Skip to content

Commit

Permalink
feat(module/vpc_route): Refactor vpc_route module - move and simpli…
Browse files Browse the repository at this point in the history 
…fy locals (#79)

Co-authored-by: michalbil <[email protected]>
  • Loading branch information
@sebastianczech @michalbil
sebastianczech and michalbil authored Sep 17, 2024
1 parent 1c4112b commit 153f202
Show file tree
Hide file tree
Showing 48 changed files with 1,731 additions and 1,265 deletions.
2 changes: 1 addition & 1 deletion examples/centralized_design/README.md
View file

Large diffs are not rendered by default.

234 changes: 173 additions & 61 deletions examples/centralized_design/example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,90 +39,174 @@ vpcs = {
}
routes = {
# Value of `next_hop_key` must match keys use to create TGW attachment, IGW, GWLB endpoint or other resources
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway_attachment or gwlbe_endpoint
mgmt_default = {
vpc = "security_vpc"
subnet_group = "mgmt"
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway or gwlbe_endpoint
mgmt_defaulta = {
route_table = "mgmta"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
mgmt_defaultb = {
route_table = "mgmtb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
mgmt_panoramaa = {
route_table = "mgmta"
to_cidr = "10.255.0.0/16"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
mgmt_panorama = {
vpc = "security_vpc"
subnet_group = "mgmt"
mgmt_panoramab = {
route_table = "mgmtb"
to_cidr = "10.255.0.0/16"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
mgmt_rfc1918 = {
vpc = "security_vpc"
subnet_group = "mgmt"
mgmt_rfc1918a = {
route_table = "mgmta"
to_cidr = "10.0.0.0/8"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
tgw_default = {
vpc = "security_vpc"
subnet_group = "tgw_attach"
mgmt_rfc1918b = {
route_table = "mgmtb"
to_cidr = "10.0.0.0/8"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
tgw_defaulta = {
route_table = "tgw_attacha"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "gwlbe_endpoint"
next_hop_key = "security_gwlb_outbound"
}
tgw_defaultb = {
route_table = "tgw_attachb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "gwlbe_endpoint"
next_hop_key = "security_gwlb_outbound"
}
tgw_rfc1918 = {
vpc = "security_vpc"
subnet_group = "tgw_attach"
tgw_rfc1918a = {
route_table = "tgw_attacha"
to_cidr = "10.0.0.0/8"
az = "a"
next_hop_type = "gwlbe_endpoint"
next_hop_key = "security_gwlb_eastwest"
}
tgw_rfc1918b = {
route_table = "tgw_attachb"
to_cidr = "10.0.0.0/8"
az = "b"
next_hop_type = "gwlbe_endpoint"
next_hop_key = "security_gwlb_eastwest"
}
public_default = {
vpc = "security_vpc"
subnet_group = "public"
public_defaulta = {
route_table = "publica"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
public_defaultb = {
route_table = "publicb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
gwlbe_outbound_rfc1918a = {
route_table = "gwlbe_outbounda"
to_cidr = "10.0.0.0/8"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
gwlbe_outbound_rfc1918b = {
route_table = "gwlbe_outboundb"
to_cidr = "10.0.0.0/8"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
gwlbe_outbound_rfc1918 = {
vpc = "security_vpc"
subnet_group = "gwlbe_outbound"
gwlbe_eastwest_rfc1918a = {
route_table = "gwlbe_eastwesta"
to_cidr = "10.0.0.0/8"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
gwlbe_eastwest_rfc1918 = {
vpc = "security_vpc"
subnet_group = "gwlbe_eastwest"
gwlbe_eastwest_rfc1918b = {
route_table = "gwlbe_eastwestb"
to_cidr = "10.0.0.0/8"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
private_app1a = {
route_table = "privatea"
to_cidr = "10.104.0.0/16"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
private_app1 = {
vpc = "security_vpc"
subnet_group = "private"
private_app1b = {
route_table = "privateb"
to_cidr = "10.104.0.0/16"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
}
private_app2a = {
route_table = "privatea"
to_cidr = "10.105.0.0/16"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
private_app2 = {
vpc = "security_vpc"
subnet_group = "private"
private_app2b = {
route_table = "privateb"
to_cidr = "10.105.0.0/16"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "security"
next_hop_type = "transit_gateway_attachment"
}
alb_default = {
vpc = "security_vpc"
subnet_group = "alb"
alb_defaulta = {
route_table = "alba"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
alb_defaultb = {
route_table = "albb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
nlb_default = {
vpc = "security_vpc"
subnet_group = "nlb"
nlb_defaulta = {
route_table = "nlba"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
nlb_defaultb = {
route_table = "nlbb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "internet_gateway"
next_hop_key = "security_vpc"
}
}
nacls = {
Expand Down Expand Up @@ -290,20 +374,34 @@ vpcs = {
}
routes = {
# Value of `next_hop_key` must match keys use to create TGW attachment, IGW, GWLB endpoint or other resources
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway_attachment or gwlbe_endpoint
vm_default = {
vpc = "app1_vpc"
subnet_group = "app1_vm"
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway or gwlbe_endpoint
vm_defaulta = {
route_table = "app1_vma"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "app1"
}
vm_defaultb = {
route_table = "app1_vmb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "app1"
}
lb_defaulta = {
route_table = "app1_lba"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "app1"
next_hop_type = "transit_gateway_attachment"
}
lb_default = {
vpc = "app1_vpc"
subnet_group = "app1_lb"
lb_defaultb = {
route_table = "app1_lbb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "app1"
next_hop_type = "transit_gateway_attachment"
}
}
nacls = {}
Expand Down Expand Up @@ -353,20 +451,34 @@ vpcs = {
}
routes = {
# Value of `next_hop_key` must match keys use to create TGW attachment, IGW, GWLB endpoint or other resources
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway_attachment or gwlbe_endpoint
vm_default = {
vpc = "app2_vpc"
subnet_group = "app2_vm"
# Value of `next_hop_type` is internet_gateway, nat_gateway, transit_gateway or gwlbe_endpoint
vm_defaulta = {
route_table = "app2_vma"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "app2"
}
vm_defaultb = {
route_table = "app2_vmb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "app2"
}
lb_defaulta = {
route_table = "app2_lba"
to_cidr = "0.0.0.0/0"
az = "a"
next_hop_type = "transit_gateway"
next_hop_key = "app2"
next_hop_type = "transit_gateway_attachment"
}
lb_default = {
vpc = "app2_vpc"
subnet_group = "app2_lb"
lb_defaultb = {
route_table = "app2_lbb"
to_cidr = "0.0.0.0/0"
az = "b"
next_hop_type = "transit_gateway"
next_hop_key = "app2"
next_hop_type = "transit_gateway_attachment"
}
}
nacls = {}
Expand Down
69 changes: 13 additions & 56 deletions examples/centralized_design/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,66 +19,23 @@ module "vpc" {
}
}

