This Terraform configuration provides an example of AWS VPC peering using transit gateways, including single-region and cross-region scenarios. It creates the following resources:
- Two VPCs in one (“primary”) region and one VPC in another (“secondary”) region
- An EC2 instance in each VPC
- A transit gateway in each region
- A VPC peering connection via transit gateway in the primary region
- A peering connection between the two transit gateways to provide VPC peering across regions
- Git
- Terraform
If an environment providing the prerequisites is not readily available, AWS CloudShell can be used for deployment. Terraform can be installed on Amazon Linux 2023 in CloudShell with the following command:
curl https://gist.githubusercontent.com/RhubarbSin/d3db401da906015ff2a88cca1a42b027/raw/ddf6ecbadbbf7304a97d7b5657216af99c8bff49/install-terraform-amazon-linux-2023.sh | bashAfter deployment, the following commands can be used to demonstrate the connectivity among EC2 instances in the three VPCs:
- Ping the private IP address of the primary peer EC2 instance from the primary EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw primary_instance_public_ip) \ ping -c 3 $(terraform output -raw primary_peer_instance_private_ip) - Ping the private IP address of the primary EC2 instance from the primary peer EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw primary_peer_instance_public_ip) \ ping -c 3 $(terraform output -raw primary_instance_private_ip) - Ping the private IP address of the secondary EC2 instance from the primary EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw primary_instance_public_ip) \ ping -c 3 $(terraform output -raw secondary_instance_private_ip) - Ping the private IP address of the secondary EC2 instance from the primary peer EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw primary_peer_instance_public_ip) \ ping -c 3 $(terraform output -raw secondary_instance_private_ip) - Ping the private IP address of the primary EC2 instance from the secondary EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw secondary_instance_public_ip) \ ping -c 3 $(terraform output -raw primary_instance_private_ip) - Ping the private IP address of the primary peer EC2 instance from the secondary EC2 instance:
ssh -o StrictHostKeyChecking=no \ -i $(terraform output -raw ssh_private_key_file_name) \ ec2-user@$(terraform output -raw secondary_instance_public_ip) \ ping -c 3 $(terraform output -raw primary_peer_instance_private_ip)
By default, primary resources are provisioned in the us-east-2 region and secondary resources in the us-west-2 region. The regions used are specified by the value of the region input variable, which is declared as an object. This CLI example specifies us-west-2 as primary and us-east-2 as secondary:
terraform apply -var 'region={primary="us-west-2",secondary="us-east-2"}'