Skip to content

Commit fc0b95c

Browse files
gambol99gambol99
committed
docs: added the updated docs for trusted
1 parent 527a29b commit fc0b95c

File tree

2 files changed

+6
-4
lines changed

2 files changed

+6
-4
lines changed

modules/trusted/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@
1616
| <a name="input_enable_dns_support"></a> [enable\_dns\_support](#input\_enable\_dns\_support) | Whether DNS support is enabled. | `bool` | `true` | no |
1717
| <a name="input_enable_external_principals"></a> [enable\_external\_principals](#input\_enable\_external\_principals) | Whether to enable external principals in the RAM share. | `bool` | `true` | no |
1818
| <a name="input_enable_multicast_support"></a> [enable\_multicast\_support](#input\_enable\_multicast\_support) | Whether multicast support is enabled. | `bool` | `false` | no |
19+
| <a name="input_enable_ssm_sharing"></a> [enable\_ssm\_sharing](#input\_enable\_ssm\_sharing) | Whether to create and share the SSM parameter for the transit gateway ID. | `bool` | `false` | no |
1920
| <a name="input_enable_vpn_ecmp_support"></a> [enable\_vpn\_ecmp\_support](#input\_enable\_vpn\_ecmp\_support) | Whether VPN Equal Cost Multipath Protocol support is enabled. | `bool` | `false` | no |
2021
| <a name="input_name"></a> [name](#input\_name) | The name of the transit gateway to provision. | `string` | `"tgw"` | no |
2122
| <a name="input_ram_share_name"></a> [ram\_share\_name](#input\_ram\_share\_name) | The name of the RAM share to create for the transit gateway. | `string` | `"tgw-ram-share"` | no |
2223
| <a name="input_ram_share_principals"></a> [ram\_share\_principals](#input\_ram\_share\_principals) | The list of organizational units or accounts to share the transit gateway with. | `list(string)` | `[]` | no |
2324
| <a name="input_services"></a> [services](#input\_services) | A collection of features and services associated with this connectivity domain. | <pre>object({<br/><br/> egress = optional(object({<br/> network = object({<br/> # Defines the configuration for an egress network.<br/> availability_zones = optional(number, 2)<br/> # The number of availablity zones to use for the egress network. Defaults to 2.<br/> ipam_pool_id = optional(string, null)<br/> # The ID of the IPAM pool to use for the egress network. Defaults to null.<br/> name = optional(string, "egress")<br/> # The name of the egress network. Defaults to 'egress'.<br/> private_netmask = optional(number, 28)<br/> # The netmask to use for the private network. Defaults to 28.<br/> public_netmask = optional(number, 28)<br/> # The netmask to use for the public network. Defaults to 28.<br/> transit_gateway_routes = optional(map(string), {<br/> private = "10.0.0.0/8"<br/> public = "10.0.0.0/8"<br/> })<br/> # The transit gateway route tables entries for the egress network.<br/> vpc_cidr = optional(string, null)<br/> # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM<br/> vpc_netmask = optional(string, null)<br/> # The netmask to use for the VPC. Defaults to null, required when using IPAM<br/> })<br/> }), null)<br/><br/> dns = optional(object({<br/> # The list of organizational units or accounts to share the domain rule with.<br/> resolver_name = optional(string, "dns-resolver")<br/><br/> # Defines the configuration for the endpoints network.<br/> network = object({<br/> # Defines the configuration for the endpoints network.<br/> availability_zones = optional(number, 2)<br/> # The number of availablity zones to use for the endpoints network. Defaults to 2.<br/> ipam_pool_id = optional(string, null)<br/> # The ID of the IPAM pool to use for the endpoints network. Defaults to null.<br/> name = optional(string, "central-dns")<br/> # The name of the endpoints network. Defaults to 'endpoints'.<br/> private_netmask = optional(number, 24)<br/> # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services.<br/> vpc_cidr = optional(string, null)<br/> # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM<br/> vpc_netmask = optional(string, null)<br/> # The netmask to use for the VPC. Defaults to null, required when using IPAM<br/> }),<br/><br/> domain_rules = optional(list(object({<br/> ram_share_name = optional(string, "central-dns")<br/> # The name of the domain rule - this is mapped to the resource share name<br/> ram_principals = optional(map(string), {})<br/> # The name of the resolver to use. Defaults to 'dns-resolver'.<br/> rules = list(object({<br/> name = string<br/> # The name of the rule - the ram share name is domain.name + "-" + rule.name<br/> # The list of domain rules to apply to the domain.<br/> domain = string<br/> # The domain to apply the rule to.<br/> targets = optional(list(string), [])<br/> # The list of targets to apply the rule to - defaults to local resolver.