From 589d875e6cd0e41a3bde67350ca0182b5e3cc5ab Mon Sep 17 00:00:00 2001
From: Matt Calhoun <matt@cloudposse.com>
Date: Thu, 7 Dec 2023 16:43:33 -0500
Subject: [PATCH] feature(tgw): add support for multiple cross-region
 connections (#923)

Co-authored-by: cloudpossebot <cloudpossebot@users.noreply.github.com>
---
 modules/tgw/spoke/README.md       |  1 +
 modules/tgw/spoke/remote-state.tf |  8 +-------
 modules/tgw/spoke/variables.tf    | 20 ++++++++++++++++++++
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/modules/tgw/spoke/README.md b/modules/tgw/spoke/README.md
index f2e80dd65..ee096dfad 100644
--- a/modules/tgw/spoke/README.md
+++ b/modules/tgw/spoke/README.md
@@ -131,6 +131,7 @@ atmos terraform apply tgw/spoke -s <tenant>-<environment>-<stage>
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
 | <a name="input_connections"></a> [connections](#input\_connections) | A list of objects to define each TGW connections.<br><br>By default, each connection will look for only the default `vpc` component. | <pre>list(object({<br>    account = object({<br>      stage       = string<br>      environment = optional(string, "")<br>      tenant      = optional(string, "")<br>    })<br>    vpc_component_names = optional(list(string), ["vpc"])<br>    eks_component_names = optional(list(string), [])<br>  }))</pre> | `[]` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
+| <a name="input_cross_region_hub_connector_components"></a> [cross\_region\_hub\_connector\_components](#input\_cross\_region\_hub\_connector\_components) | A map of cross-region hub connector components that provide this spoke with the appropriate Transit Gateway attachments IDs.<br>- The key should be the environment that the remote VPC is located in.<br>- The component is the name of the compoent in the remote region (e.g. `tgw/cross-region-hub-connector`)<br>- The environment is the region that the cross-region-hub-connector is deployed in.<br>e.g. the following would configure a component called `tgw/cross-region-hub-connector/use1` that is deployed in the<br>If use2 is the primary region, the following would be its configuration:<br>use1:<br>  component: "tgw/cross-region-hub-connector"<br>  environment: "use1" (the remote region)<br>and in the alternate region, the following would be its configuration:<br>use2:<br>  component: "tgw/cross-region-hub-connector"<br>  environment: "use1" (our own region) | `map(object({ component = string, environment = string }))` | `{}` | no |
 | <a name="input_default_route_enabled"></a> [default\_route\_enabled](#input\_default\_route\_enabled) | Enable default routing via transit gateway, requires also nat gateway and instance to be disabled in vpc component. Default is disabled. | `bool` | `false` | no |
 | <a name="input_default_route_outgoing_account_name"></a> [default\_route\_outgoing\_account\_name](#input\_default\_route\_outgoing\_account\_name) | The account name which is used for outgoing traffic, when using the transit gateway as default route. | `string` | `null` | no |
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
diff --git a/modules/tgw/spoke/remote-state.tf b/modules/tgw/spoke/remote-state.tf
index 41e013679..8edd8f2de 100644
--- a/modules/tgw/spoke/remote-state.tf
+++ b/modules/tgw/spoke/remote-state.tf
@@ -1,9 +1,3 @@
-locals {
-  # Any cross region connection requires a TGW Hub connector deployed
-  # If any connections given are cross-region, get the `tgw/cross-region-hub-connector` component from that region
-  connected_environments = distinct(compact(concat([for c in var.connections : c.account.environment], [module.this.environment])))
-}
-
 module "tgw_hub" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
   version = "1.5.0"
@@ -28,7 +22,7 @@ module "cross_region_hub_connector" {
   source  = "cloudposse/stack-config/yaml//modules/remote-state"
   version = "1.5.0"
 
-  for_each = toset(local.connected_environments)
+  for_each = var.cross_region_hub_connector_components
 
   component   = "tgw/cross-region-hub-connector"
   tenant      = length(var.tgw_hub_tenant_name) > 0 ? var.tgw_hub_tenant_name : module.this.tenant
diff --git a/modules/tgw/spoke/variables.tf b/modules/tgw/spoke/variables.tf
index 752a9e607..c87a0efaf 100644
--- a/modules/tgw/spoke/variables.tf
+++ b/modules/tgw/spoke/variables.tf
@@ -93,3 +93,23 @@ variable "default_route_outgoing_account_name" {
   description = "The account name which is used for outgoing traffic, when using the transit gateway as default route."
   default     = null
 }
+
+variable "cross_region_hub_connector_components" {
+  type        = map(object({ component = string, environment = string }))
+  description = <<-EOT
+  A map of cross-region hub connector components that provide this spoke with the appropriate Transit Gateway attachments IDs.
+  - The key should be the environment that the remote VPC is located in.
+  - The component is the name of the compoent in the remote region (e.g. `tgw/cross-region-hub-connector`)
+  - The environment is the region that the cross-region-hub-connector is deployed in.
+  e.g. the following would configure a component called `tgw/cross-region-hub-connector/use1` that is deployed in the
+  If use2 is the primary region, the following would be its configuration:
+  use1:
+    component: "tgw/cross-region-hub-connector"
+    environment: "use1" (the remote region)
+  and in the alternate region, the following would be its configuration:
+  use2:
+    component: "tgw/cross-region-hub-connector"
+    environment: "use1" (our own region)
+  EOT
+  default     = {}
+}