-
Notifications
You must be signed in to change notification settings - Fork 11
/
main.tf
166 lines (140 loc) · 5 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# Managed By : CloudDrove
# Description : This Script is used to manage a VPC peering connection of multiple account.
# Copyright @ CloudDrove. All Right Reserved.
#Module : Label
#Description : This terraform module is designed to generate consistent label names and
# tags for resources. You can use terraform-labels to implement a strict
# naming convention.
module "labels" {
source = "clouddrove/labels/aws"
version = "1.3.0"
name = var.name
environment = var.environment
attributes = var.attributes
repository = var.repository
managedby = var.managedby
label_order = var.label_order
}
#Accepter is AwS Details
provider "aws" {
alias = "accepter"
region = var.accepter_region
version = ">= 3.1.15"
profile = var.profile_name
assume_role {
role_arn = var.accepter_role_arn
}
}
data "aws_caller_identity" "peer" {
provider = "aws.accepter"
}
data "aws_region" "peer" {
provider = "aws.accepter"
}
#Module : VPC PEERING CONNECTION
#Description : Terraform module to connect two VPC's on AWS.
resource "aws_vpc_peering_connection" "default" {
count = var.enable_peering == true ? 1 : 0
peer_owner_id = data.aws_caller_identity.peer.account_id
peer_region = data.aws_region.peer.id
vpc_id = var.requestor_vpc_id
peer_vpc_id = var.acceptor_vpc_id
auto_accept = false
tags = merge(
module.labels.tags,
{
"Name" = format("%s-%s", module.labels.name, module.labels.environment)
}
)
}
#Module : VPC PEERING CONNECTION ACCEPTOR
#Description : Provides a resource to manage the accepter's side of a VPC Peering Connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
count = var.enable_peering == true ? 1 : 0
provider = "aws.accepter"
vpc_peering_connection_id = aws_vpc_peering_connection.default[0].id
auto_accept = true
tags = module.labels.tags
}
#Module : AWS VPC
#Description : Provides a VPC resource.
data "aws_vpc" "requestor" {
count = var.enable_peering == true ? 1 : 0
id = var.requestor_vpc_id
}
#Module : ROUTE TABLE
#Description : Provides a resource to create a VPC routing table.
data "aws_route_table" "requestor" {
count = var.enable_peering == true ? length(distinct(sort(data.aws_subnets.requestor[0].ids))) : 0
subnet_id = element(
distinct(sort(data.aws_subnets.requestor[0].ids)),
count.index
)
}
#Module : SUBNET ID's
#Description : Lookup requestor subnets.
data "aws_subnets" "requestor" {
count = var.enable_peering == true ? 1 : 0
}
#Module : VPC ACCEPTOR
#Description : Lookup acceptor VPC so that we can reference the CIDR.
data "aws_vpc" "acceptor" {
provider = "aws.accepter"
count = var.enable_peering == true ? 1 : 0
id = var.acceptor_vpc_id
}
#Module : SUBNET ID's ACCEPTOR
#Description : Lookup acceptor subnets.
data "aws_subnets" "acceptor" {
provider = "aws.accepter"
count = var.enable_peering == true ? 1 : 0
}
#Module : ROUTE TABLE
#Description : Lookup acceptor route tables.
data "aws_route_table" "acceptor" {
provider = "aws.accepter"
count = var.enable_peering == true ? length(distinct(sort(data.aws_subnets.acceptor[0].ids))) : 0
subnet_id = element(
distinct(sort(data.aws_subnets.acceptor[0].ids)),
count.index
)
}
#Module : ROUTE REQUESTOR
#Description : Create routes from requestor to acceptor.
resource "aws_route" "requestor" {
count = var.enable_peering == true ? length(
distinct(sort(data.aws_route_table.requestor.*.route_table_id))
) * length(data.aws_vpc.acceptor[0].cidr_block_associations) : 0
route_table_id = element(
distinct(sort(data.aws_route_table.requestor.*.route_table_id)),
ceil(
count.index / length(data.aws_vpc.acceptor[0].cidr_block_associations)
)
)
destination_cidr_block = data.aws_vpc.acceptor.0.cidr_block_associations[count.index % length(data.aws_vpc.acceptor[0].cidr_block_associations)]["cidr_block"]
vpc_peering_connection_id = aws_vpc_peering_connection.default[0].id
depends_on = [
data.aws_route_table.requestor,
aws_vpc_peering_connection.default,
]
}
#Module : ROUTE ACCEPTOR
#Description : Create routes from acceptor to requestor.
resource "aws_route" "acceptor" {
provider = "aws.accepter"
count = var.enable_peering == true ? length(
distinct(sort(data.aws_route_table.acceptor.*.route_table_id))
) * length(data.aws_vpc.requestor[0].cidr_block_associations) : 0
route_table_id = element(
distinct(sort(data.aws_route_table.acceptor.*.route_table_id)),
ceil(
count.index / length(data.aws_vpc.requestor[0].cidr_block_associations)
)
)
destination_cidr_block = data.aws_vpc.requestor.0.cidr_block_associations[count.index % length(data.aws_vpc.requestor[0].cidr_block_associations)]["cidr_block"]
vpc_peering_connection_id = aws_vpc_peering_connection.default[0].id
depends_on = [
data.aws_route_table.acceptor,
aws_vpc_peering_connection.default,
]
}