From d1c8f43fc1b9696e0e4cbc40ef944f1aa67a63f9 Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 3 Mar 2023 15:40:52 -0600 Subject: [PATCH 1/5] vpc-peering --- terraform-modules/aws/vpc-peering/README.md | 43 +++++++++++++++++++ terraform-modules/aws/vpc-peering/main.tf | 36 ++++++++++++++++ terraform-modules/aws/vpc-peering/outputs.tf | 19 ++++++++ .../aws/vpc-peering/variables.tf | 43 +++++++++++++++++++ 4 files changed, 141 insertions(+) create mode 100644 terraform-modules/aws/vpc-peering/README.md create mode 100644 terraform-modules/aws/vpc-peering/main.tf create mode 100644 terraform-modules/aws/vpc-peering/outputs.tf create mode 100644 terraform-modules/aws/vpc-peering/variables.tf diff --git a/terraform-modules/aws/vpc-peering/README.md b/terraform-modules/aws/vpc-peering/README.md new file mode 100644 index 000000000..2199bbed8 --- /dev/null +++ b/terraform-modules/aws/vpc-peering/README.md @@ -0,0 +1,43 @@ +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_route_table_association.association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_vpc_endpoint_route_table_association.endpoint_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint_route_table_association) | resource | +| [aws_vpc_peering_connection.peering_connection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource | +| [aws_route_table.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Specifies whether DNS resolution is enabled for the VPC peering connection | `bool` | `true` | no | +| [auto\_accept](#input\_auto\_accept) | Specifies whether the peering connection should be automatically accepted | `bool` | `true` | no | +| [peer\_vpc\_id](#input\_peer\_vpc\_id) | ID of the VPC B | `string` | n/a | yes | +| [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Specifies whether DNS resolution is enabled for the VPC peering connection | `bool` | `true` | no | +| [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs for which to retrieve the associated route tables | `list(string)` | n/a | yes | +| [tags](#input\_tags) | A map of tags to apply to the VPC peering connection | `map(any)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the subnets are located | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [aws\_route\_table\_association\_id](#output\_aws\_route\_table\_association\_id) | The ID of the association | +| [aws\_vpc\_endpoint\_route\_table\_association\_id](#output\_aws\_vpc\_endpoint\_route\_table\_association\_id) | A hash of the EC2 Route Table and VPC Endpoint identifiers. | +| [vpc\_peering\_connection\_accept\_status](#output\_vpc\_peering\_connection\_accept\_status) | The status of the VPC Peering Connection request | +| [vpc\_peering\_connection\_id](#output\_vpc\_peering\_connection\_id) | The ID of the VPC Peering Connection | diff --git a/terraform-modules/aws/vpc-peering/main.tf b/terraform-modules/aws/vpc-peering/main.tf new file mode 100644 index 000000000..1c227f24a --- /dev/null +++ b/terraform-modules/aws/vpc-peering/main.tf @@ -0,0 +1,36 @@ +# Create peering connection between VPC A and VPC B +resource "aws_vpc_peering_connection" "peering_connection" { + vpc_id = var.vpc_id + peer_vpc_id = var.peer_vpc_id + auto_accept = var.auto_accept + + accepter { + allow_remote_vpc_dns_resolution = var.accepter_allow_remote_vpc_dns_resolution + } + + requester { + allow_remote_vpc_dns_resolution = var.requester_allow_remote_vpc_dns_resolution + } + tags = var.tags +} + +data "aws_route_table" "route_table" { + for_each = { for id in var.subnet_ids : id => id } + subnet_id = each.value + vpc_id = var.vpc_id +} + +# Assign route table to corresponding subnets in VPC B +resource "aws_route_table_association" "association" { + for_each = { for id in var.subnet_ids : id => id } + subnet_id = each.value + route_table_id = data.aws_route_table.route_table_b[each.key].id +} + +# Create endpoint access policy for VPC B +resource "aws_vpc_endpoint_route_table_association" "endpoint_association" { + for_each = { for id in var.subnet_ids : id => id } + vpc_endpoint_id = var.vpc_endpoint_id + route_table_id = aws_route_table.route_table_b[each.key].id +} + diff --git a/terraform-modules/aws/vpc-peering/outputs.tf