From 6eb863caecde56a5157852a6d54290f1e1c135c6 Mon Sep 17 00:00:00 2001
From: "docs-sourcer[bot]"
<99042413+docs-sourcer[bot]@users.noreply.github.com>
Date: Wed, 4 Feb 2026 09:12:42 +0000
Subject: [PATCH] Updated with the [latest
changes](https://github.com/gruntwork-io/terraform-aws-vpc/pull/539) from the
`terraform-aws-vpc@revert-538-bug/transitgw-attachments-LIB-4157` source
branch.
---
.../modules/terraform-aws-vpc/_category_.json | 2 +-
.../managed-prefix-list.md | 206 ++++++++
.../route53-vpc-association.md | 215 +++++++++
.../tailscale-subnet-router.md | 440 ++++++++++++++++++
...it-gateway-attachment-peering-requestor.md | 234 ++++++++++
.../vpc-nacl-rule/vpc-nacl-rule.md | 297 ++++++++++++
.../vpc-peering-requester.md | 266 +++++++++++
7 files changed, 1659 insertions(+), 1 deletion(-)
create mode 100644 docs/reference/modules/terraform-aws-vpc/managed-prefix-list/managed-prefix-list.md
create mode 100644 docs/reference/modules/terraform-aws-vpc/route53-vpc-association/route53-vpc-association.md
create mode 100644 docs/reference/modules/terraform-aws-vpc/tailscale-subnet-router/tailscale-subnet-router.md
create mode 100644 docs/reference/modules/terraform-aws-vpc/transit-gateway-attachment-peering-requestor/transit-gateway-attachment-peering-requestor.md
create mode 100644 docs/reference/modules/terraform-aws-vpc/vpc-nacl-rule/vpc-nacl-rule.md
create mode 100644 docs/reference/modules/terraform-aws-vpc/vpc-peering-requester/vpc-peering-requester.md
diff --git a/docs/reference/modules/terraform-aws-vpc/_category_.json b/docs/reference/modules/terraform-aws-vpc/_category_.json
index 9aac3a0a67..b7161556a0 100644
--- a/docs/reference/modules/terraform-aws-vpc/_category_.json
+++ b/docs/reference/modules/terraform-aws-vpc/_category_.json
@@ -1 +1 @@
-{ "label": "VPC Modules" }
\ No newline at end of file
+{ "label": "OpenTofu/Terraform Modules for AWS Networking & Content Delivery" }
\ No newline at end of file
diff --git a/docs/reference/modules/terraform-aws-vpc/managed-prefix-list/managed-prefix-list.md b/docs/reference/modules/terraform-aws-vpc/managed-prefix-list/managed-prefix-list.md
new file mode 100644
index 0000000000..201c63a745
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/managed-prefix-list/managed-prefix-list.md
@@ -0,0 +1,206 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+module "vpc" {
+ source = "../../modules/managed-prefix-list"
+
+ managed_prefix_lists_settings = {
+ "example-mpl" = {
+ entries = {
+ "entry-1" = { cidr = "10.0.0.0/16", description = "Example entry 1" }
+ "entry-2" = { cidr = "10.1.0.0/16", description = "Example entry 2" }
+ }
+ }
+ }
+}
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S MANAGED-PREFIX-LIST MODULE
+# ------------------------------------------------------------------------------------------------------
+
+module "managed_prefix_list" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/managed-prefix-list?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Managed Prefix Lists Settings. Please refer to variable definition for
+ # details.
+ managed_prefix_lists_settings = {}
+
+ # Tags to assign to all resources
+ tags = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S MANAGED-PREFIX-LIST MODULE
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/managed-prefix-list?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Managed Prefix Lists Settings. Please refer to variable definition for
+ # details.
+ managed_prefix_lists_settings = {}
+
+ # Tags to assign to all resources
+ tags = {}
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Optional
+
+
+
+
+Managed Prefix Lists Settings. Please refer to variable definition for details.
