From 6e850327d5b4c798a83cea58b51a6cb6538d0c47 Mon Sep 17 00:00:00 2001 From: Rohith Jayawardene Date: Thu, 2 May 2024 17:31:37 +0100 Subject: [PATCH] chore: updating the variable with comments (#11) --- README.md | 2 +- variables.tf | 92 ++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 69 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index d61b19a..df14e43 100644 --- a/README.md +++ b/README.md @@ -314,7 +314,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [amazon\_side\_asn](#input\_amazon\_side\_asn) | The ASN for the transit gateway. | `number` | n/a | yes | -| [connectivity\_config](#input\_connectivity\_config) | The type of connectivity options for the transit gateway. | 
object({
    egress = optional(object({
      network = object({
        availability_zones = optional(number, 2)
        ipam_pool_id       = optional(string, null)
        name               = optional(string, "egress")
        private_netmask    = optional(number, 28)
        public_netmask     = optional(number, 28)
        vpc_cidr           = optional(string, null)
        vpc_netmask        = optional(string, null)
      })
    }), null)
    endpoints = optional(object({
      network = object({
        availability_zones = optional(number, 2)
        ipam_pool_id       = optional(string, null)
        name               = optional(string, "endpoints")
        private_netmask    = optional(number, 24)
        vpc_cidr           = optional(string, null)
        vpc_netmask        = optional(string, null)
      })
      sharing = optional(object({
        principals = optional(list(string), [])
      }), null)
      services = optional(map(object({
        private_dns_enabled = optional(bool, true)
        service_type        = optional(string, "Interface")
        service             = string
        policy              = optional(string, null)
        })), {
        ec2 = {
          service = "ec2"
        },
        ec2messages = {
          service = "ec2messages"
        },
        ssm = {
          service = "ssm"
        },
        ssmmessages = {
          service = "ssmmessages"
        },
        logs = {
          service = "logs"
        },
        kms = {
          service = "kms"
        },
        secretsmanager = {
          service = "secretsmanager"
        },
        s3 = {
          service = "s3"
        },
      })
    }), null)
    ingress = optional(object({
      network = object({
        availability_zones = optional(number, 2)
        ipam_pool_id       = optional(string, null)
        name               = optional(string, "ingress")
        private_netmask    = number
        public_netmask     = number
        vpc_cidr           = optional(string, null)
        vpc_netmask        = optional(string, null)
      })
    }), null)
    inspection = optional(object({
      inbound_route_table_name = optional(string, "inbound")
      network = optional(object({
        availability_zones = number
        name               = optional(string, "inspection")
        private_netmask    = optional(number, 24)
        vpc_cidr           = optional(string, "100.64.0.0/21")
      }), null)
      spokes_route_table_name = optional(string, "spokes")
    }), null)
    trusted = optional(object({
      trusted_attachments      = optional(list(string), [])
      trusted_route_table_name = optional(string, "trusted")
    }), null)
  })
| n/a | yes | +| [connectivity\_config](#input\_connectivity\_config) | The type of connectivity options for the transit gateway. | 
object({
    egress = optional(object({
      network = object({
        # Defines the configuration for an egress network. 
        availability_zones = optional(number, 2)
        # The number of availablity zones to use for the egress network. Defaults to 2.
        ipam_pool_id = optional(string, null)
        # The ID of the IPAM pool to use for the egress network. Defaults to null. 
        name = optional(string, "egress")
        # The name of the egress network. Defaults to 'egress'. 
        private_netmask = optional(number, 28)
        # The netmask to use for the private network. Defaults to 28. 
        public_netmask = optional(number, 28)
        # The netmask to use for the public network. Defaults to 28. 
        vpc_cidr = optional(string, null)
        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM
        vpc_netmask = optional(string, null)
        # The netmask to use for the VPC. Defaults to null, required when using IPAM
      })
    }), null)
    endpoints = optional(object({
      # Defines the configuration for the endpoints network. 
      network = object({
        # Defines the configuration for the endpoints network. 
        availability_zones = optional(number, 2)
        # The number of availablity zones to use for the endpoints network. Defaults to 2. 
        ipam_pool_id = optional(string, null)
        # The ID of the IPAM pool to use for the endpoints network. Defaults to null. 
        name = optional(string, "endpoints")
        # The name of the endpoints network. Defaults to 'endpoints'. 
        private_netmask = optional(number, 24)
        # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services. 
