9. Network Setup 02: Multi-Region VPC Peering and Routing
Continuing the Network Setup
In this lesson, we'll extend our network setup by implementing multi-region Virtual Private Cloud (VPC) peering and configuring routes for seamless communication between VPCs. This builds upon our previous work where we established VPCs, subnets, and internet gateways.
Objective
The focus is on setting up a VPC peering connection across different regions (eu-west-1 and eu-west-2) and ensuring that the VPCs can communicate over this connection.
File Structure
deploy_iac_terraform
|
|---s3_code
| |---s3_bucket_create.tf
|
|---providers.tf
|---backend.tf
|---networks.tf
Implementation Steps
1. VPC Peering Connection Request: Initiate a peering connection request from the master region (eu-west-1) to the worker region (eu-west-2). This involves specifying the peer VPC ID and the originating VPC ID in Terraform.
# Initiating Peering connection request from eu-west-1
resource "aws_vpc_peering_connection" "euwest-1-euwest-2" {
provider = aws.region-master
peer_vpc_id = aws_vpc.vpc_master_london.id
vpc_id = aws_vpc.vpc_master.id
peer_region = var.region-worker
}
2. Accepting the Peering Connection: Create a resource in the worker region to accept the VPC peering connection, leveraging the aws_vpc_peering_connection_accepter resource in Terraform. This setup includes the auto-accept option as both VPCs belong to the same AWS account.
# Accepting VPC peering request in eu-west-2 from eu-west-1
resource "aws_vpc_peering_connection_accepter" "accept_peering" {
provider = aws.region-worker
vpc_peering_connection_id = aws_vpc_peering_connection.euwest-1-euwest-2.id
auto_accept = true
}
3. Routing Table Setup: Define routing tables for each VPC to facilitate communication over the peering connection. This includes routing to the internet gateway and the subnet of the peer VPC.
# Create route table in eu-west-1
resource "aws_route_table" "internet_route" {
provider = aws.region-master
vpc_id = aws_vpc.vpc_master.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.IGW.id
}
route {
cidr_block = "192.168.1.0/24"
vpc_peering_connection_id = aws_vpc_peering_connection.euwest-1-euwest-2.id
}
lifecycle {
ignore_changes = all
}
tags = {
Name = "Master-Region-RT"
}
}
# Overwrite default route table of VPC(Master) with our route table entries
resource "aws_main_route_table_association" "set-master-default-rt-assoc" {
provider = aws.region-master
vpc_id = aws_vpc.vpc_master.id
route_table_id = aws_route_table.internet_route.id
}
# Create route table in eu-west-2
resource "aws_route_table" "internet_route_london" {
provider = aws.region-worker
vpc_id = aws_vpc.vpc_master_london.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.IGW-london.id
}
route {
cidr_block = "10.0.1.0/24"
vpc_peering_connection_id = aws_vpc_peering_connection.euwest-1-euwest-2.id
}
lifecycle {
ignore_changes = all
}
tags = {
Name = "Worker-Region-RT"
}
}
# Overwrite default route table of VPC(Worker) with our route table entries
resource "aws_main_route_table_association" "set-worker-default-rt-assoc" {
provider = aws.region-worker
vpc_id = aws_vpc.vpc_master_london.id
route_table_id = aws_route_table.internet_route_london.id
}
4. Lifecycle Management: Implement a lifecycle block within Terraform to ignore any updates to the internet gateway or VPC peering connection, thus preventing unintended changes to the routing table.
5. Associating Route Tables: Replace the main route tables of each VPC with custom route tables containing the necessary routes for the VPC peering connection.
Terraform Codes
Verification
- Validate the Terraform configuration using
terraform validate. - Use
terraform planto preview the changes. - Apply the configuration using
terraform apply. - Verify the active VPC peering connection and the updated route tables in the AWS Management Console.
Top comments (0)