Browse the Repo

file-type-icon.circleci
file-type-iconexamples
file-type-iconmodules
file-type-icon_docs
file-type-iconnetwork-acl-inbound
file-type-iconnetwork-acl-outbound
file-type-iconvpc-app-network-acls
file-type-iconvpc-app
file-type-iconvpc-dns-forwarder-rules
file-type-iconvpc-dns-forwarder
file-type-iconvpc-flow-logs
file-type-iconvpc-mgmt-network-acls
file-type-iconvpc-mgmt
file-type-iconvpc-peering-external
file-type-iconvpc-peering
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconvars.tf
file-type-icontest
file-type-icon.gitignore
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.md

Browse the Repo

file-type-icon.circleci
file-type-iconexamples
file-type-iconmodules
file-type-icon_docs
file-type-iconnetwork-acl-inbound
file-type-iconnetwork-acl-outbound
file-type-iconvpc-app-network-acls
file-type-iconvpc-app
file-type-iconvpc-dns-forwarder-rules
file-type-iconvpc-dns-forwarder
file-type-iconvpc-flow-logs
file-type-iconvpc-mgmt-network-acls
file-type-iconvpc-mgmt
file-type-iconvpc-peering-external
file-type-iconvpc-peering
file-type-iconREADME.md
file-type-iconmain.tf
file-type-iconvars.tf
file-type-icontest
file-type-icon.gitignore
file-type-iconCODEOWNERS
file-type-iconLICENSE.txt
file-type-iconREADME.md
Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC)

Create a Virtual Private Cloud (VPC). Includes multiple subnet tiers, NACLs, NAT gateways, Internet Gateways, and VPC peering.

Preview the Code

mobile file icon

README.md

down

VPC-Peering Terraform Module

This Terraform Module creates VPC Peering Connections between VPCs. Normally, VPCs are completely isolated from each other, but sometimes, you want to allow traffic to flow between them, such as allowing DevOps tools running in a Mgmt VPC (see vpc-mgmt) to talk to apps running in a Stage or Prod VPC (see vpc-app). This module can create peering connections and route table entries that make this sort of cross-VPC communication possible.

How do you use this module?

Check out the examples folder.

What's a VPC?

A VPC or Virtual Private Cloud is a logically isolated section of your AWS cloud. Each VPC defines a virtual network within which you run your AWS resources, as well as rules for what can go in and out of that network. This includes subnets, route tables that tell those subnets how to route inbound and outbound traffic, security groups, firewalls for the subnet (known as "Network ACLs"), and any other network components such as VPN connections.

Why bother with peering and not just put everything in one VPC?

We intentionally keep VPCs as isolated as we can to reduce the chances that a problem in one VPC will affect the other VPCs. For example, our standard VPC deployment gives you an isolated staging VPC where you can test changes without having to worry that they might affect production. Similarly, if an attacker breaks into the staging VPC, they cannot easily access your production data without breaking through yet another layer of security. These multiple layers are known as "defense-in-depth."

The point of VPC peering is to allow limited, controlled cross-VPC communication. In particular, you may want to set up peering to allow a user logged into a management VPC to carry out maintenance tasks in the staging and production VPCs. However, VPC peering relationships are not "transitive": even though the management VPC can access both staging and production, someone in staging cannot access production.

Questions? Ask away.

We're here to talk about our services, answer any questions, give advice, or just to chat.

Ready to hand off the Gruntwork?