b/terraform-modules/aws/vpc-peering/outputs.tf new file mode 100644 index 000000000..974e3c702 --- /dev/null +++ b/terraform-modules/aws/vpc-peering/outputs.tf @@ -0,0 +1,19 @@ +output "vpc_peering_connection_id" { + description = "The ID of the VPC Peering Connection" + value = aws_vpc_peering_connection.peering_connection.id +} + +output "vpc_peering_connection_accept_status" { + description = "The status of the VPC Peering Connection request" + value = aws_vpc_peering_connection.peering_connection.accept_status +} + +output "aws_route_table_association_id" { + description = "The ID of the association" + value = aws_route_table_association.association.id +} + +output "aws_vpc_endpoint_route_table_association_id" { + description = "A hash of the EC2 Route Table and VPC Endpoint identifiers." + value = aws_vpc_endpoint_route_table_association.endpoint_association.id +} \ No newline at end of file diff --git a/terraform-modules/aws/vpc-peering/variables.tf b/terraform-modules/aws/vpc-peering/variables.tf new file mode 100644 index 000000000..60edbe76a --- /dev/null +++ b/terraform-modules/aws/vpc-peering/variables.tf @@ -0,0 +1,43 @@ +variable "vpc_id" { + description = "ID of the VPC A" + type = string +} + +variable "peer_vpc_id" { + description = "ID of the VPC B" + type = string +} + +variable "auto_accept" { + description = "Specifies whether the peering connection should be automatically accepted" + type = bool + default = true +} + +variable "accepter_allow_remote_vpc_dns_resolution" { + description = "Specifies whether DNS resolution is enabled for the VPC peering connection" + type = bool + default = true +} + +variable "requester_allow_remote_vpc_dns_resolution" { + description = "Specifies whether DNS resolution is enabled for the VPC peering connection" + type = bool + default = true +} + +variable "subnet_ids" { + type = list(string) + description = "A list of subnet IDs for which to retrieve the associated route tables" +} + +variable "vpc_id" { + type = string + description = "The ID of the VPC in which the subnets are located" +} + +variable "tags" { + description = "A map of tags to apply to the VPC peering connection" + type = map(any) + default = {} +} \ No newline at end of file From 931e96bc6fa02e9eb431d742fc30be193aa64fb6 Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 3 Mar 2023 15:48:38 -0600 Subject: [PATCH 2/5] fix docs --- terraform-modules/aws/vpc-peering/README.md | 2 +- terraform-modules/aws/vpc-peering/variables.tf | 11 +++-------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/terraform-modules/aws/vpc-peering/README.md b/terraform-modules/aws/vpc-peering/README.md index 2199bbed8..0e6be4619 100644 --- a/terraform-modules/aws/vpc-peering/README.md +++ b/terraform-modules/aws/vpc-peering/README.md @@ -27,7 +27,7 @@ No modules. |------|-------------|------|---------|:--------:| | [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Specifies whether DNS resolution is enabled for the VPC peering connection | `bool` | `true` | no | | [auto\_accept](#input\_auto\_accept) | Specifies whether the peering connection should be automatically accepted | `bool` | `true` | no | -| [peer\_vpc\_id](#input\_peer\_vpc\_id) | ID of the VPC B | `string` | n/a | yes | +| [peer\_vpc\_id](#input\_peer\_vpc\_id) | The ID of the VPC with which you are creating the VPC Peering Connection. | `string` | n/a | yes | | [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Specifies whether DNS resolution is enabled for the VPC peering connection | `bool` | `true` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs for which to retrieve the associated route tables | `list(string)` | n/a | yes | | [tags](#input\_tags) | A map of tags to apply to the VPC peering connection | `map(any)` | `{}` | no | diff --git a/terraform-modules/aws/vpc-peering/variables.tf b/terraform-modules/aws/vpc-peering/variables.tf index 60edbe76a..cb575a8be 100644 --- a/terraform-modules/aws/vpc-peering/variables.tf +++ b/terraform-modules/aws/vpc-peering/variables.tf @@ -1,10 +1,10 @@ variable "vpc_id" { - description = "ID of the VPC A" - type = string + type = string + description = "The ID of the VPC in which the subnets