-
Notifications
You must be signed in to change notification settings - Fork 0
/
accepter.tf
150 lines (128 loc) · 4.97 KB
/
accepter.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Accepter's credentials
provider "aws" {
alias = "accepter"
region = var.accepter_region
profile = var.accepter_aws_profile
skip_metadata_api_check = var.skip_metadata_api_check
dynamic "assume_role" {
for_each = local.enabled && var.accepter_aws_assume_role_arn != "" ? ["true"] : []
content {
role_arn = var.accepter_aws_assume_role_arn
}
}
access_key = var.accepter_aws_access_key
secret_key = var.accepter_aws_secret_key
token = var.accepter_aws_token
}
module "accepter" {
source = "cloudposse/label/null"
version = "0.25.0"
enabled = local.accepter_enabled
attributes = var.add_attribute_tag ? ["accepter"] : []
tags = var.add_attribute_tag ? { Side = "accepter" } : {}
context = module.this.context
}
data "aws_caller_identity" "accepter" {
count = local.accepter_count
provider = aws.accepter
}
data "aws_region" "accepter" {
count = local.accepter_count
provider = aws.accepter
}
# Lookup accepter's VPC so that we can reference the CIDR
data "aws_vpc" "accepter" {
count = local.accepter_count
provider = aws.accepter
id = var.accepter_vpc_id
tags = var.accepter_vpc_tags
}
# Lookup accepter subnets
data "aws_subnets" "accepter" {
count = local.accepter_count
provider = aws.accepter
filter {
name = "vpc-id"
values = [local.accepter_vpc_id]
}
tags = var.accepter_subnet_tags
}
locals {
accepter_subnet_ids = local.accepter_enabled ? data.aws_subnets.accepter[0].ids : []
accepter_subnet_ids_count = length(local.accepter_subnet_ids)
accepter_vpc_id = join("", data.aws_vpc.accepter.*.id)
accepter_account_id = join("", data.aws_caller_identity.accepter.*.account_id)
accepter_region = join("", data.aws_region.accepter.*.name)
}
data "aws_route_tables" "accepter" {
for_each = toset(local.accepter_subnet_ids)
provider = aws.accepter
vpc_id = local.accepter_vpc_id
filter {
name = "association.subnet-id"
values = [each.key]
}
}
# If we had more subnets than routetables, we should update the default.
data "aws_route_tables" "default_rts" {
count = local.count
provider = aws.accepter
vpc_id = local.accepter_vpc_id
filter {
name = "association.main"
values = ["true"]
}
}
locals {
accepter_aws_default_rt_id = join("", flatten(data.aws_route_tables.default_rts.*.ids))
accepter_aws_rt_map = { for s in local.accepter_subnet_ids : s => try(data.aws_route_tables.accepter[s].ids[0], local.accepter_aws_default_rt_id) }
accepter_aws_route_table_ids = distinct(sort(values(local.accepter_aws_rt_map)))
accepter_aws_route_table_ids_count = length(local.accepter_aws_route_table_ids)
accepter_cidr_block_associations = flatten(data.aws_vpc.accepter.*.cidr_block_associations)
accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations)
}
# Create routes from accepter to requester
resource "aws_route" "accepter" {
count = local.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0
provider = aws.accepter
route_table_id = local.accepter_aws_route_table_ids[floor(count.index / local.requester_cidr_block_associations_count)]
destination_cidr_block = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"]
vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
depends_on = [
data.aws_route_tables.accepter,
aws_vpc_peering_connection_accepter.accepter,
aws_vpc_peering_connection.requester,
]
timeouts {
create = var.aws_route_create_timeout
delete = var.aws_route_delete_timeout
}
}
# Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "accepter" {
count = local.accepter_count
provider = aws.accepter
vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester.*.id)
auto_accept = var.auto_accept
tags = module.accepter.tags
}
resource "aws_vpc_peering_connection_options" "accepter" {
count = local.accepter_count
provider = aws.accepter
vpc_peering_connection_id = local.active_vpc_peering_connection_id
accepter {
allow_remote_vpc_dns_resolution = var.accepter_allow_remote_vpc_dns_resolution
}
}
output "accepter_connection_id" {
value = join("", aws_vpc_peering_connection_accepter.accepter.*.id)
description = "Accepter VPC peering connection ID"
}
output "accepter_accept_status" {
value = join("", aws_vpc_peering_connection_accepter.accepter.*.accept_status)
description = "Accepter VPC peering connection request status"
}
output "accepter_subnet_route_table_map" {
value = local.accepter_aws_rt_map
description = "Map of accepter VPC subnet IDs to route table IDs"
}