Single account multi region peering (#26)

* Create fixtures for cross-region

* Rename the test

* Fix few fixtures issues

* Fix cross-region peering

* Update CHANGELOG

* Update CHANGELOG

* Rename the test

CHANGELOG.md

@@ -1,11 +1,15 @@
 Unreleased
 ----
 
-* Move to CircleCI in favor of Travis
+v1.2.0
+----
+
 * Create a test case for a single account, single region peering
 * Add example configuration for a single account, single region peering, which is tested
 * Updated README
 * Marked value `create_peering` for deprecation
+* Added test for cross-region peering in the same AWS account
+* Fixed cross-region peering for TF < 0.12 version
 
 v1.1.0
 ----

data.tf

@@ -1,5 +1,18 @@
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
+data "aws_caller_identity" "this" {
+ provider = "aws.this"
+}
+
+data "aws_caller_identity" "peer" {
+ provider = "aws.peer"
+}
+
+data "aws_region" "this" {
+ provider = "aws.this"
+}
+
+data "aws_region" "peer" {
+ provider = "aws.peer"
+}
 
 data "aws_vpc" "this_vpc" {
  provider = "aws.this"

examples/single-account-multi-region/README.md

@@ -0,0 +1,49 @@
+# Single Account Multi Region VPC Peering
+
+This example creates a peering connection between VPCs in different regions, which are located in the same AWS account.
+
+## Sample Code
+
+```
+module "single_account_multi_region" {
+ source = "../../"
+
+ providers = {
+ aws.this = "aws.us-east-1"
+ aws.peer = "aws.us-west-1"
+ }
+
+ this_vpc_id = "${var.this_vpc_id}"
+ peer_vpc_id = "${var.peer_vpc_id}"
+
+ peer_region = "us-west-1"
+
+ create_peering = true
+ auto_accept_peering = true
+
+ tags = {
+ Name = "tf-single-account-multi-region"
+ Environment = "Test"
+ }
+}
+```
+
+## Usage
+
+Change the variables to fit your purposes and run:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+## Testing
+
+This configuration is tested with [Terratest](https://github.com/gruntwork-io/terratest).
+
+You can find tests in [`test/`](../../test) directory.
+
+## Note
+
+Running the resources in AWS may cost money! Make sure to clean up afterwards. You can use `terraform destroy` to delete the resources spawned by this example.

examples/single-account-multi-region/main.tf

@@ -0,0 +1,22 @@
+// Creates a peering between VPCs in the same account, but different regions
+module "single_account_multi_region" {
+ source = "../../"
+
+ providers = {
+ aws.this = "aws.us-east-1"
+ aws.peer = "aws.us-west-1"
+ }
+
+ this_vpc_id = "${var.this_vpc_id}"
+ peer_vpc_id = "${var.peer_vpc_id}"
+
+ peer_region = "us-west-1"
+
+ create_peering = true
+ auto_accept_peering = true
+
+ tags = {
+ Name = "tf-single-account-multi-region"
+ Environment = "Test"
+ }
+}

examples/single-account-multi-region/outputs.tf

@@ -0,0 +1,4 @@
+// Required for tests
+output "vpc_peering_accept_status" {
+ value = "${module.single_account_multi_region.vpc_peering_accept_status}"
+}

examples/single-account-multi-region/provider.tf

@@ -0,0 +1,9 @@
+provider "aws" {
+ alias = "us-east-1"
+ region = "us-east-1"
+}
+
+provider "aws" {
+ alias = "us-west-1"
+ region = "us-west-1"
+}

examples/single-account-multi-region/variables.tf

@@ -0,0 +1,5 @@
+// Variables are required to pass them via Terratest
+// on fixtures creation
+variable "this_vpc_id" {}
+
+variable "peer_vpc_id" {}

examples/single-account-single-region-with-options/README.md

@@ -5,6 +5,40 @@ Configuration in this directory creates a peering connection between VPCs in a s
 * Cross-VPC DNS resolution option
 * Allow classic link access between VPCs
 
