Terraform Modules - Aviatrix Documentation

Overview

Terraform modules provide reusable, standardized infrastructure components that simplify deployment and ensure consistency across environments. This section covers the official and community-maintained modules for cloud networking infrastructure, along with best practices for module usage and customization.

Official Aviatrix Modules

Core Infrastructure Modules

Multi-Cloud Transit Module

Purpose: Deploy transit infrastructure across multiple cloud providers Use Cases: Enterprise multi-cloud architectures, hybrid cloud connectivity Supported Providers: AWS, Azure, Google Cloud, Oracle Cloud

module "mc_transit" {
  source  = "terraform-aviatrix-modules/mc-transit/aviatrix"
  version = "2.5.0"

  cloud_type                = "AWS"
  region                   = "us-east-1"
  cidr                     = "10.1.0.0/23"
  account                  = "aws-account"
  gw_name                  = "aws-transit-gw"
  gw_size                  = "t3.medium"
  connected_transit        = true
  bgp_ecmp                 = true
  enable_transit_firenet   = true
}

Spoke Gateway Module

Purpose: Deploy spoke gateways for application connectivity Use Cases: Application segmentation, workload isolation, secure connectivity

module "mc_spoke" {
  source  = "terraform-aviatrix-modules/mc-spoke/aviatrix"
  version = "1.6.0"

  cloud_type        = "AWS"
  region           = "us-east-1"
  cidr             = "10.2.0.0/24"
  account          = "aws-account"
  gw_name          = "aws-spoke-gw"
  gw_size          = "t3.small"
  transit_gw_name  = module.mc_transit.transit_gateway.gw_name
  attached         = true
}

FireNet Module

Purpose: Deploy next-generation firewall integration Use Cases: Advanced threat protection, centralized security policy enforcement

module "mc_firenet" {
  source  = "terraform-aviatrix-modules/mc-firenet/aviatrix"
  version = "1.3.0"

  transit_module    = module.mc_transit
  firewall_image    = "Palo Alto Networks VM-Series Next-Generation Firewall Bundle 1"
  firewall_size     = "m5.xlarge"
  firewall_username = "admin"
  firewall_password = var.firewall_password

  # FireNet configuration
  inspection_enabled = true
  egress_enabled    = true
}

Specialized Modules

User VPN Module

Purpose: Deploy and configure user VPN services Features: SSL VPN, user management, policy enforcement

module "user_vpn" {
  source  = "terraform-aviatrix-modules/user-vpn/aviatrix"
  version = "1.2.0"

  gateway_name     = "vpn-gateway"
  cloud_type       = "AWS"
  region          = "us-east-1"
  vpc_id          = "vpc-12345678"
  subnet_id       = "subnet-12345678"
  account_name    = "aws-account"
  gateway_size    = "t3.medium"

  # VPN Configuration
  vpn_cidr        = "192.168.100.0/24"
  max_connections = 100
  split_tunnel    = true

  # Authentication
  saml_enabled    = true
  duo_enabled     = false
}

Site2Cloud Module

Purpose: Establish site-to-site VPN connections Use Cases: Branch office connectivity, partner network integration

module "site2cloud" {
  source  = "terraform-aviatrix-modules/site2cloud/aviatrix"
  version = "1.1.0"

  connection_name      = "branch-office-connection"
  gateway_name        = module.mc_transit.transit_gateway.gw_name
  connection_type     = "unmapped"
  remote_gateway_type = "generic"
  tunnel_type         = "route"

  # Network Configuration
  remote_subnet       = "192.168.1.0/24"
  local_subnet        = "10.1.0.0/16"
  remote_gateway_ip   = "203.0.113.1"

  # Security
  pre_shared_key      = var.psk
  local_tunnel_cidr   = "169.254.1.0/30"
  remote_tunnel_cidr  = "169.254.1.4/30"
}

Community Modules

AWS-Specific Modules

AWS Transit Gateway Integration

Repository: terraform-aws-modules/transit-gateway/aws Purpose: Integrate with native AWS Transit Gateway Best For: AWS-native deployments with Aviatrix enhancement

module "aws_tgw_integration" {
  source = "terraform-aviatrix-modules/aws-transit-gateway/aviatrix"
  version = "2.0.0"

  aws_tgw_id           = "tgw-12345678"
  aviatrix_transit_gw  = module.mc_transit.transit_gateway.gw_name
  connection_name      = "aws-tgw-connection"
  attached_vpc_cidrs   = ["10.10.0.0/16", "10.11.0.0/16"]
}

