fix: the trusted attachment were not being propagated into the correc…

…t table
appvia · May 13, 2024 · 8816aed · 8816aed
1 parent 0b47b1b
commit 8816aed
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/locals.tf b/locals.tf
@@ -17,7 +17,7 @@ locals {
   ## The transit gateway attaccment id for the endpoints vpc 
   endpoints_vpc_attachment_id = local.enable_endpoints ? module.endpoints_vpc[0].transit_gateway_attachment_id : null
   ## The workloads routing table for the trusted configuration   
-  trusted_workloads_routing_table_id = local.enable_trusted ? module.tgw.ec2_transit_gateway_association_default_route_table_id : null
+  #trusted_workloads_routing_table_id = local.enable_trusted ? module.tgw.ec2_transit_gateway_association_default_route_table_id : null
 
   ## Should we enable default propation on the vpc 
   enable_default_route_table_propagation = local.enable_trusted ? false : true

diff --git a/outputs.tf b/outputs.tf
@@ -16,7 +16,7 @@ output "trusted_core_route_table_id" {
 
 output "workloads_route_table_id" {
   description = "The ID of the workloads route table."
-  value       = local.enable_trusted ? local.trusted_workloads_routing_table_id : null
+  value       = local.enable_trusted ? module.tgw.ec2_transit_gateway_association_default_route_table_id : null
 }
 
 output "inspection_route_inbound_table_id" {

diff --git a/trusted.tf b/trusted.tf
@@ -33,7 +33,7 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "untrusted" {
   for_each = local.enable_trusted == true ? toset(var.connectivity_config.trusted.trusted_attachments) : toset([])
 
   transit_gateway_attachment_id  = each.value
-  transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to add a default route to the trusted route table to egress 
@@ -51,7 +51,7 @@ resource "aws_ec2_transit_gateway_route" "trusted_default" {
 
   destination_cidr_block         = "0.0.0.0/0"
   transit_gateway_attachment_id  = module.egress_vpc[0].transit_gateway_attachment_id
-  transit_gateway_route_table_id = local.trusted_workloads_routing_table_id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to associate the endpoints vpc with the trusted routing table 
@@ -86,21 +86,21 @@ resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_endpoints" {
   count = local.enable_trusted == true && local.enable_endpoints == true ? 1 : 0
 
   transit_gateway_attachment_id  = local.endpoints_vpc_attachment_id
-  transit_gateway_route_table_id = local.trusted_workloads_routing_table_id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to propagate the ingress_vpc into the untrusted route table 
 resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_ingress" {
   count = local.enable_trusted == true && local.enable_ingress == true ? 1 : 0
 
   transit_gateway_attachment_id  = module.ingress_vpc[0].transit_gateway_attachment_id
-  transit_gateway_route_table_id = local.trusted_workloads_routing_table_id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to propagate the egress_vpc into the untrusted route table 
 resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_egress" {
   count = local.enable_trusted == true && local.enable_egress == true ? 1 : 0
 
   transit_gateway_attachment_id  = module.egress_vpc[0].transit_gateway_attachment_id
-  transit_gateway_route_table_id = local.trusted_workloads_routing_table_id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }