Skip to content

Commit

Permalink
Merge pull request #2 from j-nix/add_transit_gw_peering_docs
Browse files Browse the repository at this point in the history
Add Transit Gateway peering attachment docs
  • Loading branch information
Omarimcblack authored Dec 23, 2019
2 parents 5094ff5 + e4eb279 commit 932a775
Show file tree
Hide file tree
Showing 6 changed files with 184 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# EC2 Transit Gateway Cross-Account Peering Attachment

This example demonstrates how to peer two Transit Gateways in different regions. The peer transit gateway can be in your account or a different AWS account. The following AWS Regions are supported: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), and Europe (Ireland).

See [more in the Transit Gateway Peering Attachment documentation](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html).

## Running this example

Either `cp terraform.template.tfvars terraform.tfvars` and modify that new file accordingly or provide variables via CLI:

```
terraform apply \
-var="aws_first_access_key=AAAAAAAAAAAAAAAAAAA" \
-var="aws_first_secret_key=SuperSecretKeyForAccount1" \
-var="aws_second_access_key=BBBBBBBBBBBBBBBBBBB" \
-var="aws_second_secret_key=SuperSecretKeyForAccount2" \
-var="aws_first_region=us-east-2" \
-var="aws_second_region=us-west-2"
```

## Prerequisites

- This example requires two AWS accounts within the same AWS Organizations Organization
- Ensure Resource Access Manager is enabled in your organization. For more information, see the [Resource Access Manager User Guide](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html).
86 changes: 86 additions & 0 deletions examples/transit-gateway-cross-account-peering-attachment/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
// First accepts the Peering attachment.
provider "aws" {
alias = "first"

region = "${var.aws_first_region}"
access_key = "${var.aws_first_access_key}"
secret_key = "${var.aws_first_secret_key}"
}

// Second creates the Peering attachment.
provider "aws" {
alias = "second"

region = "${var.aws_second_region}"
access_key = "${var.aws_second_access_key}"
secret_key = "${var.aws_second_secret_key}"
}

data "aws_caller_identity" "first" {
provider = "aws.first"
}

data "aws_caller_identity" "second" {
provider = "aws.second"
}

resource "aws_ec2_transit_gateway" "first" {
provider = "aws.first"

tags = {
Name = "terraform-example"
}
}

resource "aws_ram_resource_share" "example" {
provider = "aws.first"

name = "terraform-example"

tags = {
Name = "terraform-example"
}
}

// Share the transit gateway...
resource "aws_ram_resource_association" "example" {
provider = "aws.first"

resource_arn = "${aws_ec2_transit_gateway.first.arn}"
resource_share_arn = "${aws_ram_resource_share.example.id}"
}

// ...with the second account.
resource "aws_ram_principal_association" "example" {
provider = "aws.first"

principal = "${data.aws_caller_identity.second.account_id}"
resource_share_arn = "${aws_ram_resource_share.example.id}"
}

resource "aws_ec2_transit_gateway" "second" {
provider = "aws.second"

tags = {
Name = "terraform-example"
}
}

// Create the Peering attachment in the second account...
resource "aws_ec2_transit_gateway_peering_attachment" "example" {
provider = "aws.second"
peer_account_id = "${data.aws_caller_identity.first.account_id}"
peer_region = "${var.aws_first_region}"
peer_transit_gateway_id = "${aws_ec2_transit_gateway.first.id}"
transit_gateway_id = "${aws_ec2_transit_gateway.second.id}"
tags = {
Name = "terraform-example"
Side = "Creator"
}
depends_on = ["aws_ram_principal_association.example", "aws_ram_resource_association.example"]

}

// ...it then needs to accepted by the first account.

// ...terraform currently doesnt have resource for Transit Gateway Peering Attachment Acceptance
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# First account
aws_first_access_key = "AAAAAAAAAAAAAAAAAAA"
aws_first_secret_key = "SuperSecretKeyForAccount1"

# Second account
aws_second_access_key = "BBBBBBBBBBBBBBBBBBB"
aws_second_secret_key = "SuperSecretKeyForAccount2"

aws_region = "us-east-1"
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
variable "aws_first_access_key" {}

variable "aws_first_secret_key" {}

variable "aws_second_access_key" {}

variable "aws_second_secret_key" {}

variable "aws_first_region" {}

variable "aws_second_region" {}
3 changes: 3 additions & 0 deletions website/aws.erb
Original file line number Diff line number Diff line change
Expand Up @@ -1076,6 +1076,9 @@
<li>
<a href="/docs/providers/aws/r/ec2_transit_gateway_route_table_propagation.html">aws_ec2_transit_gateway_route_table_propagation</a>
</li>
<li>
<a href="/docs/providers/aws/r/ec2_transit_gateway_peering_attachment.html">aws_ec2_transit_gateway_peering_attachment</a>
</li>
<li>
<a href="/docs/providers/aws/r/ec2_transit_gateway_vpc_attachment.html">aws_ec2_transit_gateway_vpc_attachment</a>
</li>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
subcategory: "EC2"
layout: "aws"
page_title: "AWS: aws_ec2_transit_gateway_peering_attachment"
description: |-
Manages an EC2 Transit Gateway Peering Attachment
---

# Resource: aws_ec2_transit_gateway_peering_attachment

Manages an EC2 Transit Gateway Peering Attachment, supporting the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), and Europe (Ireland). For examples of custom route table association and propagation, see the EC2 Transit Gateway Networking Examples Guide.

## Example Usage

```hcl
resource "aws_ec2_transit_gateway_peering_attachment" "example" {
peer_account_id = "123456789012"
peer_region = "us-east-2"
peer_transit_gateway_id = "tgw-12345678901234567"
transit_gateway_id = "tgw-76543210987654321"
tags = {
Name = "Example cross-account attachment"
}}
```

A full example of how to create a Transit Gateway in one AWS account, share it with a second AWS account, and attach a to a Transit Gateway in the second account via the `aws_ec2_transit_gateway_peering_attachment` resource can be found in [the `./examples/transit-gateway-cross-account-peering-attachment` directory within the Github Repository](https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/transit-gateway-cross-account-peering-attachment).

## Argument Reference

The following arguments are supported:

* `peer_account_id` - (Required) Account ID of EC2 Transit Gateway to peer with.
* `peer_region` - (Required) Region of EC2 Transit Gateway to peer with.
* `peer_transit_gateway_id` - (Required) Identifier of EC2 Transit Gateway to peer with.
* `tags` - (Optional) Key-value tags for the EC2 Transit Gateway Peering Attachment.
* `transit_gateway_id` - (Required) Identifier of EC2 Transit Gateway.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - EC2 Transit Gateway Attachment identifier

## Import

`aws_ec2_transit_gateway_peering_attachment` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g.

```bash
$ terraform import aws_ec2_transit_gateway_peering_attachment.example tgw-attach-12345678
```

0 comments on commit 932a775

Please sign in to comment.