README.md

IBM Cloud Transit Gateway - Terraform Module

With IBM Cloud® Transit Gateway, you can create single or multiple transit gateways to connect VPCs. You can also connect your IBM Cloud classic infrastructure to a transit gateway to provide seamless communication with classic infrastructure resources. Any new network that you connect to a transit gateway is then made available to every other network connected to it. For more information, see About IBM Cloud Transit Gateway in the IBM Cloud docs.

This module includes the terraform-ibm-transit-gateway-action approval action submodule that supports approving or rejecting connection requests in cross-account VPC connections.

Overview

• terraform-ibm-transit-gateway
• Submodules
  • terraform-ibm-transit-gateway-action
• Examples
  • Example transit gateway that connects two VPCs in two accounts
  • Example transit gateway that connects two VPCs with prefix filtering
  • Example transit gateway that connects two VPCs
  • Example basic transit gateway
• Contributing

terraform-ibm-transit-gateway

Usage

data "ibm_resource_group" "resource_group" {
  name = "resource_group_name"
}

module "tg_gateway_connection" {
  source                    = "terraform-ibm-modules/transit-gateway/ibm"
  version                   = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  transit_gateway_name      = "transit gateway name"
  location                  = "eu-de"
  global_routing            = true
  tags                      = ["tag1", "tag2"]
  resource_group_id         = data.ibm_resource_group.resource_group.id
  vpc_connections           = ["crn:v1:bluemix:public:is:eu-de:a/7aa6f7b185f2e3170fac9919aa1769ee::vpc:r010-a9fdc623-d702-4381-a116-07546dba1b87","crn:v1:bluemix:public:is:eu-de:a/7aa6f7b185f2e3170fac9919aa1769ee::vpc:r010-4c39039d-e7ef-411d-a191-3cb549dc41a1"]
  classic_connections_count = false
}

Required IAM access policies

You need the following permissions to run this module.

• IAM services
  • IBM Cloud Transit Gateway service
    • Editor platform access
  • No service access
    • Resource Group <your resource group>
    • Viewer resource group access

Requirements

Name	Version
terraform	>= 1.0.0
ibm	>= 1.69.0, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_tg_connection.classic_connections	resource
ibm_tg_connection.vpc_connections	resource
ibm_tg_connection_prefix_filter.add_prefix_filter	resource
ibm_tg_gateway.tg_gw_instance	resource
ibm_tg_gateway.existing_tg_gw_instance	data source

Inputs

Name	Description	Type	Default	Required
add_prefix_filters	Map of VPC CRN to optionally add prefix filter to set an ordered list of filters that determine the routes that transit gateway should accept or deny. Connections are denied or permitted based on the order of the filters passed. See https://cloud.ibm.com/docs/transit-gateway?topic=transit-gateway-adding-prefix-filters&interface=ui	list(object({ action = string prefix = string le = optional(number) ge = optional(number) before = optional(string) connection = string }))	[]	no
classic_connections_count	Number of classic connections to add.	number	n/a	yes
delete_timeout	Deleting timeout value of the ibm_tg_gateway	string	"45m"	no
existing_transit_gateway_name	Name of an existing transit gateway to connect VPCs. If null a new Transit Gateway will be created (transit_gateway_name and region required)	string	null	no
global_routing	Gateways with global routing (true) to connect to the networks outside their associated region	bool	false	no
region	The IBM Cloud region where all resources are provisioned. It can be null if existing_transit_gateway_name is not null	string	null	no
resource_group_id	Resource group ID where the transit gateway to be created.	string	null	no
resource_tags	List of tags	list(string)	null	no
transit_gateway_name	Name of the transit gateway to create. It can be null if existing_transit_gateway_name is not null	string	null	no
vpc_connections	The list of VPC instance connections with their associated default prefix filter. Customise the default filter setting for each VPC connections to permit or deny specifiv IP ranges. permit makes it to accept all prefixes after processing all the entries in the prefix filters list. deny makes it to deny all prefixes after processing all the entries in the prefix filters list. By default it is set to permit. Refer to https://cloud.ibm.com/docs/transit-gateway?topic=transit-gateway-adding-prefix-filters&interface=ui for more details.	list(object({ vpc_crn = string default_prefix_filter = optional(string) }))	n/a	yes

Outputs

Name	Description
classic_conn_ids	List of classic connection IDs
filter_ids	Prefix filter IDs
tg_crn	CRN of the gateway
tg_id	The ID of the transit gateway
vpc_conn_ids	List of VPC connection IDs

Contributing

To set up your local development environment, see Local development setup in the project documentation.