+
+
+
+
+```hcl
+map(object({
+ # Basic settings:
+ # - region: AWS region. Defaults to provider region
+ # - tags: Custom tags
+ region = optional(string)
+ tags = optional(map(string), {})
+
+ # Prefix list configuration:
+ # - max_entries: Maximum entries for prefix list
+ # NOTE: When referenced in resources, counts as same number of rules
+ # (e.g., SG with prefix list of max 20 = 20 SG rules)
+ # - address_family: Address family. Options: IPv4 | IPv6. Defaults to IPv4
+ # - tags: Custom tags
+ max_entries = optional(number)
+ address_family = optional(string, "IPv4")
+
+ # Prefix list entries (map key: entry identifier for Terraform state only, e.g. "entry_1", "entry_2"):
+ # - cidr: CIDR block (must match address family)
+ # - description: Entry description
+ entries = optional(map(object({
+ cidr = string
+ description = optional(string)
+ })))
+ }))
+```
+
+
+
+
+
+
+
+```hcl
+
+ Prefix list configuration:
+ - max_entries: Maximum entries for prefix list
+ NOTE: When referenced in resources, counts as same number of rules
+ (e.g., SG with prefix list of max 20 = 20 SG rules)
+ - address_family: Address family. Options: IPv4 | IPv6. Defaults to IPv4
+ - tags: Custom tags
+
+```
+
+
+
+
+
+```hcl
+
+ Prefix list entries (map key: entry identifier for Terraform state only, e.g. "entry_1", "entry_2"):
+ - cidr: CIDR block (must match address family)
+ - description: Entry description
+
+```
+
+
+
+
+
+
+
+
+Tags to assign to all resources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-vpc/route53-vpc-association/route53-vpc-association.md b/docs/reference/modules/terraform-aws-vpc/route53-vpc-association/route53-vpc-association.md
new file mode 100644
index 0000000000..6ee16a0e27
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/route53-vpc-association/route53-vpc-association.md
@@ -0,0 +1,215 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+terraform {
+ required_version = "1.5.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 6.26"
+ }
+ }
+}
+
+provider "aws" {
+ alias = "acc_a"
+ profile = "gw-phoenix"
+}
+provider "aws" {
+ alias = "acc_b"
+ profile = "gw-wasteland"
+}
+
+module "vpc_a" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.0.0.0/16" }
+}
+module "vpc_b" {
+ source = "../../modules/vpc"
+ providers = {aws = aws.acc_b}
+ vpc_settings = { cidr_block = "10.1.0.0/16" }
+}
+module "vpc_c" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.2.0.0/16" }
+}
+
+module "phz" {
+ source = "../../modules/route53"
+ hosted_zone_settings = {
+ name = "example.com"
+ force_destroy = true
+ vpc_to_associate_with = {vpc_id = module.vpc_a.vpc.id}
+ }
+}
+
+module "vpc_auth" {
+ source = "../../modules/route53-vpc-association-authorization"
+ zone_id = module.phz.hosted_zone.id
+
+ vpc_authorization_settings = {
+ vpc_b = {vpc_id = module.vpc_b.vpc.id, vpc_region = module.vpc_b.vpc.region.id}
+ }
+}
+
+
+module "zone_assoc_ext_acc" {
+ source = "../../modules/route53-vpc-association"
+
+ providers = {aws = aws.acc_b}
+ depends_on = [module.vpc_auth]
+
+ zone_id = module.phz.hosted_zone.id
+ zone_association_settings = {
+ vpc_b = {
+ vpc_id = module.vpc_b.vpc.id,
+ vpc_region = module.vpc_b.vpc.region.id
+ }
+ }
+}
+module "zone_assoc" {
+ source = "../../modules/route53-vpc-association"
+
+ zone_id = module.phz.hosted_zone.id
+ zone_association_settings = {
+ vpc_c = {vpc_id = module.vpc_c.vpc.id, vpc_region = module.vpc_c.vpc.region.id}
+ }
+}
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S ROUTE53-VPC-ASSOCIATION MODULE
+# ------------------------------------------------------------------------------------------------------
+
+module "route_53_vpc_association" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/route53-vpc-association?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # VPC Association Authorization settings. Please refer to variable definition
+ # for details.
+ vpc_association_settings = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S ROUTE53-VPC-ASSOCIATION MODULE
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/route53-vpc-association?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # VPC Association Authorization settings. Please refer to variable definition
+ # for details.
+ vpc_association_settings = {}
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Optional
+
+
+
+
+VPC Association Authorization settings. Please refer to variable definition for details.
