VPC Modules 0.27.0Last updated in version 0.27.0

Transit Gateway Terraform Module

View Source Release Notes

This Terraform module creates a transit gateway resource. A transit gateway is an effective method of connecting multiple VPCs, Direct Connects, VPNs, and other networks. Transit gateways are also a good way to connect VPCs to shared services, such as NAT gateways, firewalls, and other security appliances. By using a transit gateway, the number of connections to and from VPCs can be reduced, which reduces the number of routes that need to be managed.

See VPC Core Concepts for more information on the core networking components and topologies.

Usage

For usage examples, check out the examples folder.

What's a Transit Gateway?

A Transit Gateway acts as a Regional virtual router for traffic flowing between your Virtual Private Clouds (VPCs) and on-premises networks. Transit Gateway simplifies how customers interconnect their networks to scale their AWS workloads. Transit Gateway reduces the number of connections needed to connect many VPCs, AWS accounts, and on-premises networks. Transit Gateway can also be used to isolate workloads by attaching VPCs and on-premises networks to different route tables which can send traffic to security appliances, such as virtual firewalls.

Transit Gateway vs VPC peering

Transit Gateway solves the complexity involved with creating and managing multiple VPC peering connections at scale. Transit Gateway's should be utilized whenever connectivity is required with more than two VPCs. Transit Gateway's allow for far more flexibility in future networking decisions and are much easier to manage.

VPC Peering

VPCs Peering

Credits many-vpcs-full-access

Transit Gateway

A network without AWS Transit Gateway will often look like

However, with AWS Transit Gateway it will be more like

AWS topology diagram showing a centralized transit gateway acting as the router

Credits Transit Gateway

How To

What follows are the steps required to configure Transit Gateway resources within your environment(s).

Create a Network Between Same Region/Same Account

• Create the Transit Gateway
• Attach your VPCs to your Transit Gateway
• Add routes between the Transit Gateway and your VPCs

Create a Network Between Different Regions or Different Accounts

• Create the Transit Gateway in the first region/account
• Create the Transit Gateway in the second region/account
• Create a Transit Gateway Peering Connection between the two Transit Gateways
  • The peering option can be implemented using this module along with transit-gateway-peering-attachment & transit-gateway-peering-attachment-accepter modules. See VPC Core Concepts for more information on the core networking components and topologies.
• Attach your VPCs to your Transit Gateway
• Add routes between the Transit Gateways and your VPCs

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.5.0

Providers

Name	Version
aws	>= 4.5.0

Modules

No modules.

Resources

Name	Type
aws_ec2_transit_gateway.this	resource

Inputs

Name	Description	Type	Default	Required
amazon_side_asn	Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. The default is 64512.	number	64512	no
custom_tags	(Optional) A map of tags to apply to all resources when applicable. The key is the tag name and the value is the tag value. Note that the tag 'Name' is automatically added by this module but may be optionally overwritten by this variable.	map(string)	{}	no
description	Description of the EC2 Transit Gateway	string	null	no
enable_auto_accept_shared_attachments	Whether resource attachment requests are automatically accepted. Default is false.	bool	false	no
enable_default_route_table_association	Whether resource attachments are automatically associated with the default route table. Default is true.	bool	true	no
enable_default_route_table_propagation	Whether transit gateway attachments automatically propagate routes to the default route table. Default is true.	bool	true	no
enable_dns_support	Whether DNS support is enabled on the transit gateway. Default to true.	bool	true	no
enable_multicast_support	Whether multicast is enabled on the transit gateway. Default is false.	bool	false	no
enable_vpn_ecmp_support	Whether VPN Equal Cost Multipath Protocol support is enabled on the transit gateway. Default is true.	bool	true	no
name	The name of the Transit Gateway	string	n/a	yes
transit_gateway_cidr_blocks	List of IPv4 or IPv6 CIDR blocks to use for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.	list(string)	null	no

Outputs

Name	Description
default_route_table_id	Transit Gateway default route table identifier.
id	Transit Gateway identifier.

