diff --git a/modules/terraform-aws-proxy/README.md b/modules/terraform-aws-proxy/README.md
index c7b903a..ec00dd6 100644
--- a/modules/terraform-aws-proxy/README.md
+++ b/modules/terraform-aws-proxy/README.md
@@ -46,7 +46,6 @@ No modules.
| [aws_ami.proxy_default_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_network_interface.proxy_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/network_interface) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [aws_route_table.proxy_rt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source |
| [aws_vpc.proxy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
## Inputs
@@ -76,7 +75,7 @@ No modules.
| [proxy\_security\_group\_id](#input\_proxy\_security\_group\_id) | ID for existing Security Group to be used for the proxy VM. Required when create\_proxy\_sg is false | `string` | `null` | no |
| [proxy\_security\_group\_name](#input\_proxy\_security\_group\_name) | Name of Proxy Security Group for CDP environment. Used only if create\_proxy\_sg is true. | `string` | `null` | no |
| [proxy\_whitelist\_file](#input\_proxy\_whitelist\_file) | Location of the Proxy Whitelist file. If not specified the files/squid-http-whitelist.txt.tpl file accompanying the module is used. | `string` | `null` | no |
-| [route\_tables\_to\_update](#input\_route\_tables\_to\_update) | List of any route tables to update to point to the Network interface of the Proxy VM | list(object({
route_tables = list(string)
destination_cidr_block = string
})) | `[]` | no |
+| [route\_tables\_to\_update](#input\_route\_tables\_to\_update) | List of any route tables to update to point to the Network interface of the Proxy VM | list(object({
route_tables = list(string)
availability_zones = optional(list(string))
destination_cidr_block = string
})) | `[]` | no |
## Outputs
diff --git a/modules/terraform-aws-proxy/data.tf b/modules/terraform-aws-proxy/data.tf
index 8fde7ba..4b0cfc4 100644
--- a/modules/terraform-aws-proxy/data.tf
+++ b/modules/terraform-aws-proxy/data.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -48,14 +48,3 @@ data "aws_network_interface" "proxy_lb" {
values = [each.value]
}
}
-
-# Find route table details
-data "aws_route_table" "proxy_rt" {
-
- for_each = {
- for k, v in local.route_tables_to_update : k => v
- }
-
- route_table_id = each.value.route_table
-
-}
\ No newline at end of file
diff --git a/modules/terraform-aws-proxy/defaults.tf b/modules/terraform-aws-proxy/defaults.tf
index 98521c7..1562695 100644
--- a/modules/terraform-aws-proxy/defaults.tf
+++ b/modules/terraform-aws-proxy/defaults.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,9 +34,10 @@ locals {
route_tables_to_update = flatten([
for route in var.route_tables_to_update :
[
- for rt in route.route_tables :
+ for rti, rt in route.route_tables :
{
route_table = rt
+ availability_zone = try(route.availability_zones[rti], null)
destination_cidr_block = route.destination_cidr_block
}
]
@@ -51,21 +52,4 @@ locals {
}
]
- # TODO: Explore better rt to eni mapping with the below
- # route_table_details = [
- # for rt in data.aws_route_table.proxy_rt :
- # {
- # rt_id = rt.id
- # subnet_ids = rt.associations[*].subnet_id
- # }
- # ]
-
- route_table_to_lb_eni_assoc = {
- for k, v in data.aws_route_table.proxy_rt : v.id => {
- # TODO: eni of same subnet assoc if possible otherwise the first eni_id in lb_eni_details
- eni = local.lb_eni_details[0].eni_id
- }
- }
-
-
}
\ No newline at end of file
diff --git a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/main.tf b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/main.tf
index d3fef8a..392d508 100644
--- a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/main.tf
+++ b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/main.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/terraform.tfvars.sample b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/terraform.tfvars.sample
index 2e76630..a03f6c8 100644
--- a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/terraform.tfvars.sample
+++ b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/terraform.tfvars.sample
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/variables.tf b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/variables.tf
index 432e056..adc520e 100644
--- a/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/variables.tf
+++ b/modules/terraform-aws-proxy/examples/ex01-minimal_inputs/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/files/squid-user-data.sh.tpl b/modules/terraform-aws-proxy/files/squid-user-data.sh.tpl
index e3e22fe..d59ea0c 100644
--- a/modules/terraform-aws-proxy/files/squid-user-data.sh.tpl
+++ b/modules/terraform-aws-proxy/files/squid-user-data.sh.tpl
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/main.tf b/modules/terraform-aws-proxy/main.tf
index ea67d91..950f57f 100644
--- a/modules/terraform-aws-proxy/main.tf
+++ b/modules/terraform-aws-proxy/main.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -183,5 +183,8 @@ resource "aws_route" "vpc_tgw_route" {
route_table_id = each.value.route_table
destination_cidr_block = each.value.destination_cidr_block
- network_interface_id = local.route_table_to_lb_eni_assoc[each.value.route_table].eni
+ # Where route table AZ info is available, use Network LB ENI from same AZ as subnet where route table is associated. Otherwise set to first LB ENI
+ # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/16759#issuecomment-1768591117
+ network_interface_id = try(element([for lbeni in tolist(local.lb_eni_details) : lbeni.eni_id if lbeni.az == each.value.availability_zone], 0), local.lb_eni_details[0].eni_id)
+
}
diff --git a/modules/terraform-aws-proxy/outputs.tf b/modules/terraform-aws-proxy/outputs.tf
index 9df92b9..c3828b6 100644
--- a/modules/terraform-aws-proxy/outputs.tf
+++ b/modules/terraform-aws-proxy/outputs.tf
@@ -1,17 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/provider.tf b/modules/terraform-aws-proxy/provider.tf
index f7b8d73..d215e0b 100644
--- a/modules/terraform-aws-proxy/provider.tf
+++ b/modules/terraform-aws-proxy/provider.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/modules/terraform-aws-proxy/variables.tf b/modules/terraform-aws-proxy/variables.tf
index 5a417f4..a8cf05d 100644
--- a/modules/terraform-aws-proxy/variables.tf
+++ b/modules/terraform-aws-proxy/variables.tf
@@ -1,4 +1,4 @@
-# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+# Copyright 2025 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -243,6 +243,7 @@ variable "route_tables_to_update" {
description = "List of any route tables to update to point to the Network interface of the Proxy VM"
type = list(object({
route_tables = list(string)
+ availability_zones = optional(list(string))
destination_cidr_block = string
}))