From c0792e40c22dc4605f927aa0dba18f6f6f2781da Mon Sep 17 00:00:00 2001 From: Trung Nguyen Date: Thu, 15 Jun 2017 09:25:38 +0100 Subject: [PATCH 1/4] Allow not only create a CGW but alos to use existing CGW --- main.tf | 3 ++- vars.tf | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 4c5f663..1ce3bed 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,5 @@ resource "aws_customer_gateway" "default" { + count = "${var.customer_gateway_id == "" ? 1 : 0}" bgp_asn = "${var.bgp_asn}" ip_address = "${var.ip_address}" type = "ipsec.1" @@ -14,7 +15,7 @@ resource "aws_customer_gateway" "default" { resource "aws_vpn_connection" "default" { vpn_gateway_id = "${var.vpn_gateway_id}" - customer_gateway_id = "${aws_customer_gateway.default.id}" + customer_gateway_id = "${var.customer_gateway_id == "" ? join("", aws_customer_gateway.default.*.id) : var.customer_gateway_id}" type = "ipsec.1" static_routes_only = "${var.static_routes_only}" diff --git a/vars.tf b/vars.tf index 0ebf887..80bb243 100644 --- a/vars.tf +++ b/vars.tf @@ -6,12 +6,19 @@ variable "vpn_gateway_id" { description = "Specify which VPN Gateway the Customer Gateway will be associated with." } +variable "customer_gateway_id" { + description = "The CGW Id to be used to form the VPN connection. If not specified a new CGW is created" + default = "" +} + variable "ip_address" { - description = "IP address of the Customer Gateway external interface." + description = "IP address of the Customer Gateway external interface. Not used if customer_gateway_id is specified" + default = "" } variable "bgp_asn" { - description = "BGP ASN of the Customer Gateway. By convention, use 65000 if you are not running BGP." + description = "BGP ASN of the Customer Gateway. By convention, use 65000 if you are not running BGP. Not used if customer_gateway_id is specified" + default = 0 } variable "destination_cidr_blocks" { From 7bd7f03bb1df6003b60307fc2f4b0ed3247b4aa0 Mon Sep 17 00:00:00 2001 From: Trung Nguyen Date: Thu, 15 Jun 2017 09:28:19 +0100 Subject: [PATCH 2/4] Use 65000 a the default value for bgp_asn --- vars.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars.tf b/vars.tf index 80bb243..bf6340f 100644 --- a/vars.tf +++ b/vars.tf @@ -18,7 +18,7 @@ variable "ip_address" { variable "bgp_asn" { description = "BGP ASN of the Customer Gateway. By convention, use 65000 if you are not running BGP. Not used if customer_gateway_id is specified" - default = 0 + default = 65000 } variable "destination_cidr_blocks" { From 46f1205ba5ed69e3d8b90388a323940d29f65e7d Mon Sep 17 00:00:00 2001 From: Trung Nguyen Date: Thu, 15 Jun 2017 09:42:02 +0100 Subject: [PATCH 3/4] Update README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e2f5609..44e0bbd 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,11 @@ Module Input Variables - `name` - Unique name used to label the VPN Gateway and Customer Gateway. - `vpn_gateway_id` - VPN Gateway to associate with Customer Gateway and VPN Connection. -- `ip_address` - The IP address of the gateway's Internet-routable external interface. -- `bgp_asn` - BGP Autonomous System Number. If BGP is not in use, then by convention set this value to 65000. +- Customer Gateway (CGW): you can use an existing CGW or you can create a new CGW + - To use existing CGW: pass the CGW ID in `customer_gateway_id`. In this case `ip_address` and `bagp_asn` are not relevant and not used + - To create a new CGW: leave `customer_gateway_id` as "", and specify 2 variables below: + - `ip_address` - The IP address of the gateway's Internet-routable external interface. + - `bgp_asn` - BGP Autonomous System Number. If BGP is not in use, then by convention set this value to 65000. - `destination_cidr_blocks` - A comma separated list of CIDR blocks which sit behind the Customer Gateway device and should be routed over the VPN connection. - `route_table_ids` - (optional) A comma separated list of route tables ids. This must be provided if you plan to create static routes for the destination_cidr_blocks in each route table. - `route_table_count` - (optional) The total number of tables in the route_table_ids list. This must be provided if route_table_ids is set. This is necessary since value of `count` cannot be computed in modules. From 416832d03c73f1f18c23501a17717388882c9396 Mon Sep 17 00:00:00 2001 From: Trung Nguyen Date: Thu, 15 Jun 2017 09:46:05 +0100 Subject: [PATCH 4/4] Update README>md --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 44e0bbd..910e725 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,23 @@ module "stockholm_cgw" { destination_cidr_blocks = ["10.1.1.0/24", "10.100.1.0/24"] } +# Or if you want to use existing CGW... +/* +module "stockholm_cgw" { + source = "github.com/terraform-community-modules/tf_aws_customer_gw" + + name = "stockholm" + + vpn_gateway_id = "${module.vpn.vgw_id}" + customer_gateway_id = "" + static_routes_only = true + + add_static_routes_to_tables = true + route_table_ids = "${concat(module.public_subnet.public_route_table_ids, module.private_subnet.private_route_table_ids)}" + route_table_count = 6 + destination_cidr_blocks = ["10.1.1.0/24", "10.100.1.0/24"] +} +*/ ```