Skip to content

Module Banner

terraform-aws-arc-transit-gateway

Module: sourcefuse/arc-transit-gateway/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-transit-gateway/aws

Category: Networking / Transit

Source: https://github.com/sourcefuse/terraform-aws-arc-transit-gateway

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Tip

🤖 New: Use this module with AI assistants via the ARC IaC MCP Server — search, scaffold, and security-scan ARC modules from natural language. Quick setup ↓

Overview

Creates AWS Transit Gateway with VPC attachments, route table associations, and cross-account sharing via Resource Access Manager.

Architecture

Architecture Diagram

What It Does

  • Transit Gateway with configurable ASN and routing options
  • VPC attachments with subnet configuration
  • Route table associations and propagations
  • Cross-account sharing via AWS RAM
  • Static routes for custom routing
  • DNS support and multicast configuration

Quickstart

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
module "tgw" {
  source  = "sourcefuse/arc-transit-gateway/aws"
  version = "1.0.0"

  namespace   = "myapp"
  environment = "prod"

  create_transit_gateway = true
  transit_gateway_name   = "myapp-prod-tgw"

  vpc_attachments = {
    "spoke-vpc" = {
      vpc_id     = data.aws_vpc.spoke.id
      subnet_ids = data.aws_subnets.private.ids
    }
  }

  tags = { Environment = "prod" }
}

Required Inputs

Name Type Description
namespace string Namespace prefix
environment string Deployment environment
## Key Outputs
Name Description
transit_gateway_id Transit Gateway ID
transit_gateway_arn Transit Gateway ARN
vpc_attachment_ids Map of VPC attachment IDs
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements

Name Version
terraform ~> 1.3, < 2.0.0
aws ~> 5.0
random ~> 3.0

Providers

Name Version
aws 5.64.0
aws.target 5.64.0

Modules

No modules.

Resources

Name Type
aws_ec2_transit_gateway.this resource
aws_ec2_transit_gateway_vpc_attachment.source resource
aws_ec2_transit_gateway_vpc_attachment.this resource
aws_ec2_transit_gateway_vpc_attachment_accepter.this resource
aws_ram_principal_association.target_account resource
aws_ram_resource_association.transit_gateway resource
aws_ram_resource_share.transit_gateway resource
aws_ram_resource_share_accepter.transit_gateway resource
aws_route.source resource
aws_route.this resource
aws_ec2_transit_gateway.this data source
aws_vpc.source_vpc data source
aws_vpc.target_vpc data source

Inputs

Name Description Type Default Required
allow_external_principals Indicates whether external principals (accounts outside the organization) are allowed. bool true no
auto_accept_shared_attachments Whether resource attachment requests are automatically accepted string "disable" no
create_transit_gateway n/a bool true no
create_transit_gateway_attacment_in_source_account n/a bool true no
default_route_table_association Whether resource attachments are associated with the default route table string "enable" no
default_route_table_propagation Whether resource attachments automatically propagate routes to the default route table string "enable" no
dns_support Enable or disable DNS support string "enable" no
existing_transit_gateway_id n/a string null no
source_attachment_dns_support Enable or disable DNS support string "enable" no
source_attachment_ipv6_support Enable or disable IPv6 support string "disable" no
source_attachment_name The name tag for the source Transit Gateway VPC attachment. string "TransitGateway-VPC-Attachment-Source" no
source_cidr_block Destination CIDR block for the route string null no
source_route_table_ids Route table ID to add routes to list(any) [] no
source_subnet_ids List of subnet IDs for the Transit Gateway VPC attachment list(string) [] no
source_vpc_id The VPC ID for the Transit Gateway VPC attachment string null no
tags A map of tags to assign to the resource. map(string) {} no
target_account_id The AWS Account ID where the Transit Gateway is shared list(any) n/a yes
target_attachment_dns_support Enable or disable DNS support string "enable" no
target_attachment_ipv6_support Enable or disable IPv6 support string "disable" no
target_attachment_name The name tag for the target Transit Gateway VPC attachment. string "TransitGateway-VPC-Attachment-Target" no
target_cidr_block Destination CIDR block for the route string null no
target_route_table_ids Route table ID to add routes to list(any) n/a yes
target_subnet_ids List of subnet IDs for the Transit Gateway VPC attachment list(string) n/a yes
target_vpc_id The VPC ID for the Transit Gateway VPC attachment string n/a yes
transit_gateway_asn Amazon side ASN for the Transit Gateway number 64512 no
transit_gateway_name Name of the Transit Gateway string "Transit-GW" no
transit_gateway_share_name The name of the Transit Gateway resource share. string "transit-gateway-share" no
vpn_ecmp_support Enable or disable Equal Cost Multipath support for VPN string "enable" no

Outputs

Name Description
transit_gateway_arn The ARN of the Transit Gateway
transit_gateway_id The ID of the Transit Gateway

Versioning

This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.

When you intend to commit to main, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

1
git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

  • Tests are available in test directory
  • Configure the dependencies 
    1
2
3
    cd test/
go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name>
go get github.com/gruntwork-io/terratest/modules/terraform
  • Now execute the test
    1
    go test -timeout  30m

AI Assistant Integration (ARC IaC MCP)

The ARC IaC MCP Server is a hosted Model Context Protocol service that lets AI assistants browse, search, scaffold, compare, and security-scan any of the SourceFuse ARC Terraform modules — directly from natural language.

What you can do with it:

  • Discover — search and filter modules by keyword or AWS resource type.
  • Understand — get inputs, outputs, and resources for any module without leaving your editor.
  • Scaffold — generate production-ready, multi-file Terraform with cross-module wiring already done.
  • Secure — scan generated or existing HCL for misconfigurations before it hits a PR.
  • Compare — diff modules side-by-side to make informed architectural decisions.

Setup (one minute)

The MCP endpoint is https://arc-iac-mcp.sourcef.us/mcp. Pick your client:

Claude Code CLI: 

1
claude mcp add arc-iac --transport http https://arc-iac-mcp.sourcef.us/mcp

Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json: 

1
2
3
4
5
6
7
{
  "mcpServers": {
    "arc-iac": {
      "url": "https://arc-iac-mcp.sourcef.us/mcp"
    }
  }
}

Cursor / Windsurf / Kiro — add the same block to .cursor/mcp.json (or the equivalent for your client).

Example prompts to try

  • "List all ARC modules sorted by downloads"
  • "What inputs does arc-ecs require?"
  • "Scaffold a production-ready arc-db Aurora setup with Secrets Manager"
  • "Compare arc-eks and arc-ecs for running 10 microservices"
  • "Scan this Terraform before I raise a PR: <paste HCL>"

See the ARC IaC MCP repo for the full tool reference, troubleshooting tips, and local-development instructions.

Contributing

See CONTRIBUTING.md for commit conventions and development setup.

Authors

This project is authored by: - SourceFuse ARC Team