+## Code Sample
+
+```
+module "single_account_single_region_options" {
+ source = "../../"
+
+ providers = {
+ aws.this = "aws"
+ aws.peer = "aws"
+ }
+
+ this_vpc_id = "${var.this_vpc_id}"
+ peer_vpc_id = "${var.peer_vpc_id}"
+
+ create_peering = true
+ auto_accept_peering = true
+
+ // Peering options for requester
+ this_dns_resolution = true
+ this_link_to_peer_classic = true
+ this_link_to_local_classic = true
+
+ // Peering options for accepter
+ peer_dns_resolution = true
+ peer_link_to_peer_classic = true
+ peer_link_to_local_classic = true
+
+ tags = {
+ Name = "tf-single-account-single-region-with-options"
+ Environment = "Test"
+ }
+}
+```
+
 ## Usage
 
 Modify the variables to suite your purposes. Then run:

examples/single-account-single-region/README.md

@@ -2,6 +2,30 @@
 
 This is a basic configuration example, which creates a peering connection between VPCs in a single region within the same AWS account.
 
+## Code Sample
+
+```
+module "single_account_single_region" {
+ source = "../../"
+
+ providers = {
+ aws.this = "aws"
+ aws.peer = "aws"
+ }
+
+ this_vpc_id = "${var.this_vpc_id}"
+ peer_vpc_id = "${var.peer_vpc_id}"
+
+ create_peering = true
+ auto_accept_peering = true
+
+ tags = {
+ Name = "tf-single-account-single-region"
+ Environment = "Test"
+ }
+}
+```
+
 ## Usage
 
 Change the variables to fit your purposes and run:

main.tf

@@ -12,10 +12,10 @@ provider "aws" {
 ##########################
 resource "aws_vpc_peering_connection" "this" {
  provider = "aws.this"
- peer_owner_id = "${var.peer_account_id == "" ? data.aws_caller_identity.current.account_id : var.peer_account_id}"
+ peer_owner_id = "${var.peer_account_id == "" ? data.aws_caller_identity.this.account_id : var.peer_account_id}"
  peer_vpc_id = "${var.peer_vpc_id}"
  vpc_id = "${var.this_vpc_id}"
- peer_region = "${var.peer_region == "" ? data.aws_region.current.name : var.peer_region}"
+ peer_region = "${var.peer_region == "" ? data.aws_region.this.name : var.peer_region}"
  tags = "${var.tags}"
 }
 
@@ -36,6 +36,8 @@ resource "aws_vpc_peering_connection_options" "this" {
  provider = "aws.this"
  vpc_peering_connection_id = "${aws_vpc_peering_connection_accepter.peer_accepter.id}"
 
+ count = "${data.aws_region.this.name == data.aws_region.peer.name ? 1 : 0}"
+
  requester {
  allow_remote_vpc_dns_resolution = "${var.this_dns_resolution}"
  allow_classic_link_to_remote_vpc = "${var.this_link_to_peer_classic}"
@@ -48,6 +50,8 @@ resource "aws_vpc_peering_connection_options" "accepter" {
 
  vpc_peering_connection_id = "${aws_vpc_peering_connection_accepter.peer_accepter.id}"
 
+ count = "${data.aws_region.this.name == data.aws_region.peer.name ? 1 : 0}"
+
  accepter {
  allow_remote_vpc_dns_resolution = "${var.peer_dns_resolution}"
  allow_classic_link_to_remote_vpc = "${var.peer_link_to_peer_classic}"

outputs.tf

@@ -30,7 +30,7 @@ output "this_owner_id" {
 
 output "peer_owner_id" {
  description = "The AWS account ID of the owner of the accepter VPC"
- value = "${var.peer_account_id == "" ? data.aws_caller_identity.current.account_id : var.peer_account_id}"
+ value = "${var.peer_account_id == "" ? data.aws_caller_identity.this.account_id : var.peer_account_id}"
 }
 
