At Konekti, we’ve observed that many of our clients prefer to use terraform to create AWS infrastructure. We understand this choice. Terraform’s cross-platform nature and use of modules make it very flexible and easy to adopt.

The purpose of this post is to demonstrate how easy it is to create two VPCs and then create a VPC peering connection between them. You can find a number of posts on the Internet about VPC peering using terraform. Why write another? I want to be able to point engineers to a very simple example that creates two VPCs in the same account using the aws_vpc module, creates the VPC peering, and then references the outputs of the aws_vpc module to enable routing between the subnets. You can find more complex, cross-account examples elsewhere. This post is about the basics.

Let’s take a look at the terraform code.

module “vpc-west” {
source = “terraform-aws-modules/vpc/aws”
version = “1.53.0”name = “terraform-vpc-west”
cidr = “10.0.0.0/16”

azs = [“us-west-1a”, “us-west-1b”]
public_subnets = [“10.0.0.0/24”, “10.0.1.0/24”]

enable_dns_hostnames = true
enable_dns_support = true
}

module “vpc-east” {
source = “terraform-aws-modules/vpc/aws”
version = “1.53.0”

name = “terraform-vpc-east”

cidr = “10.1.0.0/16”

azs = [“us-west-1a”, “us-west-1b”]
public_subnets = [“10.1.0.0/24”, “10.1.1.0/24”]

enable_dns_hostnames = true
enable_dns_support = true
}

resource “aws_vpc_peering_connection” “pc” {
peer_vpc_id = “${module.vpc-west.vpc_id}”
vpc_id = “${module.vpc-east.vpc_id}”
auto_accept = true

accepter {
allow_remote_vpc_dns_resolution = true
}

requester {
allow_remote_vpc_dns_resolution = true
}

tags = {
Name = “vpc-east to vpc-west VPC peering”
}
}

resource “aws_route” “vpc-peering-route-east” {
count = 2
route_table_id = “${module.vpc-east.public_route_table_ids[0]}”
destination_cidr_block = “${module.vpc-west.public_subnets_cidr_blocks[count.index]}”
vpc_peering_connection_id = “${aws_vpc_peering_connection.pc.id}”
}

resource “aws_route” “vpc-peering-route-west” {
count = 2
route_table_id = “${module.vpc-west.public_route_table_ids[0]}”
destination_cidr_block = “${module.vpc-east.public_subnets_cidr_blocks[count.index]}”
vpc_peering_connection_id = “${aws_vpc_peering_connection.pc.id}”
}

Here are a few things I want to highlight.

• The VPCs are named vpc-east and vpc-west even though both reside in us-west-1. I tend to think about diagrams in terms of “east” and “west”. I could have just as easily called them “vpc-one” and “vpc-two”. The naming isn’t important.
• The terraform aws_vpc module does the heavy lifting of creating the VPCs, subnets, and routing tables.
• The use of “count”, terraform’s looping construct, populates the two routing tables per VPC with the routes to reach the other VPC via the VPC peering connection.

You can view the full code on Github.