Merge pull request #6 from grem11n/cross-region-peering

Create cross-region peering

README.md

@@ -8,48 +8,97 @@ This module is designed to work with [VPC](https://registry.terraform.io/modules
 
 Note
 ----
-Some features of the `aws_peering_conection` resource are missing. However, they can be easily added on request
 
 These types of resources are supported:
 
 * [Peering Connection](https://www.terraform.io/docs/providers/aws/d/vpc_peering_connection.html)
 * [AWS Route](https://www.terraform.io/docs/providers/aws/r/route.html)
+* [Aws VPC Peering Connection Accepter](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html)
 
 Usage
 -----
-Sample usage in combination with [VPC](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/) Terraform module:
+
+### Single Region Peering 
+**Notice**: You need to declare both providers even with single region peering.
 
 ```hc1
-module "vpc-peering" {
+module "vpc_single_region_peering" {
   source = "./terraform-aws-vpc-peering"
 
-  owner_account_id        = "000000000000"
-  vpc_peer_id             = "vpc-00000000"
-  this_vpc_id             = "${module.vpc.vpc_id}"
-  private_route_table_ids = ["${module.vpc.private_route_table_ids}"]
-  public_route_table_ids  = ["${module.vpc.public_route_table_ids}"]
+  providers = {
+    aws.this = "aws"
+    aws.peer = "aws"
+  }
+
+  peer_region             = "eu-west-1"
+  this_vpc_id             = "vpc-00000000"
+  peer_vpc_id             = "vpc-11111111"
+  cross_region_peering    = false
+  private_route_table_ids = ["rtb-0000000"]
+  public_route_table_ids  = ["rtb-1111111"]
   peer_cidr_block         = "10.1.0.1/24"
   auto_accept_peering     = true
+  create_peering          = true
+
+  tags = {
+    Name        = "my-peering-connection"
+    Environment = "prod"
+  }
 }
 ```
 
 Usage with already created peering connection:
 ```hc1 
-module "vpc-peering" {
+module "vpc_single_region_peering" {
   source = "./terraform-aws-vpc-peering"
 
-  owner_account_id        = "000000000000"
-  vpc_peer_id             = "vpc-00000000"
-  this_vpc_id             = "${module.vpc.vpc_id}"
-  private_route_table_ids = ["${module.vpc.private_route_table_ids}"]
-  public_route_table_ids  = ["${module.vpc.public_route_table_ids}"]
+  providers = {
+    aws.this = "aws"
+    aws.peer = "aws"
+  }
+
+  peer_region             = "eu-west-1"
+  this_vpc_id             = "vpc-00000000"
+  peer_vpc_id             = "vpc-11111111"
+  cross_region_peering    = false
+  private_route_table_ids = ["rtb-0000000"]
+  public_route_table_ids  = ["rtb-1111111"]
   peer_cidr_block         = "10.1.0.1/24"
   auto_accept_peering     = true
   create_peering          = 0
   peering_id              = "pcx-00000000"
 
 }
 ```
+
+### Cross Region Peering
+
+```hc1
+module "vpc_cross_region_peering" {
+  source = "github.com/grem11n/terraform-aws-vpc-peering?ref=cross-region-peering"
+
+  providers = {
+    aws.this = "aws.src"
+    aws.peer = "aws.dst"
+  }
+
+  peer_region             = "us-east-1"
+  this_vpc_id             = "vpc-00000000"
+  peer_vpc_id             = "vpc-11111111"
+  cross_region_peering    = true
+  private_route_table_ids = ["rtb-0000000"]
+  public_route_table_ids  = ["rtb-1111111"]
+  peer_cidr_block         = "10.1.0.1/24"
+  auto_accept_peering     = true
+  create_peering          = true
+
+  tags = {
+    Name        = "my-peering-connection"
+    Environment = "prod"
+  }
+}
+```
+
 Examples
 --------
 Complete example is shown above

data.tf

@@ -0,0 +1 @@
+data "aws_caller_identity" "current" {}

main.tf

@@ -1,19 +1,31 @@
+# Providers are required because of cross-region
+provider "aws" {
+  alias = "this"
+}
+
+provider "aws" {
+  alias = "peer"
+}
+
 ##########################
 # VPC peering connection #
 ##########################
 resource "aws_vpc_peering_connection" "this" {
-  count = "${var.create_peering ? 1 : 0}"
-  peer_owner_id = "${var.owner_account_id}"
-  peer_vpc_id   = "${var.vpc_peer_id}"
+  provider      = "aws.this"
+  count         = "${(var.create_peering * (1 + var.cross_region_peering)) == "1" ? 1 : 0}"
+  peer_owner_id = "${var.owner_account_id == "" ? data.aws_caller_identity.current.account_id : var.owner_account_id}"
+  peer_vpc_id   = "${var.peer_vpc_id}"
   vpc_id        = "${var.this_vpc_id}"
   auto_accept   = "${var.auto_accept_peering}"
+  tags          = "${var.tags}"
 }
 
