feat: add customer-gateway module

posquit0 · posquit0 · commit e4af6f61a38a · 2025-04-03T02:55:34.000+09:00
diff --git a/modules/customer-gateway/README.md b/modules/customer-gateway/README.md
@@ -0,0 +1,61 @@
+# customer-gateway
+
+This module creates following resources.
+
+- `aws_customer_gateway`
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9 |
+| <a name="requirement_assert"></a> [assert](#requirement\_assert) | >= 0.15 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.93 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.93.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_customer_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_ip_address"></a> [ip\_address](#input\_ip\_address) | (Required) The IPv4 address for the customer gateway device's outside interface. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | (Required) A name for the customer gateway. | `string` | n/a | yes |
+| <a name="input_asn"></a> [asn](#input\_asn) | (Optional) The ASN (Autonomous System Number) of the customer gateway device. Valid values are between `1` and `4294967295`. Defaults to `65000.` | `number` | `65000` | no |
+| <a name="input_certificate"></a> [certificate](#input\_certificate) | (Optional) The ARN (Amazon Resource Name) of the certificate for the customer gateway. | `string` | `null` | no |
+| <a name="input_device"></a> [device](#input\_device) | (Optional) A name for the customer gateway device. | `string` | `""` | no |
+| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
+| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN (Amazon Resource Name) of the customer gateway. |
+| <a name="output_asn"></a> [asn](#output\_asn) | The ASN (Autonomous System Number) of the customer gateway device. |
+| <a name="output_certificate"></a> [certificate](#output\_certificate) | The ARN (Amazon Resource Name) of the certificate for the customer gateway. |
+| <a name="output_device"></a> [device](#output\_device) | The name for the customer gateway device. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the customer gateway. |
+| <a name="output_ip_address"></a> [ip\_address](#output\_ip\_address) | The IPv4 address for the customer gateway device's outside interface. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the customer gateway. |
+| <a name="output_type"></a> [type](#output\_type) | The type of customer gateway. |
+<!-- END_TF_DOCS -->
diff --git a/modules/customer-gateway/main.tf b/modules/customer-gateway/main.tf
@@ -0,0 +1,38 @@
+locals {
+  metadata = {
+    package = "terraform-aws-vpn"
+    version = trimspace(file("${path.module}/../../VERSION"))
+    module  = basename(path.module)
+    name    = var.name
+  }
+  module_tags = var.module_tags_enabled ? {
+    "module.terraform.io/package"   = local.metadata.package
+    "module.terraform.io/version"   = local.metadata.version
+    "module.terraform.io/name"      = local.metadata.module
+    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
+    "module.terraform.io/instance"  = local.metadata.name
+  } : {}
+}
+
+
+###################################################
+# Customer Gateway
+###################################################
+
+resource "aws_customer_gateway" "this" {
+  device_name      = var.device
+  ip_address       = var.ip_address
+  bgp_asn          = var.asn >= 2147483648 ? null : var.asn
+  bgp_asn_extended = var.asn >= 2147483648 ? var.asn : null
+
+  type            = "ipsec.1"
+  certificate_arn = var.certificate
+
+  tags = merge(
+    {
+      "Name" = local.metadata.name
+    },
+    local.module_tags,
+    var.tags,
+  )
+}
diff --git a/modules/customer-gateway/outputs.tf b/modules/customer-gateway/outputs.tf
@@ -0,0 +1,48 @@
+output "id" {
+  description = "The ID of the customer gateway."
+  value       = aws_customer_gateway.this.id
+}
+
+output "arn" {
+  description = "The ARN (Amazon Resource Name) of the customer gateway."
+  value       = aws_customer_gateway.this.arn
+}
+
+output "name" {
+  description = "The name of the customer gateway."
+  value       = local.metadata.name
+}
+
+output "type" {
+  description = "The type of customer gateway."
+  value       = aws_customer_gateway.this.type
+}
+
+output "device" {
+  description = "The name for the customer gateway device."