        vpc_cidr = optional(string, null)
        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM 
        vpc_netmask = optional(string, null)
        # The netmask to use for the VPC. Defaults to null, required when using IPAM 
      })
      sharing = optional(object({
        # Defines the configuration for the sharing network via AWS RAM 
        principals = optional(list(string), [])
        # The list of organizational units or accounts to share the endpoints resolvers rules with. Defaults to an empty list.
      }), null)
      services = optional(map(object({
        # Defines the configuration for the private endpoints in the shared network. 
        private_dns_enabled = optional(bool, true)
        # Whether private DNS is enabled. Defaults to true. 
        service_type = optional(string, "Interface")
        # The type of service, i.e. Gateway or Interface. Defaults to 'Interface'
        service = string
        # The name of the service i.e. ec2, ec2messages, ssm, ssmmessages, logs, kms, secretsmanager, s3.awsamazon.com
        policy = optional(string, null)
        # An optional IAM policy to use for the endpoint. Defaults to null.
        })), {
        ec2 = {
          service = "ec2"
        },
        ec2messages = {
          service = "ec2messages"
        },
        ssm = {
          service = "ssm"
        },
        ssmmessages = {
          service = "ssmmessages"
        },
        logs = {
          service = "logs"
        },
        kms = {
          service = "kms"
        },
        secretsmanager = {
          service = "secretsmanager"
        },
        s3 = {
          service = "s3"
        },
      })
    }), null)
    ingress = optional(object({
      # Defines the configuration for the ingress network. 
      network = object({
        # Defines the configuration for the ingress network. 
        availability_zones = optional(number, 2)
        # The number of availablity zones to use for the ingress network. Defaults to 2. 
        ipam_pool_id = optional(string, null)
        # The ID of the IPAM pool to use for the ingress network. Defaults to null. 
        name = optional(string, "ingress")
        # The name of the ingress network. Defaults to 'ingress'. 
        private_netmask = number
        # The netmask to use for the private network. Required, ensure space for enough aws services. 
        public_netmask = number
        # The netmask to use for the public network. Required, ensure space for enough aws services. 
        vpc_cidr = optional(string, null)
        # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM 
        vpc_netmask = optional(string, null)
        # The netmask to use for the VPC. Defaults to null, required when using IPAM 
      })
    }), null)
    inspection = optional(object({
      # Defines the configuration for the inspection network. 
      inbound_route_table_name = optional(string, "inbound")
      # The name of the inbound route table. Defaults to 'inbound'. 
      network = optional(object({
        # Defines the configuration for the inspection network. 
        availability_zones = number
        # The number of availablity zones to use for the inspection network. Required. Must match the 
        # number of availability zones you use in the organization, due to symmetric routing requirements. 
        name = optional(string, "inspection")
        # The name of the inspection network. Defaults to 'inspection'. 
        private_netmask = optional(number, 24)
        # The netmask to use for the private network. Defaults to 24
        vpc_cidr = optional(string, "100.64.0.0/21")
        # The CIDR block to use for the VPC. Defaults to carrier-grade NAT space. 
      }), null)
      spokes_route_table_name = optional(string, "spokes")
      # The name of the spokes route table. Defaults to 'spokes'. 
    }), null)
    trusted = optional(object({
      # Defines the configuration for the trusted routing
      trusted_attachments = optional(list(string), [])
      # The list of transit gateway attachments to trust e.g can see all the other untrusted networks. Defaults to an empty list.
      trusted_route_table_name = optional(string, "trusted")
