How to Create AWS VPC Peering using Terraform?

In the dynamic scene of cloud computing, networking is a basic perspective for building vigorous and versatile architectures. AWS Virtual Private Cloud (VPC) offers a dedicated space inside the Amazon Web Services (AWS) cloud, allowing users to define their virtual networking environment with full oversight over IP addresses, subnets, route tables, and network gateways, However, in complex arrangements where different VPCs are involved, consistent communication between them becomes fundamental.

This is where VPC peering becomes an integral factor. VPC peering empowers secure and confidential availability between VPCs, working with the trading of traffic utilizing private IP addresses. With VPC peering, AWS users can extend their network reach, permitting assets in various VPCs to be discussed as though they were inside a similar network. This ability is priceless in certain situations, for example, multi-level applications conveying designs, or isolating development and production conditions.

In this article, we’ll explore how to use Terraform, a well-known Infrastructure as Code (IaC) device, to make and manage VPC peering associations in AWS. Terraform works on the provisioning and design of cloud infrastructure, giving a declarative way to deal with the ideal condition of resources. By following the step-by-step process illustrated in this guide, you’ll acquire experience in setting up VPC peering connections efficiently, ensuring consistent communication between your AWS VPCs.

Primary Terminologies

VPC (Virtual Private Cloud): A virtual private cloud (VPC) is a sensibly isolated part of the AWS cloud where users can launch AWS resources. It provides a virtual network environment that, although it initially looks like a conventional network infrastructure, offers the advantages of AWS’s versatility and adaptability.
Peering Connection: A peering connection is a systems administration association laid out between two VPCs, empowering them to communicate with one another safely utilizing private IP addresses. VPC peering works with the exchange of traffic between resources in various VPCs without navigating the public internet.
CIDR Block: A Classless Inter-Domain Routing (CIDR) block is a scope of IP addresses communicated in CIDR notation, it defines the address space accessible for use inside a VPC or subnet, CIDR blocks are indicated utilizing an IP address followed by a cut and a subnet mask length (e.g., 10.0.0.0/16).
Route Table: A route table is a set of rules, known as routes, that figures out where network traffic is coordinated inside a VPC, each subnet in a VPC is related with a route table, which determines how traffic should to be routed inside the VPC and to outside objections.

What is VPC Peering?

VPC peering is a networking connections association laid out between two Virtual Private Clouds (VPCs) in the Amazon Web Services (AWS) cloud platform. It empowers consistent correspondence between resources, (for example, EC2 instances, RDS databases, and Lambda functions) sent inside the peered VPCs, utilizing private IP addresses.

With VPC peering, AWS users can expand their network reach and work with the exchange of traffic between various VPCs without requiring web access, this considers the production of intricate network topologies and distributed architectures while keeping an elevated high level of security and isolation.

Key characteristics of VPC peering include

Private Network: VPC peering lays out private availability between VPCs, ensuring that traffic streams safely inside the AWS network without crossing the public internet.
Simplified Communication: Once peered, resources in the associated VPCs can speak with one another utilizing private IP addresses as though they were important for a similar network.
Transitive Routing: VPC peering backings transitive routing, allowing communication between resources in numerous peered VPCs through a solitary peering association.
Scalability: AWS supports VPC peering across various regions, empowering users to make peering connections between VPCs situated in various geographic locations.

Step-By-Step Process to Create AWS VPC Peering Using Terraform

Step 1: Launch an EC2 Instance

Go to AWS Console and login with credentials or create new account
Now launch an EC2 instance

Now connect with Terminal

Step 2: Install Terraform

Now install terraform from official site or follow below commands to install terraform packages and terraform

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
sudo yum -y install terraform

Step 3: Create Terraform configuration files (.tf)

Create a file with .tf extension. Inside that file we are providing this script
AWS Provider Configuration and VPC Resources:
In this section we are providing AWS provider details like regions details and also creating VPC resources

 # Configure AWS provider
provider "aws" {
  region = "eu-north-1"  # Specify your desired AWS region
}
# Define VPC1 resources
resource "aws_vpc" "vpc1" {
  cidr_block = "10.0.0.0/16"  # Specify CIDR block for VPC1
  tags = {
    Name = "VPC1"
  }
}
resource "aws_subnet" "subnet1" {
  vpc_id     = aws_vpc.vpc1.id
  cidr_block = "10.0.1.0/24"  # Specify CIDR block for Subnet1 in VPC1
  availability_zone = "eu-north-1a"  # Specify availability zone
}

Defining VPC2 resources

# Define VPC2 resources
resource "aws_vpc" "vpc2" {
  cidr_block = "10.1.0.0/16"  # Specify CIDR block for VPC2
  tags = {
    Name = "VPC2"
  }
}
resource "aws_subnet" "subnet2" {
  vpc_id     = aws_vpc.vpc2.id
  cidr_block = "10.1.1.0/24"  # Specify CIDR block for Subnet1 in VPC2
  availability_zone = "eu-north-1b"  # Specify availability zone
}

Creating VPC Peering Connections

Creating VPC peering connection from VPC1 to VPC 2
This block creates a VPC peering connection from VPC1 to VPC2.
It specifies the requester VPC (VPC1) and the accepter VPC (VPC2), along with whether the peering connection should be automatically accepted (false in this case).

