Transit Gateway Route Module
This module creates a route for each CIDR block in a list cidr_blocks to a transit gateway route table. The route can be directed to any attachment within the transit gateway or can be configured as a blackhole route. A blackhole route is useful to drop traffic to a given CIDR block, or can be utilized to flush downstream route tables of ephemeral routes.
See VPC Core Concepts for more information on the core networking components and topologies.
[!IMPORTANT] This module may require additional modules or configuration. Other modules, such as the
routemodule, may be required to complete the route configuration. This module is intended to be used as a building block for more complex network topologies.
What is a Transit Gateway Route?
A transit gateway route is a way to route traffic between VPCs, peers, VPNs, and other transit gateway attachments. You can think of a transit gateway route just like a route on a router. By creating a route, you're telling the transit gateway how to route traffic to a given CIDR block. By creating a route and then attaching the transit gateway to a VPC, you can route traffic between VPCs. Where possible, we recommend utilizing dynamic routing either by way of propagation or BGP. This simplifies the management of routes and ensures that routes are automatically updated when attachments are added or removed.
Usage
For usage examples, check out the examples folder.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 4.5.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 4.5.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_ec2_transit_gateway_route.this | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cidr_blocks | A list of IPv4 or IPv6 CIDR blocks used for destination matches. Routing decisions are based on the most specific match. | list(string) | n/a | yes |
| enable_blackhole | Indicates whether to drop traffic that matches this route (blackhole). Cannot use with 'transit_gateway_attachment_id' Defaults to false. | bool | false | no |
| transit_gateway_attachment_id | Identifier of Transit Gateway Attachment (required for propagation). Cannot use with 'enable_blackhole'. Default is null. | string | null | no |
| transit_gateway_route_table_id | Identifier of Transit Gateway Route Table | string | n/a | yes |
Outputs
| Name | Description |
|---|---|
| id | Map of ids of the transit gateway routes. |
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY-ROUTE MODULE
# ------------------------------------------------------------------------------------------------------
module "transit_gateway_route" {
source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway-route?ref=v0.27.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of IPv4 or IPv6 CIDR blocks used for destination matches. Routing
# decisions are based on the most specific match.
cidr_blocks = <list(string)>
# Identifier of Transit Gateway Route Table
transit_gateway_route_table_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# Indicates whether to drop traffic that matches this route (blackhole).
# Cannot use with 'transit_gateway_attachment_id' Defaults to false.
enable_blackhole = false
# Identifier of Transit Gateway Attachment (required for propagation). Cannot
# use with 'enable_blackhole'. Default is null.
transit_gateway_attachment_id = null
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY-ROUTE MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway-route?ref=v0.27.0"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of IPv4 or IPv6 CIDR blocks used for destination matches. Routing
# decisions are based on the most specific match.
cidr_blocks = <list(string)>
# Identifier of Transit Gateway Route Table
transit_gateway_route_table_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# Indicates whether to drop traffic that matches this route (blackhole).
# Cannot use with 'transit_gateway_attachment_id' Defaults to false.
enable_blackhole = false
# Identifier of Transit Gateway Attachment (required for propagation). Cannot
# use with 'enable_blackhole'. Default is null.
transit_gateway_attachment_id = null
}
Reference
- Inputs
- Outputs
Required
cidr_blockslist(string)A list of IPv4 or IPv6 CIDR blocks used for destination matches. Routing decisions are based on the most specific match.
Identifier of Transit Gateway Route Table
Optional
enable_blackholeboolIndicates whether to drop traffic that matches this route (blackhole). Cannot use with 'transit_gateway_attachment_id' Defaults to false.
falseIdentifier of Transit Gateway Attachment (required for propagation). Cannot use with 'enable_blackhole'. Default is null.
nullMap of ids of the transit gateway routes.