From 4c00b9942969190ebef7937b61e0169f3670d175 Mon Sep 17 00:00:00 2001 From: Jim Enright Date: Wed, 18 Dec 2024 09:44:14 +0000 Subject: [PATCH] Add multi-az mapping of proxy route table to NLB ENIs Signed-off-by: Jim Enright --- modules/terraform-aws-proxy/defaults.tf | 20 ++------------------ modules/terraform-aws-proxy/main.tf | 5 ++++- modules/terraform-aws-proxy/variables.tf | 1 + 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/modules/terraform-aws-proxy/defaults.tf b/modules/terraform-aws-proxy/defaults.tf index 98521c7..31107c6 100644 --- a/modules/terraform-aws-proxy/defaults.tf +++ b/modules/terraform-aws-proxy/defaults.tf @@ -34,9 +34,10 @@ locals { route_tables_to_update = flatten([ for route in var.route_tables_to_update : [ - for rt in route.route_tables : + for rti, rt in route.route_tables : { route_table = rt + availability_zone = try(route.availability_zones[rti], null) destination_cidr_block = route.destination_cidr_block } ] @@ -51,21 +52,4 @@ locals { } ] - # TODO: Explore better rt to eni mapping with the below - # route_table_details = [ - # for rt in data.aws_route_table.proxy_rt : - # { - # rt_id = rt.id - # subnet_ids = rt.associations[*].subnet_id - # } - # ] - - route_table_to_lb_eni_assoc = { - for k, v in data.aws_route_table.proxy_rt : v.id => { - # TODO: eni of same subnet assoc if possible otherwise the first eni_id in lb_eni_details - eni = local.lb_eni_details[0].eni_id - } - } - - } \ No newline at end of file diff --git a/modules/terraform-aws-proxy/main.tf b/modules/terraform-aws-proxy/main.tf index ea67d91..6405c19 100644 --- a/modules/terraform-aws-proxy/main.tf +++ b/modules/terraform-aws-proxy/main.tf @@ -183,5 +183,8 @@ resource "aws_route" "vpc_tgw_route" { route_table_id = each.value.route_table destination_cidr_block = each.value.destination_cidr_block - network_interface_id = local.route_table_to_lb_eni_assoc[each.value.route_table].eni + # Where route table AZ info is available, use Network LB ENI from same AZ as subnet where route table is associated. Otherwise set to first LB ENI + # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/16759#issuecomment-1768591117 + network_interface_id = try(element([for lbeni in tolist(local.lb_eni_details) : lbeni.eni_id if lbeni.az == each.value.availability_zone], 0), local.lb_eni_details[0].eni_id) + } diff --git a/modules/terraform-aws-proxy/variables.tf b/modules/terraform-aws-proxy/variables.tf index 5a417f4..98efee0 100644 --- a/modules/terraform-aws-proxy/variables.tf +++ b/modules/terraform-aws-proxy/variables.tf @@ -243,6 +243,7 @@ variable "route_tables_to_update" { description = "List of any route tables to update to point to the Network interface of the Proxy VM" type = list(object({ route_tables = list(string) + availability_zones = optional(list(string)) destination_cidr_block = string }))