# Create VPC peering connection
resource "aws_vpc_peering_connection" "peering" {
  vpc_id = aws_vpc.vpc1.id  # Specify requester VPC
  peer_vpc_id = aws_vpc.vpc2.id  # Specify accepter VPC
  auto_accept = false  # Specify if the peering connection should be automatically accepted
}
# Accept VPC peering connection on accepter side
provider "aws" {
  alias  = "accepter"
  region = "eu-north-1"  # Specify the region where the VPC peering connection exists
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
  provider = aws.accepter
  vpc_peering_connection_id = aws_vpc_peering_connection.peering.id
}

In this section we are updating route tables
These blocks update the route tables of both VPCs to allow traffic to flow through the VPC peering connection.

# Update route tables
resource "aws_route_table" "route_table_vpc1" {
  vpc_id = aws_vpc.vpc1.id
}
resource "aws_route_table" "route_table_vpc2" {
  vpc_id = aws_vpc.vpc2.id
}
resource "aws_route" "route_to_vpc2" {
  route_table_id            = aws_route_table.route_table_vpc1.id  # Specify route table ID of VPC1
  destination_cidr_block    = aws_vpc.vpc2.cidr_block  # CIDR block of VPC2
  vpc_peering_connection_id = aws_vpc_peering_connection.peering.id  # Specify peering connection ID
}
resource "aws_route" "route_to_vpc1" {
  route_table_id            = aws_route_table.route_table_vpc2.id  # Specify route table ID of VPC2
  destination_cidr_block    = aws_vpc.vpc1.cidr_block  # CIDR block of VPC1
  vpc_peering_connection_id = aws_vpc_peering_connection.peering.id  # Specify peering connection ID
}

Step 4: Execute Terraform Commands

Execute below commands

terraform init                        #to initialize the Terraform configuration.
terraform plan                     #to review the changes that will be applied.
terraform apply  --auto-approve                #to apply the Terraform configuration and create the VPC peering

Terraform init: Initialize the terraform plugings with the required providers.

Terraform plan: Know the plan of terraform as shown in the images below.

Total 10 resources are to be added

Terraform apply: Create the resources using this command as shown the image below.

Terraform apply completed total 10 resources added

Step 5: Verify

Now go to AWS Console and navigate to VPC. In that VPC Block there a VPC Peering option click on that. We can see created VPC Peering

Created VPC Peering connection

Created VPCS

Step 6: Terraform Destroy

Now execute terraform destroy command to avoid extra billing charges

terraform destroy --auto-approve

Conclusion

AWS VPC peering joined with Terraform offers a powerful solution for creating and managing network availability between Virtual Private Clouds (VPCs) inside the AWS cloud environment. By utilizing Terraforms Infrastructure as Code (IaC) capacities, users can define, provision, and manage VPC peering connections in an declarative and efficient way.

All through this guide, we’ve explored the critical ideas of VPC peering, remembering its significance for working with secure and private communication between VPCs, the essential terminologies included, for example, VPCs, peering associations, route tables, and CIDR blocks, and the step by step process for setting up VPC peering utilizing Terraform. By following the outlined steps, users can lay out VPC peering associations between their AWS VPCs, allowing resources to impart consistently utilizing private IP addresses, furthermore, we’ve addressed normal FAQs to give clarity on different parts of VPC peering and its execution.

Overall, AWS VPC peering with Terraform engages users to plan and convey vigorous and deploy network structures, empowering them to build disseminated applications and infrastructure while keeping up with security, adaptability, and control inside the AWS cloud environment, with this knowledge, users can really use VPC peering to meet their particular systems administration prerequisites and upgrade the general effectiveness and dependability of their AWS deployments.

AWS VPC Peering Using Terraform – FAQs

Could I peer VPCs in various AWS regions?

No, VPC peering is restricted to VPCs inside a similar AWS region. Assuming you really want network between VPCs in various regions, elective arrangements like AWS Transit Gateway or VPC peering joined with between region VPC peering can be thought of.

Are there any limitations on the number of VPC peering connections?

Yes, each VPC can have a limit of 125 peering connections, this limit is forced to ensure ideal execution and versatility of the AWS networking infrastructure.

Might I modify or delete a VPC peering connection after creation?

Yes, you can modify or delete VPC peering connection utilizing Terraform by updating the configuration and applying the changes. In any case, remember that changing or deleting existing peering associations might influence the availability among VPCs and require cautious consideration.

Does VPC looking bring about any extra charges?

No, there are no extra charges for data moved between peering VPCs as long as the traffic stays inside a similar AWS region. Be that as it may, standard AWS data move expenses might apply assuming traffic leaves the AWS network or crosses regional limits.

Could I peer VPCs with covering CIDR blocks?

No, VPC CIDR blocks should not cover for peering to appropriately work. On the off chance that the CIDR blocks cross-over, it will bring about routing clashes and correspondence issues between the peered VPCs. Ensure that CIDR blocks are special and non-overlapping while setting up VPC peering associations.

Article Tags :

Amazon Web Services

DevOps

AWS

Terraform