본문 바로가기
공부/IaC

[Terraform/AWS] cross account TGW-DX Attach

by haejang 2025. 2. 5.
728x90
728x90

 

 

 

이번에 팔자에도 없던 DX를 좀 보게 되었다.

Transit Gateway에 DX GW를 Attach해야 했는데, 다중 프로바이더 환경에서 테라폼으로 작업할 때 좀 해멨어서 이렇게 남긴다.

 

먼저, 동일 프로바이더 환경에서 TGW, DX GW를 만들고 Attach시키는건 다음과 같다.

 

# TGW 생성
resource "aws_ec2_transit_gateway" "this" {
  description = "honglab-tgw"
}

# DX GW 생성
resource "aws_dx_gateway" "this" {
  name            = "honglab-dx"
  amazon_side_asn = "64512"
}

# DX GW - TGW Association 생성
# -> TGW Attach 리소스가 자동으로 생성됨
resource "aws_dx_gateway_association" "this" {
  dx_gateway_id         = aws_dx_gateway.this.id
  associated_gateway_id = aws_ec2_transit_gateway.this.id

  allowed_prefixes = []
}

# 자동으로 생성된 TGW Attach 정보를 알아내기 위한 data블럭
data "aws_ec2_transit_gateway_dx_gateway_attachment" "this" {
  transit_gateway_id = aws_ec2_transit_gateway.this.id
  dx_gateway_id      = aws_dx_gateway_association.this.dx_gateway_id
}

# 자동으로 생성된 TGW Attach에 태깅
resource "aws_ec2_tag" "this" {
  for_each    = local.tags
  resource_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.this.id
  key         = each.key
  value       = each.value
}

 

이후 `data.aws_ec2_transit_gateway_dx_gateway_attachment.this.id` 값을 가지고 TGW 라우팅 테이블에 association / propagation 시킬 수 있다.

 

 

다중 프로바이더의 경우는 DXGW가 존재하는 계정에서 `aws_dx_gateway_association_proposal` 란 리소스를 통해 타 계정의 TGW와 association될 수 있다.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dx_gateway_association_proposal

 

Terraform Registry

 

registry.terraform.io

 

# TGW 생성
resource "aws_ec2_transit_gateway" "this" {
  provider = aws.tgw
  description = "honglab-tgw"
}

# DX GW 생성
resource "aws_dx_gateway" "this" {
  provider = aws.dxgw
  name            = "honglab-dx"
  amazon_side_asn = "64512"
}

# DX GW를 타 계정의 TGW에 Association하기 위한 proposal
resource "aws_dx_gateway_association_proposal" "this" {
  provider = aws.tgw

  dx_gateway_id               = aws_dx_gateway.this.id
  dx_gateway_owner_account_id = local.dxgw_account_id
  associated_gateway_id       = aws_ec2_transit_gateway.this.id

  allowed_prefixes = []
}

# DX GW - TGW Association 생성
resource "aws_dx_gateway_association" "this" {
  provider = aws.dxgw

  proposal_id                         = aws_dx_gateway_association_proposal.this.id
  dx_gateway_id                       = aws_dx_gateway.this.id
  associated_gateway_owner_account_id = local.tgw_account_id

  allowed_prefixes = []
}

# 자동으로 생성된 TGW Attach 정보를 알아내기 위한 data블럭
data "aws_ec2_transit_gateway_dx_gateway_attachment" "this" {
  transit_gateway_id = aws_ec2_transit_gateway.this.id
  dx_gateway_id      = aws_dx_gateway_association.this.dx_gateway_id
}

# 자동으로 생성된 TGW Attach에 태깅
resource "aws_ec2_tag" "this" {
  for_each    = local.tags
  resource_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.this.id
  key         = each.key
  value       = each.value
}

 

 

 

끝~

 

 

728x90
728x90
저작자표시 비영리

'공부 > IaC' 카테고리의 다른 글

[OpenTofu] 프로바이더 반복하기  (1) 2024.12.19
l-with/terraform-provider-ldap issue 등록  (0) 2024.08.16
digitickets/terraform-aws-cli 모듈 기여  (1) 2024.08.07
[Terraform] 캐치테이블 테라폼 환경 소개  (4) 2024.05.18
[Terraform] AD User 만들기  (8) 2024.01.31

관련글

댓글

티스토리툴바