AWS Security Groups Module

Repository: terraform-aviatrix-modules/aws-security-groups/aviatrix Purpose: Manage security groups for Aviatrix gateways

module "aviatrix_security_groups" {
  source = "terraform-aviatrix-modules/aws-security-groups/aviatrix"
  version = "1.0.0"

  vpc_id              = "vpc-12345678"
  gateway_name        = "transit-gateway"
  allowed_cidrs       = ["10.0.0.0/8", "172.16.0.0/12"]
  additional_rules    = [
    {
      from_port   = 443
      to_port     = 443
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
      description = "HTTPS access"
    }
  ]
}

Azure-Specific Modules

Azure Virtual WAN Integration

Repository: terraform-aviatrix-modules/azure-vwan/aviatrix Purpose: Integrate with Azure Virtual WAN

module "azure_vwan_integration" {
  source = "terraform-aviatrix-modules/azure-vwan/aviatrix"
  version = "1.5.0"

  resource_group_name = "networking-rg"
  vwan_name          = "corporate-vwan"
  hub_name           = "eastus-hub"
  location           = "East US"

  # Aviatrix Integration
  aviatrix_transit_gw = module.mc_transit.transit_gateway.gw_name
  connection_name     = "vwan-connection"
}

Google Cloud Modules

GCP Network Connectivity Center

Repository: terraform-aviatrix-modules/gcp-ncc/aviatrix Purpose: Integrate with Google Cloud Network Connectivity Center

module "gcp_ncc_integration" {
  source = "terraform-aviatrix-modules/gcp-ncc/aviatrix"
  version = "1.2.0"

  project_id          = "my-gcp-project"
  region             = "us-central1"
  hub_name           = "corporate-hub"

  # Aviatrix Integration
  aviatrix_transit_gw = module.mc_transit.transit_gateway.gw_name
  connection_name     = "ncc-connection"
}

Module Best Practices

Version Management

Pinning Module Versions

# Good: Pin to specific version
module "mc_transit" {
  source  = "terraform-aviatrix-modules/mc-transit/aviatrix"
  version = "2.5.0"  # Specific version
  # ... configuration
}

# Avoid: Using latest or version ranges in production
module "mc_transit" {
  source  = "terraform-aviatrix-modules/mc-transit/aviatrix"
  version = "~> 2.0"  # Avoid in production
  # ... configuration
}

Version Upgrade Strategy

# Check for module updates
terraform init -upgrade=true

# Review changes before upgrading
terraform plan -out=upgrade.plan

# Apply with careful monitoring
terraform apply upgrade.plan

Module Composition Patterns

Layered Architecture

# Layer 1: Core Infrastructure
module "transit_layer" {
  source = "./modules/transit-infrastructure"

  cloud_accounts = var.cloud_accounts
  regions       = var.regions
  cidr_blocks   = var.transit_cidrs
}

# Layer 2: Application Connectivity
module "spoke_layer" {
  source = "./modules/spoke-infrastructure"

  transit_gateways = module.transit_layer.transit_gateways
  application_cidrs = var.application_cidrs
  depends_on       = [module.transit_layer]
}

# Layer 3: Security Services
module "security_layer" {
  source = "./modules/security-services"

  transit_gateways = module.transit_layer.transit_gateways
  security_policies = var.security_policies
  depends_on       = [module.spoke_layer]
}

Environment-Specific Modules

# environments/dev/main.tf
module "dev_infrastructure" {
  source = "../../modules/complete-infrastructure"

  environment = "dev"
  cidr_base   = "10.10.0.0/16"
  gateway_size = "t3.small"
  ha_enabled  = false
}

# environments/prod/main.tf
module "prod_infrastructure" {
  source = "../../modules/complete-infrastructure"

  environment = "prod"
  cidr_base   = "10.0.0.0/16"
  gateway_size = "c5.large"
  ha_enabled  = true
}

Security Considerations

Sensitive Data Management

# Use variables for sensitive data
variable "controller_password" {
  description = "Password for Aviatrix Controller"
  type        = string
  sensitive   = true
}

# Use data sources for existing resources
data "aws_secretsmanager_secret_version" "controller_password" {
  secret_id = "aviatrix/controller/password"
}

module "mc_transit" {
  source = "terraform-aviatrix-modules/mc-transit/aviatrix"

  # Use local variables for computed values
  controller_password = data.aws_secretsmanager_secret_version.controller_password.secret_string
}

Resource Tagging

locals {
  common_tags = {
    Environment   = var.environment
    Project      = var.project_name
    Owner        = var.owner
    CostCenter   = var.cost_center
    Terraform    = "true"
    Module       = "aviatrix-transit"
  }
}

module "mc_transit" {
  source = "terraform-aviatrix-modules/mc-transit/aviatrix"

  # Apply consistent tagging
  tags = local.common_tags
}

Custom Module Development

Module Structure

modules/
├── custom-transit/
│   ├── main.tf
│   ├── variables.tf
│   ├── outputs.tf
│   ├── versions.tf
│   └── README.md
└── custom-spoke/
    ├── main.tf
    ├── variables.tf
    ├── outputs.tf
    ├── versions.tf
    └── README.md