      # The name of the trusted route table. Defaults to 'trusted'.
    }), null)
  })
| n/a | yes | | [description](#input\_description) | The description of the transit gateway to provision. | `string` | n/a | yes | | [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | n/a | yes | | [enable\_dns\_support](#input\_enable\_dns\_support) | Whether DNS support is enabled. | `bool` | `true` | no | diff --git a/variables.tf b/variables.tf index 9971213..151e7e1 100644 --- a/variables.tf +++ b/variables.tf @@ -34,32 +34,55 @@ variable "connectivity_config" { type = object({ egress = optional(object({ network = object({ + # Defines the configuration for an egress network. availability_zones = optional(number, 2) - ipam_pool_id = optional(string, null) - name = optional(string, "egress") - private_netmask = optional(number, 28) - public_netmask = optional(number, 28) - vpc_cidr = optional(string, null) - vpc_netmask = optional(string, null) + # The number of availablity zones to use for the egress network. Defaults to 2. + ipam_pool_id = optional(string, null) + # The ID of the IPAM pool to use for the egress network. Defaults to null. + name = optional(string, "egress") + # The name of the egress network. Defaults to 'egress'. + private_netmask = optional(number, 28) + # The netmask to use for the private network. Defaults to 28. + public_netmask = optional(number, 28) + # The netmask to use for the public network. Defaults to 28. + vpc_cidr = optional(string, null) + # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM + vpc_netmask = optional(string, null) + # The netmask to use for the VPC. Defaults to null, required when using IPAM }) }), null) endpoints = optional(object({ + # Defines the configuration for the endpoints network. network = object({ + # Defines the configuration for the endpoints network. availability_zones = optional(number, 2) - ipam_pool_id = optional(string, null) - name = optional(string, "endpoints") - private_netmask = optional(number, 24) - vpc_cidr = optional(string, null) - vpc_netmask = optional(string, null) + # The number of availablity zones to use for the endpoints network. Defaults to 2. + ipam_pool_id = optional(string, null) + # The ID of the IPAM pool to use for the endpoints network. Defaults to null. + name = optional(string, "endpoints") + # The name of the endpoints network. Defaults to 'endpoints'. + private_netmask = optional(number, 24) + # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services. + vpc_cidr = optional(string, null) + # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM + vpc_netmask = optional(string, null) + # The netmask to use for the VPC. Defaults to null, required when using IPAM }) sharing = optional(object({ + # Defines the configuration for the sharing network via AWS RAM principals = optional(list(string), []) + # The list of organizational units or accounts to share the endpoints resolvers rules with. Defaults to an empty list. }), null) services = optional(map(object({ + # Defines the configuration for the private endpoints in the shared network. private_dns_enabled = optional(bool, true) - service_type = optional(string, "Interface") - service = string - policy = optional(string, null) + # Whether private DNS is enabled. Defaults to true. + service_type = optional(string, "Interface") + # The type of service, i.e. Gateway or Interface. Defaults to 'Interface' + service = string + # The name of the service i.e. ec2, ec2messages, ssm, ssmmessages, logs, kms, secretsmanager, s3.awsamazon.com + policy = optional(string, null) + # An optional IAM policy to use for the endpoint. Defaults to null. })), { ec2 = { service = "ec2" @@ -88,29 +111,50 @@ variable "connectivity_config" { }) }), null) ingress = optional(object({ + # Defines the configuration for the ingress network. network = object({ + # Defines the configuration for the ingress network. availability_zones = optional(number, 2) - ipam_pool_id = optional(string, null) - name = optional(string, "ingress") - private_netmask = number - public_netmask = number - vpc_cidr = optional(string, null) - vpc_netmask = optional(string, null) + # The number of availablity zones to use for the ingress network. Defaults to 2. + ipam_pool_id = optional(string, null) + # The ID of the IPAM pool to use for the ingress network. Defaults to null. + name = optional(string, "ingress") + # The name of the ingress network. Defaults to 'ingress'. + private_netmask = number + # The netmask to use for the private network. Required, ensure space for enough aws services. + public_netmask = number + # The netmask to use for the public network. Required, ensure space for enough aws services. + vpc_cidr = optional(string, null) + # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM + vpc_netmask = optional(string, null) + # The netmask to use for the VPC. Defaults to null, required when using IPAM }) }), null) inspection = optional(object({ + # Defines the configuration for the inspection network. inbound_route_table_name = optional(string, "inbound") + # The name of the inbound route table. Defaults to 'inbound'. network = optional(object({ + # Defines the configuration for the inspection network. availability_zones = number - name = optional(string, "inspection") - private_netmask = optional(number, 24) - vpc_cidr = optional(string, "100.64.0.0/21") + # The number of availablity zones to use for the inspection network. Required. Must match the + # number of availability zones you use in the organization, due to symmetric routing requirements. + name = optional(string, "inspection") + # The name of the inspection network. Defaults to 'inspection'. + private_netmask = optional(number, 24) + # The netmask to use for the private network. Defaults to 24 + vpc_cidr = optional(string, "100.64.0.0/21") + # The CIDR block to use for the VPC. Defaults to carrier-grade NAT space. }), null) spokes_route_table_name = optional(string, "spokes") + # The name of the spokes route table. Defaults to 'spokes'. }), null) trusted = optional(object({ - trusted_attachments = optional(list(string), []) + # Defines the configuration for the trusted routing + trusted_attachments = optional(list(string), []) + # The list of transit gateway attachments to trust e.g can see all the other untrusted networks. Defaults to an empty list. trusted_route_table_name = optional(string, "trusted") + # The name of the trusted route table. Defaults to 'trusted'. }), null) }) }