Merge branch 'release-v2.0.0' into 'main'

Added VPC pering functionality for release 2.0.0

See merge request sq-ia/aws/network!23

Author: nitin-yadav-sq

README.md

@@ -43,7 +43,8 @@ module "vpc" {
 
 }
 ```
-Refer [examples](https://github.com/squareops/terraform-aws-vpc/tree/main/examples) for all examples.
+Refer [this](https://github.com/squareops/terraform-aws-vpc/tree/main/examples) for more examples.
+
 
 ## Important Note
 To prevent destruction interruptions, any resources that have been created outside of Terraform and attached to the resources provisioned by Terraform must be deleted before the module is destroyed.
@@ -78,6 +79,7 @@ This module supports three scenarios to create Network resource on AWS. Each wil
   - `flow_log_max_aggregation_interval               = 60`
   - `flow_log_cloudwatch_log_group_retention_in_days = 90`
 
+- **vpc-peering:** VPC peering support is available using submodule `vpc_peering`. Refer [Peering Docs](https://github.com/squareops/terraform-aws-vpc/tree/main/modules/vpc_peering) for more information
 
 # IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-vpc/blob/main/IAM.md)

examples/peering/README.md

@@ -0,0 +1,47 @@
+# VPC Peering
+
+Configuration in this directory creates a VPC peering connection between two VPCs.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc_peering"></a> [vpc\_peering](#module\_vpc\_peering) | squareops/vpc/aws//modules/vpc-peering | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_vpc_peering_accept_status"></a> [vpc\_peering\_accept\_status](#output\_vpc\_peering\_accept\_status) | Accept status for the connection |
+| <a name="output_vpc_peering_connection_id"></a> [vpc\_peering\_connection\_id](#output\_vpc\_peering\_connection\_id) | Peering connection ID |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/peering/main.tf

@@ -0,0 +1,14 @@
+locals {
+  requester_vpc_region = "us-east-2"
+  accepter_vpc_region  = "us-east-2"
+  accepter_vpc_id      = "vpc-034d30be2f4d1skaf"
+  requester_vpc_id     = "vpc-0fbdbf97efdf3skaf"
+}
+
+module "vpc_peering" {
+  source               = "squareops/vpc/aws//modules/vpc-peering"
+  requester_vpc_region = local.requester_vpc_region
+  accepter_vpc_region  = local.accepter_vpc_region
+  accepter_vpc_id      = local.accepter_vpc_id
+  requester_vpc_id     = local.requester_vpc_id
+}

examples/peering/output.tf

@@ -0,0 +1,9 @@
+output "vpc_peering_connection_id" {
+  description = "Peering connection ID"
+  value       = module.vpc_peering.vpc_peering_connection_id
+}
+
+output "vpc_peering_accept_status" {
+  description = "Accept status for the connection"
+  value       = module.vpc_peering.vpc_peering_accept_status
+}

modules/vpc_peering/README.md

@@ -0,0 +1,70 @@
+# VPC Peering
+
+Module to create a VPC peering connection between two VPCs. Routes are also added to the route tables of both VPC to establish connection with peered VPC. Public DNS hostnames will be resolved to private IP addresses when queried from instances in the peer VPC.
+
+Supported peering configurations:
+* Same account same region
+* Same account cross region
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (AWS Elastic IP, for example). Run `terraform destroy` when you don't need these resources.
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.23 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws.accepter"></a> [aws.accepter](#provider\_aws.accepter) | >= 4.23 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 4.23 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_vpc_peering_connection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource |
+| [aws_vpc_peering_connection_accepter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource |
+| [aws_vpc_peering_connection_options.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource |
+| [aws_route_tables.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |
+| [aws_route_tables.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables) | data source |