<br/> }))<br/> })), [])<br/> }), null)<br/> ## Centralized DNS, used to house central DNS resolvers and rules<br/><br/> endpoints = optional(object({<br/> # Defines the configuration for the endpoints network.<br/> network = object({<br/> # Defines the configuration for the endpoints network.<br/> availability_zones = optional(number, 2)<br/> # The number of availablity zones to use for the endpoints network. Defaults to 2.<br/> ipam_pool_id = optional(string, null)<br/> # The ID of the IPAM pool to use for the endpoints network. Defaults to null.<br/> name = optional(string, "endpoints")<br/> # The name of the endpoints network. Defaults to 'endpoints'.<br/> private_netmask = optional(number, 24)<br/> # The netmask to use for the private network. Defaults to 24, ensure space for enough aws services.<br/> vpc_cidr = optional(string, null)<br/> # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM<br/> vpc_netmask = optional(string, null)<br/> # The netmask to use for the VPC. Defaults to null, required when using IPAM<br/> })<br/><br/> resolver_rules = optional(object({<br/> # Defines the configuration for the sharing network via AWS RAM<br/> principals = optional(list(string), [])<br/> # The list of organizational units or accounts to share the endpoints resolvers rules with. Defaults to an empty list.<br/> }), null)<br/><br/> resolver = optional(object({<br/> enable = optional(bool, false)<br/> # Whether to enable the resolver. Defaults to false.<br/> }), null)<br/><br/> services = optional(map(object({<br/> # Whether private DNS is enabled. Defaults to true.<br/> service_type = optional(string, "Interface")<br/> # The type of service, i.e. Gateway or Interface. Defaults to 'Interface'<br/> service = string<br/> # The name of the service i.e. ec2, ec2messages, ssm, ssmmessages, logs, kms, secretsmanager, s3.awsamazon.com<br/> policy = optional(string, null)<br/> # An optional IAM policy to use for the endpoint. Defaults to null.<br/> })), {<br/> ec2messages = {<br/> service = "ec2messages"<br/> },<br/> ssm = {<br/> service = "ssm"<br/> },<br/> ssmmessages = {<br/> service = "ssmmessages"<br/> },<br/> })<br/> }), null)<br/> ## Centralized private endpoints, using route53 resolver rules instead of private hosted zones<br/><br/> ingress = optional(object({<br/> # Defines the configuration for the ingress network.<br/> network = object({<br/> # Defines the configuration for the ingress network.<br/> availability_zones = optional(number, 2)<br/> # The number of availablity zones to use for the ingress network. Defaults to 2.<br/> ipam_pool_id = optional(string, null)<br/> # The ID of the IPAM pool to use for the ingress network. Defaults to null.<br/> name = optional(string, "ingress")<br/> # The name of the ingress network. Defaults to 'ingress'.<br/> private_netmask = number<br/> # The netmask to use for the private network. Required, ensure space for enough aws services.<br/> public_netmask = number<br/> # The netmask to use for the public network. Required, ensure space for enough aws services.<br/> transit_gateway_routes = optional(map(string), {<br/> private = "10.0.0.0/8"<br/> public = "10.0.0.0/8"<br/> })<br/> # The transit gateway route tables entries for the ingress network.<br/> vpc_cidr = optional(string, null)<br/> # The CIDR block to use for the VPC. Defaults to null, required when not using IPAM<br/> vpc_netmask = optional(string, null)<br/> # The netmask to use for the VPC. Defaults to null, required when using IPAM<br/> })<br/> }), null)<br/> ## Centralized ingress network, used to house all the ingress endpoints<br/> })</pre> | `{}` | no |
25+
| <a name="input_transit_ssm_parameter_name"></a> [transit\_ssm\_parameter\_name](#input\_transit\_ssm\_parameter\_name) | The name of the SSM parameter to create for the transit gateway ID. | `string` | `"/landing-zone/%s/transit-gateway/id"` | no |
2426

2527
## Outputs
2628

modules/trusted/ssm.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@
33
resource "aws_ssm_parameter" "transit_gateway_id" {
44
count = var.enable_ssm_sharing ? 1 : 0
55

6-
name = format(var.transit_ssm_parameter_name, var.region)
7-
description = "Contains the Transit Gateway ID for region ${var.region}"
6+
name = format(var.transit_ssm_parameter_name, local.region)
7+
description = "Contains the Transit Gateway ID for region ${local.region}"
88
type = "String"
9-
value = var.transit_gateway_id
9+
value = module.tgw.transit_gateway_id
1010
tags = var.tags
1111
}
1212

@@ -17,7 +17,7 @@ module "transit_gateway_ssm_share" {
1717
version = "0.0.1"
1818

1919
allow_external_principals = false
20-
name = "transit-gateway-ssm-${var.region}"
20+
name = "transit-gateway-ssm-${local.region}"
2121
principals = var.ram_share_principals
2222
resource_arns = [aws_ssm_parameter.transit_gateway_id.arn]
2323
tags = var.tags

0 commit comments

Comments
 (0)