terraform-aws-vpc
terraform-aws-vpc copied to clipboard
terraform-aws-modules
feat: Allow additional routes for intra and private routing tables
Description
Allow additional routes to be added for the private and intra routing tables, like it is already available for the default table.
An example use case could be peering with some VPC and making it routed with the VPC managed by the module. This example assumes that requesting and accepting the peering request should be handled by a user. As well as adding default routes on the other (peered VPC) side.
Motivation and Context
The use case is configuring all required routes within the VPC module, instead of adding custom
calls for aws_route. The latter is not always possible with terragrunt modules for example, which allows
only other modules there, and no custom resources.
(see https://github.com/gruntwork-io/terragrunt/issues/1187 and https://github.com/gruntwork-io/terragrunt/issues/1150)
Custom routes may be required for the private/intra VPC route tables to cover many cases, like peering the managed VPC with another VPC (outside of this feature scope) and manage additional routes on both sides. This change allows custom routes to be added for the managed VPC, for this example. While adding the needed routes on the other side of the peering, and creating the peering would be left for the user exercise.
Breaking Changes
How Has This Been Tested?
- [x] I have updated at least one of the
examples/*to demonstrate and validate my change(s) - [x] I have tested and validated these changes using one or more of the provided
examples/*projects (with my tEKS fork)
- [x] I have executed
pre-commit run -aon my pull request
What's the hold up w/ this? We actually need this for transit gateway attachment
This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Just a heads up, I didn't forget about this one, will come back to it once I have spare time to rework it for NAT GW support :)
@lmpardey could you please reopen it? I'm preparing a fix, as you recommended and update this PR shortly.
It is almost done, just that the code that works in console, fails when being applied works in console:
> setproduct(tolist(aws_route_table.private[*].id),[for route in [split(",", "172.30.0.0/16,192.168.142.0/24")]:{"vpc_peering_connection_id" = "foo","cidr_block" = route}])
tolist([
[
"rtb-02a1877c819b737d6",
{
"cidr_block" = tolist([
"172.30.0.0/16",
"192.168.142.0/24",
])
"vpc_peering_connection_id" = "foo"
},
],
[
"rtb-0484ba914f31f866a",
{
"cidr_block" = tolist([
"172.30.0.0/16",
"192.168.142.0/24",
])
"vpc_peering_connection_id" = "foo"
},
],
])
fails if applied:
β Error: Invalid for_each set argument
β
β on main.tf line 1047, in resource "aws_route" "private_route_custom":
β 1047: for_each = toset(setproduct(aws_route_table.private[*].id, var.private_routes_extra))
β βββββββββββββββββ
β β aws_route_table.private is tuple with 2 elements
β β var.private_routes_extra is list of map of string with 2 elements
β
β The given "for_each" argument value is unsuitable: "for_each" supports maps
β and sets of strings, but you have provided a set containing type tuple.
β΅
:(
Re-submitted as a new one https://github.com/terraform-aws-modules/terraform-aws-vpc/pull/833 PTAL
I'm going to lock this pull request because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.