+  value       = aws_customer_gateway.this.device_name
+}
+
+output "ip_address" {
+  description = "The IPv4 address for the customer gateway device's outside interface."
+  value       = aws_customer_gateway.this.ip_address
+}
+
+output "asn" {
+  description = "The ASN (Autonomous System Number) of the customer gateway device."
+  value       = var.asn
+}
+
+output "certificate" {
+  description = "The ARN (Amazon Resource Name) of the certificate for the customer gateway."
+  value       = aws_customer_gateway.this.certificate_arn
+}
+
+# output "debug" {
+#   description = "For debug purpose"
+#   value = {
+#     for k, v in aws_customer_gateway.this :
+#     k => v
+#     if !contains(["device_name", "type", "ip_address", "tags", "tags_all", "arn", "id", "certificate_arn", "bgp_asn", "bgp_asn_extended"], k)
+#   }
+# }
diff --git a/modules/customer-gateway/resource-group.tf b/modules/customer-gateway/resource-group.tf
@@ -0,0 +1,31 @@
+locals {
+  resource_group_name = (var.resource_group_name != ""
+    ? var.resource_group_name
+    : join(".", [
+      local.metadata.package,
+      local.metadata.module,
+      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
+    ])
+  )
+}
+
+
+module "resource_group" {
+  source  = "tedilabs/misc/aws//modules/resource-group"
+  version = "~> 0.10.0"
+
+  count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
+
+  name        = local.resource_group_name
+  description = var.resource_group_description
+
+  query = {
+    resource_tags = local.module_tags
+  }
+
+  module_tags_enabled = false
+  tags = merge(
+    local.module_tags,
+    var.tags,
+  )
+}
diff --git a/modules/customer-gateway/variables.tf b/modules/customer-gateway/variables.tf
@@ -0,0 +1,85 @@
+variable "name" {
+  description = "(Required) A name for the customer gateway."
+  type        = string
+  nullable    = false
+}
+
+variable "device" {
+  description = "(Optional) A name for the customer gateway device."
+  type        = string
+  default     = ""
+  nullable    = false
+}
+
+variable "ip_address" {
+  description = "(Required) The IPv4 address for the customer gateway device's outside interface."
+  type        = string
+  nullable    = false
+
+  validation {
+    condition     = provider::assert::ipv4(var.ip_address)
+    error_message = "The value of `ip_address` is invalid IPv4 address."
+  }
+}
+
+variable "asn" {
+  description = "(Optional) The ASN (Autonomous System Number) of the customer gateway device. Valid values are between `1` and `4294967295`. Defaults to `65000.`"
+  type        = number
+  default     = 65000
+  nullable    = false
+
+  validation {
+    condition = alltrue([
+      var.asn >= 1,
+      var.asn <= 4294967295,
+    ])
+    error_message = "Valid values are between `1` and `4294967295`."
+  }
+}
+
+variable "certificate" {
+  description = "(Optional) The ARN (Amazon Resource Name) of the certificate for the customer gateway."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "tags" {
+  description = "(Optional) A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+  nullable    = false
+}
+
+variable "module_tags_enabled" {
+  description = "(Optional) Whether to create AWS Resource Tags for the module informations."
+  type        = bool
+  default     = true
+  nullable    = false
+}
+
+
+###################################################
+# Resource Group
+###################################################
+
+variable "resource_group_enabled" {
+  description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
+  type        = bool
+  default     = true
+  nullable    = false
+}
+
+variable "resource_group_name" {
+  description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
+  type        = string
+  default     = ""
+  nullable    = false
+}
+
+variable "resource_group_description" {
+  description = "(Optional) The description of Resource Group."
+  type        = string
+  default     = "Managed by Terraform."
+  nullable    = false
+}
diff --git a/modules/customer-gateway/versions.tf b/modules/customer-gateway/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.9"
+
+  required_providers {
+    assert = {
+      source  = "hashicorp/assert"
+      version = ">= 0.15"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.93"
+    }
+  }
+}
