Skip to content
/ terraform_multiple_providers Public

Peering up two VPC in a different AWS accounts via Terraform using multiple providers and assumed the role.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ArseniD/terraform_multiple_providers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
0_terraform_backend
0_terraform_backend
 
 
1_terraform_main
1_terraform_main
 
 
pics
pics
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Terraform with multiple AWS providers

Peering up two VPC in different AWS accounts via Terraform using multiple providers management (aliases) and AssumeRole.

⚠️ Some of the resources deployed in AWS may cost money Vpc peering

Prerequisites

  • Two AWS accounts with admin permissions
  • Two profiles for different AWS accounts:
    • sec
    • infra
  • User for each AWS account
  • Unix/Windows
  • AWS CLI
  • Terraform (~>1.1)

⚠️ infra account should not have permissions to the sec account by default

Description

  • AWS profiles usage:
    • sec for security team inspection
    • infra for infrastructure management

  • AWS S3 bucket is used as the backend for Terraform state and DynamoDB for locking to prevents changes to do simultaneously (no concurrent updates)

    📝 DynamoDB does not support granual permissions Remote state

  • Peering is used to connect VPC's from infra account with sec account VPC

    📝 Be peered with the security VPC new created infra VPC so security team can get their hooks into Security net deployment

Installation

  1. Configure sec and infra profiles for two different AWS accounts: 
    aws configure
  2. Authorize via environmental variable: 
    export AWS_PROFILE=infra

    📝 Provide credentials to Terraform AWS provider via named AWS infra profile

  3. Initialize the backend: 
    cd 0_terraform_backend
# Rename the file and specify existing users for read and full access to the S3 bucket
cp terraform.tfvars.backup terraform.tfvars
terraform init
terraform plan -out "backend.tfplan"
terraform apply "backend.tfplan"
  4. Get S3 bucket name and DynamoDB table from the outputs: Backend ouputs

    📝 Make a note of bucket_name and dynamo_db_table_name values for further action

  5. Create main resources: 
    cd ../1_terraform_main
# Substitute the values from the backend outputs
terraform init -reconfigure -backend-config="bucket=state-bucket-90817" -backend-config="region=us-east-1" -backend-config="dynamodb_table=dynamodb-lock-table-90817"
# Rename the file and update peering_users list to delegate access to the security account to accept the peering connection on that security VPC
cp terraform.tfvars.backup terraform.tfvars
terraform plan -out "main.tfplan"
terraform apply "main.tfplan"
    Main resources
  6. Create and accept VPC peering connection between dev and sec VPCs: 
    # Rename the file
cp peering peering.tf
terraform plan -out "peer.tfplan"
terraform apply "peer.tfplan"
    Peering
  7. Check VPC peering connection from the AWS console AWS peering connections AWS switching role AWS switching role access AWS switching role peering connection
  8. Destroy resources: 
    # main
terraform destroy -auto-approve
# backend
cd ../0_terraform_backend/ && terraform destroy -auto-approve

About

Peering up two VPC in a different AWS accounts via Terraform using multiple providers and assumed the role.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages