AWS Amazon EC2 Peering Connection Accepter
This page shows how to write Terraform and CloudFormation for Amazon EC2 Peering Connection Accepter and write them securely.
aws_vpc_peering_connection_accepter (Terraform)
The Peering Connection Accepter in Amazon EC2 can be configured in Terraform with the resource name aws_vpc_peering_connection_accepter
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_vpc_peering_connection_accepter" "us-east-2-us-east-1" {
provider = aws.us-east-2
vpc_peering_connection_id = aws_vpc_peering_connection.us-east-1-us-east-2.id
auto_accept = true
}
resource "aws_vpc_peering_connection" "us-east-1-us-west-1" {
resource "aws_vpc_peering_connection_accepter" "bastion_connectivity_dr" {
provider = aws.us-east-1
vpc_peering_connection_id = aws_vpc_peering_connection.bastion_connectivity_dr.id
auto_accept = true
}
resource "aws_vpc_peering_connection_accepter" "east2_east1_accepter" {
provider = aws
vpc_peering_connection_id = aws_vpc_peering_connection.east2_to_east1.id
auto_accept = true
tags = {
resource "aws_vpc_peering_connection_accepter" "accepter_connection_one" {
vpc_peering_connection_id = aws_vpc_peering_connection.peering_connection_one.id
auto_accept = true
tags = {
Side = "VPC Peering A Accepter"
resource "aws_vpc_peering_connection_accepter" "this" {
vpc_peering_connection_id = var.id
auto_accept = true
tags = {
Name = var.name
}
Parameters
-
accept_status
optional computed - string -
auto_accept
optional - bool -
id
optional computed - string -
peer_owner_id
optional computed - string -
peer_region
optional computed - string -
peer_vpc_id
optional computed - string -
tags
optional - map from string to string -
vpc_id
optional computed - string -
vpc_peering_connection_id
required - string -
accepter
list block-
allow_classic_link_to_remote_vpc
optional - bool -
allow_remote_vpc_dns_resolution
optional - bool -
allow_vpc_to_remote_classic_link
optional - bool
-
-
requester
list block-
allow_classic_link_to_remote_vpc
optional - bool -
allow_remote_vpc_dns_resolution
optional - bool -
allow_vpc_to_remote_classic_link
optional - bool
-
Explanation in Terraform Registry
Provides a resource to manage the accepter's side of a VPC Peering Connection. When a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region VPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the accepter's account. The requester can use the
aws_vpc_peering_connection
resource to manage its side of the connection and the accepter can use theaws_vpc_peering_connection_accepter
resource to "adopt" its side of the connection into management.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::VPCPeeringConnection (CloudFormation)
The VPCPeeringConnection in EC2 can be configured in CloudFormation with the resource name AWS::EC2::VPCPeeringConnection
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::VPCPeeringConnection
Condition: IfUSWestRegion
Properties:
VpcId:
Fn::ImportValue: VPCUsaId
PeerRegion: eu-central-1
# Type: AWS::EC2::VPCPeeringConnection
# Properties:
# VpcId: !GetAtt VPCAlpha.Outputs.VPC
# PeerVpcId: !GetAtt VPCBeta.Outputs.VPC
# Tags:
# - Key: Name
Type: AWS::EC2::VPCPeeringConnection
Properties:
PeerOwnerId: ${env:AWS_COGNITO_ACCOUNT_ID}
PeerRoleArn: arn:aws:iam::${env:AWS_COGNITO_ACCOUNT_ID}:role/calcutta-${self:custom.stage}-peer-role
PeerVpcId: ${env:AWS_COGNITO_VPC_ID}
VpcId:
Type: "AWS::EC2::VPCPeeringConnection"
Properties:
PeerVpcId:
Fn::ImportValue: !Sub
- ${Sandbox2VpcStackName}-VPCID
- Sandbox2VpcStackName: !Ref Sandbox2StackName
Type: AWS::EC2::VPCPeeringConnection
Properties:
PeerOwnerId: 442771530490
PeerRoleArn: arn:aws:iam::880898370811:role/create-role-peerRole-X3ZNCOH3368Z
PeerVpcId: !Ref LnCustomVPC2
VpcId: !Ref LnCustomVPC1
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"PeerVpcId" : {
"Ref": "PeerVpcId"
},
"VpcId": ""
"Type" : "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"PeerVpcId" : { "Ref" : "ProductionVPC" },
"VpcId" : { "Ref" : "DevelopmentVPC" },
"Tags" : [
{
"Type": "AWS::EC2::VPCPeeringConnection",
"Condition" : "PROD_VPC",
"Properties": {
"VpcId": {"Fn::ImportValue" : {"Fn::Sub" : "MGMT-VPCId"}},
"PeerVpcId": {"Ref": "VPCID"}
}
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties": {
"PeerVpcId": {
"Fn::ImportValue": "cdk-blog-vpc-staging:ExportsOutputRefvpcstagingF0BF23A463A94C5D"
},
"VpcId": {
"Type" : "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"VpcId" : { "Fn::ImportValue" : { "Fn::Sub" : "${CoreVPCStackName}-VPC" }},
"PeerVpcId" : { "Fn::ImportValue" : { "Fn::Sub" : "${BuildVPCStackName}-VPC" }},
"Tags" : [
{ "Key" : "Name", "Value" : { "Fn::Sub" : "Core-BuildVPCPeeringConnection" }}
Parameters
-
PeerOwnerId
optional - String -
PeerRegion
optional - String -
PeerRoleArn
optional - String -
PeerVpcId
required - String -
Tags
optional - List of Tag -
VpcId
required - String
Explanation in CloudFormation Registry
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another AWS account and can be in a different Region to the requester VPC.
The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of
failed
.For more information, see Walkthough: Peer with a VPC in another AWS account.
Frequently asked questions
What is AWS Amazon EC2 Peering Connection Accepter?
AWS Amazon EC2 Peering Connection Accepter is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Peering Connection Accepter?
For Terraform, the huanwlisa/terraform, bstascavage/terraform-vault-consul-deployment and brucehvn/edify source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the elnurm/aws_cloudformation_templates, kennyk65/aws-teaching-demos and burke1791/march-madness-calcutta-api source code examples are useful. See the CloudFormation Example section for further details.