+
+
+
+
+```hcl
+map(object({
+ # VPC association:
+ # - zone_id: Hosted Zone ID to associate with. Example: Z3P5QSUBK4POTI0
+ # - vpc_id: VPC ID to associate. Example: vpc-04a30883b0b95f8cd
+ # - vpc_region: VPC region. Example: us-east-1
+ zone_id = optional(string)
+ vpc_id = optional(string)
+ vpc_region = optional(string)
+ }))
+```
+
+
+
+
+
+
+
+
+
+
+
+Map of Route53 zone association configurations
+
+
+
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-vpc/tailscale-subnet-router/tailscale-subnet-router.md b/docs/reference/modules/terraform-aws-vpc/tailscale-subnet-router/tailscale-subnet-router.md
new file mode 100644
index 0000000000..efd54cdf99
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/tailscale-subnet-router/tailscale-subnet-router.md
@@ -0,0 +1,440 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+terraform {
+ required_version = "1.5.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 6.26"
+ }
+ }
+}
+
+data "aws_availability_zones" "azs" { state = "available" }
+data "aws_region" "current" {}
+
+# Sample three-tier VPC setup with public, private, and isolated subnets
+module "vpc" {
+ source = "../../modules/vpc"
+
+ vpc_settings = { cidr_block = "10.0.0.0/16" }
+ internet_gateways_settings = { enable_internet_gateway = true }
+}
+module "subnets" {
+ source = "../../modules/vpc-subnet"
+
+ vpc_id = module.vpc.vpc.id
+ subnets_settings = {
+ publicAZ1 = {
+ cidr_block = "10.0.0.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[0],
+ }
+ publicAZ2 = {
+ cidr_block = "10.0.16.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[1],
+ }
+ privateAZ1 = {
+ cidr_block = "10.0.112.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[0],
+ }
+ privateAZ2 = {
+ cidr_block = "10.0.128.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[1],
+ }
+ isolatedAZ1 = {
+ cidr_block = "10.0.208.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[0],
+ }
+ isolatedAZ2 = {
+ cidr_block = "10.0.224.0/20",
+ availability_zone = data.aws_availability_zones.azs.names[1],
+ }
+ }
+ routing_tables_settings = {
+ "public" = { associate_with = ["publicAZ1", "publicAZ2"] }
+ "isolated" = { associate_with = ["isolatedAZ1", "isolatedAZ2"] }
+ "privateAZ1" = { associate_with = ["privateAZ1"] }
+ "privateAZ2" = { associate_with = ["privateAZ2"] }
+ }
+ nat_gateways_settings = {
+ public = {
+ "NATaz1" = { subnet = "publicAZ1" }
+ "NATaz2" = { subnet = "publicAZ2" }
+ }
+ }
+}
+module "endpoints" {
+ source = "../../modules/vpc-subnet-endpoint"
+
+ endpoint_settings = {
+ "ssm" = {
+ vpc_endpoint_type = "Interface"
+ vpc_id = module.vpc.vpc.id
+ service_name = "com.amazonaws.${data.aws_region.current.id}.ssm"
+ subnets = {
+ "isolatedAZ1" = { "id" = module.subnets.subnets["isolatedAZ1"].id }
+ "isolatedAZ2" = { "id" = module.subnets.subnets["isolatedAZ2"].id }
+ }
+ security_groups_settings = {
+ security_group_rules = {
+ ingress = {
+ allowHTTPs = {
+ cidr_ipv4 = module.vpc.vpc.ipv4_cidr_block
+ from_port = 443
+ to_port = 443
+ ip_protocol = "tcp"
+ }
+ }
+ egress = {
+ allowALL = {
+ cidr_ipv4 = "0.0.0.0/0"
+ ip_protocol = "-1"
+ }
+ }
+ }
+ }
+ }
+ "ssmmessages" = {
+ vpc_endpoint_type = "Interface"
+ vpc_id = module.vpc.vpc.id
+ service_name = "com.amazonaws.${data.aws_region.current.id}.ssmmessages"
+ subnets = {
