Significant refactor #109
Description
Is your request related to a problem? Please describe.
This module was missing quite a few features that are necessary for true multi-account operation, as well as operational concerns like logging.
Describe the solution you'd like.
I have a large refactor of the module that I can submit as a PR, which adds the following features:
- Add an "accepter" resource for VPC attachments, to avoid the "auto accept shared attachments" feature when using Resource Access Manager (RAM)
- Add support for TGW Peering attachments
- Add Flow Logs for whole-TGW and/or individual TGW Peering/VPC attachments, publishing to S3 and/or CloudWatch Logs
- Convert tgw_routes from a list of maps to a map of maps, to avoid potential downtime associated with destroying routes when adding new ones
- Enable multiple TGW route tables to allow for more granular network segmentation
- Allow for adding multiple CIDR blocks to VPC route tables per-attachment, and rename the parameter from tgw_destination_cidrs to vpc_route_table_destination_cidrs to reflect its true purpose
- Add parameters to help transform implementation steps into a more cohesive order of operations
- Convert TGW route destination CIDR block to list, to allow multiple CIDR blocks per attachment
- Allow for disabling non-default route table propagation, to ensure VPC CIDR block can be left out of TGW route table when only certain subnets should be routable
Describe alternatives you've considered.
I considered using different modules or writing my own from scratch, but I thought the best approach would be to perform this refactor and give it back to the community.
Additional context
I am running my refactor in production currently, using one AWS account as the hub, and several other AWS accounts as the spokes.
Would you like me to open a PR? This was a massive effort and I would love for the community to benefit from it.