### ROUTES ###

locals {
# Flatten the VPCs and their routes into a list of maps, each containing the VPC name, subnet name, and route details.
# In TFVARS there is no possibility to define ID of the next hop, so we need to use the key of the next hop e.g.name =
#
# tgw_default = {
# vpc = "security_vpc"
# subnet_group = "tgw_attach"
# to_cidr = "0.0.0.0/0"
# next_hop_key = "security_gwlb_outbound"
# next_hop_type = "gwlbe_endpoint"
# }
#
# Value of `next_hop_type` defines the type of the next hop. It can be one of the following:
# - internet_gateway
# - nat_gateway
# - transit_gateway_attachment
# - gwlbe_endpoint
#
# If more next hop types are needed, they can be added below.
#
# Value of `next_hop_key` is the key of the next hop.
# It is used to reference the next hop in the module that manages it.
#
# Value of `to_cidr` is the CIDR of the destination.

vpc_routes_with_next_hop_map = flatten(concat([
for vk, vv in var.vpcs : [
for rk, rv in vv.routes : {
vpc = rv.vpc
subnet_group = rv.subnet_group
to_cidr = rv.to_cidr
next_hop_type = rv.next_hop_type
next_hop_map = {
"internet_gateway" = try(module.vpc[rv.next_hop_key].igw_as_next_hop_set, null)
"nat_gateway" = try(module.natgw_set[rv.next_hop_key].next_hop_set, null)
"transit_gateway_attachment" = try(module.transit_gateway_attachment[rv.next_hop_key].next_hop_set, null)
"gwlbe_endpoint" = try(module.gwlbe_endpoint[rv.next_hop_key].next_hop_set, null)
}
}
]]))
vpc_routes = {
for route in local.vpc_routes_with_next_hop_map : "${route.vpc}-${route.subnet_group}-${route.to_cidr}" => {
vpc = route.vpc
subnet_group = route.subnet_group
to_cidr = route.to_cidr
next_hop_set = lookup(route.next_hop_map, route.next_hop_type, null)
}
}
}

module "vpc_routes" {
source = "../../modules/vpc_route"

for_each = local.vpc_routes
for_each = merge([
for vk, vv in var.vpcs : {
for rk, rv in vv.routes : "${vk}${rk}" => merge(rv, { vpc = vk })
}
]...)

route_table_id = module.vpc[each.value.vpc].route_tables[each.value.route_table].id
to_cidr = each.value.to_cidr
next_hop_type = each.value.next_hop_type

route_table_ids = { for k, v in module.vpc[each.value.vpc].route_tables : v.az => v.id if v.subnet_group == each.value.subnet_group }
to_cidr = each.value.to_cidr
next_hop_set = each.value.next_hop_set
transit_gateway_id = each.value.next_hop_type == "transit_gateway" ? module.transit_gateway.transit_gateway.id : null
internet_gateway_id = each.value.next_hop_type == "internet_gateway" ? module.vpc[each.value.next_hop_key].internet_gateway.id : null
nat_gateway_id = each.value.next_hop_type == "nat_gateway" ? module.natgw_set[each.value.next_hop_key].next_hop_set.ids[each.value.az] : null
vpc_endpoint_id = each.value.next_hop_type == "gwlbe_endpoint" ? module.gwlbe_endpoint[each.value.next_hop_key].next_hop_set.ids[each.value.az] : null
}

### NATGW ###
Expand Down
Loading

0 comments on commit 153f202

Please sign in to comment.