mirror of
https://github.com/Telecominfraproject/wlan-toolsmith.git
synced 2025-11-01 03:18:01 +00:00
migrate tip-wifi-vpn to TF 1.x (#178)
* migrate tip-wifi-vpn to TF 1.x * ignore VPN connection settings
This commit is contained in:
Max
@@ -13,6 +13,7 @@ projects:
|
||||
dir: terraform/wifi-289708231103/dns
|
||||
- name: tip-wifi-vpn
|
||||
dir: terraform/wifi-289708231103/tip-wifi-vpn
|
||||
terraform_version: 1.1.2
|
||||
- name: atlantis
|
||||
dir: terraform/wifi-289708231103/atlantis
|
||||
- name: quali
|
||||
|
||||
21
terraform/wifi-289708231103/tip-wifi-vpn/.terraform.lock.hcl
generated
Normal file
21
terraform/wifi-289708231103/tip-wifi-vpn/.terraform.lock.hcl
generated
Normal file
@@ -0,0 +1,21 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "3.71.0"
|
||||
constraints = ">= 3.15.0"
|
||||
hashes = [
|
||||
"h1:wnTd0krep3mqRz650U7TSv/tCkA0LoXKe0QFlnsg/7Q=",
|
||||
"zh:173134d8861a33ed60a48942ad2b96b9d06e85c506d7f927bead47a28f4ebdd2",
|
||||
"zh:2996c8e96930f526f1761e99d14c0b18d83e287b1362aa2fa1444cf848ece613",
|
||||
"zh:43903da1e0a809a1fb5832e957dbe2321b86630d6bfdd8b47728647a72fd912d",
|
||||
"zh:43e71fd8924e7f7b56a0b2a82e29edf07c53c2b41ee7bb442a2f1c27e03e86ae",
|
||||
"zh:4f4c73711f64a3ff85f88bf6b2594e5431d996b7a59041ff6cbc352f069fc122",
|
||||
"zh:5045241b8695ffbd0730bdcd91393b10ffd0cfbeaad6254036e42ead6687d8fd",
|
||||
"zh:6a8811a0fb1035c09aebf1f9b15295523a9a7a2627fd783f50c6168a82e192dd",
|
||||
"zh:8d273c04d7a8c36d4366329adf041c480a0f1be10a7269269c88413300aebdb8",
|
||||
"zh:b90505897ae4943a74de2b88b6a9e7d97bf6dc325a0222235996580edff28656",
|
||||
"zh:ea5e422942ac6fc958229d27d4381c89d21d70c5c2c67a6c06ff357bcded76f6",
|
||||
"zh:f1536d7ff2d3bfd668e3ac33d8956b4f988f87fdfdcc371c7d94b98d5dba53e2",
|
||||
]
|
||||
}
|
||||
@@ -38,12 +38,12 @@ resource "aws_cloudwatch_metric_alarm" "vpn_outgoing_data" {
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_metric_alarm" "tgw_incoming" {
|
||||
alarm_name = "tgw-incoming-data-${module.tgw_main.this_ec2_transit_gateway_id}"
|
||||
alarm_name = "tgw-incoming-data-${module.tgw_main.ec2_transit_gateway_id}"
|
||||
comparison_operator = "GreaterThanThreshold"
|
||||
evaluation_periods = "1"
|
||||
namespace = "AWS/TransitGateway"
|
||||
dimensions = {
|
||||
"TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id
|
||||
"TransitGateway" = module.tgw_main.ec2_transit_gateway_id
|
||||
}
|
||||
metric_name = "BytesIn"
|
||||
period = "3600"
|
||||
@@ -56,12 +56,12 @@ resource "aws_cloudwatch_metric_alarm" "tgw_incoming" {
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_metric_alarm" "tgw_outgoing_data" {
|
||||
alarm_name = "tgw-outgoing-data-${module.tgw_main.this_ec2_transit_gateway_id}"
|
||||
alarm_name = "tgw-outgoing-data-${module.tgw_main.ec2_transit_gateway_id}"
|
||||
comparison_operator = "GreaterThanThreshold"
|
||||
evaluation_periods = "1"
|
||||
namespace = "AWS/TransitGateway"
|
||||
dimensions = {
|
||||
"TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id
|
||||
"TransitGateway" = module.tgw_main.ec2_transit_gateway_id
|
||||
}
|
||||
metric_name = "BytesOut"
|
||||
period = "3600"
|
||||
@@ -74,7 +74,7 @@ resource "aws_cloudwatch_metric_alarm" "tgw_outgoing_data" {
|
||||
}
|
||||
|
||||
resource "aws_cloudwatch_metric_alarm" "tgw_packet_drops" {
|
