Skip to content

Resource: awsVpcPeeringConnectionOptions

Provides a resource to manage VPC peering connection options.

\~> NOTE on VPC Peering Connections and VPC Peering Connection Options: Terraform provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with accepter and requester attributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsVpcBar = new aws.vpc.Vpc(this, "bar", {
  cidrBlock: "10.1.0.0/16",
});
const awsVpcFoo = new aws.vpc.Vpc(this, "foo", {
  cidrBlock: "10.0.0.0/16",
});
const awsVpcPeeringConnectionFoo =
  new aws.vpcPeeringConnection.VpcPeeringConnection(this, "foo_2", {
    autoAccept: true,
    peerVpcId: awsVpcBar.id,
    vpcId: awsVpcFoo.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionFoo.overrideLogicalId("foo");
const awsVpcPeeringConnectionOptionsFoo =
  new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
    this,
    "foo_3",
    {
      accepter: {
        allowRemoteVpcDnsResolution: true,
      },
      requester: {
        allowClassicLinkToRemoteVpc: true,
        allowVpcToRemoteClassicLink: true,
      },
      vpcPeeringConnectionId: awsVpcPeeringConnectionFoo.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionOptionsFoo.overrideLogicalId("foo");

Cross-Account Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRequester = new aws.provider.AwsProvider(this, "aws", {
  alias: "requester",
});
const awsAccepter = new aws.provider.AwsProvider(this, "aws_1", {
  alias: "accepter",
});
const awsVpcMain = new aws.vpc.Vpc(this, "main", {
  cidrBlock: "10.0.0.0/16",
  enableDnsHostnames: true,
  enableDnsSupport: true,
  provider: `\${${awsRequester.fqn}}`,
});
const awsVpcPeer = new aws.vpc.Vpc(this, "peer", {
  cidrBlock: "10.1.0.0/16",
  enableDnsHostnames: true,
  enableDnsSupport: true,
  provider: `\${${awsAccepter.fqn}}`,
});
const dataAwsCallerIdentityPeer =
  new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "peer_4", {
    provider: `\${${awsAccepter.fqn}}`,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsCallerIdentityPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionPeer =
  new aws.vpcPeeringConnection.VpcPeeringConnection(this, "peer_5", {
    autoAccept: false,
    peerOwnerId: dataAwsCallerIdentityPeer.accountId,
    peerVpcId: awsVpcPeer.id,
    provider: `\${${awsRequester.fqn}}`,
    tags: {
      Side: "Requester",
    },
    vpcId: awsVpcMain.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionPeer.overrideLogicalId("peer");
const awsVpcPeeringConnectionAccepterPeer =
  new aws.vpcPeeringConnectionAccepter.VpcPeeringConnectionAccepterA(
    this,
    "peer_6",
    {
      autoAccept: true,
      provider: `\${${awsAccepter.fqn}}`,
      tags: {
        Side: "Accepter",
      },
      vpcPeeringConnectionId: awsVpcPeeringConnectionPeer.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcPeeringConnectionAccepterPeer.overrideLogicalId("peer");
new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
  this,
  "accepter",
  {
    accepter: {
      allowRemoteVpcDnsResolution: true,
    },
    provider: `\${${awsAccepter.fqn}}`,
    vpcPeeringConnectionId: awsVpcPeeringConnectionAccepterPeer.id,
  }
);
new aws.vpcPeeringConnectionOptions.VpcPeeringConnectionOptions(
  this,
  "requester",
  {
    provider: `\${${awsRequester.fqn}}`,
    requester: {
      allowRemoteVpcDnsResolution: true,
    },
    vpcPeeringConnectionId: awsVpcPeeringConnectionAccepterPeer.id,
  }
);

Argument Reference

The following arguments are supported:

  • vpcPeeringConnectionId - (Required) The ID of the requester VPC peering connection.
  • accepter (Optional) - An optional configuration block that allows for [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts the peering connection (a maximum of one).
  • requester (Optional) - A optional configuration block that allows for [VPC Peering Connection] (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests the peering connection (a maximum of one).

Accepter and Requester Arguments

-> Note: When enabled, the DNS resolution feature requires that VPCs participating in the peering must have support for the DNS hostnames enabled. This can be done using the [enableDnsHostnames] (vpc.html#enable_dns_hostnames) attribute in the awsVpc resource. See [Using DNS with Your VPC] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html) user guide for more information.

  • allowRemoteVpcDnsResolution - (Optional) Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.
  • allowClassicLinkToRemoteVpc - (Optional) Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC. This option is not supported for inter-region VPC peering.
  • allowVpcToRemoteClassicLink - (Optional) Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection. This option is not supported for inter-region VPC peering.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the VPC Peering Connection Options.

Import

VPC Peering Connection Options can be imported using the vpcPeeringId, e.g.,

$ terraform import aws_vpc_peering_connection_options.foo pcx-111aaa111