forked from hashicorp/terraform-provider-aws
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from j-nix/add_transit_gw_peering_docs
Add Transit Gateway peering attachment docs
- Loading branch information
Showing
6 changed files
with
184 additions
and
0 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
examples/transit-gateway-cross-account-peering-attachment/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# EC2 Transit Gateway Cross-Account Peering Attachment | ||
|
||
This example demonstrates how to peer two Transit Gateways in different regions. The peer transit gateway can be in your account or a different AWS account. The following AWS Regions are supported: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), and Europe (Ireland). | ||
|
||
See [more in the Transit Gateway Peering Attachment documentation](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-peering.html). | ||
|
||
## Running this example | ||
|
||
Either `cp terraform.template.tfvars terraform.tfvars` and modify that new file accordingly or provide variables via CLI: | ||
|
||
``` | ||
terraform apply \ | ||
-var="aws_first_access_key=AAAAAAAAAAAAAAAAAAA" \ | ||
-var="aws_first_secret_key=SuperSecretKeyForAccount1" \ | ||
-var="aws_second_access_key=BBBBBBBBBBBBBBBBBBB" \ | ||
-var="aws_second_secret_key=SuperSecretKeyForAccount2" \ | ||
-var="aws_first_region=us-east-2" \ | ||
-var="aws_second_region=us-west-2" | ||
``` | ||
|
||
## Prerequisites | ||
|
||
- This example requires two AWS accounts within the same AWS Organizations Organization | ||
- Ensure Resource Access Manager is enabled in your organization. For more information, see the [Resource Access Manager User Guide](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html). |
86 changes: 86 additions & 0 deletions
86
examples/transit-gateway-cross-account-peering-attachment/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
// First accepts the Peering attachment. | ||
provider "aws" { | ||
alias = "first" | ||
|
||
region = "${var.aws_first_region}" | ||
access_key = "${var.aws_first_access_key}" | ||
secret_key = "${var.aws_first_secret_key}" | ||
} | ||
|
||
// Second creates the Peering attachment. | ||
provider "aws" { | ||
alias = "second" | ||
|
||
region = "${var.aws_second_region}" | ||
access_key = "${var.aws_second_access_key}" | ||
secret_key = "${var.aws_second_secret_key}" | ||
} | ||
|
||
data "aws_caller_identity" "first" { | ||
provider = "aws.first" | ||
} | ||
|
||
data "aws_caller_identity" "second" { | ||
provider = "aws.second" | ||
} | ||
|
||
resource "aws_ec2_transit_gateway" "first" { | ||
provider = "aws.first" | ||
|
||
tags = { | ||
Name = "terraform-example" | ||
} | ||
} | ||
|
||
resource "aws_ram_resource_share" "example" { | ||
provider = "aws.first" | ||
|
||
name = "terraform-example" | ||
|
||
tags = { | ||
Name = "terraform-example" | ||
} | ||
} | ||
|
||
// Share the transit gateway... | ||
resource "aws_ram_resource_association" "example" { | ||
provider = "aws.first" | ||
|
||
resource_arn = "${aws_ec2_transit_gateway.first.arn}" | ||
resource_share_arn = "${aws_ram_resource_share.example.id}" | ||
} | ||
|
||
// ...with the second account. | ||
resource "aws_ram_principal_association" "example" { | ||
provider = "aws.first" | ||
|
||
principal = "${data.aws_caller_identity.second.account_id}" | ||
resource_share_arn = "${aws_ram_resource_share.example.id}" | ||
} | ||
|
||
resource "aws_ec2_transit_gateway" "second" { | ||
provider = "aws.second" | ||
|
||
tags = { | ||
Name = "terraform-example" | ||
} | ||
} | ||
|
||
// Create the Peering attachment in the second account... | ||
resource "aws_ec2_transit_gateway_peering_attachment" "example" { | ||
provider = "aws.second" | ||
peer_account_id = "${data.aws_caller_identity.first.account_id}" | ||
peer_region = "${var.aws_first_region}" | ||
peer_transit_gateway_id = "${aws_ec2_transit_gateway.first.id}" | ||
transit_gateway_id = "${aws_ec2_transit_gateway.second.id}" | ||
tags = { | ||
Name = "terraform-example" | ||
Side = "Creator" | ||
} | ||
depends_on = ["aws_ram_principal_association.example", "aws_ram_resource_association.example"] | ||
|
||
} | ||
|
||
// ...it then needs to accepted by the first account. | ||
|
||
// ...terraform currently doesnt have resource for Transit Gateway Peering Attachment Acceptance |
9 changes: 9 additions & 0 deletions
9
examples/transit-gateway-cross-account-peering-attachment/terraform.template.tfvars
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# First account | ||
aws_first_access_key = "AAAAAAAAAAAAAAAAAAA" | ||
aws_first_secret_key = "SuperSecretKeyForAccount1" | ||
|
||
# Second account | ||
aws_second_access_key = "BBBBBBBBBBBBBBBBBBB" | ||
aws_second_secret_key = "SuperSecretKeyForAccount2" | ||
|
||
aws_region = "us-east-1" |
11 changes: 11 additions & 0 deletions
11
examples/transit-gateway-cross-account-peering-attachment/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
variable "aws_first_access_key" {} | ||
|
||
variable "aws_first_secret_key" {} | ||
|
||
variable "aws_second_access_key" {} | ||
|
||
variable "aws_second_secret_key" {} | ||
|
||
variable "aws_first_region" {} | ||
|
||
variable "aws_second_region" {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
51 changes: 51 additions & 0 deletions
51
website/docs/r/ec2_transit_gateway_peering_attachment.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
--- | ||
subcategory: "EC2" | ||
layout: "aws" | ||
page_title: "AWS: aws_ec2_transit_gateway_peering_attachment" | ||
description: |- | ||
Manages an EC2 Transit Gateway Peering Attachment | ||
--- | ||
|
||
# Resource: aws_ec2_transit_gateway_peering_attachment | ||
|
||
Manages an EC2 Transit Gateway Peering Attachment, supporting the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), and Europe (Ireland). For examples of custom route table association and propagation, see the EC2 Transit Gateway Networking Examples Guide. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "aws_ec2_transit_gateway_peering_attachment" "example" { | ||
peer_account_id = "123456789012" | ||
peer_region = "us-east-2" | ||
peer_transit_gateway_id = "tgw-12345678901234567" | ||
transit_gateway_id = "tgw-76543210987654321" | ||
tags = { | ||
Name = "Example cross-account attachment" | ||
}} | ||
``` | ||
|
||
A full example of how to create a Transit Gateway in one AWS account, share it with a second AWS account, and attach a to a Transit Gateway in the second account via the `aws_ec2_transit_gateway_peering_attachment` resource can be found in [the `./examples/transit-gateway-cross-account-peering-attachment` directory within the Github Repository](https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/transit-gateway-cross-account-peering-attachment). | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `peer_account_id` - (Required) Account ID of EC2 Transit Gateway to peer with. | ||
* `peer_region` - (Required) Region of EC2 Transit Gateway to peer with. | ||
* `peer_transit_gateway_id` - (Required) Identifier of EC2 Transit Gateway to peer with. | ||
* `tags` - (Optional) Key-value tags for the EC2 Transit Gateway Peering Attachment. | ||
* `transit_gateway_id` - (Required) Identifier of EC2 Transit Gateway. | ||
|
||
## Attribute Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `id` - EC2 Transit Gateway Attachment identifier | ||
|
||
## Import | ||
|
||
`aws_ec2_transit_gateway_peering_attachment` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g. | ||
|
||
```bash | ||
$ terraform import aws_ec2_transit_gateway_peering_attachment.example tgw-attach-12345678 | ||
``` |