feat: added the ability to provision route table entries for the subnets

gambol99 · gambol99 · commit edfa11787e45 · 2025-04-01T17:29:23.000+01:00
diff --git a/modules/shared/locals.tf b/modules/shared/locals.tf
@@ -6,9 +6,11 @@ locals {
   subnets = merge([
     for k, v in var.subnets : {
       for i, cidr in v.cidrs : format("%s-%s", k, cidr) => {
-        name              = format("%s-%s-%s", var.name, k, data.aws_availability_zones.current.names[i])
         availability_zone = data.aws_availability_zones.current.names[i]
         cidr_block        = cidr
+        name              = format("%s-%s-%s", var.name, k, data.aws_availability_zones.current.names[i])
+        subnet_prefix     = format("%s-%s-", var.name, k)
+        subnet_name       = k
       }
     }
   ]...)
@@ -35,4 +37,12 @@ locals {
 
   ## A collection of tags to apply to the subnets
   tags = merge(var.tags, {})
+
+  ## A collection of subnets ids by the name
+  subnets_ids_by_name = {
+    for k, v in var.subnets : k => [for s in aws_subnet.subnets : s.id if startswith(s.tags["Name"], format("%s-%s-", var.name, k))]
+  }
+
+  ## A list of all the subnet ids 
+  subnets_ids = flatten([for k, v in local.subnets_ids_by_name : local.subnets_ids_by_name[k]])
 }
diff --git a/modules/shared/outputs.tf b/modules/shared/outputs.tf
@@ -8,3 +8,28 @@ output "outbound_network_acls" {
   description = "The outbound network ACLs provisioned"
   value       = local.network_outbound_acls
 }
+
+output "subnets_map" {
+  description = "A map of the subnets"
+  value       = local.subnets
+}
+
+output "subnet_ids_by_name" {
+  description = "A map of the subnets ids by the name"
+  value       = local.subnets_ids_by_name
+}
+
+output "subnet_ids" {
+  description = "A list of all the subnet ids"
+  value       = local.subnets_ids
+}
+
+output "route_table" {
+  description = "The route table provisioned"
+  value       = aws_route_table.current.id
+}
+
+output "route_table_arn" {
+  description = "The route table arn"
+  value       = aws_route_table.current.arn
+}
diff --git a/modules/shared/routes.tf b/modules/shared/routes.tf
@@ -0,0 +1,33 @@
+## Related to the route tables
+
+## Provision a route table for the subnets
+resource "aws_route_table" "current" {
+  vpc_id = var.vpc_id
+  tags   = merge(local.tags, { Name = var.name })
+}
+
+## Associate all the subnets with the routing table
+resource "aws_route_table_association" "current" {
+  for_each = aws_subnet.subnets
+
+  subnet_id      = each.value.id
+  route_table_id = aws_route_table.current.id
+}
+
+## Provision routing entries
+resource "aws_route" "current" {
+  for_each = {
+    for idx, v in var.routes : v.cidr => v
+  }
+
+  carrier_gateway_id        = each.value.carrier_gateway_id
+  core_network_arn          = each.value.core_network_arn
+  destination_cidr_block    = each.value.cidr
+  egress_only_gateway_id    = each.value.egress_only_gateway_id
+  gateway_id                = each.value.gateway_id
+  local_gateway_id          = each.value.local_gateway_id
+  nat_gateway_id            = each.value.nat_gateway_id
+  network_interface_id      = each.value.network_interface_id
+  route_table_id            = aws_route_table.current.id
+  vpc_peering_connection_id = each.value.vpc_peering_connection_id
+}
diff --git a/modules/shared/variables.tf b/modules/shared/variables.tf
@@ -17,6 +17,7 @@ variable "share" {
     organizational_units = optional(list(string), [])
     ## A list of organizational units to share the subnets with
   })
+  default = {}
 }
 
 variable "permitted_subnets" {
@@ -35,11 +36,39 @@ variable "subnets" {
   description = "A collectionn of subnets to provision for the tenant"
   type = map(object({
     cidrs = list(string)
-    ## The cidr block to provision the subnets (optional)
   }))
   default = {}
 }
 
+variable "routes" {
+  description = "A collection of routes to add to the subnets"
+  type = list(object({
+    cidr = string
+    ## The cidr block to provision the subnets (optional)
+    carrier_gateway_id = optional(string, null)
+    ## Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.
+    core_network_arn = optional(string, null)
+    ## The Amazon Resource Name (ARN) of a core network.
+    egress_only_gateway_id = optional(string, null)
+    ## Identifier of a VPC Egress Only Internet Gateway.
+    gateway_id = optional(string, null)
+    ## Identifier of a VPC internet gateway or a virtual private gateway. Specify local when updating a previously imported local route.
+    nat_gateway_id = optional(string, null)
+    ## Identifier of a VPC NAT gateway.
+    local_gateway_id = optional(string, null)
+    ## Identifier of a Outpost local gateway.
+    network_interface_id = optional(string, null)
+    ## Identifier of an EC2 network interface.
+    transit_gateway_id = optional(string, null)
+    ## Identifier of an EC2 Transit Gateway.
+    vpc_endpoint_id = optional(string, null)
+    ## Identifier of a VPC Endpoint.
+    vpc_peering_connection_id = optional(string, null)
+    ## Identifier of a VPC peering connection.
+  }))
+  default = []
+}
+
 variable "tags" {
   description = "A map of tags to apply to the NACL"
   type        = map(string)
diff --git a/tests/subnets.tftest.hcl b/tests/subnets.tftest.hcl
@@ -44,6 +44,13 @@ run "validation_subnets_module" {
         cidrs = ["10.90.10.0/24", "10.90.11.0/24"]
       }
     }
+
+    routes = [
+      {
+        cidr       = "0.0.0.0/0"
+        gateway_id = "tgw-12345678"
+      }
+    ]
   }
 
   assert {
@@ -191,4 +198,29 @@ run "validation_subnets_module" {
     condition     = aws_ram_principal_association.accounts["123456789012"] != null
     error_message = "The expected the ram principal association for the accounts was not found"
   }
+
+  assert {
+    condition     = aws_route_table.current != null && aws_route_table.current.vpc_id == "vpc-12345678" && aws_route_table.current.tags["Name"] == "test"
+    error_message = "The expected the route table was not found"
+  }
+
+  assert {
+    condition     = aws_route_table_association.current["app-10.90.10.0/24"] != null
+    error_message = "The expected the route table association for the app subnets was not found"
+  }
+
+  assert {
+    condition     = aws_route_table_association.current["app-10.90.11.0/24"] != null && aws_route_table_association.current["app-10.90.10.0/24"] != null
+    error_message = "The expected the route table association for the app subnets was not found"
+  }
+
+  assert {
+    condition     = aws_route_table_association.current["web-10.90.0.0/24"] != null && aws_route_table_association.current["web-10.90.1.0/24"] != null
+    error_message = "The expected the route table association for the web subnets was not found"
+  }
+
+  assert {
+    condition     = aws_route.current["0.0.0.0/0"].gateway_id == "tgw-12345678"
+    error_message = "The expected the route was not found"
+  }
 }
