From 459d6c8a8d583135b8aed603c5cd854385e8cbc2 Mon Sep 17 00:00:00 2001
From: akocbek <106765658+akocbek@users.noreply.github.com>
Date: Fri, 8 Sep 2023 13:52:32 +0100
Subject: [PATCH] feat: exposed new boolean variable `transit_gateway_global`
which allows you to enable connecting to the networks outside the associated
region (only applicable if transit gateway is enabled) (#570)
---
README.md | 1 +
examples/one-vpc-one-vsi/override.json | 1 +
examples/override-example/override.json | 1 +
module-metadata.json | 58 +++++++++++++++----------
patterns/mixed/config.tf | 2 +
patterns/mixed/main.tf | 1 +
patterns/mixed/override.json | 1 +
patterns/mixed/variables.tf | 6 +++
patterns/roks/main.tf | 1 +
patterns/roks/module/config.tf | 2 +
patterns/roks/module/main.tf | 1 +
patterns/roks/module/variables.tf | 6 +++
patterns/roks/override.json | 1 +
patterns/roks/variables.tf | 6 +++
patterns/vpc/main.tf | 1 +
patterns/vpc/module/config.tf | 2 +
patterns/vpc/module/main.tf | 1 +
patterns/vpc/module/variables.tf | 6 +++
patterns/vpc/override.json | 1 +
patterns/vpc/variables.tf | 6 +++
patterns/vsi-quickstart/variables.tf | 1 +
patterns/vsi/main.tf | 1 +
patterns/vsi/module/config.tf | 2 +
patterns/vsi/module/main.tf | 1 +
patterns/vsi/module/variables.tf | 6 +++
patterns/vsi/override.json | 1 +
patterns/vsi/variables.tf | 6 +++
transit_gateway.tf | 2 +-
variables.tf | 6 +++
29 files changed, 108 insertions(+), 23 deletions(-)
diff --git a/README.md b/README.md
index 8202a6b47..60f2bb4d8 100644
--- a/README.md
+++ b/README.md
@@ -981,6 +981,7 @@ statement instead the previous block.
| [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | object({
teleport_license = optional(string)
https_cert = optional(string)
https_key = optional(string)
domain = optional(string)
cos_bucket_name = optional(string)
cos_key_name = optional(string)
teleport_version = optional(string)
message_of_the_day = optional(string)
hostname = optional(string)
app_id_key_name = optional(string)
claims_to_roles = optional(
list(
object({
email = string
roles = list(string)
})
)
)
}) | `null` | no |
| [teleport\_vsi](#input\_teleport\_vsi) | A list of teleport vsi deployments | list(
object(
{
name = string
vpc_name = string
resource_group = optional(string)
subnet_name = string
ssh_keys = list(string)
boot_volume_encryption_key_name = string
image_name = string
machine_type = string
access_tags = optional(list(string), [])
security_groups = optional(list(string))
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
}
)
)
| `[]` | no |
| [transit\_gateway\_connections](#input\_transit\_gateway\_connections) | Transit gateway vpc connections. Will only be used if transit gateway is enabled. | `list(string)` | n/a | yes |
+| [transit\_gateway\_global](#input\_transit\_gateway\_global) | Connect to the networks outside the associated region. Will only be used if transit gateway is enabled. | `bool` | `false` | no |
| [transit\_gateway\_resource\_group](#input\_transit\_gateway\_resource\_group) | Name of resource group to use for transit gateway. Must be included in `var.resource_group` | `string` | n/a | yes |
| [virtual\_private\_endpoints](#input\_virtual\_private\_endpoints) | Object describing VPE to be created | list(
object({
service_name = string
service_type = string
resource_group = optional(string)
access_tags = optional(list(string), [])
vpcs = list(
object({
name = string
subnets = list(string)
security_group_name = optional(string)
})
)
})
)
| n/a | yes |
| [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | list(
object({
access_tags = optional(list(string), [])
name = string
resource_group = optional(string)
strategy = string
})
)
| `[]` | no |
diff --git a/examples/one-vpc-one-vsi/override.json b/examples/one-vpc-one-vsi/override.json
index d755e0a65..fdb57cf22 100644