+ "isolatedAZ1" = { "id" = module.subnets.subnets["isolatedAZ1"].id }
+ "isolatedAZ2" = { "id" = module.subnets.subnets["isolatedAZ2"].id }
+ }
+ security_groups_settings = {
+ security_group_rules = {
+ ingress = {
+ allowHTTPs = {
+ cidr_ipv4 = module.vpc.vpc.ipv4_cidr_block
+ from_port = 443
+ to_port = 443
+ ip_protocol = "tcp"
+ }
+ }
+ egress = {
+ allowALL = {
+ cidr_ipv4 = "0.0.0.0/0"
+ ip_protocol = "-1"
+ }
+ }
+ }
+ }
+ }
+ "ec2messages" = {
+ vpc_endpoint_type = "Interface"
+ vpc_id = module.vpc.vpc.id
+ service_name = "com.amazonaws.${data.aws_region.current.id}.ec2messages"
+ subnets = {
+ "isolatedAZ1" = { "id" = module.subnets.subnets["isolatedAZ1"].id }
+ "isolatedAZ2" = { "id" = module.subnets.subnets["isolatedAZ2"].id }
+ }
+ security_groups_settings = {
+ security_group_rules = {
+ ingress = {
+ allowHTTPs = {
+ cidr_ipv4 = module.vpc.vpc.ipv4_cidr_block
+ from_port = 443
+ to_port = 443
+ ip_protocol = "tcp"
+ }
+ }
+ egress = {
+ allowALL = {
+ cidr_ipv4 = "0.0.0.0/0"
+ ip_protocol = "-1"
+ }
+ }
+ }
+ }
+ }
+ }
+}
+module "routes_in_public_rt" {
+ source = "../../modules/vpc-route"
+
+ route_table_id = module.subnets.route_tables["public"].id
+ routes = {
+ RoutetoIGW = {
+ destination_cidr_block = "0.0.0.0/0",
+ gateway_id = module.vpc.internet_gateway.id
+ }
+ }
+}
+module "routes_in_privateAZ1_rt" {
+ source = "../../modules/vpc-route"
+
+ route_table_id = module.subnets.route_tables["privateAZ1"].id
+ routes = {
+ RoutetoNAT = {
+ destination_cidr_block = "0.0.0.0/0",
+ nat_gateway_id = module.subnets.public_nat_gateways["NATaz1"].id
+ }
+ }
+}
+module "routes_in_privateAZ2_rt" {
+ source = "../../modules/vpc-route"
+
+ route_table_id = module.subnets.route_tables["privateAZ2"].id
+ routes = {
+ RoutetoNAT = {
+ destination_cidr_block = "0.0.0.0/0",
+ nat_gateway_id = module.subnets.public_nat_gateways["NATaz2"].id
+ }
+ }
+}
+
+module "tailscale_subnet_router" {
+ source = "../../modules/tailscale-subnet-router"
+
+ tailscale_auth_key = "" # TODO replace with your Tailscale auth key
+ network_settings = {
+ subnet_ids_to_host_ts_router = [module.subnets.subnets["publicAZ1"].id, module.subnets.subnets["publicAZ2"].id]
+ reachable_cidr_blocks = ["10.0.0.0/8"]
+ }
+}
+
+# Sample resources to demonstrate the use of subnets and routing
+data "aws_ami" "ami" {
+ most_recent = true
+ owners = ["amazon"]
+ filter {
+ name = "architecture"
+ values = ["arm64"]
+ }
+ filter {
+ name = "name"
+ values = ["al2023-ami-2023*"]
+ }
+}
+resource "random_string" "demo" {
+ length = 5
+ special = false
+ upper = false
+}
+
+resource "aws_iam_role" "ec2_ssm_role" {
+ name = "_ssm_role_ec2_${random_string.demo.result}"
+ assume_role_policy = jsonencode({
+ Version = "2012-10-17"
+ Statement = [
+ {
+ Effect = "Allow"
+ Principal = {
+ Service = "ec2.amazonaws.com"
+ }
+ Action = "sts:AssumeRole"
+ }
+ ]
+ })
+}
+resource "aws_iam_role_policy_attachment" "ssm_core" {
+ role = aws_iam_role.ec2_ssm_role.name
+ policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+resource "aws_iam_instance_profile" "ec2_ssm_profile" {
+ name = "_ssm_role_ec2_${random_string.demo.result}"
+ role = aws_iam_role.ec2_ssm_role.name
+}
+
+resource "aws_security_group" "ec2s" {
+ name = "_ec2-isolated-sg-${random_string.demo.result}"
