" cidr = "10.10.0.0/16" azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
enable_ipv6 = true
private_subnet_assign_ipv6_address_on_creation = true
private_subnet_ipv6_prefixes = [0, 1, 2]
}

Requirements

NameVersionterraform>= 0.13.1aws>= 4.4

Providers

NameVersionaws>= 4.4

Inputs

NameDescriptionTypeDefaultRequiredamazon_side_asnThe Autonomous System Number (ASN) for the Amazon side of the gateway. By default the TGW is created with the current default Amazon ASN.stringnullnocreate_tgwControls if TGW should be created (it affects almost all resources)booltruenodescriptionDescription of the EC2 Transit Gatewaystringnullnoenable_auto_accept_shared_attachmentsWhether resource attachment requests are automatically acceptedboolfalsenoenable_default_route_table_associationWhether resource attachments are automatically associated with the default association route tablebooltruenoenable_default_route_table_propagationWhether resource attachments automatically propagate routes to the default propagation route tablebooltruenoenable_dns_supportShould be true to enable DNS support in the TGWbooltruenoenable_mutlicast_supportWhether multicast support is enabledboolfalsenoenable_vpn_ecmp_supportWhether VPN Equal Cost Multipath Protocol support is enabledbooltruenonameName to be used on all the resources as identifierstring""noram_allow_external_principalsIndicates whether principals outside your organization can be associated with a resource share.boolfalsenoram_nameThe name of the resource share of TGWstring""noram_principalsA list of principals to share TGW with. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARNlist(string)[]noram_resource_share_arnARN of RAM resource sharestring""noram_tagsAdditional tags for the RAMmap(string){}noshare_tgwWhether to share your transit gateway with other accountsbooltruenotagsA map of tags to add to all resourcesmap(string){}notgw_default_route_table_tagsAdditional tags for the Default TGW route tablemap(string){}notgw_route_table_tagsAdditional tags for the TGW route tablemap(string){}notgw_tagsAdditional tags for the TGWmap(string){}notgw_vpc_attachment_tagsAdditional tags for VPC attachmentsmap(string){}notimeoutsCreate, update, and delete timeout configurations for the transit gatewaymap(string){}notransit_gateway_cidr_blocksOne or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6list(string)[]notransit_gateway_route_table_idIdentifier of EC2 Transit Gateway Route Table to use with the Target Gateway when reusing it between multiple TGWsstringnullnovpc_attachmentsMaps of maps of VPC details to attach to TGW. Type 'any' to disable type validation by Terraform.any{}no

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store