--- a/examples/one-vpc-one-vsi/override.json
+++ b/examples/one-vpc-one-vsi/override.json
@@ -1,5 +1,6 @@
{
"enable_transit_gateway": false,
+ "transit_gateway_global": false,
"virtual_private_endpoints": [],
"service_endpoints": "private",
"security_groups": [],
diff --git a/examples/override-example/override.json b/examples/override-example/override.json
index 2af098c86..ae748314c 100644
--- a/examples/override-example/override.json
+++ b/examples/override-example/override.json
@@ -11,6 +11,7 @@
},
"clusters": [],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"transit_gateway_connections": [
"management",
"workload",
diff --git a/module-metadata.json b/module-metadata.json
index 698c98dee..321701658 100644
--- a/module-metadata.json
+++ b/module-metadata.json
@@ -11,7 +11,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1117
+ "line": 1123
}
},
"add_kms_block_storage_s2s": {
@@ -25,7 +25,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1482
+ "line": 1488
}
},
"appid": {
@@ -42,7 +42,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 873
+ "line": 879
}
},
"atracker": {
@@ -56,7 +56,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 752
+ "line": 758
}
},
"clusters": {
@@ -69,7 +69,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 768
+ "line": 774
}
},
"cos": {
@@ -82,7 +82,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 481
+ "line": 487
}
},
"enable_transit_gateway": {
@@ -112,7 +112,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1386
+ "line": 1392
}
},
"f5_vsi": {
@@ -125,7 +125,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1249
+ "line": 1255
}
},
"iam_account_settings": {
@@ -149,7 +149,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1011
+ "line": 1017
}
},
"ibmcloud_api_key": {
@@ -177,7 +177,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 706
+ "line": 712
}
},
"network_cidr": {
@@ -309,7 +309,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1432
+ "line": 1438
}
},
"security_groups": {
@@ -322,7 +322,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 383
+ "line": 389
}
},
"service_endpoints": {
@@ -332,7 +332,7 @@
"default": "private",
"pos": {
"filename": "variables.tf",
- "line": 695
+ "line": 701
}
},
"ssh_keys": {
@@ -345,7 +345,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 237
+ "line": 243
}
},
"tags": {
@@ -409,7 +409,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 917
+ "line": 923
}
},
"teleport_vsi": {
@@ -422,7 +422,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 943
+ "line": 949
}
},
"transit_gateway_connections": {
@@ -432,7 +432,20 @@
"required": true,
"pos": {
"filename": "variables.tf",
- "line": 226
+ "line": 232
+ }
+ },
+ "transit_gateway_global": {
+ "name": "transit_gateway_global",
+ "type": "bool",
+ "description": "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled.",
+ "default": false,
+ "source": [
+ "ibm_tg_gateway.transit_gateway.global"
+ ],
+ "pos": {
+ "filename": "variables.tf",
+ "line": 221
}
},
"transit_gateway_resource_group": {
@@ -442,7 +455,7 @@
"required": true,
"pos": {
"filename": "variables.tf",
- "line": 221
+ "line": 227
}
},
"virtual_private_endpoints": {
@@ -455,7 +468,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 455
+ "line": 461
}
},
"vpc_placement_groups": {
@@ -468,7 +481,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 1450
+ "line": 1456
}
},
"vpcs": {
@@ -507,7 +520,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 270
+ "line": 276
}
},
"wait_till": {
@@ -520,7 +533,7 @@
],
"pos": {
"filename": "variables.tf",
- "line": 852
+ "line": 858
}
}
},
@@ -1307,6 +1320,7 @@
"name": "transit_gateway",
"attributes": {
"count": "enable_transit_gateway",
+ "global": "transit_gateway_global",
"location": "region",
"name": "prefix"
},
diff --git a/patterns/mixed/config.tf b/patterns/mixed/config.tf
