Пример конфигурации Terraform, который создает 2 VPC в разных регионах (EU и US) и создает между ними связность.
variables.tf
//////////////// FIRST VPC /////////////////
variable "VPC_1_REGION" {
default = "us-east-1"
}
variable "VPC_1_NAME" {
default = "artem-terraform-US"
}
variable "VPC_1_KEY_INSTANCE" {
default = "artem.gatchenko"
}
variable "VPC_1_SUBNET" {
default = "192.168.1.0/24"
}
//////////////// SECOND VPC /////////////////
variable "VPC_2_REGION" {
default = "eu-west-2"
}
variable "VPC_2_NAME" {
default = "artem-terraform-EU"
}
variable "VPC_2_KEY_INSTANCE" {
default = "artem.gatchenko"
}
variable "VPC_2_SUBNET" {
default = "192.168.2.0/24"
}
///////////////// OTHER //////////////////////
variable "INSTANCE_TYPE" {
default = "t2.micro"
}
variable "AMI" {
type = "map"
default = {
eu-west-1 = "ami-f90a4880"
eu-west-2 = "ami-f976839e"
eu-west-3 = "ami-0e55e373"
us-east-1 = "ami-0ff8a91507f77f867"
us-west-1 = "ami-0bdb828fd58c52235"
eu-west-1 = "ami-047bb4163c506cd98"
ap-northeast-1 = "ami-06cd52961ce9f0d85"
ap-southeast-1 = "ami-08569b978cc4dfa10"
}
}
main.tf
provider "aws" {
region = "us-east-1"
}
provider "aws" {
alias = "vpc1"
region = "${var.VPC_1_REGION}"
}
provider "aws" {
alias = "vpc2"
region = "${var.VPC_2_REGION}"
}
vpc1.tf
// CREATE VPC
resource "aws_vpc" "vpc1" {
provider = "aws.vpc1"
cidr_block = "${var.VPC_1_SUBNET}"
enable_dns_hostnames = "true"
enable_dns_support = "true"
tags {
Name = "${var.VPC_1_NAME}"
}
}
// CREATE GATEWAY
resource "aws_internet_gateway" "vpc1" {
provider = "aws.vpc1"
vpc_id = "${aws_vpc.vpc1.id}"
tags {
Name = "${var.VPC_1_NAME}"
}
}
// CREATE ROUTE TABLE
resource "aws_route_table" "vpc1" {
provider = "aws.vpc1"
vpc_id = "${aws_vpc.vpc1.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.vpc1.id}"
}
route {
cidr_block = "${var.VPC_2_SUBNET}"
gateway_id = "${aws_vpc_peering_connection.vpc_peering.id}"
}
tags {
Name = "${var.VPC_1_NAME}"
}
}
// CREATE SUBNET
resource "aws_subnet" "vpc1" {
provider = "aws.vpc1"
vpc_id = "${aws_vpc.vpc1.id}"
cidr_block = "${var.VPC_1_SUBNET}"
map_public_ip_on_launch = "true"
tags {
Name = "${var.VPC_1_NAME}"
}
}
resource "aws_route_table_association" "vpc1" {
provider = "aws.vpc1"
subnet_id = "${aws_subnet.vpc1.id}"
route_table_id = "${aws_route_table.vpc1.id}"
}
// CREATE SECURITY GROUP
resource "aws_security_group" "vpc1" {
provider = "aws.vpc1"
vpc_id = "${aws_vpc.vpc1.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow input SSH"
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["${var.VPC_2_SUBNET}"]
description = "Allow all input traffic from other VPC"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow all ouput traffic from other VPC"
}
tags {
Name = "${var.VPC_1_NAME}"
Description = "${var.VPC_1_NAME}"
}
}
// CREATE INSTANCE
resource "aws_instance" "vpc1" {
provider = "aws.vpc1"
// ami = "${lookup(var.AMI, var.region)}"
ami = "ami-0ff8a91507f77f867"
