feat(subnet-group): support aws v6 ofor transit_gateway_attachments

Author: posquit0

modules/subnet-group/README.md

@@ -84,7 +84,7 @@ This module creates following resources.
 | <a name="input_shares"></a> [shares](#input\_shares) | (Optional) A list of resource shares via RAM (Resource Access Manager). | <pre>list(object({<br/>    name = optional(string)<br/><br/>    permissions = optional(set(string), ["AWSRAMDefaultPermissionSubnet"])<br/><br/>    external_principals_allowed = optional(bool, false)<br/>    principals                  = optional(set(string), [])<br/><br/>    tags = optional(map(string), {})<br/>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | (Optional) How long to wait for the subnet group to be created/deleted. | <pre>object({<br/>    create = optional(string, "10m")<br/>    delete = optional(string, "20m")<br/>  })</pre> | `{}` | no |
-| <a name="input_transit_gateway_attachments"></a> [transit\_gateway\_attachments](#input\_transit\_gateway\_attachments) | (Optional) A list of configurations for Transit Gateway VPC attachments. Each block of `transit_gateway_attachments` as defined below.<br/>    (Required) `name` - The name of the Transit Gateway VPC attachment.<br/>    (Required) `transit_gateway` - The ID of the Transit Gateway.<br/>    (Optional) `appliance_mode_enabled` - Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.<br/>    (Optional) `dns_support_enabled` - Whether to enable Domain Name System resolution for VPCs attached to this transit gateway. Defaults to `true`.<br/>    (Optional) `ipv6_enabled` - Whether to enable IPv6 support. Defaults to `false`.<br/>    (Optional) `default_association_route_table_enabled` - Whether to automatically associate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.<br/>    (Optional) `default_propagation_route_table_enabled` - Whether to automatically propagate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.<br/>    (Optional) `tags` - A map of tags to add to the vpc association. | <pre>list(object({<br/>    name                                    = string<br/>    transit_gateway                         = string<br/>    appliance_mode_enabled                  = optional(bool, false)<br/>    dns_support_enabled                     = optional(bool, true)<br/>    ipv6_enabled                            = optional(bool, false)<br/>    default_association_route_table_enabled = optional(bool, false)<br/>    default_propagation_route_table_enabled = optional(bool, false)<br/><br/>    tags = optional(map(string), {})<br/>  }))</pre> | `[]` | no |
+| <a name="input_transit_gateway_attachments"></a> [transit\_gateway\_attachments](#input\_transit\_gateway\_attachments) | (Optional) A list of configurations for Transit Gateway VPC attachments. Each block of `transit_gateway_attachments` as defined below.<br/>    (Required) `name` - The name of the Transit Gateway VPC attachment.<br/>    (Required) `transit_gateway` - The ID of the Transit Gateway.<br/>    (Optional) `appliance_mode_enabled` - Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.<br/>    (Optional) `dns_support_enabled` - Whether to enable Domain Name System resolution for VPCs attached to this transit gateway. Defaults to `true`.<br/>    (Optional) `ipv6_enabled` - Whether to enable IPv6 support. Defaults to `false`.<br/>    (Optional) `security_group_referencing_enabled` - Whether to enable security group referencing support. Defaults to `false`.<br/>    (Optional) `default_association_route_table_enabled` - Whether to automatically associate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.<br/>    (Optional) `default_propagation_route_table_enabled` - Whether to automatically propagate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.<br/>    (Optional) `tags` - A map of tags to add to the vpc association. | <pre>list(object({<br/>    name                                    = string<br/>    transit_gateway                         = string<br/>    appliance_mode_enabled                  = optional(bool, false)<br/>    dns_support_enabled                     = optional(bool, true)<br/>    ipv6_enabled                            = optional(bool, false)<br/>    security_group_referencing_enabled      = optional(bool, false)<br/>    default_association_route_table_enabled = optional(bool, false)<br/>    default_propagation_route_table_enabled = optional(bool, false)<br/><br/>    tags = optional(map(string), {})<br/>  }))</pre> | `[]` | no |
 
 ## Outputs
 

modules/subnet-group/integrations.tf

@@ -15,6 +15,8 @@ data "aws_ec2_transit_gateway" "this" {
     attachment.name => attachment.transit_gateway
   }
 
+  region = var.region
+
   filter {
     name   = "transit-gateway-id"
     values = [each.value]
@@ -27,14 +29,18 @@ resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
     attachment.name => attachment
   }
 
+  region = var.region
+
   vpc_id     = var.vpc_id
   subnet_ids = values(aws_subnet.this)[*].id
 
   transit_gateway_id = each.value.transit_gateway
 
-  appliance_mode_support = each.value.appliance_mode_enabled ? "enable" : "disable"
-  dns_support            = each.value.dns_support_enabled ? "enable" : "disable"
-  ipv6_support           = each.value.ipv6_enabled ? "enable" : "disable"
+  appliance_mode_support             = each.value.appliance_mode_enabled ? "enable" : "disable"
+  dns_support                        = each.value.dns_support_enabled ? "enable" : "disable"
+  ipv6_support                       = each.value.ipv6_enabled ? "enable" : "disable"
+  security_group_referencing_support = each.value.security_group_referencing_enabled ? "enable" : "disable"
+
   transit_gateway_default_route_table_association = (local.account_id == data.aws_ec2_transit_gateway.this[each.key].owner_id
     ? each.value.default_association_route_table_enabled
     : null

modules/subnet-group/outputs.tf

@@ -140,6 +140,7 @@ output "transit_gateway_attachments" {
       appliance_mode_enabled                  = attachment.appliance_mode_support == "enable"
       dns_support_enabled                     = attachment.dns_support == "enable"
       ipv6_enabled                            = attachment.ipv6_support == "enable"
+      security_group_referencing_enabled      = attachment.security_group_referencing_support == "enable"
       default_association_route_table_enabled = attachment.transit_gateway_default_route_table_association
       default_propagation_route_table_enabled = attachment.transit_gateway_default_route_table_propagation
     }

modules/subnet-group/variables.tf

@@ -222,6 +222,7 @@ variable "transit_gateway_attachments" {
     (Optional) `appliance_mode_enabled` - Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.
     (Optional) `dns_support_enabled` - Whether to enable Domain Name System resolution for VPCs attached to this transit gateway. Defaults to `true`.
     (Optional) `ipv6_enabled` - Whether to enable IPv6 support. Defaults to `false`.
+    (Optional) `security_group_referencing_enabled` - Whether to enable security group referencing support. Defaults to `false`.
     (Optional) `default_association_route_table_enabled` - Whether to automatically associate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
     (Optional) `default_propagation_route_table_enabled` - Whether to automatically propagate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
     (Optional) `tags` - A map of tags to add to the vpc association.
@@ -232,6 +233,7 @@ variable "transit_gateway_attachments" {
     appliance_mode_enabled                  = optional(bool, false)
     dns_support_enabled                     = optional(bool, true)
     ipv6_enabled                            = optional(bool, false)
+    security_group_referencing_enabled      = optional(bool, false)
     default_association_route_table_enabled = optional(bool, false)
     default_propagation_route_table_enabled = optional(bool, false)