index 6ea69edfa..6cc46fa73 100644
--- a/patterns/mixed/config.tf
+++ b/patterns/mixed/config.tf
@@ -177,6 +177,7 @@ locals {
resource_groups = module.dynamic_values.resource_groups
vpcs = module.dynamic_values.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
transit_gateway_resource_group = "${var.prefix}-service-rg"
transit_gateway_connections = module.dynamic_values.vpc_list
object_storage = module.dynamic_values.object_storage
@@ -287,6 +288,7 @@ locals {
vpcs = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
vpn_gateways = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
enable_transit_gateway = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+ transit_gateway_global = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
transit_gateway_connections = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.ssh_keys)
diff --git a/patterns/mixed/main.tf b/patterns/mixed/main.tf
index d2ac32e49..9790a7053 100644
--- a/patterns/mixed/main.tf
+++ b/patterns/mixed/main.tf
@@ -25,6 +25,7 @@ module "landing_zone" {
vpcs = local.env.vpcs
vpn_gateways = local.env.vpn_gateways
enable_transit_gateway = local.env.enable_transit_gateway
+ transit_gateway_global = local.env.transit_gateway_global
transit_gateway_resource_group = local.env.transit_gateway_resource_group
transit_gateway_connections = local.env.transit_gateway_connections
ssh_keys = local.env.ssh_keys
diff --git a/patterns/mixed/override.json b/patterns/mixed/override.json
index c29922546..15a43bded 100644
--- a/patterns/mixed/override.json
+++ b/patterns/mixed/override.json
@@ -90,6 +90,7 @@
}
],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"key_management": {
"keys": [
{
diff --git a/patterns/mixed/variables.tf b/patterns/mixed/variables.tf
index 054087ccd..a33fc8fc0 100644
--- a/patterns/mixed/variables.tf
+++ b/patterns/mixed/variables.tf
@@ -78,6 +78,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/roks/main.tf b/patterns/roks/main.tf
index 2833af299..78635f1a6 100644
--- a/patterns/roks/main.tf
+++ b/patterns/roks/main.tf
@@ -29,6 +29,7 @@ module "roks_landing_zone" {
network_cidr = var.network_cidr
vpcs = var.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
ssh_public_key = var.ssh_public_key
update_all_workers = var.update_all_workers
existing_ssh_key_name = var.existing_ssh_key_name
diff --git a/patterns/roks/module/config.tf b/patterns/roks/module/config.tf
index 8da912081..368016d4e 100644
--- a/patterns/roks/module/config.tf
+++ b/patterns/roks/module/config.tf
@@ -156,6 +156,7 @@ locals {
resource_groups = module.dynamic_values.resource_groups
vpcs = module.dynamic_values.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
transit_gateway_resource_group = "${var.prefix}-service-rg"
transit_gateway_connections = module.dynamic_values.vpc_list
object_storage = module.dynamic_values.object_storage
@@ -267,6 +268,7 @@ locals {
vpcs = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
vpn_gateways = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
enable_transit_gateway = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+ transit_gateway_global = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
transit_gateway_connections = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys)
diff --git a/patterns/roks/module/main.tf b/patterns/roks/module/main.tf
index a0972acd1..e4ab4c237 100644
--- a/patterns/roks/module/main.tf
+++ b/patterns/roks/module/main.tf
@@ -12,6 +12,7 @@ module "landing_zone" {
vpcs = local.env.vpcs
vpn_gateways = local.env.vpn_gateways
enable_transit_gateway = local.env.enable_transit_gateway
+ transit_gateway_global = local.env.transit_gateway_global
transit_gateway_resource_group = local.env.transit_gateway_resource_group
transit_gateway_connections = local.env.transit_gateway_connections