+ description = "Security group for EC2 instances in isolated subnets"
+ vpc_id = module.vpc.vpc.id
+
+ # Allow all inbound traffic from the VPC CIDR block
+ ingress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = [module.vpc.vpc.ipv4_cidr_block]
+ }
+
+ # Allow all outbound traffic
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+resource "aws_instance" "ec2s" {
+ for_each = toset(["privateAZ1", "privateAZ2", "isolatedAZ1", "isolatedAZ2"])
+ tags = { Name = "TEST-${each.key}" }
+
+ ami = data.aws_ami.ami.id
+ instance_type = "t4g.nano"
+ iam_instance_profile = aws_iam_instance_profile.ec2_ssm_profile.name
+ subnet_id = module.subnets.subnets[each.key].id
+ vpc_security_group_ids = [aws_security_group.ec2s.id]
+ user_data = <<-EOF
+ #!/bin/bash
+ yum update -y
+ yum install -y httpd
+ systemctl start httpd.service
+ systemctl enable httpd.service
+ echo "Hello from $(hostname -f)" > /var/www/html/index.html
+ EOF
+}
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S TAILSCALE-SUBNET-ROUTER MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
+# ------------------------------------------------------------------------------------------------------
+
+module "tailscale_subnet_router" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/tailscale-subnet-router?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Network Settings. Please see the variable details for more information.
+ network_settings =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # IAM Role Settings. Please see the variable details for more information.
+ iam_role_settings = {}
+
+ # Instance Settings. Please see the variable details for more information.
+ instance_settings = {}
+
+ # Launch Template Settings. Please see the variable details for more
+ # information.
+ launch_template_settings = {}
+
+ # Security Group Settings. Please see the variable details for more
+ # information.
+ security_group_settings = {}
+
+ # Tags to assign to all resources
+ tags = {}
+
+ # Tailscale auth key for device enrollment. EITHER this OR
+ # ssm_param_arn_with_auth_key must be provided
+ tailscale_auth_key = null # SENSITIVE
+
+ # Tailscale settings. Please see the variable details for more information.
+ tailscale_settings = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S TAILSCALE-SUBNET-ROUTER MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/tailscale-subnet-router?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Network Settings. Please see the variable details for more information.
+ network_settings =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # IAM Role Settings. Please see the variable details for more information.
+ iam_role_settings = {}
+
+ # Instance Settings. Please see the variable details for more information.
+ instance_settings = {}
+
+ # Launch Template Settings. Please see the variable details for more
+ # information.
+ launch_template_settings = {}
+
+ # Security Group Settings. Please see the variable details for more
+ # information.
+ security_group_settings = {}
+
+ # Tags to assign to all resources
+ tags = {}
+
+ # Tailscale auth key for device enrollment. EITHER this OR
+ # ssm_param_arn_with_auth_key must be provided
+ tailscale_auth_key = null # SENSITIVE
+
+ # Tailscale settings. Please see the variable details for more information.