are located" } variable "peer_vpc_id" { - description = "ID of the VPC B" + description = "The ID of the VPC with which you are creating the VPC Peering Connection." type = string } @@ -31,11 +31,6 @@ variable "subnet_ids" { description = "A list of subnet IDs for which to retrieve the associated route tables" } -variable "vpc_id" { - type = string - description = "The ID of the VPC in which the subnets are located" -} - variable "tags" { description = "A map of tags to apply to the VPC peering connection" type = map(any) From b473c0bf4123610fb5c2a96d3fa70276d25c97a2 Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 3 Mar 2023 16:17:29 -0600 Subject: [PATCH 3/5] vpc endpoint id --- terraform-modules/aws/vpc-peering/variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform-modules/aws/vpc-peering/variables.tf b/terraform-modules/aws/vpc-peering/variables.tf index cb575a8be..f4e3af193 100644 --- a/terraform-modules/aws/vpc-peering/variables.tf +++ b/terraform-modules/aws/vpc-peering/variables.tf @@ -31,6 +31,11 @@ variable "subnet_ids" { description = "A list of subnet IDs for which to retrieve the associated route tables" } +variable "vpc_endpoint_id" { + type = string + description = "VPC endpoint Id where you want to point" +} + variable "tags" { description = "A map of tags to apply to the VPC peering connection" type = map(any) From e3e860b0051ff1c72ae4817b7e8b2b9b2ef555c7 Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 3 Mar 2023 17:02:41 -0600 Subject: [PATCH 4/5] typo b --- terraform-modules/aws/vpc-peering/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform-modules/aws/vpc-peering/main.tf b/terraform-modules/aws/vpc-peering/main.tf index 1c227f24a..993cdc211 100644 --- a/terraform-modules/aws/vpc-peering/main.tf +++ b/terraform-modules/aws/vpc-peering/main.tf @@ -24,13 +24,13 @@ data "aws_route_table" "route_table" { resource "aws_route_table_association" "association" { for_each = { for id in var.subnet_ids : id => id } subnet_id = each.value - route_table_id = data.aws_route_table.route_table_b[each.key].id + route_table_id = data.aws_route_table.route_table[each.key].id } # Create endpoint access policy for VPC B resource "aws_vpc_endpoint_route_table_association" "endpoint_association" { for_each = { for id in var.subnet_ids : id => id } vpc_endpoint_id = var.vpc_endpoint_id - route_table_id = aws_route_table.route_table_b[each.key].id + route_table_id = aws_route_table.route_table[each.key].id } From 4bfb099c6bcadc304d1be9296dc793b53d900b2e Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Fri, 3 Mar 2023 17:19:08 -0600 Subject: [PATCH 5/5] remove outputs --- terraform-modules/aws/vpc-peering/main.tf | 2 +- terraform-modules/aws/vpc-peering/outputs.tf | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/terraform-modules/aws/vpc-peering/main.tf b/terraform-modules/aws/vpc-peering/main.tf index 993cdc211..fb8e1804e 100644 --- a/terraform-modules/aws/vpc-peering/main.tf +++ b/terraform-modules/aws/vpc-peering/main.tf @@ -31,6 +31,6 @@ resource "aws_route_table_association" "association" { resource "aws_vpc_endpoint_route_table_association" "endpoint_association" { for_each = { for id in var.subnet_ids : id => id } vpc_endpoint_id = var.vpc_endpoint_id - route_table_id = aws_route_table.route_table[each.key].id + route_table_id = data.aws_route_table.route_table[each.key].id } diff --git a/terraform-modules/aws/vpc-peering/outputs.tf b/terraform-modules/aws/vpc-peering/outputs.tf index 974e3c702..f51c18d27 100644 --- a/terraform-modules/aws/vpc-peering/outputs.tf +++ b/terraform-modules/aws/vpc-peering/outputs.tf @@ -7,13 +7,3 @@ output "vpc_peering_connection_accept_status" { description = "The status of the VPC Peering Connection request" value = aws_vpc_peering_connection.peering_connection.accept_status } - -output "aws_route_table_association_id" { - description = "The ID of the association" - value = aws_route_table_association.association.id -} - -output "aws_vpc_endpoint_route_table_association_id" { - description = "A hash of the EC2 Route Table and VPC Endpoint identifiers." - value = aws_vpc_endpoint_route_table_association.endpoint_association.id -} \ No newline at end of file