Terraform — AWS Cross Region Peering

Пример конфигурации Terraform, который создает 2 VPC в разных регионах (EU и US)  и создает между ними связность.

variables.tf

//////////////// FIRST VPC /////////////////

variable "VPC_1_REGION" {
  default = "us-east-1"
}

variable "VPC_1_NAME" {
  default = "artem-terraform-US"
}

variable "VPC_1_KEY_INSTANCE" { 
  default = "artem.gatchenko"
}

variable "VPC_1_SUBNET" { 
  default = "192.168.1.0/24"
}

//////////////// SECOND VPC /////////////////

variable "VPC_2_REGION" {
  default = "eu-west-2"
}

variable "VPC_2_NAME" {
  default = "artem-terraform-EU"
}

variable "VPC_2_KEY_INSTANCE" { 
  default = "artem.gatchenko"
}

variable "VPC_2_SUBNET" { 
  default = "192.168.2.0/24"
}

///////////////// OTHER //////////////////////

variable "INSTANCE_TYPE" {
  default = "t2.micro"
}

variable "AMI" {
  type = "map"
  default = {
    eu-west-1 = "ami-f90a4880"
    eu-west-2 = "ami-f976839e"
    eu-west-3 = "ami-0e55e373"
    us-east-1 = "ami-0ff8a91507f77f867"
    us-west-1 = "ami-0bdb828fd58c52235"
    eu-west-1 = "ami-047bb4163c506cd98"
    ap-northeast-1 = "ami-06cd52961ce9f0d85"
    ap-southeast-1 = "ami-08569b978cc4dfa10"
  }
}

main.tf

provider "aws" {
  region = "us-east-1"
}

provider "aws" {
  alias = "vpc1"
  region = "${var.VPC_1_REGION}"
}

provider "aws" {
  alias = "vpc2"
  region = "${var.VPC_2_REGION}"
}

vpc1.tf

// CREATE VPC
resource "aws_vpc" "vpc1" {
  provider = "aws.vpc1"
  cidr_block = "${var.VPC_1_SUBNET}"
  enable_dns_hostnames = "true"
  enable_dns_support = "true"

  tags {
    Name = "${var.VPC_1_NAME}"
  }
}

// CREATE GATEWAY
resource "aws_internet_gateway" "vpc1" {
  provider = "aws.vpc1"
  vpc_id = "${aws_vpc.vpc1.id}"

  tags {
    Name = "${var.VPC_1_NAME}"
  }
}

// CREATE ROUTE TABLE
resource "aws_route_table" "vpc1" {
  provider = "aws.vpc1"
  vpc_id = "${aws_vpc.vpc1.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.vpc1.id}"
  }

  route {
    cidr_block = "${var.VPC_2_SUBNET}"
    gateway_id = "${aws_vpc_peering_connection.vpc_peering.id}"
  }

  tags {
    Name = "${var.VPC_1_NAME}"
  }
}

// CREATE SUBNET
resource "aws_subnet" "vpc1" {
  provider = "aws.vpc1"
  vpc_id     = "${aws_vpc.vpc1.id}"
  cidr_block = "${var.VPC_1_SUBNET}"

  map_public_ip_on_launch = "true"

  tags {
    Name = "${var.VPC_1_NAME}"
  }
}

resource "aws_route_table_association" "vpc1" {
  provider = "aws.vpc1"
  subnet_id      = "${aws_subnet.vpc1.id}"
  route_table_id = "${aws_route_table.vpc1.id}"
}

// CREATE SECURITY GROUP
resource "aws_security_group" "vpc1" {
  provider = "aws.vpc1"
  vpc_id      = "${aws_vpc.vpc1.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow input SSH"
  }

