Merge pull request #379 from lorengordon/feat/vpc-route-prefix-list-r…

…eferences Supports configuring vpc routes to prefix list destinations
plus3it · Oct 8, 2024 · cbbb5d6 · cbbb5d6
2 parents 03b7393 + befbcc9
commit cbbb5d6
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 15 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.5.0
+current_version = 2.6.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [2.6.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.6.0)
+
+**Released**: 2024.10.08
+
+**Summary**:
+
+*   Supports configuring vpc routes with prefix list destinations
+
 ### [2.5.0](https://github.com/plus3it/terraform-aws-tardigrade-transit-gateway/releases/tag/2.5.0)
 
 **Released**: 2024.09.30

diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ This module includes several submodules for different workflows and use cases.
 | <a name="input_routes"></a> [routes](#input\_routes) | List of TGW routes to add to TGW route tables | <pre>list(object({<br>    # `name` used as for_each key<br>    name                   = string<br>    blackhole              = bool<br>    default_route_table    = bool<br>    destination_cidr_block = string<br>    # name from `vpc_attachments` or id of a pre-existing tgw attachment<br>    transit_gateway_attachment = string<br>    # name from `route_tables` or id of a pre-existing route table<br>    transit_gateway_route_table = string<br>  }))</pre> | `[]` | no |
 | <a name="input_security_group_referencing_support"></a> [security\_group\_referencing\_support](#input\_security\_group\_referencing\_support) | Whether Security Group Referencing Support is enabled. Valid values: disable, enable | `string` | `"enable"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to the TGW and associated resources | `map(string)` | `{}` | no |
-| <a name="input_vpc_attachments"></a> [vpc\_attachments](#input\_vpc\_attachments) | List of VPC attachments to create with the transit gateway | <pre>list(object({<br>    # `name` used as for_each key<br>    name                   = string<br>    subnet_ids             = list(string)<br>    appliance_mode_support = string<br>    dns_support            = string<br>    ipv6_support           = string<br>    tags                   = map(string)<br>    vpc_routes = list(object({<br>      # `name` is used as for_each key<br>      name                        = string<br>      route_table_id              = string<br>      destination_cidr_block      = string<br>      destination_ipv6_cidr_block = string<br>    }))<br>    transit_gateway_default_route_table_association = bool<br>    transit_gateway_default_route_table_propagation = bool<br>    # name from `route_tables` or id of a pre-existing route table<br>    transit_gateway_route_table_association = string<br>    # list of route table names from `route_tables` or ids of pre-existing route tables<br>    transit_gateway_route_table_propagations = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_vpc_attachments"></a> [vpc\_attachments](#input\_vpc\_attachments) | List of VPC attachments to create with the transit gateway | <pre>list(object({<br>    # `name` used as for_each key<br>    name                   = string<br>    subnet_ids             = list(string)<br>    appliance_mode_support = string<br>    dns_support            = string<br>    ipv6_support           = string<br>    tags                   = map(string)<br>    vpc_routes = optional(list(object({<br>      # `name` is used as for_each key<br>      name                        = string<br>      route_table_id              = string<br>      destination_cidr_block      = optional(string)<br>      destination_ipv6_cidr_block = optional(string)<br>      destination_prefix_list_id  = optional(string)<br>    })), [])<br>    transit_gateway_default_route_table_association = bool<br>    transit_gateway_default_route_table_propagation = bool<br>    # name from `route_tables` or id of a pre-existing route table<br>    transit_gateway_route_table_association = string<br>    # list of route table names from `route_tables` or ids of pre-existing route tables<br>    transit_gateway_route_table_propagations = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_vpn_ecmp_support"></a> [vpn\_ecmp\_support](#input\_vpn\_ecmp\_support) | Whether VPN Equal Cost Multipath Protocol support is enabled (valid values: disable, enable) | `string` | `"disable"` | no |
 
 ## Outputs

diff --git a/modules/cross-account-vpc-attachment/README.md b/modules/cross-account-vpc-attachment/README.md
@@ -39,7 +39,7 @@ Terraform module for managing a cross-account Transit Gateway VPC Attachment.
 | <a name="input_transit_gateway_default_route_table_propagation"></a> [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | Boolean whether the VPC Attachment should propagate routes to the Transit Gateway propagation default route table | `bool` | `true` | no |
 | <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the VPC attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 | <a name="input_transit_gateway_route_table_propagations"></a> [transit\_gateway\_route\_table\_propagations](#input\_transit\_gateway\_route\_table\_propagations) | List of Transit Gateway route tables this VPC attachment will propagate routes to | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                           = string<br>    transit_gateway_route_table_id = string<br>  }))</pre> | `[]` | no |
-| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the transit gateway. | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    provider                    = string<br>    route_table_id              = string<br>    destination_cidr_block      = string<br>    destination_ipv6_cidr_block = string<br>  }))</pre> | `[]` | no |
+| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the transit gateway. | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    provider                    = string<br>    route_table_id              = string<br>    destination_cidr_block      = optional(string)<br>    destination_ipv6_cidr_block = optional(string)<br>    destination_prefix_list_id  = optional(string)<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

diff --git a/modules/cross-account-vpc-attachment/variables.tf b/modules/cross-account-vpc-attachment/variables.tf
@@ -112,8 +112,9 @@ variable "vpc_routes" {
     name                        = string
     provider                    = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
   validation {

