This module requires AWS Credentials for the peer account in the cross account case. The IAM user
or IAM role must miminally have the below permissions to manage the entire lifecyle of the peering
connection including route manipulation. An example of the required IAM Role
can be used to create the required role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "demo",
"Effect": "Allow",
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:CreateRoute",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:Describe*",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:RejectVpcPeeringConnection"
],
"Resource": "*"
}
]
}
module "cross_account_vpc_peer" {
source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-vpc_peer//modules/vpc_peer_cross_account?ref=v0.12.2"
vpc_id = module.base_network.vpc_id
# VPC in acceptor account vpc-XXXXXXXXX
peer_vpc_id = module.peer_base_network.vpc_id
vpc_route_tables = module.base_network.private_route_tables
vpc_route_tables_count = 2
# Acceptor Route Tables
peer_route_tables = module.peer_base_network.private_route_tables
peer_route_tables_count = 2
providers = {
aws.peer = aws.peer
}
}provider "aws" {
version = "~> 2.31"
alias = "peer"
region = "us-west-2"
assume_role {
role_arn = "arn:aws:iam::123456789012:role/AcceptVpcPeer"
external_id = "SomeExternalId"
}
}provider "aws" {
alias = "peer"
region = "us-east-1"
}Full working references are available at examples
Several changes were required while adding terraform 0.12 compatibility. The following changes should be
made when upgrading from a previous release to version 0.12.0 or higher.
The module now requires an explicitly defined AWS provider to be provided for the peer region and\or account.
The examples have been updated to demonstrate passing in the provider. As long as the peer information is
not changed, no resources should be replaced as a result of this change.
The following module variables were removed and are no longer neccessary:
acceptor_access_keyacceptor_secret_keypeer_cidr_rangepeer_owner_idpeer_regionvpc_cidr_range
New variables peer_route_tables and peer_route_tables_count were added to replace the functionality of the various peer_route_x_enable and peer_route_x_table_id variables. These deprecated variables and resources will continue to work as expected, but will be removed in a future release.
New variables vpc_route_tables and vpc_route_tables_count were added to replace the functionality of the various vpc_route_x_enable and vpc_route_x_table_id variables. These deprecated variables and resources will continue to work as expected, but will be removed in a future release.
| Name | Version |
|---|---|
| aws | >= 2.31.0 |
| aws.peer | >= 2.31.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_remote_vpc_dns_resolution | Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC. | bool |
true |
no |
| environment | Application environment for which this network is being created. one of: ('Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test') | string |
"Development" |
no |
| peer_route_1_enable | Enables Peer Route Table 1. (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
bool |
false |
no |
| peer_route_1_table_id | ID of VPC Route table #1 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
string |
"" |
no |
| peer_route_2_enable | Enables Peer Route Table 2. (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
bool |
false |
no |
| peer_route_2_table_id | ID of VPC Route table #2 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
string |
"" |
no |
| peer_route_3_enable | Enables Peer Route Table 3. (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
bool |
false |
no |
| peer_route_3_table_id | ID of VPC Route table #3 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
string |
"" |
no |
| peer_route_4_enable | Enables Peer Route Table 4. (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
bool |
false |
no |
| peer_route_4_table_id | ID of VPC Route table #4 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
string |
"" |
no |
| peer_route_5_enable | Enables Peer Route Table 5. (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
bool |
false |
no |
| peer_route_5_table_id | ID of VPC Route table #5 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the peer_route_tables and peer_route_tables_count variables. |
string |
"" |
no |
| peer_route_tables | A list of all peer route tables IDs | list(string) |
[] |
no |
| peer_route_tables_count | The number of peer route tables | number |
0 |
no |
| peer_vpc_id | The ID of the VPC with which you are creating the VPC Peering Connection. | string |
n/a | yes |
| tags | Custom tags to apply to all resources. | map(string) |
{} |
no |
| vpc_id | The ID of the requester VPC. | string |
n/a | yes |
| vpc_route_1_enable | Enables VPC Route Table 1. (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
bool |
false |
no |
| vpc_route_1_table_id | ID of VPC Route table #1 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
string |
"" |
no |
| vpc_route_2_enable | Enables VPC Route Table 2. (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
bool |
false |
no |
| vpc_route_2_table_id | ID of VPC Route table #2 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
string |
"" |
no |
| vpc_route_3_enable | Enables VPC Route Table 3. (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
bool |
false |
no |
| vpc_route_3_table_id | ID of VPC Route table #3 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
string |
"" |
no |
| vpc_route_4_enable | Enables VPC Route Table 4. (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
bool |
false |
no |
| vpc_route_4_table_id | ID of VPC Route table #4 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
string |
"" |
no |
| vpc_route_5_enable | Enables VPC Route Table 5. (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
bool |
false |
no |
| vpc_route_5_table_id | ID of VPC Route table #5 rtb-XXXXXX (Deprecated) This variable will be removed in future releases in favor of the vpc_route_tables and vpc_route_tables_count variables. |
string |
"" |
no |
| vpc_route_tables | A list of all VPC route tables IDs | list(string) |
[] |
no |
| vpc_route_tables_count | The number of VPC route tables | number |
0 |
no |
No output.