Creating Cross-Account VPC Peering in AWS with Terraform: A Beginner’s Guide

Creating Cross-Account VPC Peering in AWS with Terraform: A Beginner’s Guide

Introduction :-

Remember the old days when setting up VPC peering required a series of manual clicks and checks? Those days are gone, my friend! The beauty of Terraform lies in its ability to simplify and automate tasks that once were time-consuming, and yes, that includes managing AWS VPC Peering connections.

In this post, we’re diving deep into how Terraform can not only save you from the hassle but also ensure consistency and efficiency in your cloud infrastructure. It’s like having a magic wand, but for cloud management. So, are you ready to wave goodbye to the manual process and say hello to automation? Let’s get started!

Pre-requisites :-

Before we dive into the specifics, there are a couple of things you’ll need to have in place:

AWS Accounts:- You must have access to two aws accounts in which we will create a peering connection. Also u have to create access & secret keys in your aws accounts. Basic Knowledge of AWS VPC :- Understanding what a VPC is and how peering works will make your life a lot easier.
* Terraform Installed:- Ensure Terraform is set up and ready to go on your machine. There are plenty of guides out there if you need help with this step.
* Familiarity with Terraform Syntax :- A basic understanding of how Terraform works will turn this journey from bumpy to smooth sailing.

*AWS Cli :- Make sure that aws-cli should be installed on your system.

Procedure :-

Let’s get to the meat of the matter, shall we? Automating AWS VPC peering connections with Terraform involves a few key steps:

Creating a vpc in your aws accounts :-

  • First login to your aws accounts and create a vpc in both the accounts or else u can the default vpc present in your aws accounts.

Set Up Your Terraform Configuration :-

  • Create a folder with name vpc_peering on your desktop and within the folder create terraform configuration files such as main.tf, variables.tf and provider.tf .

  • Copy and paste the below code in your .tf files.

#main.tf
data "aws_vpc" "owner" {
  provider = aws.owner
  id       = var.owner_vpc_id
}
data "aws_vpc" "accepter" {
  provider = aws.accepter
  id       = var.accepter_vpc_id
}
data "aws_route_tables" "owner" {
  provider = aws.owner
  vpc_id   = var.owner_vpc_id
}
data "aws_route_tables" "accepter" {
  provider = aws.accepter
  vpc_id   = data.aws_vpc.accepter.id
}
locals {
  accepter_account_id = "987654321" #Replace with your accepter(2nd) aws account id
  owner_account_id    = "123456789" #Replace with your owner(1st) aws account id
}
resource "aws_vpc_peering_connection" "owner" {
  provider      = aws.owner
  vpc_id        = var.owner_vpc_id
  peer_vpc_id   = data.aws_vpc.accepter.id
  peer_owner_id = local.accepter_account_id
  tags = {
    Name = "peer_to_accepter"
  }
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
  provider                  = aws.accepter
  vpc_peering_connection_id = aws_vpc_peering_connection.owner.id
  auto_accept               = true
  tags = {
    Name = "peer_to_owner"
  }
}
resource "aws_route" "owner" {
  provider                  = aws.owner
  count                     = length(data.aws_route_tables.owner.ids)
  route_table_id            = tolist(data.aws_route_tables.owner.ids)[count.index]
  destination_cidr_block    = data.aws_vpc.accepter.cidr_block
  vpc_peering_connection_id = aws_vpc_peering_connection.owner.id
}
resource "aws_route" "accepter" {
  provider                  = aws.accepter
  count                     = length(data.aws_route_tables.accepter.ids)
  route_table_id            = tolist(data.aws_route_tables.accepter.ids)[count.index]
  destination_cidr_block    = data.aws_vpc.owner.cidr_block
  vpc_peering_connection_id = aws_vpc_peering_connection.owner.id
}
#variables.tf
#Define the AWS Region in which your vpc's present.
variable "region" {
  description = "Infrastructure region"
  type        = string
  default     = "us-east-1"
}
variable "owner_vpc_id" {
  description = "vpc id of the owner"
  default     = "Vpc-id present in your first aws account"
}
variable "accepter_vpc_id" {
  description = "vpc id of the accepter"
  default     = "Vpc-id present in your second aws account"
}
#provider.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.42.0"
    }
  }
}
provider "aws" {
  region     = var.region
  access_key = "*****************" #1st aws account's access key
  secret_key = "*****************" #1st aws account's secret key
  alias      = "owner"
}
provider "aws" {
  region     = var.region
  access_key = "******************" #2nd aws account's access key
  secret_key = "******************" #2nd aws account's secret key
  alias      = "accepter"
}
  • Don’t forget to update the access & secret keys and vpc-id’s with your specified values.

Deploy your terraform code :-

  • Now open a terminal window and navigate to your vpc_peering folder and run terraform init command to initialize your terraform configuration. once it’s done run a terraform plan to view the list of resources gets created when u apply the configuration. Now run terraform apply command to deploy your resources on aws.

  • Once it’s done you can see that the vpc peering connection is being created successfully.

Conclusion :-

Automating AWS VPC peering connections with Terraform isn’t just about making life easier; it’s about empowering you to manage your cloud infrastructure efficiently, consistently, and securely. Gone are the days of manual setups and human errors. With Terraform, you’re painting a future where your cloud environment evolves seamlessly alongside your applications.

So, why not give it a shot? The only thing you stand to lose is the mundane task of manual configuration, and the gains are far-reaching. Dive in, experiment, and watch your cloud management practices transform. And remember, in the world of cloud infrastructure, automation isn’t just the future — it’s the present