+ tailscale_settings = {}
+
+}
+
+
+```
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-vpc/transit-gateway-attachment-peering-requestor/transit-gateway-attachment-peering-requestor.md b/docs/reference/modules/terraform-aws-vpc/transit-gateway-attachment-peering-requestor/transit-gateway-attachment-peering-requestor.md
new file mode 100644
index 0000000000..94e2b6db55
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/transit-gateway-attachment-peering-requestor/transit-gateway-attachment-peering-requestor.md
@@ -0,0 +1,234 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+terraform {
+ required_version = "1.5.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 6.26"
+ }
+ }
+}
+
+provider "aws" {}
+provider "aws" {
+ alias = "acc_b"
+ profile = "gw-wasteland"
+ region = "eu-central-1"
+}
+
+module "vpc_a" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.0.0.0/16" }
+}
+module "vpc_a2" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.1.0.0/16" }
+}
+module "vpc_b" {
+ source = "../../modules/vpc"
+ providers = { aws = aws.acc_b }
+ vpc_settings = { cidr_block = "10.2.0.0/16" }
+}
+
+
+module "vpc_peering_requester" {
+ source = "../../modules/vpc-peering-requester"
+ vpc_id = module.vpc_a.vpc.id
+ peer_vpc_id = module.vpc_b.vpc.id
+ peer_owner_id = module.vpc_b.vpc.account_id
+ peer_region = module.vpc_b.vpc.region.id
+}
+module "vpc_peering_accepter" {
+ source = "../../modules/vpc-peering-accepter"
+ providers = { aws = aws.acc_b }
+ vpc_peering_connection_id = module.vpc_peering_requester.aws_vpc_peering_connection.id
+}
+
+module "vpc_peering_options_requester" {
+ source = "../../modules/vpc-peering-options"
+
+ vpc_peering_connection_id = module.vpc_peering_accepter.aws_vpc_peering_connection_accepter.id
+ allow_remote_vpc_dns_resolution_for_requester = true
+}
+module "vpc_peering_options_accepter" {
+ source = "../../modules/vpc-peering-options"
+ depends_on = [module.vpc_peering_accepter]
+ providers = { aws = aws.acc_b }
+
+ vpc_peering_connection_id = module.vpc_peering_accepter.aws_vpc_peering_connection_accepter.id
+ allow_remote_vpc_dns_resolution_for_accepter = true
+}
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY-ATTACHMENT-PEERING-REQUESTOR MODULE
+# ------------------------------------------------------------------------------------------------------
+
+module "transit_gateway_attachment_peering_requestor" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway-attachment-peering-requestor?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Tags to assign to all resources
+ tags = {}
+
+ # Transit Gateway Peering Attachment Settings. Please refer to variable
+ # definition for details.
+ transit_gateway_peering_attachment_settings = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S TRANSIT-GATEWAY-ATTACHMENT-PEERING-REQUESTOR MODULE
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/transit-gateway-attachment-peering-requestor?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Tags to assign to all resources
+ tags = {}
+
+ # Transit Gateway Peering Attachment Settings. Please refer to variable
+ # definition for details.
+ transit_gateway_peering_attachment_settings = {}
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Optional
+
+
+
+
+Tags to assign to all resources
+
+
+
+
+
+
+
+
+Transit Gateway Peering Attachment Settings. Please refer to variable definition for details.
+
+
+
+
+```hcl
+object({
+ # Transit Gateway peering configuration:
+ # - transit_gateway_id: Source TGW ID
+ # - peer_transit_gateway_id: Destination TGW ID for peering
+ # - peer_account_id: AWS account ID owning peer TGW
+ # - peer_region: Region of peer TGW
+ # - options.dynamic_routing: Enable dynamic routing. Options: enable | disable
+ transit_gateway_id = optional(string)
+ peer_transit_gateway_id = optional(string)
+ peer_account_id = optional(string)
+ peer_region = optional(string)
+ options = optional(object({
+ dynamic_routing = optional(string)
+ }))
+ })
+```
+
+
+
+
+
+
+
+```hcl
+
+ Map key: Transit Gateway Peering Attachment name
+ Map value: Peering attachment configuration
+
+```
+
+
+
+
+
+
+
+
+
+
+
+The EC2 Transit Gateway Peering Attachment Requester.
+
+
+
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-vpc/vpc-nacl-rule/vpc-nacl-rule.md b/docs/reference/modules/terraform-aws-vpc/vpc-nacl-rule/vpc-nacl-rule.md
new file mode 100644
index 0000000000..7d41821976
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/vpc-nacl-rule/vpc-nacl-rule.md
@@ -0,0 +1,297 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+terraform {
+ required_version = "~>1.5"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 6.26"
+ }
+ }
+}
+
+module "vpc" {
+ source = "../../modules/vpc"
+
+ vpc_settings = { cidr_block = "10.0.0.0/16" }
+ internet_gateways_settings = { enable_internet_gateway = true }
+ nacl_settings = ["sampleNACL1", "sampleNACL2"]
+}
+
+module "subnets" {
+ source = "../../modules/vpc-subnet"
+
+ vpc_id = module.vpc.vpc.id
+ subnets_settings = {
+ publicAZ1 = {
+ cidr_block = "10.0.0.0/20",
+ }
+ }
+ routing_tables_settings = {
+ "public" = { associate_with = ["publicAZ1"] }
+ }
+
+ network_acls_association_settings = {
+ publicAZ1 = module.vpc.nacls["sampleNACL1"].id
+ }
+}
+
+module "vpc-nacl-rule" {
+ source = "../../modules/vpc-nacl-rule"
+ network_acl_id = module.vpc.nacls["sampleNACL1"].id
+ nacl_rule_settings = {
+ "allow-ssh" = {
+ egress = false
+ rule_number = 100
+ protocol = "tcp"
+ rule_action = "allow"
+ cidr_block = "10.0.0.0/16"
+ from_port = 22
+ to_port = 22
+ }
+ "allow-ssh-egress" = {
+ egress = true
+ rule_number = 100
+ protocol = "tcp"
+ rule_action = "allow"
+ cidr_block = "10.0.0.0/16"
+ from_port = 22
+ to_port = 22
+ }
+ }
+}
+
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S VPC-NACL-RULE MODULE
+# ------------------------------------------------------------------------------------------------------
+
+module "vpc_nacl_rule" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/vpc-nacl-rule?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # NACL Settings. Please refer to variable definition for details.
+ nacl_rule_settings = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S VPC-NACL-RULE MODULE
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/vpc-nacl-rule?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # NACL Settings. Please refer to variable definition for details.
+ nacl_rule_settings = {}
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Optional
+
+
+
+
+NACL Settings. Please refer to variable definition for details.
+
+
+
+
+```hcl
+map(object({
+ # Basic settings:
+ # - region: AWS region to deploy VPC. Defaults to provider region
+ region = optional(string)
+
+ # NACL ID to create rule in
+ network_acl_id = optional(string)
+
+ # Rule configuration:
+ # - egress: Egress rule (traffic leaving subnet). Defaults to false
+ # - rule_number: Rule number for ordering (lower = higher priority). Same number allowed if one egress/one ingress
+ # - rule_action: Action for matching traffic. Options: allow | deny
+ # - protocol: Protocol to match. Use -1 for all protocols
+ egress = optional(bool)
+ rule_number = optional(number)
+ rule_action = optional(string)
+ protocol = optional(string)
+
+ # Port range:
+ # - from_port / to_port: Port range to match
+ from_port = optional(number)
+ to_port = optional(number)
+
+ # CIDR blocks:
+ # - cidr_block / ipv6_cidr_block: IPv4/IPv6 CIDR to match (must be valid network mask)
+ cidr_block = optional(string)
+ ipv6_cidr_block = optional(string)
+
+ # ICMP configuration:
+ # - icmp_type / icmp_code: ICMP type/code to match
+ # See: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
+ icmp_type = optional(number)
+ icmp_code = optional(number)
+ }))
+```
+
+
+
+
+
+
+
+```hcl
+
+ Map key: Rule identifier (Terraform resource name only, e.g., "allow_http", "allow_ssh")
+ Map value: NACL rule configuration
+ Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl
+
+```
+
+
+
+
+
+```hcl
+
+ NACL ID to create rule in
+
+```
+
+
+
+
+
+```hcl
+
+ Rule configuration:
+ - egress: Egress rule (traffic leaving subnet). Defaults to false
+ - rule_number: Rule number for ordering (lower = higher priority). Same number allowed if one egress/one ingress
+ - rule_action: Action for matching traffic. Options: allow | deny
+ - protocol: Protocol to match. Use -1 for all protocols
+
+```
+
+
+
+
+
+```hcl
+
+ Port range:
+ - from_port / to_port: Port range to match
+
+```
+
+
+
+
+
+```hcl
+
+ CIDR blocks:
+ - cidr_block / ipv6_cidr_block: IPv4/IPv6 CIDR to match (must be valid network mask)
+
+```
+
