feature(tgw): allow specifying of arbitrary destinations on the tgw s…

…poke (#922) Co-authored-by: cloudpossebot <[email protected]>
cloudposse · Dec 7, 2023 · 4cb4c36 · 4cb4c36
1 parent 38604f0
commit 4cb4c36
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 5 deletions.
diff --git a/modules/tgw/spoke/README.md b/modules/tgw/spoke/README.md
@@ -151,7 +151,8 @@ atmos terraform apply tgw/spoke -s <tenant>-<environment>-<stage>
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| <a name="input_static_routes"></a> [static\_routes](#input\_static\_routes) | A list of static routes. | <pre>set(object({<br>    blackhole              = bool<br>    destination_cidr_block = string<br>  }))</pre> | `[]` | no |
+| <a name="input_static_routes"></a> [static\_routes](#input\_static\_routes) | A list of static routes to add to the transit gateway, pointing at this VPC as a destination. | <pre>set(object({<br>    blackhole              = bool<br>    destination_cidr_block = string<br>  }))</pre> | `[]` | no |
+| <a name="input_static_tgw_routes"></a> [static\_tgw\_routes](#input\_static\_tgw\_routes) | A list of static routes to add to the local routing table with the transit gateway as a destination. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_tgw_hub_component_name"></a> [tgw\_hub\_component\_name](#input\_tgw\_hub\_component\_name) | The name of the transit-gateway component | `string` | `"tgw/hub"` | no |

diff --git a/modules/tgw/spoke/main.tf b/modules/tgw/spoke/main.tf
@@ -50,6 +50,7 @@ module "tgw_spoke_vpc_attachment" {
   expose_eks_sg        = var.expose_eks_sg
   peered_region        = var.peered_region
   static_routes        = var.static_routes
+  static_tgw_routes    = var.static_tgw_routes
 
   context = module.this.context
 }

diff --git a/modules/tgw/spoke/modules/standard_vpc_attachment/main.tf b/modules/tgw/spoke/modules/standard_vpc_attachment/main.tf
@@ -138,7 +138,7 @@ module "standard_vpc_attachment" {
       route_to                          = null
       static_routes                     = var.static_routes
       transit_gateway_vpc_attachment_id = null
-      route_to_cidr_blocks              = [for vpc in local.allowed_vpcs : vpc.cidr if !vpc.cross_region]
+      route_to_cidr_blocks              = concat([for vpc in local.allowed_vpcs : vpc.cidr if !vpc.cross_region], var.static_tgw_routes)
     }
   }
 

diff --git a/modules/tgw/spoke/modules/standard_vpc_attachment/variables.tf b/modules/tgw/spoke/modules/standard_vpc_attachment/variables.tf
@@ -61,6 +61,12 @@ variable "static_routes" {
   default     = []
 }
 
+variable "static_tgw_routes" {
+  type        = list(string)
+  description = "A list of static routes to add to the local routing table with the transit gateway as a destination."
+  default     = []
+}
+
 variable "expose_eks_sg" {
   type        = bool
   description = "Set true to allow EKS clusters to accept traffic from source accounts"

diff --git a/modules/tgw/spoke/variables.tf b/modules/tgw/spoke/variables.tf
@@ -72,9 +72,13 @@ variable "static_routes" {
     blackhole              = bool
     destination_cidr_block = string
   }))
-  description = <<-EOT
-  A list of static routes.
-  EOT
+  description = "A list of static routes to add to the transit gateway, pointing at this VPC as a destination."
+  default     = []
+}
+
+variable "static_tgw_routes" {
+  type        = list(string)
+  description = "A list of static routes to add to the local routing table with the transit gateway as a destination."
   default     = []
 }