ssh_keys = local.env.ssh_keys
diff --git a/patterns/roks/module/variables.tf b/patterns/roks/module/variables.tf
index 61f620cbc..7000f10c4 100644
--- a/patterns/roks/module/variables.tf
+++ b/patterns/roks/module/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/roks/override.json b/patterns/roks/override.json
index cbb9b0da7..140007f61 100644
--- a/patterns/roks/override.json
+++ b/patterns/roks/override.json
@@ -125,6 +125,7 @@
}
],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"key_management": {
"keys": [
{
diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf
index fb280bb96..bb9be1f9d 100644
--- a/patterns/roks/variables.tf
+++ b/patterns/roks/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/vpc/main.tf b/patterns/vpc/main.tf
index 0e3cabc88..49d696092 100644
--- a/patterns/vpc/main.tf
+++ b/patterns/vpc/main.tf
@@ -26,6 +26,7 @@ module "vpc_landing_zone" {
network_cidr = var.network_cidr
vpcs = var.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
add_kms_block_storage_s2s = var.add_kms_block_storage_s2s
ibmcloud_api_key = var.ibmcloud_api_key
add_atracker_route = var.add_atracker_route
diff --git a/patterns/vpc/module/config.tf b/patterns/vpc/module/config.tf
index 6338dd757..54397026d 100644
--- a/patterns/vpc/module/config.tf
+++ b/patterns/vpc/module/config.tf
@@ -106,6 +106,7 @@ locals {
resource_groups = module.dynamic_values.resource_groups
vpcs = module.dynamic_values.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
transit_gateway_resource_group = "${var.prefix}-service-rg"
transit_gateway_connections = module.dynamic_values.vpc_list
object_storage = module.dynamic_values.object_storage
@@ -217,6 +218,7 @@ locals {
vpcs = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
vpn_gateways = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
enable_transit_gateway = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+ transit_gateway_global = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
transit_gateway_connections = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
ssh_keys = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys)
diff --git a/patterns/vpc/module/main.tf b/patterns/vpc/module/main.tf
index a0972acd1..e4ab4c237 100644
--- a/patterns/vpc/module/main.tf
+++ b/patterns/vpc/module/main.tf
@@ -12,6 +12,7 @@ module "landing_zone" {
vpcs = local.env.vpcs
vpn_gateways = local.env.vpn_gateways
enable_transit_gateway = local.env.enable_transit_gateway
+ transit_gateway_global = local.env.transit_gateway_global
transit_gateway_resource_group = local.env.transit_gateway_resource_group
transit_gateway_connections = local.env.transit_gateway_connections
ssh_keys = local.env.ssh_keys
diff --git a/patterns/vpc/module/variables.tf b/patterns/vpc/module/variables.tf
index 9692b5eef..9b8a07731 100644
--- a/patterns/vpc/module/variables.tf
+++ b/patterns/vpc/module/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/vpc/override.json b/patterns/vpc/override.json
index 38191e71b..358a85e92 100644
--- a/patterns/vpc/override.json
+++ b/patterns/vpc/override.json
@@ -54,6 +54,7 @@
}
],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"key_management": {
"keys": [
{
diff --git a/patterns/vpc/variables.tf b/patterns/vpc/variables.tf
index 11b5b31af..db6040200 100644
--- a/patterns/vpc/variables.tf
+++ b/patterns/vpc/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/vsi-quickstart/variables.tf b/patterns/vsi-quickstart/variables.tf
index 78d89999c..56411fb28 100644
--- a/patterns/vsi-quickstart/variables.tf
+++ b/patterns/vsi-quickstart/variables.tf
@@ -54,6 +54,7 @@ variable "override_json_string" {
"clusters": [],
"cos": [],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"key_management": {
"keys": [
{
diff --git a/patterns/vsi/main.tf b/patterns/vsi/main.tf
index 82a67f783..af614dc77 100644
