feat: Support multiple tgw route tables (v2)

README.md

@@ -62,6 +62,7 @@ module "vpc" {
 
 - [Complete example](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/complete) shows TGW in combination with the [VPC module](https://github.com/terraform-aws-modules/terraform-aws-vpc) and [Resource Access Manager (RAM)](https://aws.amazon.com/ram/).
 - [Multi-account example](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/multi-account) shows TGW resources shared with different AWS accounts (via [Resource Access Manager (RAM)](https://aws.amazon.com/ram/)).
+- [Multiple route tables](https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/tree/master/examples/multiple-route-tables) shows a TGW with multiple route tables
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements

examples/multiple-route-tables/README.md

@@ -0,0 +1,55 @@
+# Complete AWS Transit Gateway example
+
+Configuration in this directory creates an AWS Transit Gateway, attaches a VPC to it, creates two Transit Gateway route tables, and shares the Transit Gateway with other AWS principals using [Resource Access Manager (RAM)](https://aws.amazon.com/ram/).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.4 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_tgw"></a> [tgw](#module\_tgw) | ../../ | n/a |
+| <a name="module_tgw_peer"></a> [tgw\_peer](#module\_tgw\_peer) | ../../ | n/a |
+| <a name="module_tgw_rtb1"></a> [tgw\_rtb1](#module\_tgw\_rtb1) | ../../modules/route-table | n/a |
+| <a name="module_tgw_rtb2"></a> [tgw\_rtb1](#module\_tgw\_rtb1) | ../../modules/route-table | n/a |
+| <a name="module_vpc1"></a> [vpc1](#module\_vpc1) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc2"></a> [vpc2](#module\_vpc2) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_ec2_transit_gateway_arn"></a> [ec2\_transit\_gateway\_arn](#output\_ec2\_transit\_gateway\_arn) | EC2 Transit Gateway Amazon Resource Name (ARN) |
+| <a name="output_ec2_transit_gateway_association_default_route_table_id"></a> [ec2\_transit\_gateway\_association\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_association\_default\_route\_table\_id) | Identifier of the default association route table |
+| <a name="output_ec2_transit_gateway_id"></a> [ec2\_transit\_gateway\_id](#output\_ec2\_transit\_gateway\_id) | EC2 Transit Gateway identifier |
+| <a name="output_ec2_transit_gateway_owner_id"></a> [ec2\_transit\_gateway\_owner\_id](#output\_ec2\_transit\_gateway\_owner\_id) | Identifier of the AWS account that owns the EC2 Transit Gateway |
+| <a name="output_ec2_transit_gateway_propagation_default_route_table_id"></a> [ec2\_transit\_gateway\_propagation\_default\_route\_table\_id](#output\_ec2\_transit\_gateway\_propagation\_default\_route\_table\_id) | Identifier of the default propagation route table |
+| <a name="output_ec2_transit_gateway_route_ids"></a> [ec2\_transit\_gateway\_route\_ids](#output\_ec2\_transit\_gateway\_route\_ids) | List of EC2 Transit Gateway Route Table identifier combined with destination |
+| <a name="output_ec2_transit_gateway_route_table_association"></a> [ec2\_transit\_gateway\_route\_table\_association](#output\_ec2\_transit\_gateway\_route\_table\_association) | Map of EC2 Transit Gateway Route Table Association attributes |
+| <a name="output_ec2_transit_gateway_route_table_association_ids"></a> [ec2\_transit\_gateway\_route\_table\_association\_ids](#output\_ec2\_transit\_gateway\_route\_table\_association\_ids) | List of EC2 Transit Gateway Route Table Association identifiers |
+| <a name="output_ec2_transit_gateway_route_table_default_association_route_table"></a> [ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_association\_route\_table) | Boolean whether this is the default association route table for the EC2 Transit Gateway |
+| <a name="output_ec2_transit_gateway_route_table_default_propagation_route_table"></a> [ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table](#output\_ec2\_transit\_gateway\_route\_table\_default\_propagation\_route\_table) | Boolean whether this is the default propagation route table for the EC2 Transit Gateway |
+| <a name="output_ec2_transit_gateway_route_table_id"></a> [ec2\_transit\_gateway\_route\_table\_id](#output\_ec2\_transit\_gateway\_route\_table\_id) | EC2 Transit Gateway Route Table identifier |
+| <a name="output_ec2_transit_gateway_route_table_propagation"></a> [ec2\_transit\_gateway\_route\_table\_propagation](#output\_ec2\_transit\_gateway\_route\_table\_propagation) | Map of EC2 Transit Gateway Route Table Propagation attributes |
+| <a name="output_ec2_transit_gateway_route_table_propagation_ids"></a> [ec2\_transit\_gateway\_route\_table\_propagation\_ids](#output\_ec2\_transit\_gateway\_route\_table\_propagation\_ids) | List of EC2 Transit Gateway Route Table Propagation identifiers |
+| <a name="output_ec2_transit_gateway_vpc_attachment"></a> [ec2\_transit\_gateway\_vpc\_attachment](#output\_ec2\_transit\_gateway\_vpc\_attachment) | Map of EC2 Transit Gateway VPC Attachment attributes |
+| <a name="output_ec2_transit_gateway_vpc_attachment_ids"></a> [ec2\_transit\_gateway\_vpc\_attachment\_ids](#output\_ec2\_transit\_gateway\_vpc\_attachment\_ids) | List of EC2 Transit Gateway VPC Attachment identifiers |
+| <a name="output_ram_principal_association_id"></a> [ram\_principal\_association\_id](#output\_ram\_principal\_association\_id) | The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma |
+| <a name="output_ram_resource_share_id"></a> [ram\_resource\_share\_id](#output\_ram\_resource\_share\_id) | The Amazon Resource Name (ARN) of the resource share |

examples/multiple-route-tables/main.tf

@@ -0,0 +1,196 @@
+provider "aws" {
+  region = local.region
+}
+
+# This provider is required for attachment only installation in another AWS Account
+provider "aws" {
+  region = local.region
+  alias  = "peer"
+}
+
+locals {
+  name   = "ex-tgw-${replace(basename(path.cwd), "_", "-")}"
+  region = "eu-west-1"
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-transit-gateway"
+  }
+}
+
+################################################################################
+# Transit Gateway Module
+################################################################################
+
+module "tgw" {
+  source = "../../"
+
+  name              = local.name
+  description       = "My TGW shared with several other AWS accounts"
+  amazon_side_asn   = 64532
+  create_tgw_routes = false
+
+  # When "true" there is no need for RAM resources if using multiple AWS accounts
+  enable_auto_accept_shared_attachments = true
+
+  ram_allow_external_principals = true
+  ram_principals                = [307990089504]
+
+  tags = local.tags
+}
+
+module "tgw_rtb1" {
+  source = "../../modules/route-table"
+
+  name               = "${local.name}-rtb1"
+  transit_gateway_id = module.tgw.ec2_transit_gateway_id
+
+  vpc_attachments = {
+    vpc1 = {
+      vpc_id       = module.vpc1.vpc_id
+      subnet_ids   = module.vpc1.private_subnets
+      dns_support  = true
+      ipv6_support = true
+
+      tgw_routes = [
+        {
+          destination_cidr_block = "30.0.0.0/16"
+        },
+        {
+          blackhole              = true
+          destination_cidr_block = "0.0.0.0/0"
+        }
+      ]
+    },
+    vpc2 = {
+      vpc_id     = module.vpc2.vpc_id
+      subnet_ids = module.vpc2.private_subnets
+
+      tgw_routes = [
+        {
+          destination_cidr_block = "50.0.0.0/16"
+        },
+        {
+          blackhole              = true
+          destination_cidr_block = "10.10.10.10/32"
+        }
+      ]
+    },
+  }
+}
+
+module "tgw_rtb2" {
+  source = "../../modules/route-table"
+
+  name               = "${local.name}-rtb2"
+  transit_gateway_id = module.tgw.ec2_transit_gateway_id
+
+  vpc_attachments = {
+    vpc1 = {
+      vpc_id       = module.vpc1.vpc_id
+      subnet_ids   = module.vpc1.private_subnets
+      dns_support  = true
+      ipv6_support = true
+
+      tgw_routes = [
+        {
+          destination_cidr_block = "30.0.0.0/16"
+        }
+      ]
+    }
+  }
+}
+
+module "tgw_peer" {
+  # This is optional and connects to another account. Meaning you need to be authenticated with 2 separate AWS Accounts
+  source = "../../"
+
+  providers = {
+    aws = aws.peer
+  }
+
+  name            = "${local.name}-peer"
+  description     = "My TGW shared with several other AWS accounts"
+  amazon_side_asn = 64532
+
+  create_tgw             = false
+  share_tgw              = true
+  ram_resource_share_arn = module.tgw.ram_resource_share_id
+  # When "true" there is no need for RAM resources if using multiple AWS accounts
+  enable_auto_accept_shared_attachments = true
+
+  vpc_attachments = {
+    vpc1 = {
+      tgw_id       = module.tgw.ec2_transit_gateway_id
+      vpc_id       = module.vpc1.vpc_id
+      subnet_ids   = module.vpc1.private_subnets
+      dns_support  = true
+      ipv6_support = true
+
+      transit_gateway_default_route_table_association = false
+      transit_gateway_default_route_table_propagation = false
+
+      # optional VPC subnet routes
+      vpc_route_table_ids = module.vpc1.private_route_table_ids
+      # this example routes all non-local traffic over the transit gateway
+      tgw_destination_cidr = "0.0.0.0/0"
+
+      tgw_routes = [
+        {
+          destination_cidr_block = "30.0.0.0/16"
+        },
+        {
+          blackhole              = true
+          destination_cidr_block = "0.0.0.0/0"
+        }
+      ]
+    },
+  }
+
+  ram_allow_external_principals = true
+  ram_principals                = [307990089504]
+
+  tags = local.tags
+}
+
+################################################################################
+# Supporting resources
+################################################################################
+
+module "vpc1" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = "${local.name}-vpc1"
+  cidr = "10.10.0.0/16"
+
+  azs             = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
+
+  enable_ipv6                                    = true
+  private_subnet_assign_ipv6_address_on_creation = true
+  private_subnet_ipv6_prefixes                   = [0, 1, 2]
+
+  tags = local.tags
+}
+
+
+module "vpc2" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  providers = {
+    aws = aws.peer
+  }
+
+  name = "${local.name}-vpc2"
+  cidr = "10.20.0.0/16"
+
+  azs             = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
+
+  enable_ipv6 = false
+
+  tags = local.tags
+}

examples/multiple-route-tables/outputs.tf

@@ -0,0 +1,47 @@
+################################################################################
+# VPC Attachment
+################################################################################
+
+output "ec2_transit_gateway_vpc_attachment_ids" {
+  description = "List of EC2 Transit Gateway VPC Attachment identifiers"
+  value       = module.tgw.ec2_transit_gateway_vpc_attachment_ids
+}
+
+output "ec2_transit_gateway_vpc_attachment" {
+  description = "Map of EC2 Transit Gateway VPC Attachment attributes"
+  value       = module.tgw.ec2_transit_gateway_vpc_attachment
+}
+
+################################################################################
+# Route Table / Routes
+################################################################################
+
+output "ec2_transit_gateway_route_table_id" {
+  description = "EC2 Transit Gateway Route Table identifier"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_table_id
+}
+
+output "ec2_transit_gateway_route_ids" {
+  description = "List of EC2 Transit Gateway Route Table identifier combined with destination"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_ids
+}
+
+output "ec2_transit_gateway_route_table_association_ids" {
+  description = "List of EC2 Transit Gateway Route Table Association identifiers"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_table_association_ids
+}
+
+output "ec2_transit_gateway_route_table_association" {
+  description = "Map of EC2 Transit Gateway Route Table Association attributes"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_table_association
+}
+
+output "ec2_transit_gateway_route_table_propagation_ids" {
+  description = "List of EC2 Transit Gateway Route Table Propagation identifiers"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_table_propagation_ids
+}
+
+output "ec2_transit_gateway_route_table_propagation" {
+  description = "Map of EC2 Transit Gateway Route Table Propagation attributes"
+  value       = module.tgw_rtb2.ec2_transit_gateway_route_table_propagation
+}

examples/multiple-route-tables/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.4"
+    }
+  }
+}