Skip to content

Resource: awsVpcPeeringConnectionAccepter

Provides a resource to manage the accepter's side of a VPC Peering Connection.

When a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region VPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the accepter's account. The requester can use the awsVpcPeeringConnection resource to manage its side of the connection and the accepter can use the awsVpcPeeringConnectionAccepter resource to "adopt" its side of the connection into management.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.provider.AwsProvider(this, "aws", {
  region: "us-east-1",
});
const awsPeer = new aws.provider.AwsProvider(this, "aws_1", {
  alias: "peer",
  region: "us-west-2",
});
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
});
const awsVpcPeer = new aws.vpc.Vpc(this, "peer", {
  cidrBlock: "10.1.0.0/16",
  provider: `\${${awsPeer.fqn}}`,
});
const dataAwsCallerIdentityPeer =
  new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "peer_4", {
    provider: `\${${awsPeer.fqn}}`,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsCallerIdentityPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionPeer =
  new aws.vpcPeeringConnection.VpcPeeringConnection(this, "peer_5", {
    autoAccept: false,
    peerOwnerId: dataAwsCallerIdentityPeer.accountId,
    peerRegion: "us-west-2",
    peerVpcId: awsVpcPeer.id,
    tags: {
      Side: "Requester",
    },
    vpcId: awsVpcMain.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionAccepterPeer =
  new aws.vpcPeeringConnectionAccepter.VpcPeeringConnectionAccepterA(
    this,
    "peer_6",
    {
      autoAccept: true,
      provider: `\${${awsPeer.fqn}}`,
      tags: {
        Side: "Accepter",
      },
      vpcPeeringConnectionId: awsVpcPeeringConnectionPeer.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionAccepterPeer.overrideLogicalId("peer");

Argument Reference

The following arguments are supported:

  • vpcPeeringConnectionId - (Required) The VPC Peering Connection ID to manage.
  • autoAccept - (Optional) Whether or not to accept the peering request. Defaults to false.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Removing awsVpcPeeringConnectionAccepter from your configuration

AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side. However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding awsVpcPeeringConnection resource from your configuration. Removing a awsVpcPeeringConnectionAccepter resource from your configuration will remove it from your statefile and management, but will not destroy the VPC Peering Connection.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the VPC Peering Connection.
  • acceptStatus - The status of the VPC Peering Connection request.
  • vpcId - The ID of the accepter VPC.
  • peerVpcId - The ID of the requester VPC.
  • peerOwnerId - The AWS account ID of the owner of the requester VPC.
  • peerRegion - The region of the accepter VPC.
  • accepter - A configuration block that describes [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC.
  • requester - A configuration block that describes [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Accepter and Requester Attributes Reference

  • allowRemoteVpcDnsResolution - Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.
  • allowClassicLinkToRemoteVpc - Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC Peering Connection.
  • allowVpcToRemoteClassicLink - Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC Peering Connection.

Import

VPC Peering Connection Accepters can be imported by using the Peering Connection ID, e.g.,

$ terraform import aws_vpc_peering_connection_accepter.example pcx-12345678

Certain resource arguments, like autoAccept, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the Terraform configuration on an imported resource, Terraform will always show a difference. To workaround this behavior, either omit the argument from the Terraform configuration or use ignoreChanges to hide the difference, e.g.,

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcPeeringConnectionAccepterExample =
  new aws.vpcPeeringConnectionAccepter.VpcPeeringConnectionAccepterA(
    this,
    "example",
    {}
  );
awsVpcPeeringConnectionAccepterExample.addOverride("lifecycle", [
  {
    ignore_changes: ["${auto_accept}"],
  },
]);