AWS Amazon EC2 Transit Gateway VPC Attachment
This page shows how to write Terraform and CloudFormation for Amazon EC2 Transit Gateway VPC Attachment and write them securely.
aws_ec2_transit_gateway_vpc_attachment (Terraform)
The Transit Gateway VPC Attachment in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_transit_gateway_vpc_attachment
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ec2_transit_gateway_vpc_attachment" "finance_attachment" {
subnet_ids = [
module.vpc_structure.finance_subnet_id]
transit_gateway_id = aws_ec2_transit_gateway.example_gateway.id
vpc_id = module.vpc_structure.finance_vpc_id
}
resource "aws_ec2_transit_gateway_vpc_attachment" "this_vpc0" {
transit_gateway_id = aws_ec2_transit_gateway.this.id
vpc_id = var.vpc_attachments["vpc0"].vpc_id
subnet_ids = var.vpc_attachments["vpc0"].subnet_ids
resource "aws_ec2_transit_gateway_vpc_attachment" "mgmt_attachment" {
subnet_ids = ["aws_subnet.mgmt_subnet.id"]
transit_gateway_id = aws_ec2_transit_gateway.transit_gateway.id
vpc_id = aws_vpc.mgmt_vpc.id
transit_gateway_default_route_table_association = false
transit_gateway_default_route_table_propagation = false
resource "aws_ec2_transit_gateway_vpc_attachment" "Shared-VPC-HSIS-MGMT" {
dns_support = "enable"
provider = "aws.uswest2"
ipv6_support = "disable"
subnet_ids = [
"subnet-069293dbd2bca6679",
Parameters
-
appliance_mode_support
optional - string -
dns_support
optional - string -
id
optional computed - string -
ipv6_support
optional - string -
subnet_ids
required - set of string -
tags
optional - map from string to string -
transit_gateway_default_route_table_association
optional - bool -
transit_gateway_default_route_table_propagation
optional - bool -
transit_gateway_id
required - string -
vpc_id
required - string -
vpc_owner_id
optional computed - string
Explanation in Terraform Registry
Manages an EC2 Transit Gateway VPC Attachment. For examples of custom route table association and propagation, see the EC2 Transit Gateway Networking Examples Guide.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::TransitGatewayVpcAttachment (CloudFormation)
The TransitGatewayVpcAttachment in EC2 can be configured in CloudFormation with the resource name AWS::EC2::TransitGatewayVpcAttachment
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
TransitGatewayId
optional - String -
VpcId
optional - String -
SubnetIds
optional - List -
AddSubnetIds
optional - List -
RemoveSubnetIds
optional - List -
Tags
optional - List of Tag -
Options
optional - Json
Explanation in CloudFormation Registry
Specifies a VPC attachment.
Frequently asked questions
What is AWS Amazon EC2 Transit Gateway VPC Attachment?
AWS Amazon EC2 Transit Gateway VPC Attachment is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Transit Gateway VPC Attachment?
For Terraform, the chimbs86/Security-And-Microservices-On-AWS, frednotet/msm-tf-aws-tgw and etcheby/TGWHA-Demo source code examples are useful. See the Terraform Example section for further details.