 output "peer_region" {

test/fixtures/single-account-multi-region/main.tf

@@ -0,0 +1,71 @@
+// Fixtures
+// VPC
+resource "aws_vpc" "this" {
+ provider = "aws.us-east-1"
+ cidr_block = "172.20.0.0/16"
+
+ tags = {
+ Name = "this_vpc"
+ Environment = "Test"
+ }
+}
+
+resource "aws_vpc" "peer" {
+ provider = "aws.us-west-1"
+ cidr_block = "172.21.0.0/16"
+
+ tags = {
+ Name = "peer_vpc"
+ Environment = "Test"
+ }
+}
+
+// Route Tables
+resource "aws_route_table" "this" {
+ provider = "aws.us-east-1"
+ count = "${length(var.this_subnets)}"
+ vpc_id = "${aws_vpc.this.id}"
+
+ tags = {
+ Name = "This VPC RT"
+ Environment = "Test"
+ }
+}
+
+resource "aws_route_table" "peer" {
+ provider = "aws.us-west-1"
+ count = "${length(var.peer_subnets)}"
+ vpc_id = "${aws_vpc.peer.id}"
+
+ tags = {
+ Name = "Peer VPC RT"
+ Environment = "Test"
+ }
+}
+
+// Subnets
+resource "aws_subnet" "this" {
+ provider = "aws.us-east-1"
+ count = "${length(var.azs_this)}"
+ vpc_id = "${aws_vpc.this.id}"
+ cidr_block = "${var.this_subnets[count.index]}"
+ availability_zone = "${element(var.azs_this, count.index)}"
+
+ tags = {
+ Name = "This VPC Subnet"
+ Environment = "Test"
+ }
+}
+
+resource "aws_subnet" "peer" {
+ provider = "aws.us-west-1"
+ count = "${length(var.azs_peer)}"
+ vpc_id = "${aws_vpc.peer.id}"
+ cidr_block = "${var.peer_subnets[count.index]}"
+ availability_zone = "${element(var.azs_peer, count.index)}"
+
+ tags = {
+ Name = "This VPC Subnet"
+ Environment = "Test"
+ }
+}

test/fixtures/single-account-multi-region/outputs.tf

@@ -0,0 +1,7 @@
+output "this_vpc_id" {
+ value = "${aws_vpc.this.id}"
+}
+
+output "peer_vpc_id" {
+ value = "${aws_vpc.peer.id}"
+}

test/fixtures/single-account-multi-region/provider.tf

@@ -0,0 +1,9 @@
+provider "aws" {
+ alias = "us-east-1"
+ region = "us-east-1"
+}
+
+provider "aws" {
+ alias = "us-west-1"
+ region = "us-west-1"
+}

test/fixtures/single-account-multi-region/variables.tf

@@ -0,0 +1,24 @@
+// Variables
+variable "this_subnets" {
+ description = "Subnet list for _this_ VPC"
+ type = "list"
+ default = ["172.20.0.0/24", "172.20.1.0/24", "172.20.2.0/24"]
+}
+
+variable "peer_subnets" {
+ description = "Subnet list for _peer_ VPC"
+ type = "list"
+ default = ["172.21.0.0/24", "172.21.1.0/24", "172.21.2.0/24"]
+}
+
+variable "azs_this" {
+ description = "Availability Zones for requester VPC"
+ type = "list"
+ default = ["us-east-1a", "us-east-1b", "us-east-1c"]
+}
+
+variable "azs_peer" {
+ description = "Availability Zones for accepter VPC"
+ type = "list"
+ default = ["us-west-1a", "us-west-1c"]
+}

test/single_account_single_region_test.go → test/peering-active_test.go

@@ -7,14 +7,15 @@ import (
  "github.com/stretchr/testify/assert"
 )
 
-func TestSingleAccountSingleRegion(t *testing.T) {
+func TestPeeringActive(t *testing.T) {
  testCases := []struct {
  Name string
  fixturesDir string
  moduleDir string
  }{
  {"SingleAccountSingleRegion", "./fixtures/single-account-single-region", "../examples/single-account-single-region"},
  {"SingleAccountSingleRegionWithOptions", "./fixtures/single-account-single-region-with-options", "../examples/single-account-single-region-with-options"},
+ {"SingleAccountMultiRegion", "./fixtures/single-account-multi-region", "../examples/single-account-multi-region"},
  }
 
  for _, tc := range testCases {