VPC 간 통신
VPC 간 내부 통신을 위해서는 Peering을 맺어야 합니다.
단, 주의해야할 점은 peering하는 두 VPC의 CIDR가 겹치지 않아야 합니다.
최근에는 Transit Gateway도 유용하게 쓰이지만, 본 실습에서는 종단 간 VPC Peering을 맺도록 하겠습니다.
VPC Peering을 맺기 위해서는 Requester는 Peering 요청을 하고, Acceptor는 요청을 승인해야 합니다. 이후에는 해당 peering ID를 destination IP range와 Route 테이블에 저장합니다.
Requester는 Peering을 가장 많이 맺는 VPC로 정하시면 편리합니다.
Requester 생성
먼저 peering.tf 파일을 생성(수정)해서 peering request 코드를 작성합니다.
terraform/vpc/dayonep_apnortheast2/peering.tf
Copy # Peering Connection Requester
resource "aws_vpc_peering_connection" "peerings" {
count = length ( var.vpc_peerings )
peer_vpc_id = var.vpc_peerings[count.index][ "peer_vpc_id" ]
peer_owner_id = var.vpc_peerings[count.index][ "peer_owner_id" ]
peer_region = var.vpc_peerings[count.index][ "peer_region" ]
vpc_id = aws_vpc.default.id
tags = {
Name = "${var.shard_id}-with-${var.vpc_peerings[count.index]["peer_vpc_name"]}"
peer_vpc_name = var.vpc_peerings[count.index][ "peer_vpc_name" ]
Side = "Requester"
}
}
위 코드에 들어가는 변수를 variables.tf 에 추가합니다.
terraform/vpc/dayonep_apnortheast2/variables.tf
Copy variable "vpc_peerings" {
description = "A list of maps containing key/value pairs that define vpc peering."
type = list
default = []
} 변수가 들어갈 값을 terraform.tfvars에 추가합니다.
terraform/vpc/dayonep_apnortheast2/terraform.tfvars
Copy ( .. .생략. .. )
# Peering List
vpc_peerings = [
{
peer_vpc_id = "<< VPC ID >>"
peer_owner_id = "<< Owner ID >>"
peer_region = "<< Region ID >>"
peer_vpc_name = "<< Peering VPC Name >>"
vpc_cidr = "<< VPC CIDR >>"
}
]
이제 terraform plan, apply를 통해서 request 요청을 보냅니다.
Copy $ terraform plan -parallelism=30
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc_peering_connection.peerings[0] will be created
+ resource "aws_vpc_peering_connection" "peerings" {
+ accept_status = (known after apply )
+ id = (known after apply )
+ peer_owner_id = "..."
+ peer_region = "..."
+ peer_vpc_id = "..."
+ tags = {
+ "Name" = "dayonepapne2-with-dayoned_apnortheast2"
+ "Side" = "Requester"
+ "peer_vpc_name" = "dayoned_apnortheast2"
}
+ vpc_id = "..."
+ accepter {
+ allow_classic_link_to_remote_vpc = (known after apply )
+ allow_remote_vpc_dns_resolution = (known after apply )
+ allow_vpc_to_remote_classic_link = (known after apply )
}
+ requester {
+ allow_classic_link_to_remote_vpc = (known after apply )
+ allow_remote_vpc_dns_resolution = (known after apply )
+ allow_vpc_to_remote_classic_link = (known after apply )
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Copy $ terraform apply -parallelism=30
...
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
콘솔에서 확인해보시면 Request가 들어간 것을 확인하실 수 있습니다~
Acceptor 생성
이제 dayoned VPC 에서 Acceptor를 생성하도록 하겠습니다.
terraform/vpc/dayoned_apnortheast2/peering.tf
Copy resource "aws_vpc_peering_connection_accepter" "dayonep_apnortheast2" {
vpc_peering_connection_id = var.vpc_peer_connection_id_dayonep_apne2
auto_accept = true
} 추가한 변수를 variables.tf에 추가합니다.
terraform/vpc/dayoned_apnortheast2/variables.tf
Copy # peering ID with dayonep VPC
variable "vpc_peer_connection_id_dayonep_apne2" {} 변수에 대한 값을 terraform.tfvars에 추가합니다. 이때 Peering ID에는 이전 단계에서 생성한 request에서 peering connection ID(pcx-xxx)를 넣어주시면 됩니다.
