Fixed aws_vpn_gateway_route_propagation for default route table

Author: antonbabenko

examples/complete-vpc/README.md

@@ -3,7 +3,7 @@ Complete VPC
 
 Configuration in this directory creates set of VPC resources which may be sufficient for staging or production environment (look into [simple-vpc](../simple-vpc) for more simplified setup).
 
-There are public, private, database, ElastiCache subnets, NAT Gateways created in each availability zone.
+There are public, private, database, ElastiCache subnets, NAT and VPN Gateways created across several availability zones.
 
 Usage
 =====

examples/complete-vpc/main.tf

@@ -15,7 +15,7 @@ module "vpc" {
   create_database_subnet_group = false
 
   enable_nat_gateway = true
-  enable_vpn_gateway = true
+  single_nat_gateway = true
 
   enable_s3_endpoint       = true
   enable_dynamodb_endpoint = true
@@ -24,6 +24,11 @@ module "vpc" {
   dhcp_options_domain_name         = "service.consul"
   dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
 
+  enable_vpn_gateway                 = true
+  propagate_private_route_tables_vgw = true
+  propagate_public_route_tables_vgw  = true
+  propagate_default_route_tables_vgw = true
+
   tags = {
     Owner       = "user"
     Environment = "staging"

main.tf

@@ -359,6 +359,13 @@ resource "aws_vpn_gateway_route_propagation" "private" {
   vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}"
 }
 
+resource "aws_vpn_gateway_route_propagation" "default" {
+  count = "${var.create_vpc && var.propagate_default_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? 1 : 0}"
+
+  route_table_id = "${element(aws_default_route_table.this.*.id, count.index)}"
+  vpn_gateway_id = "${element(concat(aws_vpn_gateway.this.*.id, aws_vpn_gateway_attachment.this.*.vpn_gateway_id), count.index)}"
+}
+
 ###########
 # Defaults
 ###########
@@ -378,6 +385,12 @@ resource "aws_default_route_table" "this" {
   default_route_table_id = "${aws_vpc.this.default_route_table_id}"
 
   tags = "${merge(var.tags, var.default_route_table_tags, map("Name", format("%s-default", var.name)))}"
+
+  lifecycle {
+    # When attaching VPN gateways it is common to define aws_vpn_gateway_route_propagation
+    # resources that manipulate the attributes of the routing table (typically for the private subnets)
+    ignore_changes = ["propagating_vgws"]
+  }
 }
 
 resource "aws_main_route_table_association" "this" {

variables.tf

@@ -113,12 +113,17 @@ variable "vpn_gateway_id" {
 }
 
 variable "propagate_private_route_tables_vgw" {
-  description = "Should be true if you want route table propagation"
+  description = "Should be true if you want privateroute table propagation"
   default     = false
 }
 
 variable "propagate_public_route_tables_vgw" {
-  description = "Should be true if you want route table propagation"
+  description = "Should be true if you want public route table propagation"
+  default     = false
+}
+
+variable "propagate_default_route_tables_vgw" {
+  description = "Should be true if you want default route table propagation"
   default     = false
 }