||||
alarm_name = "tgw-packet-drops-${module.tgw_main.this_ec2_transit_gateway_id}"
|
||||
alarm_name = "tgw-packet-drops-${module.tgw_main.ec2_transit_gateway_id}"
|
||||
comparison_operator = "GreaterThanThreshold"
|
||||
evaluation_periods = "3"
|
||||
threshold = "0"
|
||||
@@ -95,7 +95,7 @@ resource "aws_cloudwatch_metric_alarm" "tgw_packet_drops" {
|
||||
metric {
|
||||
namespace = "AWS/TransitGateway"
|
||||
dimensions = {
|
||||
"TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id
|
||||
"TransitGateway" = module.tgw_main.ec2_transit_gateway_id
|
||||
}
|
||||
metric_name = "PacketDropCountBlackhole"
|
||||
period = "300"
|
||||
@@ -108,7 +108,7 @@ resource "aws_cloudwatch_metric_alarm" "tgw_packet_drops" {
|
||||
metric {
|
||||
namespace = "AWS/TransitGateway"
|
||||
dimensions = {
|
||||
"TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id
|
||||
"TransitGateway" = module.tgw_main.ec2_transit_gateway_id
|
||||
}
|
||||
metric_name = "PacketDropCountNoRoute"
|
||||
period = "300"
|
||||
|
||||
@@ -12,7 +12,7 @@ resource "aws_cloudwatch_dashboard" "vpn_tg" {
|
||||
"height": 6,
|
||||
"properties": {
|
||||
"metrics": [
|
||||
[ "AWS/TransitGateway", "PacketsIn", "TransitGateway", "${module.tgw_main.this_ec2_transit_gateway_id}" ],
|
||||
[ "AWS/TransitGateway", "PacketsIn", "TransitGateway", "${module.tgw_main.ec2_transit_gateway_id}" ],
|
||||
[ ".", "PacketsOut", ".", "." ]
|
||||
],
|
||||
"view": "timeSeries",
|
||||
@@ -40,7 +40,7 @@ resource "aws_cloudwatch_dashboard" "vpn_tg" {
|
||||
"height": 6,
|
||||
"properties": {
|
||||
"metrics": [
|
||||
[ "AWS/TransitGateway", "BytesIn", "TransitGateway", "${module.tgw_main.this_ec2_transit_gateway_id}" ],
|
||||
[ "AWS/TransitGateway", "BytesIn", "TransitGateway", "${module.tgw_main.ec2_transit_gateway_id}" ],
|
||||
[ ".", "BytesOut", ".", "." ]
|
||||
],
|
||||
"view": "timeSeries",
|
||||
@@ -58,7 +58,7 @@ resource "aws_cloudwatch_dashboard" "vpn_tg" {
|
||||
"height": 6,
|
||||
"properties": {
|
||||
"metrics": [
|
||||
[ "AWS/TransitGateway", "PacketDropCountBlackhole", "TransitGateway", "${module.tgw_main.this_ec2_transit_gateway_id}" ],
|
||||
[ "AWS/TransitGateway", "PacketDropCountBlackhole", "TransitGateway", "${module.tgw_main.ec2_transit_gateway_id}" ],
|
||||
[ ".", "PacketDropCountNoRoute", ".", "." ]
|
||||
],
|
||||
"view": "timeSeries",
|
||||
@@ -77,7 +77,7 @@ resource "aws_cloudwatch_dashboard" "vpn_tg" {
|
||||
"height": 6,
|
||||
"properties": {
|
||||
"metrics": [
|
||||
[ "AWS/TransitGateway", "BytesDropCountNoRoute", "TransitGateway", "${module.tgw_main.this_ec2_transit_gateway_id}" ],
|
||||
[ "AWS/TransitGateway", "BytesDropCountNoRoute", "TransitGateway", "${module.tgw_main.ec2_transit_gateway_id}" ],
|
||||
[ ".", "BytesDropCountBlackhole", ".", "." ]
|
||||
],
|
||||
"view": "timeSeries",
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
provider "aws" {
|
||||
version = "~> 2.0"
|
||||
region = var.aws_region
|
||||
region = var.aws_region
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_version = "~> 0.13.2"
|
||||
required_version = ">= 1.0.0, < 2.0.0"
|
||||
|
||||
backend "s3" {
|
||||
region = "us-east-1"
|
||||
|
||||
@@ -7,7 +7,7 @@ resource "aws_customer_gateway" "tunnel_perfecto" {
|
||||
|
||||
resource "aws_vpn_connection" "tunnel-perfecto" {
