Provider

provider "aws" {
alias = "tokyo"
region = "ap-northeast-1"
}

provider "aws" {
alias = "osaka"
region = "ap-northeast-3"
}


VPC

module "vpc_tokyo" {
source = "terraform-aws-modules/vpc/aws"
version = "5.0.0"
providers = {
aws = aws.tokyo
}

name = "vpc-tokyo"
cidr = "10.1.0.0/16"

azs = var.availability_zones_tokyo
private_subnets = var.private_subnets_tokyo
public_subnets = var.public_subnets_tokyo

enable_nat_gateway = false
enable_vpn_gateway = false

tags = {
Name = "Tokyo-VPC1"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
private_route_table_tags = {
Name = "Tokyo-VPC1-Private"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
public_route_table_tags = {
Name = "Tokyo-VPC1-Public"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
}

module "vpc_osaka" {
source = "terraform-aws-modules/vpc/aws"
version = "5.0.0"
providers = {
aws = aws.osaka
}

name = "vpc-osaka"
cidr = "10.0.0.0/16"

azs = var.availability_zones_osaka
private_subnets = var.private_subnets_osaka
public_subnets = var.public_subnets_osaka

enable_nat_gateway = false
enable_vpn_gateway = false

tags = {
Name = "Osaka-VPC1"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
private_route_table_tags = {
Name = "Osaka-VPC1-Private"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
public_route_table_tags = {
Name = "Osaka-VPC1-Public"
Environment = "Test"
Managed = "Terraform"
Service = "vpc-peering-vpc"
}
}


Peering Connection

resource "aws_vpc_peering_connection" "this" {
provider = aws.tokyo
vpc_id = module.vpc_tokyo.vpc_id
peer_vpc_id = module.vpc_osaka.vpc_id
peer_region = "ap-northeast-3"
auto_accept = false
}

resource "aws_vpc_peering_connection_accepter" "this" {
provider = aws.osaka
vpc_peering_connection_id = aws_vpc_peering_connection.this.id
auto_accept = true
}


Route

resource "aws_route" "tokyo_to_osaka_private" {
count = length(module.vpc_tokyo.private_route_table_ids)

provider = aws.tokyo
route_table_id = module.vpc_tokyo.private_route_table_ids[count.index]
destination_cidr_block = module.vpc_osaka.vpc_cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.this.id
}

resource "aws_route" "osaka_to_tokyo_private" {
count = length(module.vpc_osaka.private_route_table_ids)

provider = aws.osaka
route_table_id = module.vpc_osaka.private_route_table_ids[count.index]
destination_cidr_block = module.vpc_tokyo.vpc_cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.this.id
}

resource "aws_route" "tokyo_to_osaka_public" {
count = length(module.vpc_tokyo.public_route_table_ids)

provider = aws.tokyo
route_table_id = module.vpc_tokyo.public_route_table_ids[count.index]
destination_cidr_block = module.vpc_osaka.vpc_cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.this.id
}

resource "aws_route" "osaka_to_tokyo_public" {
count = length(module.vpc_osaka.public_route_table_ids)

provider = aws.osaka
route_table_id = module.vpc_osaka.public_route_table_ids[count.index]
destination_cidr_block = module.vpc_tokyo.vpc_cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.this.id
}


Security Group

resource "aws_default_security_group" "tokyo_default" {
provider = aws.tokyo
vpc_id = module.vpc_tokyo.vpc_id

ingress {
protocol = -1
self = true
from_port = 0
to_port = 0
}
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["10.0.0.0/16"] # Osaka
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_default_security_group" "osaka_default" {
provider = aws.osaka
vpc_id = module.vpc_osaka.vpc_id

ingress {
protocol = -1
self = true
from_port = 0
to_port = 0
}
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["10.1.0.0/16"] # Tokyo
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}


EC2 Instance

resource "aws_key_pair" "deployer1" {
provider = aws.tokyo
key_name = "deployer-key"
public_key = file("~/.ssh/id_rsa.pub")
}
resource "aws_key_pair" "deployer2" {
provider = aws.osaka
key_name = "deployer-key"
public_key = file("~/.ssh/id_rsa.pub")
}
resource "aws_instance" "instance_in_tokyo" {
provider = aws.tokyo
ami = "ami-0f9816f78187c68fb"
instance_type = "t2.micro"
subnet_id = module.vpc_tokyo.public_subnets[0]
key_name = aws_key_pair.deployer1.key_name
vpc_security_group_ids = [module.vpc_tokyo.default_security_group_id]
associate_public_ip_address = true
tags = {
Name = "Instance1-in-vpc1_subnet1"
}
}
resource "aws_instance" "instance_in_osaka" {
provider = aws.osaka
ami = "ami-064150bf7525c78a7"
instance_type = "t2.micro"
subnet_id = module.vpc_osaka.public_subnets[0]

key_name = aws_key_pair.deployer2.key_name
vpc_security_group_ids = [module.vpc_osaka.default_security_group_id]
associate_public_ip_address = true
tags = {
Name = "Instance1-in-vpc2_subnet1"
}
}


outputs.tf

output "instance_in_tokyo_public_ip" {
value = aws_instance.instance_in_tokyo.public_ip
description = "The public IP address of the instance."
}
output "instance_in_tokyo_private_ip" {
value = aws_instance.instance_in_tokyo.private_ip
description = "The private IP address of the instance."
}
output "instance_in_tokyo_hostname" {
value = aws_instance.instance_in_tokyo.id
description = "The id of the instance."
}

output "instance_in_osaka_public_ip" {
value = aws_instance.instance_in_osaka.public_ip
description = "The public IP address of the instance."
}
output "instance_in_osaka_private_ip" {
value = aws_instance.instance_in_osaka.private_ip
description = "The private IP address of the instance."
}
output "instance_in_osaka_hostname" {
value = aws_instance.instance_in_osaka.id
description = "The id of the instance."
}


variables.tf

variable "availability_zones_tokyo" {
description = "List of availability zones"
type = list(string)
default = ["ap-northeast-1a"]
}
variable "private_subnets_tokyo" {
description = "List of CIDR blocks for private subnets"
type = list(string)
default = ["10.1.1.0/24"]
}
variable "public_subnets_tokyo" {
description = "List of CIDR blocks for public subnets"
type = list(string)
default = ["10.1.2.0/24", "10.1.3.0/24"]
}
variable "availability_zones_osaka" {
description = "List of availability zones"
type = list(string)
default = ["ap-northeast-3a"]
}
variable "private_subnets_osaka" {
description = "List of CIDR blocks for private subnets"
type = list(string)
default = ["10.0.1.0/24", "10.0.3.0/24"]
}
variable "public_subnets_osaka" {
description = "List of CIDR blocks for public subnets"
type = list(string)
default = ["10.0.2.0/24"]
}


Related Posts

• Wowza記録されたメディアをAWS S3にアップロードする

• Using SaltStack to deploy Auto-scaling EC2

• AWS VPC point to point with gre tunnel

• AWS Cloudwatch query script for Zabbix

• AWS VPC通过IPsec连接不同Region