Sample Usage

Terraform

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY MODULE
# ------------------------------------------------------------------------------------------------------

module "transit_gateway" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway?ref=v0.27.0"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The name of the Transit Gateway
  name = <string>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # Private Autonomous System Number (ASN) for the Amazon side of a BGP session.
  # The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for
  # 32-bit ASNs. The default is 64512.
  amazon_side_asn = 64512

  # (Optional) A map of tags to apply to all resources when applicable. The key
  # is the tag name and the value is the tag value. Note that the tag 'Name' is
  # automatically added by this module but may be optionally overwritten by this
  # variable.
  custom_tags = {}

  # Description of the EC2 Transit Gateway
  description = null

  # Whether resource attachment requests are automatically accepted. Default is
  # false.
  enable_auto_accept_shared_attachments = false

  # Whether resource attachments are automatically associated with the default
  # route table. Default is true.
  enable_default_route_table_association = true

  # Whether transit gateway attachments automatically propagate routes to the
  # default route table. Default is true.
  enable_default_route_table_propagation = true

  # Whether DNS support is enabled on the transit gateway. Default to true.
  enable_dns_support = true

  # Whether multicast is enabled on the transit gateway. Default is false.
  enable_multicast_support = false

  # Whether VPN Equal Cost Multipath Protocol support is enabled on the transit
  # gateway. Default is true.
  enable_vpn_ecmp_support = true

  # List of IPv4 or IPv6 CIDR blocks to use for the transit gateway. Must be a
  # size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger
  # for IPv6.
  transit_gateway_cidr_blocks = null

}

Terragrunt

terragrunt.hcl

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY MODULE
# ------------------------------------------------------------------------------------------------------

terraform {
  source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway?ref=v0.27.0"
}

inputs = {

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The name of the Transit Gateway
  name = <string>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # Private Autonomous System Number (ASN) for the Amazon side of a BGP session.
  # The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for
  # 32-bit ASNs. The default is 64512.
  amazon_side_asn = 64512

  # (Optional) A map of tags to apply to all resources when applicable. The key
  # is the tag name and the value is the tag value. Note that the tag 'Name' is
  # automatically added by this module but may be optionally overwritten by this
  # variable.
  custom_tags = {}

  # Description of the EC2 Transit Gateway
  description = null

  # Whether resource attachment requests are automatically accepted. Default is
  # false.
  enable_auto_accept_shared_attachments = false

  # Whether resource attachments are automatically associated with the default
  # route table. Default is true.
  enable_default_route_table_association = true

  # Whether transit gateway attachments automatically propagate routes to the
  # default route table. Default is true.
  enable_default_route_table_propagation = true

  # Whether DNS support is enabled on the transit gateway. Default to true.
  enable_dns_support = true

  # Whether multicast is enabled on the transit gateway. Default is false.
  enable_multicast_support = false

  # Whether VPN Equal Cost Multipath Protocol support is enabled on the transit
  # gateway. Default is true.
  enable_vpn_ecmp_support = true

  # List of IPv4 or IPv6 CIDR blocks to use for the transit gateway. Must be a
  # size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger
  # for IPv6.
  transit_gateway_cidr_blocks = null

}

Reference

Inputs

Required

namestringrequired

The name of the Transit Gateway

Optional

amazon_side_asnnumberoptional

Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. The default is 64512.

Default:64512

custom_tagsmap(string)optional

(Optional) A map of tags to apply to all resources when applicable. The key is the tag name and the value is the tag value. Note that the tag 'Name' is automatically added by this module but may be optionally overwritten by this variable.

Default:{}

descriptionstringoptional

Description of the EC2 Transit Gateway

Default:null

enable_auto_accept_shared_attachmentsbooloptional

Whether resource attachment requests are automatically accepted. Default is false.

Default:false

enable_default_route_table_associationbooloptional

Whether resource attachments are automatically associated with the default route table. Default is true.

Default:true

enable_default_route_table_propagationbooloptional

Whether transit gateway attachments automatically propagate routes to the default route table. Default is true.

Default:true

enable_dns_supportbooloptional

Whether DNS support is enabled on the transit gateway. Default to true.

Default:true

enable_multicast_supportbooloptional

Whether multicast is enabled on the transit gateway. Default is false.

Default:false

enable_vpn_ecmp_supportbooloptional

Whether VPN Equal Cost Multipath Protocol support is enabled on the transit gateway. Default is true.

Default:true

transit_gateway_cidr_blockslist(string)optional

List of IPv4 or IPv6 CIDR blocks to use for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.

Default:null

Outputs

arn

Transit Gateway identifier.

default_route_table_id

Transit Gateway default route table identifier.

id

Transit Gateway identifier.

owner_id

AWS account that owns the Transit Gateway

propagation_default_route_table_id

Identifier of the Transit Gateway's default propagation route table.