Skip to content

Transit Gateway Attachment

Define Customer Gateways

Define the customer gateway variable. The value for ip_address should be the on-prem public IP. 

1
2
3
4
5
cgws = {
    sapphire_customer_gateway = {
        ip_address = "104.182.121.115"
    }
}

Define Transit VPN Gateway Routes

Add routes for the on-prem subnet to the transit gateway specifying the key for the VPN (defined below) as the destination. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
tgws = {
    sapphire_transit_gateway = {
        route_tables = {
            default = {
                routes = {
                    blackhole = {
                        destination_cidr_block = "0.0.0.0/0"
                        blackhole = true
                    }
                }
            }
            sapphire_route_table_a = {
                routes = {
                    sapphire_routes_a = {}
                    sapphire_routes_b = {
                        vpn = "sapphire_vpn"
                        destination_cidr_block = "192.168.1.0/24"
                    }
                }
            }
        }
        attachments = {
            LAB = {
                subnets = ["SapphirePrivateAZ1", "SapphirePrivateAZ2"]
                route_table = "sapphire_route_table_a"
            }
        }
    }
}

Define VPNs

Define the VPN variable specifying the key for the customer_gateway and transit_gateway (defined in previous steps above) to be attached. Routing is handled by the transit gateway, so there is no need to define routes here. local_ipv4_network_cidr should be the on-prem private subnet, and remote_ipv4_network_cidr should be the AWS private subnet. 

1
2
3
4
5
6
7
8
vpns =  {
    sapphire_vpn = { 
        customer_gateway = "sapphire_customer_gateway"
        transit_gateway = "sapphire_transit_gateway"
        local_ipv4_network_cidr = "192.168.1.0/24"
        remote_ipv4_network_cidr = "10.197.0.0/25"
    }
}