--- a/patterns/vsi/main.tf
+++ b/patterns/vsi/main.tf
@@ -27,6 +27,7 @@ module "vsi_landing_zone" {
network_cidr = var.network_cidr
vpcs = var.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
ssh_public_key = var.ssh_public_key
ibmcloud_api_key = var.ibmcloud_api_key
existing_ssh_key_name = var.existing_ssh_key_name
diff --git a/patterns/vsi/module/config.tf b/patterns/vsi/module/config.tf
index 1a872da77..90be1560b 100644
--- a/patterns/vsi/module/config.tf
+++ b/patterns/vsi/module/config.tf
@@ -141,6 +141,7 @@ locals {
resource_groups = module.dynamic_values.resource_groups
vpcs = module.dynamic_values.vpcs
enable_transit_gateway = var.enable_transit_gateway
+ transit_gateway_global = var.transit_gateway_global
transit_gateway_resource_group = "${var.prefix}-service-rg"
transit_gateway_connections = module.dynamic_values.vpc_list
object_storage = module.dynamic_values.object_storage
@@ -252,6 +253,7 @@ locals {
vpcs = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
vpn_gateways = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
enable_transit_gateway = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+ transit_gateway_global = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
transit_gateway_connections = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
diff --git a/patterns/vsi/module/main.tf b/patterns/vsi/module/main.tf
index f21674588..a5033efa1 100644
--- a/patterns/vsi/module/main.tf
+++ b/patterns/vsi/module/main.tf
@@ -11,6 +11,7 @@ module "landing_zone" {
network_cidr = local.env.network_cidr
vpcs = local.env.vpcs
enable_transit_gateway = local.env.enable_transit_gateway
+ transit_gateway_global = local.env.transit_gateway_global
vpn_gateways = local.env.vpn_gateways
transit_gateway_resource_group = local.env.transit_gateway_resource_group
transit_gateway_connections = local.env.transit_gateway_connections
diff --git a/patterns/vsi/module/variables.tf b/patterns/vsi/module/variables.tf
index 189c8ddb1..af989fdd9 100644
--- a/patterns/vsi/module/variables.tf
+++ b/patterns/vsi/module/variables.tf
@@ -77,6 +77,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. Use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/patterns/vsi/override.json b/patterns/vsi/override.json
index d90992aa0..1ecef7171 100644
--- a/patterns/vsi/override.json
+++ b/patterns/vsi/override.json
@@ -54,6 +54,7 @@
}
],
"enable_transit_gateway": true,
+ "transit_gateway_global": false,
"key_management": {
"keys": [
{
diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf
index 09f658748..d09979d21 100644
--- a/patterns/vsi/variables.tf
+++ b/patterns/vsi/variables.tf
@@ -77,6 +77,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "add_atracker_route" {
description = "Atracker can only have one route per zone. Use this value to disable or enable the creation of atracker route"
type = bool
diff --git a/transit_gateway.tf b/transit_gateway.tf
index 964b4f2ad..624736994 100644
--- a/transit_gateway.tf
+++ b/transit_gateway.tf
@@ -7,7 +7,7 @@ resource "ibm_tg_gateway" "transit_gateway" {
count = var.enable_transit_gateway ? 1 : 0
name = "${var.prefix}-transit-gateway"
location = var.region
- global = false
+ global = var.transit_gateway_global
resource_group = local.resource_groups[var.transit_gateway_resource_group]
timeouts {
diff --git a/variables.tf b/variables.tf
index eb1a77143..ed3254e5c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -218,6 +218,12 @@ variable "enable_transit_gateway" {
default = true
}
+variable "transit_gateway_global" {
+ description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+ type = bool
+ default = false
+}
+
variable "transit_gateway_resource_group" {
description = "Name of resource group to use for transit gateway. Must be included in `var.resource_group`"
type = string