+
+
+
+
+```hcl
+
+ ICMP configuration:
+ - icmp_type / icmp_code: ICMP type/code to match
+ See: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
+
+```
+
+
+
+
+
+
+
+
+
+
+
+Map of all NACL rules created by this module
+
+
+
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-vpc/vpc-peering-requester/vpc-peering-requester.md b/docs/reference/modules/terraform-aws-vpc/vpc-peering-requester/vpc-peering-requester.md
new file mode 100644
index 0000000000..5dca86c4f5
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-vpc/vpc-peering-requester/vpc-peering-requester.md
@@ -0,0 +1,266 @@
+---
+title: "Sample Usage"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Sample Usage
+
+View Source
+
+Release Notes
+
+```hcl
+terraform {
+ required_version = "1.5.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 6.26"
+ }
+ }
+}
+
+provider "aws" {}
+provider "aws" {
+ alias = "acc_b"
+ profile = "gw-wasteland"
+ region = "eu-central-1"
+}
+
+module "vpc_a" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.0.0.0/16" }
+}
+module "vpc_a2" {
+ source = "../../modules/vpc"
+ vpc_settings = { cidr_block = "10.1.0.0/16" }
+}
+module "vpc_b" {
+ source = "../../modules/vpc"
+ providers = { aws = aws.acc_b }
+ vpc_settings = { cidr_block = "10.2.0.0/16" }
+}
+
+
+module "vpc_peering_requester" {
+ source = "../../modules/vpc-peering-requester"
+ vpc_id = module.vpc_a.vpc.id
+ peer_vpc_id = module.vpc_b.vpc.id
+ peer_owner_id = module.vpc_b.vpc.account_id
+ peer_region = module.vpc_b.vpc.region.id
+}
+module "vpc_peering_accepter" {
+ source = "../../modules/vpc-peering-accepter"
+ providers = { aws = aws.acc_b }
+ vpc_peering_connection_id = module.vpc_peering_requester.aws_vpc_peering_connection.id
+}
+
+module "vpc_peering_options_requester" {
+ source = "../../modules/vpc-peering-options"
+
+ vpc_peering_connection_id = module.vpc_peering_accepter.aws_vpc_peering_connection_accepter.id
+ allow_remote_vpc_dns_resolution_for_requester = true
+}
+module "vpc_peering_options_accepter" {
+ source = "../../modules/vpc-peering-options"
+ depends_on = [module.vpc_peering_accepter]
+ providers = { aws = aws.acc_b }
+
+ vpc_peering_connection_id = module.vpc_peering_accepter.aws_vpc_peering_connection_accepter.id
+ allow_remote_vpc_dns_resolution_for_accepter = true
+}
+```
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S VPC-PEERING-REQUESTER MODULE
+# ------------------------------------------------------------------------------------------------------
+
+module "vpc_peering_requester" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/vpc-peering-requester?ref=v0.28.10"
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Target VPC ID for peering connection
+ peer_vpc_id =
+
+ # Requester VPC ID
+ vpc_id =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # AWS account ID of target peer VPC. Leave blank for same-account peering.
+ peer_owner_id = null
+
+ # Region of target peer VPC. Leave blank for same-region peering.
+ peer_region = null
+
+ # AWS region to create the VPC peering requester connection in
+ region = null
+
+ # Tags to assign to all resources
+ tags = {}
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S VPC-PEERING-REQUESTER MODULE
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-vpc.git//modules/vpc-peering-requester?ref=v0.28.10"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # Target VPC ID for peering connection
+ peer_vpc_id =
+
+ # Requester VPC ID
+ vpc_id =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # AWS account ID of target peer VPC. Leave blank for same-account peering.
+ peer_owner_id = null
+
+ # Region of target peer VPC. Leave blank for same-region peering.
+ peer_region = null
+
+ # AWS region to create the VPC peering requester connection in
+ region = null
+
+ # Tags to assign to all resources
+ tags = {}
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Required
+
+
+
+
+Target VPC ID for peering connection
+
+
+
+
+
+
+
+Requester VPC ID
+
+
+
+
+### Optional
+
+
+
+
+AWS account ID of target peer VPC. Leave blank for same-account peering.
+
+
+
+
+
+
+
+
+Region of target peer VPC. Leave blank for same-region peering.
+
+
+
+
+
+
+
+
+AWS region to create the VPC peering requester connection in
+
+
+
+
+
+
+
+
+Tags to assign to all resources
+
+
+
+
+
+
+
+
+
+
+
+VPC peering connection resource with all attributes including connection ID and status
+
+
+
+
+
+
+
+