|
||||
customer_gateway_id = aws_customer_gateway.tunnel_perfecto.id
|
||||
transit_gateway_id = module.tgw_main.this_ec2_transit_gateway_id
|
||||
transit_gateway_id = module.tgw_main.ec2_transit_gateway_id
|
||||
type = "ipsec.1"
|
||||
static_routes_only = true
|
||||
tags = merge({ Name = "tunnel-perfecto" }, local.common_tags)
|
||||
@@ -16,5 +16,5 @@ resource "aws_vpn_connection" "tunnel-perfecto" {
|
||||
# resource "aws_ec2_transit_gateway_route" "tunnel-perfecto" {
|
||||
# destination_cidr_block = "198.160.7.240/32"
|
||||
# transit_gateway_attachment_id = aws_vpn_connection.tunnel-perfecto.transit_gateway_attachment_id
|
||||
# transit_gateway_route_table_id = module.tgw_main.this_ec2_transit_gateway_association_default_route_table_id
|
||||
# transit_gateway_route_table_id = module.tgw_main.ec2_transit_gateway_association_default_route_table_id
|
||||
# }
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
module "tgw_main" {
|
||||
source = "github.com/terraform-aws-modules/terraform-aws-transit-gateway.git?ref=v1.3.0"
|
||||
source = "terraform-aws-modules/transit-gateway/aws"
|
||||
version = "~> 2.0"
|
||||
|
||||
name = "tip-wifi-nrg"
|
||||
description = "tip-wifi-nrg"
|
||||
share_tgw = false
|
||||
@@ -20,11 +22,11 @@ resource "aws_route" "private" {
|
||||
for_each = toset(data.terraform_remote_state.wlan_main.outputs.vpc_private_route_table_ids)
|
||||
destination_cidr_block = "10.28.2.0/23"
|
||||
route_table_id = each.key
|
||||
transit_gateway_id = module.tgw_main.this_ec2_transit_gateway_id
|
||||
transit_gateway_id = module.tgw_main.ec2_transit_gateway_id
|
||||
}
|
||||
|
||||
resource "aws_ec2_transit_gateway_route" "vpn" {
|
||||
destination_cidr_block = var.vpn_endpoint_cidr
|
||||
transit_gateway_attachment_id = aws_vpn_connection.tunnel_tip_wifi_nrg.transit_gateway_attachment_id
|
||||
transit_gateway_route_table_id = module.tgw_main.this_ec2_transit_gateway_association_default_route_table_id
|
||||
transit_gateway_route_table_id = module.tgw_main.ec2_transit_gateway_association_default_route_table_id
|
||||
}
|
||||
|
||||
@@ -7,8 +7,28 @@ resource "aws_customer_gateway" "tunnel_tip_wifi_nrg" {
|
||||
|
||||
resource "aws_vpn_connection" "tunnel_tip_wifi_nrg" {
|
||||
customer_gateway_id = aws_customer_gateway.tunnel_tip_wifi_nrg.id
|
||||
transit_gateway_id = module.tgw_main.this_ec2_transit_gateway_id
|
||||
transit_gateway_id = module.tgw_main.ec2_transit_gateway_id
|
||||
type = "ipsec.1"
|
||||
static_routes_only = true
|
||||
tags = merge({ Name = "tip-wifi-fre" }, local.common_tags)
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
tunnel1_ike_versions,
|
||||
tunnel1_phase1_dh_group_numbers,
|
||||
tunnel1_phase1_encryption_algorithms,
|
||||
tunnel1_phase1_integrity_algorithms,
|
||||
tunnel1_phase2_dh_group_numbers,
|
||||
tunnel1_phase2_encryption_algorithms,
|
||||
tunnel1_phase2_integrity_algorithms,
|
||||
tunnel1_startup_action,
|
||||
tunnel2_ike_versions,
|
||||
tunnel2_phase1_dh_group_numbers,
|
||||
tunnel2_phase1_encryption_algorithms,
|
||||
tunnel2_phase1_integrity_algorithms,
|
||||
tunnel2_phase2_dh_group_numbers,
|
||||
tunnel2_phase2_encryption_algorithms,
|
||||
tunnel2_phase2_integrity_algorithms
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user