instance_type = "${var.INSTANCE_TYPE}"
key_name = "${var.VPC_1_KEY_INSTANCE}"
vpc_security_group_ids = ["${aws_security_group.vpc1.id}"]
subnet_id = "${aws_subnet.vpc1.id}"
associate_public_ip_address = true
source_dest_check = false
tags {
Name = "${var.VPC_1_NAME}"
}
}
output "aws-id-subnet-artem-terraform-VPC1" {
value = "${aws_subnet.vpc1.id}"
}
vpc2.tf
// CREATE VPC
resource "aws_vpc" "vpc2" {
provider = "aws.vpc2"
cidr_block = "${var.VPC_2_SUBNET}"
enable_dns_hostnames = "true"
enable_dns_support = "true"
tags {
Name = "${var.VPC_2_NAME}"
}
}
// CREATE GATEWAY
resource "aws_internet_gateway" "vpc2" {
provider = "aws.vpc2"
vpc_id = "${aws_vpc.vpc2.id}"
tags {
Name = "${var.VPC_2_NAME}"
}
}
// CREATE ROUTE TABLE
resource "aws_route_table" "vpc2" {
provider = "aws.vpc2"
vpc_id = "${aws_vpc.vpc2.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.vpc2.id}"
}
route {
cidr_block = "${var.VPC_1_SUBNET}"
gateway_id = "${aws_vpc_peering_connection.vpc_peering.id}"
}
tags {
Name = "${var.VPC_2_NAME}"
}
}
// CREATE SUBNET
resource "aws_subnet" "vpc2" {
provider = "aws.vpc2"
vpc_id = "${aws_vpc.vpc2.id}"
cidr_block = "${var.VPC_2_SUBNET}"
map_public_ip_on_launch = "true"
tags {
Name = "${var.VPC_2_NAME}"
}
}
resource "aws_route_table_association" "vpc2" {
provider = "aws.vpc2"
subnet_id = "${aws_subnet.vpc2.id}"
route_table_id = "${aws_route_table.vpc2.id}"
}
// CREATE SECURITY GROUP
resource "aws_security_group" "vpc2" {
provider = "aws.vpc2"
vpc_id = "${aws_vpc.vpc2.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow input SSH"
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["${var.VPC_1_SUBNET}"]
description = "Allow all input traffic from other VPC"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow all ouput traffic from other VPC"
}
tags {
Name = "${var.VPC_2_NAME}"
Description = "${var.VPC_2_NAME}"
}
}
// CREATE INSTANCE
resource "aws_instance" "vpc2" {
provider = "aws.vpc2"
// ami = "${lookup(var.AMI, var.region)}"
ami = "ami-f976839e"
instance_type = "${var.INSTANCE_TYPE}"
key_name = "${var.VPC_2_KEY_INSTANCE}"
vpc_security_group_ids = ["${aws_security_group.vpc2.id}"]
subnet_id = "${aws_subnet.vpc2.id}"
associate_public_ip_address = true
source_dest_check = false
tags {
Name = "${var.VPC_2_NAME}"
}
}
output "aws-id-subnet-artem-terraform-VPC2" {
value = "${aws_subnet.vpc2.id}"
}
peering.tf
// CREATE PEERING BETWEEN VPC1 AND VPC2
resource "aws_vpc_peering_connection" "vpc_peering" {
provider = "aws.vpc1"
peer_vpc_id = "${aws_vpc.vpc2.id}"
vpc_id = "${aws_vpc.vpc1.id}"
peer_region ="${var.VPC_2_REGION}"
tags {
Name = "VPC Peering VPC1 and VPC2"
}
}
resource "aws_vpc_peering_connection_accepter" "peering-accepter" {
provider = "aws.vpc2"
provider = "aws"
vpc_peering_connection_id = "${aws_vpc_peering_connection.vpc_peering.id}"
auto_accept = true
}
Скачать все одним архивом можно тут.
Как запустить Terraform темплейт:
terraform init terraform plan terraform apply