 ##################
 # Private routes #
 ##################
 resource "aws_route" "private_route_table" {
-  count = "${length(var.private_route_table_ids)}"
+  provider                  = "aws.this"
+  count                     = "${length(var.private_route_table_ids)}"
   route_table_id            = "${element(var.private_route_table_ids, count.index)}"
   destination_cidr_block    = "${var.peer_cidr_block}"
   vpc_peering_connection_id = "${var.peering_id == "" ? element(concat(aws_vpc_peering_connection.this.*.id, list("")), 0) : var.peering_id}"
@@ -23,8 +35,32 @@ resource "aws_route" "private_route_table" {
 # Public routes #
 #################
 resource "aws_route" "public_route_table" {
-  count = "${length(var.public_route_table_ids)}"
+  provider                  = "aws.this"
+  count                     = "${length(var.public_route_table_ids)}"
   route_table_id            = "${element(var.public_route_table_ids, count.index)}"
   destination_cidr_block    = "${var.peer_cidr_block}"
   vpc_peering_connection_id = "${var.peering_id == "" ? element(concat(aws_vpc_peering_connection.this.*.id, list("")), 0) : var.peering_id}"
 }
+
+############################
+# VPC cross-region peering #
+############################
+resource "aws_vpc_peering_connection" "this_cross_region" {
+  provider      = "aws.this"
+  count         = "${(var.create_peering * var.cross_region_peering) == "1" ? 1 : 0}"
+  peer_owner_id = "${var.owner_account_id == "" ? data.aws_caller_identity.current.account_id : var.owner_account_id}"
+  peer_vpc_id   = "${var.peer_vpc_id}"
+  vpc_id        = "${var.this_vpc_id}"
+  peer_region   = "${var.peer_region}"
+}
+
+#####################################
+# Accepter's side of the connection #
+#####################################
+resource "aws_vpc_peering_connection_accepter" "peer_aacepter" {
+  provider                  = "aws.peer"
+  count                     = "${(var.create_peering * var.cross_region_peering) == "1" ? 1 : 0}"
+  vpc_peering_connection_id = "${aws_vpc_peering_connection.this_cross_region.id}"
+  auto_accept               = true
+  tags                      = "${merge(var.tags, map("Side", "Accepter"))}"
+}

outputs.tf

@@ -1,16 +1,28 @@
+locals {
+  vpc_peering_id        = "${compact(concat(coalescelist(aws_vpc_peering_connection.this.*.id, aws_vpc_peering_connection.this_cross_region.*.id), list("")))}"
+  peering_accept_status = "${compact(concat(coalescelist(aws_vpc_peering_connection.this.*.accept_status, aws_vpc_peering_connection.this_cross_region.*.accept_status), list("")))}"
+  private_route_tables  = "${compact(concat(var.private_route_table_ids, list("")))}"
+  public_route_tables   = "${compact(concat(var.private_route_table_ids, list("")))}"
+}
+
 output "vpc_peering_id" {
   description = "Peering connection ID"
-  value       = "${var.peering_id == "" ? element(concat(aws_vpc_peering_connection.this.*.id, list("")), 0) : var.peering_id}"
+  value       = ["${local.vpc_peering_id}"]
+}
+
+output "vpc_peering_accept_status" {
+  description = "Accept status for the connection"
+  value       = ["${local.peering_accept_status}"]
 }
 
 output "private_route_tables" {
   description = "Private route tables"
-  value       = ["${var.private_route_table_ids}"]
+  value       = ["${local.private_route_tables}"]
 }
 
 output "public_route_table" {
   description = "Public route tables"
-  value       = ["${var.public_route_table_ids}"]
+  value       = ["${local.public_route_tables}"]
 }
 
 output "peer_cidr_block" {

variables.tf

@@ -1,46 +1,67 @@
 variable "owner_account_id" {
-  description = "AWS owner account ID"
+  description = "AWS owner account ID: string"
   default     = ""
 }
 
-variable "vpc_peer_id" {
-  description = "Peer VPC ID"
+variable "peer_vpc_id" {
+  description = "Peer VPC ID: string"
   default     = ""
 }
 
 variable "this_vpc_id" {
-  description = "This VPC ID"
+  description = "This VPC ID: string"
+  default     = ""
+}
+
+variable "cross_region_peering" {
+  description = "Is it a cross region peering: bool"
+  default     = false
+}
+
+variable "peer_provider" {
+  description = "Provider alias for the peer: string"
+  default     = ""
+}
+
+variable "peer_region" {
+  description = "Peer Region Name e.g. us-east-1: string"
   default     = ""
 }
 
 variable "private_route_table_ids" {
   type        = "list"
-  description = "A list of private route tables"
+  description = "A list of private route tables: list"
   default     = []
 }
 
 variable "public_route_table_ids" {
   type        = "list"
-  description = "A list of public route tables"
+  description = "A list of public route tables: list"
   default     = []
 }
 
 variable "peer_cidr_block" {
-  description = "Peer VPC CIDR block"
+  description = "Peer VPC CIDR block: string"
   default     = ""
 }
 
 variable "auto_accept_peering" {
-  description = "Auto accept peering connection"
+  description = "Auto accept peering connection: bool"
   default     = false
 }
 
 variable "create_peering" {
-  description = "Create peering connection, 0 to not create"
-  default = 1
+  description = "Create peering connection, 0 to not create: bool"
+  default     = true
 }
 
 variable "peering_id" {
-   description = "Provide already existing peering connection id"
-   default = ""
+  description = "Provide already existing peering connection id"
+  default     = ""
+}
+
+variable "tags" {
+  description = "Tags: map"
+  type        = "map"
+  default     = {}
 }