Resource: awsVpcPeeringConnectionOptions
Provides a resource to manage VPC peering connection options.
\~> NOTE on VPC Peering Connections and VPC Peering Connection Options: Terraform provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with accepter
and requester
attributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcBar = new aws.vpc.Vpc(this, "bar", {
cidrBlock: "10.1.0.0/16",
});
const awsVpcFoo = new aws.vpc.Vpc(this, "foo", {
cidrBlock: "10.0.0.0/16",
});
const awsVpcPeeringConnectionFoo =
new aws.vpcPeeringConnection.VpcPeeringConnection(this, "foo_2", {
autoAccept: true,
peerVpcId: awsVpcBar.id,
vpcId: awsVpcFoo.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionFoo.overrideLogicalId("foo");
const awsVpcPeeringConnectionOptionsFoo =
new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
this,
"foo_3",
{
accepter: {
allowRemoteVpcDnsResolution: true,
},
requester: {
allowClassicLinkToRemoteVpc: true,
allowVpcToRemoteClassicLink: true,
},
vpcPeeringConnectionId: awsVpcPeeringConnectionFoo.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionOptionsFoo.overrideLogicalId("foo");
Cross-Account Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRequester = new aws.provider.AwsProvider(this, "aws", {
alias: "requester",
});
const awsAccepter = new aws.provider.AwsProvider(this, "aws_1", {
alias: "accepter",
});
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
cidrBlock: "10.0.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
provider: `\${${awsRequester.fqn}}`,
});
const awsVpcPeer = new aws.vpc.Vpc(this, "peer", {
cidrBlock: "10.1.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
provider: `\${${awsAccepter.fqn}}`,
});
const dataAwsCallerIdentityPeer =
new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "peer_4", {
provider: `\${${awsAccepter.fqn}}`,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsCallerIdentityPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionPeer =
new aws.vpcPeeringConnection.VpcPeeringConnection(this, "peer_5", {
autoAccept: false,
peerOwnerId: dataAwsCallerIdentityPeer.accountId,
peerVpcId: awsVpcPeer.id,
provider: `\${${awsRequester.fqn}}`,
tags: {
Side: "Requester",
},
vpcId: awsVpcMain.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionAccepterPeer =
new aws.vpcPeeringConnectionAccepter.VpcPeeringConnectionAccepterA(
this,
"peer_6",
{
autoAccept: true,
provider: `\${${awsAccepter.fqn}}`,
tags: {
Side: "Accepter",
},
vpcPeeringConnectionId: awsVpcPeeringConnectionPeer.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionAccepterPeer.overrideLogicalId("peer");
new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
this,
"accepter",
{
accepter: {
allowRemoteVpcDnsResolution: true,
},
provider: `\${${awsAccepter.fqn}}`,
vpcPeeringConnectionId: awsVpcPeeringConnectionAccepterPeer.id,
}
);
new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
this,
"requester",
{
provider: `\${${awsRequester.fqn}}`,
requester: {
allowRemoteVpcDnsResolution: true,
},
vpcPeeringConnectionId: awsVpcPeeringConnectionAccepterPeer.id,
}
);
Argument Reference
The following arguments are supported:
vpcPeeringConnectionId
- (Required) The ID of the requester VPC peering connection.accepter
(Optional) - An optional configuration block that allows for [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts the peering connection (a maximum of one).requester
(Optional) - A optional configuration block that allows for [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests the peering connection (a maximum of one).
Accepter and Requester Arguments
-> Note: When enabled, the DNS resolution feature requires that VPCs participating in the peering must have support for the DNS hostnames enabled. This can be done using the [enableDnsHostnames
] (vpc.html#enable_dns_hostnames) attribute in the awsVpc
resource. See [Using DNS with Your VPC] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html) user guide for more information.
allowRemoteVpcDnsResolution
- (Optional) Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.allowClassicLinkToRemoteVpc
- (Optional) Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC. This option is not supported for inter-region VPC peering.allowVpcToRemoteClassicLink
- (Optional) Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection. This option is not supported for inter-region VPC peering.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the VPC Peering Connection Options.
Import
VPC Peering Connection Options can be imported using the vpcPeeringId
, e.g.,