# East/West traffic, with Spoke VPCs attached to a peered AWS Transit Gateway and Inspection VPCs attached to AWS Cloud WAN
## Prerequisites
- An AWS account with an IAM user with the appropriate permissions
- Terraform installed
## Code Principles:
- Writing DRY (Do No Repeat Yourself) code using a modular design pattern
## Usage
- Clone the repository
- (Optional) Edit the variables.tf file in the project root directory - if you want to test with different parameters.
- Deploy the resources using `terraform apply`.
- Remember to clean up resoures once you are done by using `terraform destroy`.
**Note** EC2 instances, VPC endpoints, and AWS Network Firewall endpoints will be deployed in all the Availability Zones configured for each VPC. Keep this in mind when testing this environment from a cost perspective - for production environments, we recommend the use of at least 2 AZs for high-availability.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [aws](#requirement\_aws) | >= 4.57.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.57.0 |
| [aws.awsnvirginia](#provider\_aws.awsnvirginia) | 4.57.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [iam](#module\_iam) | ../modules/iam | n/a |
| [ireland\_compute](#module\_ireland\_compute) | ../modules/compute | n/a |
| [ireland\_endpoints](#module\_ireland\_endpoints) | ../modules/endpoints | n/a |
| [ireland\_inspection](#module\_ireland\_inspection) | ./modules/inspection | n/a |
| [ireland\_inspection\_vpc](#module\_ireland\_inspection\_vpc) | aws-ia/vpc/aws | = 4.0.0 |
| [ireland\_spoke\_vpcs](#module\_ireland\_spoke\_vpcs) | aws-ia/vpc/aws | = 4.0.0 |
| [ireland\_transit\_gateway](#module\_ireland\_transit\_gateway) | ./modules/transit_gateway | n/a |
| [nvirginia\_compute](#module\_nvirginia\_compute) | ../modules/compute | n/a |
| [nvirginia\_endpoints](#module\_nvirginia\_endpoints) | ../modules/endpoints | n/a |
| [nvirginia\_inspection](#module\_nvirginia\_inspection) | ./modules/inspection | n/a |
| [nvirginia\_inspection\_vpc](#module\_nvirginia\_inspection\_vpc) | aws-ia/vpc/aws | = 4.0.0 |
| [nvirginia\_spoke\_vpcs](#module\_nvirginia\_spoke\_vpcs) | aws-ia/vpc/aws | = 4.0.0 |
| [nvirginia\_transit\_gateway](#module\_nvirginia\_transit\_gateway) | ./modules/transit_gateway | n/a |
| [sydney\_compute](#module\_sydney\_compute) | ../modules/compute | n/a |
| [sydney\_endpoints](#module\_sydney\_endpoints) | ../modules/endpoints | n/a |
| [sydney\_inspection](#module\_sydney\_inspection) | ./modules/inspection | n/a |
| [sydney\_inspection\_vpc](#module\_sydney\_inspection\_vpc) | aws-ia/vpc/aws | = 4.0.0 |
| [sydney\_spoke\_vpcs](#module\_sydney\_spoke\_vpcs) | aws-ia/vpc/aws | = 4.0.0 |
| [sydney\_transit\_gateway](#module\_sydney\_transit\_gateway) | ./modules/transit_gateway | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_networkmanager_core_network.core_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_core_network) | resource |
| [aws_networkmanager_core_network_policy_attachment.core_network_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_core_network_policy_attachment) | resource |
| [aws_networkmanager_global_network.global_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkmanager_global_network) | resource |
| [aws_networkmanager_core_network_policy_document.core_network_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/networkmanager_core_network_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [aws\_regions](#input\_aws\_regions) | AWS Regions to create the environment. | `map(any)` | {
"ireland": {
"code": "eu-west-1",
"tgw_asn": 64515
},
"nvirginia": {
"code": "us-east-1",
"tgw_asn": 64516
},
"sydney": {
"code": "ap-southeast-2",
"tgw_asn": 64517
}
} | no |
| [identifier](#input\_identifier) | Project Identifier, used as identifer when creating resources. | `string` | `"ew-tgw-spoke-vpcs"` | no |
| [ireland\_inspection\_vpc](#input\_ireland\_inspection\_vpc) | Information about the Inspection VPC to create in eu-west-1. | `any` | {
"cidr_block": "10.100.0.0/16",
"cnetwork_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"inspection_subnet_netmask": 28,
"name": "inspection-eu-west-1",
"number_azs": 2
} | no |
| [ireland\_spoke\_vpcs](#input\_ireland\_spoke\_vpcs) | Information about the VPCs to create in eu-west-1. | `any` | {
"dev": {
"cidr_block": "10.0.1.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "dev-eu-west-1",
"number_azs": 2,
"segment": "dev",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
},
"prod": {
"cidr_block": "10.0.0.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "prod-eu-west-1",
"number_azs": 2,
"segment": "prod",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
}
} | no |
| [nvirginia\_inspection\_vpc](#input\_nvirginia\_inspection\_vpc) | Information about the Inspection VPC to create in us-east-1. | `any` | {
"cidr_block": "10.100.0.0/16",
"cnetwork_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"inspection_subnet_netmask": 28,
"name": "inspection-us-east-1",
"number_azs": 2
} | no |
| [nvirginia\_spoke\_vpcs](#input\_nvirginia\_spoke\_vpcs) | Information about the VPCs to create in us-east-1. | `any` | {
"dev": {
"cidr_block": "10.10.1.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "dev-us-east-1",
"number_azs": 2,
"segment": "dev",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
},
"prod": {
"cidr_block": "10.10.0.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "prod-us-east-1",
"number_azs": 2,
"segment": "prod",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
}
} | no |
| [segment\_configuration](#input\_segment\_configuration) | Core Network Segment configuration. | `string` | `"default"` | no |
| [sydney\_inspection\_vpc](#input\_sydney\_inspection\_vpc) | Information about the Inspection VPC to create in ap-southeast-2. | `any` | {
"cidr_block": "10.100.0.0/16",
"cnetwork_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"inspection_subnet_netmask": 28,
"name": "insp-ap-southeast-2",
"number_azs": 2
} | no |
| [sydney\_spoke\_vpcs](#input\_sydney\_spoke\_vpcs) | Information about the VPCs to create in ap-southeast-2. | `any` | {
"dev": {
"cidr_block": "10.20.1.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "dev-ap-southeast-2",
"number_azs": 2,
"segment": "dev",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
},
"prod": {
"cidr_block": "10.20.0.0/24",
"endpoint_subnet_netmask": 28,
"flow_log_config": {
"log_destination_type": "cloud-watch-logs",
"retention_in_days": 7
},
"instance_type": "t2.micro",
"name": "prod-ap-southeast-2",
"number_azs": 2,
"segment": "prod",
"tgw_subnet_netmask": 28,
"workload_subnet_netmask": 28
}
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [cloud\_wan](#output\_cloud\_wan) | AWS Cloud WAN resources. |
| [vpcs](#output\_vpcs) | VPCs created. |