huynhbaoan · April 9, 2025 15:38
diff --git a/vpc ram share b/vpc ram share
 ###########################
 # VARIABLES
 ###########################

 variable "source_account_id" {
  description = "Account ID of the VPC owner (lz351prod)"
  type        = string
  default     = "913016797819"
 }

 variable "vpc_id" {
  description = "ID of the VPC to be shared"
  type        = string
  default     = "vpc-01596c7498b64f85f"
 }

 variable "vpc_name" {
  description = "Name of the VPC to be shared"
  type        = string
  default     = "lz351-private-prod-v1200"
 }

 variable "vpc_cidr" {
  description = "CIDR range of the VPC"
  type        = string
  default     = "10.183.35.0/25"
 }

 variable "subnets" {
  description = "List of subnets to share. Each subnet is defined by a name and an ID."
  type = list(object({
    name = string
    id   = string
  }))
  default = [
    { name = "lz351-private-prod-v1200-a", id = "subnet-0ed5ebe94408d5c24" },
    { name = "lz351-private-prod-v1200-b", id = "subnet-0f116c83dde6ab08e" },
    { name = "lz351-private-prod-v1200-c", id = "subnet-05afb3f00983a444b" }
  ]
 }

 variable "region" {
  description = "AWS region"
  type        = string
  default     = "ap-southeast-2"
 }

 variable "target_account_id" {
  description = "Account ID of the target account (lz087prod)"
  type        = string
  default     = "508667327685"
 }

 variable "shared_tag_name" {
  description = "Tag Name to assign to the shared resource"
  type        = string
  default     = "EBOBS-PROD"
 }

 ###########################
 # PROVIDER
 ###########################

 provider "aws" {
  region = var.region
  # Use credentials for the source account (lz351prod)
 }

 ###########################
 # RESOURCE SHARE SETUP
 ###########################

 # Create a RAM resource share with a Name tag.
 resource "aws_ram_resource_share" "subnet_share" {
  name                      = "${var.vpc_name}-subnet-share"
  allow_external_principals = true

  tags = {
    Name = var.shared_tag_name
  }
 }

 # Associate each subnet with the resource share using a for_each loop.
 resource "aws_ram_resource_association" "subnet_association" {
  for_each           = { for subnet in var.subnets : subnet.id => subnet }
  resource_share_arn = aws_ram_resource_share.subnet_share.arn
  resource_arn       = "arn:aws:ec2:${var.region}:${var.source_account_id}:subnet/${each.value.id}"
 }

 # Grant access to the target account by associating its root principal.
 resource "aws_ram_principal_association" "target_account_association" {
  resource_share_arn = aws_ram_resource_share.subnet_share.arn
  principal          = "arn:aws:iam::${var.target_account_id}:root"
 }
	###########################
	# VARIABLES
	###########################

	variable "source_account_id" {
	description = "Account ID of the VPC owner (lz351prod)"
	type = string
	default = "913016797819"
	}

	variable "vpc_id" {
	description = "ID of the VPC to be shared"
	type = string
	default = "vpc-01596c7498b64f85f"
	}

	variable "vpc_name" {
	description = "Name of the VPC to be shared"
	type = string
	default = "lz351-private-prod-v1200"
	}

	variable "vpc_cidr" {
	description = "CIDR range of the VPC"
	type = string
	default = "10.183.35.0/25"
	}

	variable "subnets" {
	description = "List of subnets to share. Each subnet is defined by a name and an ID."
	type = list(object({
	name = string
	id = string
	}))
	default = [
	{ name = "lz351-private-prod-v1200-a", id = "subnet-0ed5ebe94408d5c24" },
	{ name = "lz351-private-prod-v1200-b", id = "subnet-0f116c83dde6ab08e" },
	{ name = "lz351-private-prod-v1200-c", id = "subnet-05afb3f00983a444b" }
	]
	}

	variable "region" {
	description = "AWS region"
	type = string
	default = "ap-southeast-2"
	}

	variable "target_account_id" {
	description = "Account ID of the target account (lz087prod)"
	type = string
	default = "508667327685"
	}

	variable "shared_tag_name" {
	description = "Tag Name to assign to the shared resource"
	type = string
	default = "EBOBS-PROD"
	}

	###########################
	# PROVIDER
	###########################

	provider "aws" {
	region = var.region
	# Use credentials for the source account (lz351prod)
	}

	###########################
	# RESOURCE SHARE SETUP
	###########################

	# Create a RAM resource share with a Name tag.
	resource "aws_ram_resource_share" "subnet_share" {
	name = "${var.vpc_name}-subnet-share"
	allow_external_principals = true

	tags = {
	Name = var.shared_tag_name
	}
	}

	# Associate each subnet with the resource share using a for_each loop.
	resource "aws_ram_resource_association" "subnet_association" {
	for_each = { for subnet in var.subnets : subnet.id => subnet }
	resource_share_arn = aws_ram_resource_share.subnet_share.arn
	resource_arn = "arn:aws:ec2:${var.region}:${var.source_account_id}:subnet/${each.value.id}"
	}

	# Grant access to the target account by associating its root principal.
	resource "aws_ram_principal_association" "target_account_association" {
	resource_share_arn = aws_ram_resource_share.subnet_share.arn
	principal = "arn:aws:iam::${var.target_account_id}:root"
	}