+| [aws_vpc.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+| [aws_vpc.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_accepter_vpc_id"></a> [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | The ID of Acceptor VPC | `string` | `""` | no |
+| <a name="input_accepter_vpc_region"></a> [accepter\_vpc\_region](#input\_accepter\_vpc\_region) | The region of Acceptor VPC | `string` | `""` | no |
+| <a name="input_requester_vpc_id"></a> [requester\_vpc\_id](#input\_requester\_vpc\_id) | The ID of Requester VPC | `string` | `""` | no |
+| <a name="input_requester_vpc_region"></a> [requester\_vpc\_region](#input\_requester\_vpc\_region) | The region Requester VPC | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_vpc_peering_accept_status"></a> [vpc\_peering\_accept\_status](#output\_vpc\_peering\_accept\_status) | Status for the connection |
+| <a name="output_vpc_peering_connection_id"></a> [vpc\_peering\_connection\_id](#output\_vpc\_peering\_connection\_id) | Peering connection ID |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/vpc_peering/main.tf

@@ -0,0 +1,78 @@
+locals {
+  requester_route_tables_ids = data.aws_route_tables.requester.ids
+  accepter_route_tables_ids  = data.aws_route_tables.accepter.ids
+}
+
+provider "aws" {
+  alias  = "peer"
+  region = var.requester_vpc_region
+}
+
+provider "aws" {
+  alias  = "accepter"
+  region = var.accepter_vpc_region
+}
+
+data "aws_vpc" "accepter" {
+  id       = var.accepter_vpc_id
+  provider = aws.accepter
+}
+
+data "aws_route_tables" "accepter" {
+  vpc_id   = var.accepter_vpc_id
+  provider = aws.accepter
+}
+
+data "aws_vpc" "requester" {
+  id       = var.requester_vpc_id
+  provider = aws.peer
+}
+
+data "aws_route_tables" "requester" {
+  vpc_id   = var.requester_vpc_id
+  provider = aws.peer
+}
+
+resource "aws_vpc_peering_connection" "this" {
+  vpc_id      = var.requester_vpc_id
+  peer_vpc_id = var.accepter_vpc_id
+  peer_region = var.accepter_vpc_region
+  auto_accept = false
+  provider    = aws.peer
+}
+
+resource "aws_vpc_peering_connection_accepter" "this" {
+  depends_on                = [aws_vpc_peering_connection.this]
+  provider                  = aws.accepter
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  auto_accept               = true
+}
+
+resource "aws_vpc_peering_connection_options" "this" {
+  depends_on                = [aws_vpc_peering_connection_accepter.this]
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  accepter {
+    allow_remote_vpc_dns_resolution = true
+  }
+  provider = aws.accepter
+
+}
+
+
+####  route tables ####
+
+resource "aws_route" "requester" {
+  count                     = length(local.requester_route_tables_ids)
+  route_table_id            = local.requester_route_tables_ids[count.index]
+  destination_cidr_block    = data.aws_vpc.accepter.cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  provider                  = aws.peer
+}
+
+resource "aws_route" "accepter" {
+  count                     = length(local.accepter_route_tables_ids)
+  route_table_id            = local.accepter_route_tables_ids[count.index]
+  destination_cidr_block    = data.aws_vpc.requester.cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.this.id
+  provider                  = aws.accepter
+}

modules/vpc_peering/outputs.tf

@@ -0,0 +1,9 @@
+output "vpc_peering_connection_id" {
+  description = "Peering connection ID"
+  value       = aws_vpc_peering_connection.this.id
+}
+
+output "vpc_peering_accept_status" {
+  description = "Status for the connection"
+  value       = aws_vpc_peering_connection_accepter.this.accept_status
+}

modules/vpc_peering/variables.tf

@@ -0,0 +1,23 @@
+variable "accepter_vpc_id" {
+  type        = string
+  description = "The ID of Acceptor VPC"
+  default     = ""
+}
+
+variable "accepter_vpc_region" {
+  type        = string
+  description = "The region of Acceptor VPC"
+  default     = ""
+}
+
+variable "requester_vpc_id" {
+  type        = string
+  description = "The ID of Requester VPC"
+  default     = ""
+}
+
+variable "requester_vpc_region" {
+  type        = string
+  description = "The region Requester VPC"
+  default     = ""
+}

modules/vpc_peering/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.23"
+    }
+  }
+}