Allow peering connections to be defined for AWS VPCs.

codeforamerica · Jun 11, 2024 · 5997ba2 · 5997ba2
1 parent 74ecc60
commit 5997ba2
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/aws/vpc/peers.tf b/aws/vpc/peers.tf
@@ -0,0 +1,38 @@
+resource "aws_vpc_peering_connection" "peer" {
+  for_each = var.peers
+
+  peer_owner_id = each.value.account_id
+  peer_vpc_id   = each.value.vpc_id
+  vpc_id        = module.vpc.vpc_id
+  peer_region = each.value.region
+}
+
+resource "aws_network_acl_rule" "peer_ingress" {
+  for_each = var.peers
+
+  network_acl_id = module.vpc.private_network_acl_id
+  rule_number    = 200
+  egress         = false
+  protocol       = "-1"
+  rule_action    = "allow"
+  cidr_block     = each.value.cidr
+}
+
+resource "aws_network_acl_rule" "peer_egress" {
+  for_each = var.peers
+
+  network_acl_id = module.vpc.private_network_acl_id
+  rule_number    = 300
+  egress         = true
+  protocol       = "-1"
+  rule_action    = "allow"
+  cidr_block     = each.value.cidr
+}
+
+resource "aws_route" "peer" {
+  for_each = var.peers
+
+  route_table_id         = module.vpc.private_route_table_id
+  destination_cidr_block = each.value.cidr
+  vpc_peering_connection_id = aws_vpc_peering_connection.peer[each.key].id
+}
diff --git a/aws/vpc/variables.tf b/aws/vpc/variables.tf
@@ -20,6 +20,16 @@ variable "logging_key_id" {
   description = "KMS key ID for encrypting logs."
 }
 
+variable "peers" {
+  type        = map(object({
+    account_id = string
+    region     = string
+    vpc_id     = string
+  }))
+
+  description = "List of VPC peering connections."
+}
+
 variable "private_subnets" {
   type        = list(string)
   description = "List of private subnet CIDR blocks."