AWS Amazon EC2 Peering Connection Options
This page shows how to write Terraform and CloudFormation for Amazon EC2 Peering Connection Options and write them securely.
aws_vpc_peering_connection_options (Terraform)
The Peering Connection Options in Amazon EC2 can be configured in Terraform with the resource name aws_vpc_peering_connection_options. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.requester
vpc_peering_connection_id = aws_vpc_peering_connection_accepter.accepter.id
requester {
allow_remote_vpc_dns_resolution = true
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.requester
vpc_peering_connection_id = aws_vpc_peering_connection_accepter.accepter.id
requester {
allow_remote_vpc_dns_resolution = true
resource "aws_vpc_peering_connection_options" "vpc_peering_connection_options-requester" {
provider = aws.source
vpc_peering_connection_id = aws_vpc_peering_connection_accepter.vpc_peering_connection_accepter.id
requester {
allow_remote_vpc_dns_resolution = true
resource "aws_vpc_peering_connection_options" "cyhy_bod_peering_connection" {
vpc_peering_connection_id = aws_vpc_peering_connection.cyhy_bod_peering_connection.id
accepter {
allow_remote_vpc_dns_resolution = true
}
Parameters
-
idoptional computed - string -
vpc_peering_connection_idrequired - string -
accepterlist block-
allow_classic_link_to_remote_vpcoptional - bool -
allow_remote_vpc_dns_resolutionoptional - bool -
allow_vpc_to_remote_classic_linkoptional - bool
-
-
requesterlist block-
allow_classic_link_to_remote_vpcoptional - bool -
allow_remote_vpc_dns_resolutionoptional - bool -
allow_vpc_to_remote_classic_linkoptional - bool
-
Explanation in Terraform Registry
Provides a resource to manage VPC peering connection options.
NOTE on VPC Peering Connections and VPC Peering Connection Options: Terraform provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with
accepterandrequesterattributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::VPCPeeringConnection (CloudFormation)
The VPCPeeringConnection in EC2 can be configured in CloudFormation with the resource name AWS::EC2::VPCPeeringConnection. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::VPCPeeringConnection
Condition: IfUSWestRegion
Properties:
VpcId:
Fn::ImportValue: VPCUsaId
PeerRegion: eu-central-1
# Type: AWS::EC2::VPCPeeringConnection
# Properties:
# VpcId: !GetAtt VPCAlpha.Outputs.VPC
# PeerVpcId: !GetAtt VPCBeta.Outputs.VPC
# Tags:
# - Key: Name
Type: AWS::EC2::VPCPeeringConnection
Properties:
PeerOwnerId: ${env:AWS_COGNITO_ACCOUNT_ID}
PeerRoleArn: arn:aws:iam::${env:AWS_COGNITO_ACCOUNT_ID}:role/calcutta-${self:custom.stage}-peer-role
PeerVpcId: ${env:AWS_COGNITO_VPC_ID}
VpcId:
Type: "AWS::EC2::VPCPeeringConnection"
Properties:
PeerVpcId:
Fn::ImportValue: !Sub
- ${Sandbox2VpcStackName}-VPCID
- Sandbox2VpcStackName: !Ref Sandbox2StackName
Type: AWS::EC2::VPCPeeringConnection
Properties:
PeerRegion: us-east-2
PeerVpcId: vpc-07f55a75179399e8d
Tags:
- Key: Name
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"PeerVpcId" : {
"Ref": "PeerVpcId"
},
"VpcId": ""
"Type" : "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"PeerVpcId" : { "Ref" : "ProductionVPC" },
"VpcId" : { "Ref" : "DevelopmentVPC" },
"Tags" : [
{
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties": {
"PeerVpcId": {
"Fn::ImportValue": "cdk-blog-vpc-staging:ExportsOutputRefvpcstagingF0BF23A463A94C5D"
},
"VpcId": {
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties": {
"PeerVpcId": {
"Fn::ImportValue": "cdk-blog-vpc-staging:ExportsOutputRefvpcstagingF0BF23A463A94C5D"
},
"VpcId": {
"Type" : "AWS::EC2::VPCPeeringConnection",
"Properties" : {
"VpcId" : { "Fn::ImportValue" : { "Fn::Sub" : "${CoreVPCStackName}-VPC" }},
"PeerVpcId" : { "Fn::ImportValue" : { "Fn::Sub" : "${BuildVPCStackName}-VPC" }},
"Tags" : [
{ "Key" : "Name", "Value" : { "Fn::Sub" : "Core-BuildVPCPeeringConnection" }}
Parameters
-
PeerOwnerIdoptional - String -
PeerRegionoptional - String -
PeerRoleArnoptional - String -
PeerVpcIdrequired - String -
Tagsoptional - List of Tag -
VpcIdrequired - String
Explanation in CloudFormation Registry
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another AWS account and can be in a different Region to the requester VPC.
The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of
failed.For more information, see Walkthough: Peer with a VPC in another AWS account.
Frequently asked questions
What is AWS Amazon EC2 Peering Connection Options?
AWS Amazon EC2 Peering Connection Options is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Peering Connection Options?
For Terraform, the DNXLabs/terraform-aws-vpc-peering-inter-region, jrpradojr/terraform-aws-vpc-peering-inter-region and atc-labs/terraform-aws-vpc-peering source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the elnurm/aws_cloudformation_templates, kennyk65/aws-teaching-demos and burke1791/march-madness-calcutta-api source code examples are useful. See the CloudFormation Example section for further details.
