appvia · gambol99 · Jul 12, 2024 · Jul 12, 2024
diff --git a/README.md b/README.md
@@ -308,10 +308,15 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | [aws_ec2_transit_gateway_route_table_propagation.inspection_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.inspection_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.trusted](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.trusted_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.trusted_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.trusted_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.trusted_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.untrusted](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.untrusted_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.untrusted_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.untrusted_endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
+| [aws_ec2_transit_gateway_route_table_propagation.untrusted_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ram_principal_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association) | resource |
 | [aws_ram_resource_association.prefixes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_association) | resource |
 | [aws_ram_resource_share.prefixes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_share) | resource |

diff --git a/trusted.tf b/trusted.tf
@@ -64,6 +64,10 @@ resource "aws_ec2_transit_gateway_route" "trusted_default" {
   transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
+#
+## Associations  
+#
+
 ## We need to associate the endpoints vpc with the trusted routing table 
 resource "aws_ec2_transit_gateway_route_table_association" "trusted_endpoints" {
   count = local.enable_trusted == true && local.enable_endpoints == true ? 1 : 0
@@ -91,26 +95,74 @@ resource "aws_ec2_transit_gateway_route_table_association" "trusted_egress" {
   transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
 }
 
-## We need to propagate the endpoints_vpc into the untrusted route table 
+#
+## Propagations into the trusted routing table
+#
+
+## We need to propagate the ingress vpc into the trusted route table 
+resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_ingress" {
+  count = local.enable_trusted == true && local.enable_ingress == true ? 1 : 0
+
+  transit_gateway_attachment_id  = module.ingress_vpc[0].transit_gateway_attachment_id
+  transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
+}
+
+## We need to propagate the egress vpc into the trusted route table  
+resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_egress" {
+  count = local.enable_trusted == true && local.enable_egress == true ? 1 : 0
+
+  transit_gateway_attachment_id  = module.egress_vpc[0].transit_gateway_attachment_id
+  transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
+}
+
+## We need to propagate the endpoints vpc into the trusted route table
 resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_endpoints" {
   count = local.enable_trusted == true && local.enable_endpoints == true ? 1 : 0
 
+  transit_gateway_attachment_id  = local.endpoints_vpc_attachment_id
+  transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
+}
+
+## We need to propagate the dns vpc into the trusted route table
+resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_dns" {
+  count = local.enable_trusted == true && local.enable_dns == true ? 1 : 0
+
+  transit_gateway_attachment_id  = module.dns_vpc[0].transit_gateway_attachment_id
+  transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.trusted[0].id
+}
+
+#
+## Propagations into the untrusted routing table
+#
+
+## We need to propagate the endpoints_vpc into the untrusted route table 
+resource "aws_ec2_transit_gateway_route_table_propagation" "untrusted_endpoints" {
+  count = local.enable_trusted == true && local.enable_endpoints == true ? 1 : 0
+
   transit_gateway_attachment_id  = local.endpoints_vpc_attachment_id
   transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to propagate the ingress_vpc into the untrusted route table 
-resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_ingress" {
+resource "aws_ec2_transit_gateway_route_table_propagation" "untrusted_ingress" {
   count = local.enable_trusted == true && local.enable_ingress == true ? 1 : 0
 
   transit_gateway_attachment_id  = module.ingress_vpc[0].transit_gateway_attachment_id
   transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
 
 ## We need to propagate the egress_vpc into the untrusted route table 
-resource "aws_ec2_transit_gateway_route_table_propagation" "trusted_egress" {
+resource "aws_ec2_transit_gateway_route_table_propagation" "untrusted_egress" {
   count = local.enable_trusted == true && local.enable_egress == true ? 1 : 0
 
   transit_gateway_attachment_id  = module.egress_vpc[0].transit_gateway_attachment_id
   transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
 }
+
+## We need to propagate the dns_vpc into the untrusted route table 
+resource "aws_ec2_transit_gateway_route_table_propagation" "untrusted_dns" {
+  count = local.enable_trusted == true && local.enable_dns == true ? 1 : 0
+
+  transit_gateway_attachment_id  = module.dns_vpc[0].transit_gateway_attachment_id
+  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_association_default_route_table_id
+}