Palo Alto Networks VPC Route Module for AWS

A Terraform module for deploying a VPC route in AWS cloud.

Usage

module "vpc" {
  source = "../../modules/vpc"

  name                    = var.name
  cidr_block              = var.vpc_cidr_block
  secondary_cidr_blocks   = var.vpc_secondary_cidr_blocks
  global_tags             = var.global_tags
  vpc_tags                = var.vpc_tags
  security_groups         = var.security_groups
}

module "subnet_sets" {
  source   = "../../modules/subnet_set"

  for_each = toset(distinct([for _, v in var.subnets : v.set]))
  
  name   = each.key
  cidrs  = { for k, v in var.subnets : k => v if v.set == each.key }
  vpc_id = module.vpc.id
}

module "nat_gateway_set" {
  source = "../../modules/nat_gateway_set"

  subnets = module.subnet_sets["natgw-1"].subnets
}

module "vpc_route" {
  source = "../../modules/vpc_route"

  for_each = {
    mgmt = {
      route_table_ids = module.subnet_sets["mgmt-1"].unique_route_table_ids
      next_hop_set    = module.vpc.igw_as_next_hop_set
      to_cidr         = var.igw_routing_destination_cidr
    }
    public = {
      route_table_ids = module.subnet_sets["public-1"].unique_route_table_ids
      next_hop_set    = module.nat_gateway_set.next_hop_set
      to_cidr         = var.igw_routing_destination_cidr
    }
    natgw = {
      route_table_ids = module.subnet_sets["natgw-1"].unique_route_table_ids
      next_hop_set    = module.vpc.igw_as_next_hop_set
      to_cidr         = var.igw_routing_destination_cidr
    }
  }

  route_table_ids = each.value.route_table_ids
  next_hop_set    = each.value.next_hop_set
  to_cidr         = each.value.to_cidr
}

Reference

Requirements

Name	Version
terraform	>= 1.0.0, < 2.0.0
aws	~> 5.17

Providers

Name	Version
aws	~> 5.17

Modules

No modules.

Resources

Name	Type
aws_route.this	resource

Inputs

Name	Description	Type	Default	Required
destination_type	Type of destination: "ipv4", "ipv6" or "mpl".	string	"ipv4"	no
managed_prefix_list_id	ID of managed prefix list, which is going to be set as destination in route	string	null	no
next_hop_set	The Next Hop Set object, such as an output module.nat_gateway_set.next_hop_set, which contains 3 attributes: - type - id - ids For type attribute there are possible below values: - "transit_gateway" - "internet_gateway" - "vpc_peer" - "egress_only_gateway" - "local_gateway" - "nat_gateway" - "interface" - "vpc_endpoint" The set of single-zone next hops (type "nat_gateway", "interface" and "vpc_endpoint") should be specified as the ids map, in which case each value is a next hop id and each key should be present among the keys of the input route_table_ids. To avoid unintended cross-zone routing, these keys should be equal. Example: next_hop_set = { type = "nat_gateway" id = null ids = { "us-east-1a" = "natgw-123" "us-east-1b" = "natgw-124" } } For a non-AZ-aware next hop (type "transit_gateway", "internet_gateway", "vpc_peer", "egress_only_gateway" and "local_gateway"), the ids map should be empty. All the route tables receive the same id of the next hop. Example: next_hop_set = { type = "internet_gateway" id = "igw-12345" ids = {} }	object({ type = string id = string ids = map(string) })	n/a	yes
route_table_ids	A map of Route Tables where to install the route. Each key is an arbitrary string, each value is a Route Table identifier. The keys need to match keys used in the next_hop_set input. The keys are usually Availability Zone names. Each of the Route Tables obtains exactly one next hop from the next_hop_set. Example: route_table_ids = { "us-east-1a" = "rt-123123" "us-east-1b" = "rt-123456" }	map(string)	n/a	yes
to_cidr	The CIDR to match the packet's destination field. If they match, the route can be used for the packet. For example "0.0.0.0/0".	string	n/a	yes

Outputs

Name	Description
route_details	n/a