Deploys a VPC/VNET/VCN and Aviatrix Transit gateways.
| Module version | Terraform version | Controller version | Terraform provider version |
|---|---|---|---|
| v1.1.0 | 0.13-1.x | >= 6.6 | 2.21.0-6.6.ga |
| v1.0.1 | 0.13-1.x | 6.4 - 6.5 | >= 2.19.0 |
| v1.0.0 | 0.13-1.x | 6.4 - 6.5 | >= 2.19.0 |
See examples
The following variables are required:
| key | value |
|---|---|
| cloud | Cloud where this is deployed. Valid values: "AWS", "Azure", "ALI", "OCI", "GCP" |
| region | Cloud region to deploy this VPC/VNET/VCN in |
| cidr | What ip CIDR to use for this VPC/VNET/VCN |
| account | The account name as known by the Aviatrix controller |
The following variables are optional:
= AWS, 
= Azure, 
= GCP, 
= OCI, 
= Alibaba
| Key | Supported_CSP's | Default value | Description |
|---|---|---|---|
| az_support | |
true | Set to false if the region does not support Availability Zones. |
| az1 | |
a az-1 b |
Concatenates with region to form az names. e.g. eu-central-1a. Used for insane mode only. |
| az2 | |
b az-2 c |
Concatenates with region to form az names. e.g. eu-central-1b. Used for insane mode only. |
| bgp_ecmp | |
false | Enable Equal Cost Multi Path (ECMP) routing for the next hop |
| bgp_lan_interfaces | |
Interfaces to run BGP protocol on top of the ethernet interface | |
| bgp_manual_spoke_advertise_cidrs | |
Intended CIDR list to advertise via BGP. Example: "10.2.0.0/16,10.4.0.0/16" | |
| bgp_polling_time | |
50 | BGP route polling time. Unit is in seconds |
| connected_transit | |
true | Set to false to disable connected_transit |
| customer_managed_keys | |
Customer managed key ID for EBS Volume encryption. | |
| enable_advertise_transit_cidr | |
false | Switch to enable/disable advertise transit VPC network CIDR for a VGW connection |
| enable_bgp_over_lan | |
false | Enable BGP over LAN. Creates interface for integration with SDWAN or other BGP peerings over LAN. |
| enable_egress_transit_firenet | |
false | Enable Egress Transit FireNet |
| enable_encrypt_volume | |
false | Set to true to enable EBS volume encryption for Gateway. |
| enable_firenet | |
false | Sign of readiness for FireNet connection with TGW |
| enable_multi_tier_transit | |
false | Switch to enable multi tier transit |
| enable_segmentation | |
false | Switch to true to enable transit segmentation |
| enable_transit_firenet | |
false | Sign of readiness for Transit FireNet connection |
| ha_bgp_lan_interfaces | |
Interfaces to run BGP protocol on top of the ethernet interface | |
| ha_cidr | |
The IP CIDR to be used to create ha_region spoke subnet. Only required when ha_region is set. | |
| ha_gw | |
true | Set to false if you only want to deploy a single Aviatrix spoke gateway |
| ha_region | |
Region for multi region HA. HA is multi-az single region by default, but will become multi region when this is set. | |
| hybrid_connection | |
false | Sign of readiness for TGW connection |
| insane_mode | |
false | Set to true to enable insane mode encryption |
| instance_size | |
t3.medium Standard_B1ms n1-standard-1 VM.Standard2.2 ecs.g5ne.large |
The size of the Aviatrix transit gateways. |
| instance_size (insane mode) | |
c5n.large Standard_D3_v2 n1-highcpu-4 VM.Standard2.2 |
The size of the Aviatrix transit gateways when insane mode is enabled. |
| learned_cidr_approval | |
false | Switch to true to enable learned CIDR approval |
| learned_cidrs_approval_mode | |
Learned cidrs approval mode. Defaults to Gateway. Valid values: gateway, connection | |
| local_as_number | |
Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations. | |
| name | |
avx-<region>-transit | Name for this Transit VPC/VNET/VCN and it's gateways |
| single_az_ha | |
true | Set to false if Controller managed Gateway HA is desired |
| single_ip_snat | |
false | Specify whether to enable Source NAT feature in single_ip mode on the gateway or not. Please disable AWS NAT instance before enabling this feature. Currently only supports AWS(1) and AZURE(8) |
| tags | |
Map of tags to assign to the gateway. | |
| tunnel_detection_time | |
The IPsec tunnel down detection time for the Spoke Gateway in seconds. Must be a number in the range [20-600]. Default is 60. |
This module will return the following outputs:
| key | description |
|---|---|
| vpc | The created VPC as an object with all of it's attributes (when use_existing_vpc is false). This was created using the aviatrix_vpc resource. |
| transit_gateway | The created Aviatrix transit gateway as an object with all of it's attributes. |