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["${var.VPC_2_SUBNET}"]
    description = "Allow all input traffic from other VPC"
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow all ouput traffic from other VPC"
  }

  tags {
    Name = "${var.VPC_1_NAME}"
    Description = "${var.VPC_1_NAME}"
  }

}


// CREATE INSTANCE
resource "aws_instance" "vpc1" {
  provider = "aws.vpc1"
//  ami           = "${lookup(var.AMI, var.region)}"
  ami = "ami-0ff8a91507f77f867"
  instance_type = "${var.INSTANCE_TYPE}"
  key_name      = "${var.VPC_1_KEY_INSTANCE}"
  vpc_security_group_ids = ["${aws_security_group.vpc1.id}"]
  subnet_id = "${aws_subnet.vpc1.id}"
  associate_public_ip_address = true
  source_dest_check = false


  tags {
    Name = "${var.VPC_1_NAME}"
  }
}

output "aws-id-subnet-artem-terraform-VPC1" {
  value = "${aws_subnet.vpc1.id}"
}

vpc2.tf

// CREATE VPC
resource "aws_vpc" "vpc2" {
  provider = "aws.vpc2"
  cidr_block = "${var.VPC_2_SUBNET}"
  enable_dns_hostnames = "true"
  enable_dns_support = "true"

  tags {
    Name = "${var.VPC_2_NAME}"
  }
}

// CREATE GATEWAY
resource "aws_internet_gateway" "vpc2" {
  provider = "aws.vpc2"
  vpc_id = "${aws_vpc.vpc2.id}"

  tags {
    Name = "${var.VPC_2_NAME}"
  }
}

// CREATE ROUTE TABLE
resource "aws_route_table" "vpc2" {
  provider = "aws.vpc2"
  vpc_id = "${aws_vpc.vpc2.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.vpc2.id}"
  }

  route {
    cidr_block = "${var.VPC_1_SUBNET}"
    gateway_id = "${aws_vpc_peering_connection.vpc_peering.id}"
  }

  tags {
    Name = "${var.VPC_2_NAME}"
  }
}

// CREATE SUBNET
resource "aws_subnet" "vpc2" {
  provider = "aws.vpc2"
  vpc_id     = "${aws_vpc.vpc2.id}"
  cidr_block = "${var.VPC_2_SUBNET}"

  map_public_ip_on_launch = "true"

  tags {
    Name = "${var.VPC_2_NAME}"
  }
}

resource "aws_route_table_association" "vpc2" {
  provider = "aws.vpc2"
  subnet_id      = "${aws_subnet.vpc2.id}"
  route_table_id = "${aws_route_table.vpc2.id}"
}

// CREATE SECURITY GROUP
resource "aws_security_group" "vpc2" {
  provider = "aws.vpc2"
  vpc_id      = "${aws_vpc.vpc2.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow input SSH"
  }

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["${var.VPC_1_SUBNET}"]
    description = "Allow all input traffic from other VPC"
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow all ouput traffic from other VPC"
  }

  tags {
    Name = "${var.VPC_2_NAME}"
    Description = "${var.VPC_2_NAME}"
  }

}


// CREATE INSTANCE
resource "aws_instance" "vpc2" {
  provider = "aws.vpc2"
//  ami           = "${lookup(var.AMI, var.region)}"
  ami = "ami-f976839e"
  instance_type = "${var.INSTANCE_TYPE}"
  key_name      = "${var.VPC_2_KEY_INSTANCE}"
  vpc_security_group_ids = ["${aws_security_group.vpc2.id}"]
  subnet_id = "${aws_subnet.vpc2.id}"
  associate_public_ip_address = true
  source_dest_check = false


  tags {
    Name = "${var.VPC_2_NAME}"
  }
}

output "aws-id-subnet-artem-terraform-VPC2" {
  value = "${aws_subnet.vpc2.id}"
}

peering.tf

// CREATE PEERING BETWEEN VPC1 AND VPC2

resource "aws_vpc_peering_connection" "vpc_peering" {
  provider = "aws.vpc1"
  peer_vpc_id = "${aws_vpc.vpc2.id}"
  vpc_id = "${aws_vpc.vpc1.id}"
  peer_region ="${var.VPC_2_REGION}"
  
  tags {
    Name = "VPC Peering VPC1 and VPC2"
  }
}

resource "aws_vpc_peering_connection_accepter" "peering-accepter" {
  provider = "aws.vpc2"
  provider                  = "aws"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.vpc_peering.id}"
  auto_accept               = true
}

Скачать все одним архивом можно тут.

Как запустить Terraform темплейт:

terraform init
terraform plan
terraform apply

Метки: Метки

Подписаться
Уведомить о
guest

0 комментариев
Межтекстовые Отзывы
Посмотреть все комментарии