Skip to content

Instantly share code, notes, and snippets.

@aharden
Created November 19, 2019 23:05
Show Gist options
  • Save aharden/01cf1d430bf202fd2da8e030d44e8d5a to your computer and use it in GitHub Desktop.
Save aharden/01cf1d430bf202fd2da8e030d44e8d5a to your computer and use it in GitHub Desktop.
Multi-account AWS VPC Peering Terraform Configuration
# Manage a peering connection between VPCs in separate AWS accounts.
# Configuration must be run with an IAM role or credentials that can assume an administrative role in the accepting VPC's account.
# Inspired by: https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html
provider "aws" {
region = "us-east-1"
allowed_account_ids = ["123456789012"]
# Requester's credentials.
}
provider "aws" {
alias = "peer"
region = "us-east-1"
allowed_account_ids = ["987654321098"]
# Accepter's credentials.
assume_role {
role_arn = "arn:aws:iam::987654321098:role/TerraformAdminIamRole"
session_name = "terraform_peer"
}
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc" "peer" {
provider = "aws.peer"
cidr_block = "10.1.0.0/16"
}
data "aws_caller_identity" "peer" {
provider = "aws.peer"
}
# Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
vpc_id = "${aws_vpc.main.id}"
peer_vpc_id = "${aws_vpc.peer.id}"
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
peer_region = "us-east-1"
auto_accept = false
tags = {
Side = "Requester"
}
}
# Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
provider = "aws.peer"
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
auto_accept = true
tags = {
Side = "Accepter"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment