AWS Amazon EC2 Transit Gateway VPC Attachment

aws_ec2_transit_gateway_vpc_attachment (Terraform)

The Transit Gateway VPC Attachment in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_transit_gateway_vpc_attachment. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

chimbs86/Security-And-Microservices-On-AWS

resource "aws_ec2_transit_gateway_vpc_attachment" "finance_attachment" {
  subnet_ids = [
    module.vpc_structure.finance_subnet_id]
  transit_gateway_id = aws_ec2_transit_gateway.example_gateway.id
  vpc_id = module.vpc_structure.finance_vpc_id
}

frednotet/msm-tf-aws-tgw

resource "aws_ec2_transit_gateway_vpc_attachment" "this_vpc0" {

  transit_gateway_id = aws_ec2_transit_gateway.this.id
  vpc_id             = var.vpc_attachments["vpc0"].vpc_id
  subnet_ids         = var.vpc_attachments["vpc0"].subnet_ids

etcheby/TGWHA-Demo

resource "aws_ec2_transit_gateway_vpc_attachment" "mgmt_attachment" {
  subnet_ids                                      = ["aws_subnet.mgmt_subnet.id"]
  transit_gateway_id                              = aws_ec2_transit_gateway.transit_gateway.id
  vpc_id                                          = aws_vpc.mgmt_vpc.id
  transit_gateway_default_route_table_association = false
  transit_gateway_default_route_table_propagation = false

lahiruperamune/terraform-aws-import

resource "aws_ec2_transit_gateway_vpc_attachment" "Shared-VPC-HSIS-MGMT" {
    dns_support                                     = "enable"
    provider                                        = "aws.uswest2"
    ipv6_support                                    = "disable"
    subnet_ids                                      = [
        "subnet-069293dbd2bca6679",

Parameters

• appliance_mode_support optional - string
• dns_support optional - string
• id optional computed - string
• ipv6_support optional - string
• subnet_ids required - set of string
• tags optional - map from string to string
• transit_gateway_default_route_table_association optional - bool
• transit_gateway_default_route_table_propagation optional - bool
• transit_gateway_id required - string
• vpc_id required - string
• vpc_owner_id optional computed - string

Explanation in Terraform Registry

Manages an EC2 Transit Gateway VPC Attachment. For examples of custom route table association and propagation, see the EC2 Transit Gateway Networking Examples Guide.

Tips: Best Practices for The Other AWS Amazon EC2 Resources

In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

aws_default_vpc

Ensure to avoid using default VPC

It is better to define the own VPC and use it.

aws_network_acl_rule

Ensure your network ACL rule blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

aws_ebs_volume

Ensure to use a customer-managed key for EBS volume encryption

It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).

aws_instance

Ensure to avoid storing AWS access keys in user data

It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.

aws_security_group

Ensure your security group blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.