Example Custom Module

# modules/custom-transit/main.tf
terraform {
  required_providers {
    aviatrix = {
      source  = "AviatrixSystems/aviatrix"
      version = "~> 3.0"
    }
  }
}

resource "aviatrix_transit_gateway" "this" {
  cloud_type               = var.cloud_type
  account_name            = var.account_name
  gw_name                 = var.gateway_name
  vpc_id                  = var.vpc_id
  vpc_reg                 = var.region
  gw_size                 = var.gateway_size
  subnet                  = var.subnet_cidr

  # High Availability
  ha_subnet               = var.ha_enabled ? var.ha_subnet_cidr : null
  ha_gw_size             = var.ha_enabled ? var.ha_gateway_size : null

  # Advanced Features
  connected_transit       = var.connected_transit
  bgp_ecmp               = var.bgp_ecmp
  enable_active_standby   = var.active_standby
  enable_transit_firenet  = var.firenet_enabled

  # Monitoring and Logging
  enable_monitor_gateway_subnets = true
  monitor_exclude_list          = var.monitor_exclude_list

  tags = var.tags
}

# Conditional FireNet configuration
resource "aviatrix_firenet" "this" {
  count = var.firenet_enabled ? 1 : 0

  vpc_id                = var.vpc_id
  firenet_gw_name      = aviatrix_transit_gateway.this.gw_name
  inspection_enabled   = var.inspection_enabled
  egress_enabled       = var.egress_enabled

  depends_on = [aviatrix_transit_gateway.this]
}

Module Testing

# Test module validation
terraform validate

# Test with different variable combinations
terraform plan -var-file="test/dev.tfvars"
terraform plan -var-file="test/prod.tfvars"

# Use terraform-compliance for policy testing
terraform-compliance -f test/security-rules.feature -p plan.json

Module Registry and Distribution

Private Module Registry

# Using private registry
module "custom_transit" {
  source  = "app.terraform.io/myorg/custom-transit/aviatrix"
  version = "1.0.0"

  # Configuration
}

Git-based Modules

# Using Git repository
module "custom_module" {
  source = "git::https://github.com/myorg/terraform-aviatrix-custom.git//modules/transit?ref=v1.0.0"

  # Configuration
}

Troubleshooting Common Issues

Module Dependency Issues

# Resolve dependency conflicts
terraform init -upgrade
terraform providers lock -platform=linux_amd64 -platform=darwin_amd64

# Check for circular dependencies
terraform graph | dot -Tpng > dependency-graph.png

State Management

# Import existing resources into module
terraform import 'module.mc_transit.aviatrix_transit_gateway.this' gateway-name

# Move resources between modules
terraform state mv 'aviatrix_transit_gateway.old' 'module.mc_transit.aviatrix_transit_gateway.this'

Version Conflicts

# Check provider version constraints
terraform providers

# Update provider versions
terraform init -upgrade=true

# Lock specific versions
terraform providers lock -platform=linux_amd64

Resources and Documentation

Official Resources

Terraform Registry: registry.terraform.io/namespaces/terraform-aviatrix-modules
GitHub Organization: github.com/terraform-aviatrix-modules
Documentation: Terraform Provider Documentation

Community Resources

Terraform Community Forum: Discussion and troubleshooting
Aviatrix Community Slack: Real-time support and collaboration
Example Repositories: Complete deployment examples and patterns

Learning Resources

Module Development Guide: Best practices for creating custom modules
Testing Framework: Tools and patterns for module testing
CI/CD Integration: Automated testing and deployment pipelines

For additional support with Terraform modules, visit the Aviatrix Community or consult the official provider documentation.

Concepts & Architecture

Guides

Reference

​Overview

​Official Aviatrix Modules

​Core Infrastructure Modules

​Multi-Cloud Transit Module

​Spoke Gateway Module

​FireNet Module

​Specialized Modules

​User VPN Module

​Site2Cloud Module

​Community Modules

​AWS-Specific Modules

​AWS Transit Gateway Integration

​AWS Security Groups Module

​Azure-Specific Modules

​Azure Virtual WAN Integration

​Google Cloud Modules

​GCP Network Connectivity Center

​Module Best Practices

​Version Management

​Pinning Module Versions

​Version Upgrade Strategy

​Module Composition Patterns

​Layered Architecture

​Environment-Specific Modules

​Security Considerations

​Sensitive Data Management

​Resource Tagging

​Custom Module Development

​Module Structure

​Example Custom Module

​Module Testing

​Module Registry and Distribution

​Private Module Registry

​Git-based Modules

​Troubleshooting Common Issues

​Module Dependency Issues

​State Management

​Version Conflicts

​Resources and Documentation

​Official Resources

​Community Resources

​Learning Resources