diff --git a/modules/vpc-accepter/README.md b/modules/vpc-accepter/README.md
@@ -35,7 +35,7 @@ Gateway route table association or propagations, and VPC routes.
 | <a name="input_transit_gateway_default_route_table_propagation"></a> [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | Boolean whether the VPC Attachment should propagate routes to the Transit Gateway propagation default route table | `bool` | `true` | no |
 | <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the VPC attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 | <a name="input_transit_gateway_route_table_propagations"></a> [transit\_gateway\_route\_table\_propagations](#input\_transit\_gateway\_route\_table\_propagations) | List of Transit Gateway route tables this VPC attachment will propagate routes to | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                           = string<br>    transit_gateway_route_table_id = string<br>  }))</pre> | `[]` | no |
-| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the VPC attachment | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    route_table_id              = string<br>    destination_cidr_block      = string<br>    destination_ipv6_cidr_block = string<br>  }))</pre> | `[]` | no |
+| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the VPC attachment | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    route_table_id              = string<br>    destination_cidr_block      = optional(string)<br>    destination_ipv6_cidr_block = optional(string)<br>    destination_prefix_list_id  = optional(string)<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

diff --git a/modules/vpc-accepter/main.tf b/modules/vpc-accepter/main.tf
@@ -29,6 +29,7 @@ resource "aws_route" "this" {
   route_table_id              = each.value.route_table_id
   destination_cidr_block      = each.value.destination_cidr_block
   destination_ipv6_cidr_block = each.value.destination_ipv6_cidr_block
+  destination_prefix_list_id  = each.value.destination_prefix_list_id
   transit_gateway_id          = var.auto_accept_shared_attachments == "disable" ? aws_ec2_transit_gateway_vpc_attachment_accepter.this[0].transit_gateway_id : data.aws_ec2_transit_gateway_attachment.this[0].transit_gateway_id
 }
 

diff --git a/modules/vpc-accepter/variables.tf b/modules/vpc-accepter/variables.tf
@@ -55,8 +55,9 @@ variable "vpc_routes" {
     # `name` is used as for_each key
     name                        = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
 }
diff --git a/modules/vpc-attachment/README.md b/modules/vpc-attachment/README.md
@@ -40,7 +40,7 @@ as well as any Transit Gateway route table association or propagations, and VPC
 | <a name="input_transit_gateway_default_route_table_propagation"></a> [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | Boolean whether the VPC Attachment should propagate routes to the Transit Gateway propagation default route table | `bool` | `true` | no |
 | <a name="input_transit_gateway_route_table_association"></a> [transit\_gateway\_route\_table\_association](#input\_transit\_gateway\_route\_table\_association) | ID of the Transit Gateway route table to associate with the VPC attachment (an attachment can be associated with a single TGW route table) | <pre>object({<br>    transit_gateway_route_table_id = string<br>  })</pre> | `null` | no |
 | <a name="input_transit_gateway_route_table_propagations"></a> [transit\_gateway\_route\_table\_propagations](#input\_transit\_gateway\_route\_table\_propagations) | List of Transit Gateway route tables this VPC attachment will propagate routes to | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                           = string<br>    transit_gateway_route_table_id = string<br>  }))</pre> | `[]` | no |
-| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the VPC attachment | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    route_table_id              = string<br>    destination_cidr_block      = string<br>    destination_ipv6_cidr_block = string<br>  }))</pre> | `[]` | no |
+| <a name="input_vpc_routes"></a> [vpc\_routes](#input\_vpc\_routes) | List of VPC route objects with a target of the VPC attachment | <pre>list(object({<br>    # `name` is used as for_each key<br>    name                        = string<br>    route_table_id              = string<br>    destination_cidr_block      = optional(string)<br>    destination_ipv6_cidr_block = optional(string)<br>    destination_prefix_list_id  = optional(string)<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 

diff --git a/modules/vpc-attachment/main.tf b/modules/vpc-attachment/main.tf
@@ -44,6 +44,7 @@ resource "aws_route" "this" {
   route_table_id              = each.value.route_table_id
   destination_cidr_block      = each.value.destination_cidr_block
   destination_ipv6_cidr_block = each.value.destination_ipv6_cidr_block
+  destination_prefix_list_id  = each.value.destination_prefix_list_id
   transit_gateway_id          = aws_ec2_transit_gateway_vpc_attachment.this.transit_gateway_id
 }
 

diff --git a/modules/vpc-attachment/variables.tf b/modules/vpc-attachment/variables.tf
@@ -96,8 +96,9 @@ variable "vpc_routes" {
     # `name` is used as for_each key
     name                        = string
     route_table_id              = string
-    destination_cidr_block      = string
-    destination_ipv6_cidr_block = string
+    destination_cidr_block      = optional(string)
+    destination_ipv6_cidr_block = optional(string)
+    destination_prefix_list_id  = optional(string)
   }))
   default = []
 }
diff --git a/variables.tf b/variables.tf
@@ -129,13 +129,14 @@ variable "vpc_attachments" {
     dns_support            = string
     ipv6_support           = string
     tags                   = map(string)
-    vpc_routes = list(object({
+    vpc_routes = optional(list(object({
       # `name` is used as for_each key
       name                        = string
       route_table_id              = string
-      destination_cidr_block      = string
-      destination_ipv6_cidr_block = string
-    }))
+      destination_cidr_block      = optional(string)
+      destination_ipv6_cidr_block = optional(string)
+      destination_prefix_list_id  = optional(string)
+    })), [])
     transit_gateway_default_route_table_association = bool
     transit_gateway_default_route_table_propagation = bool
     # name from `route_tables` or id of a pre-existing route table