Copy # VPC Peering Connection Variables
vpc_peer_connection_id_dayonep_apne2 = "pcx-xxxx"
이제 terraform plan, apply를 통해서 accept를 적용합니다.
Copy $ terraform plan -parallelism=30
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc_peering_connection_accepter.dayonep_apnortheast2 will be created
+ resource "aws_vpc_peering_connection_accepter" "dayonep_apnortheast2" {
+ accept_status = (known after apply )
+ auto_accept = true
+ id = (known after apply )
+ peer_owner_id = (known after apply )
+ peer_region = (known after apply )
+ peer_vpc_id = (known after apply )
+ vpc_id = (known after apply )
+ vpc_peering_connection_id = "pcx-xxxxx"
+ accepter {
+ allow_classic_link_to_remote_vpc = (known after apply )
+ allow_remote_vpc_dns_resolution = (known after apply )
+ allow_vpc_to_remote_classic_link = (known after apply )
}
+ requester {
+ allow_classic_link_to_remote_vpc = (known after apply )
+ allow_remote_vpc_dns_resolution = (known after apply )
+ allow_vpc_to_remote_classic_link = (known after apply )
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
$ terraform apply -parallelism=30
( ... 생략 ... )
Apply complete! Resources: 1 added, 0 changed, 0 destroyed. 콘솔에서 확인해보시면 해당 connection이 Active로 변경된 것을 확인하실 수 있습니다.
Route Rule 추가
이제 VPC CIDR로 들어오는 요청이 peering connection을 사용할 수 있도록 Route table에 등록합니다. 다시 dayonep 폴더로 가서 production to develop 부터 설정하겠습니다.
dayonep_apnortheast2 설정
route_table_routes.tf 에 rule을 추가합니다.
terraform/vpc/dayonep_apnortheast2/route_table_routes.tf
Copy # Routes for public subnet with peering connection
resource "aws_route" "public_peering" {
count = length ( var.vpc_peerings )
route_table_id = aws_route_table.public.id
destination_cidr_block = var.vpc_peerings[count.index][ "vpc_cidr" ]
vpc_peering_connection_id = element ( aws_vpc_peering_connection.peerings.*.id, count.index )
}
# Routes for private subnet with peering connection
resource "aws_route" "private_peering" {
count = length ( var.vpc_peerings ) * length ( var.availability_zones )
route_table_id = element (
aws_route_table.private.*.id,
floor(count.index / length ( var.vpc_peerings ))
)
destination_cidr_block = var.vpc_peerings[count.index % length ( var.vpc_peerings ) ][ "vpc_cidr" ]
vpc_peering_connection_id = element (
aws_vpc_peering_connection.peerings.*.id,
count.index % length ( var.vpc_peerings )
)
} 변수를 variables.tf에 추가합니다.
terraform/vpc/dayonep_apnortheast2/variables.tf
Copy # peering ID with dayoned VPC
variable "vpc_peer_connection_id_dayoned_apne2" {}
variable "dayoned_destination_cidr_block" {} 변수에 해당하는 값을 terraform.tfvars에 추가합니다.
terraform/vpc/dayonep_apnortheast2/terraform.tfvars
Copy # VPC Peering Connection Variables
vpc_peer_connection_id_dayoned_apne2 = "pcx-xxxxx"
dayoned_destination_cidr_block = "10.10.0.0/16"
이렇게 세팅을 한 후에 terraform plan / apply를 통해 리소스를 생성합니다. 과정은 생략하겠습니다.
dayoned_apnortheast2 설정
route_table_routes.tf 에 rule을 추가합니다. 이전에 설정했던 코드랑 다르니 주의하시기 바랍니다.
terraform/vpc/dayoned_apnortheast2/route_table_routes.tf
Copy # Peering in public route table
resource "aws_route" "dayonep_public_peering" {
route_table_id = aws_route_table.public.id
destination_cidr_block = var.dayonep_destination_cidr_block
vpc_peering_connection_id = var.vpc_peer_connection_id_dayonep_apne2
}
# Peering in private route table
resource "aws_route" "dayonep_private_peering" {
count = length ( var.availability_zones )
route_table_id = element ( aws_route_table.private.*.id, count.index )
destination_cidr_block = var.dayonep_destination_cidr_block
vpc_peering_connection_id = var.vpc_peer_connection_id_dayonep_apne2
} 변수를 variables.tf에 추가합니다.
terraform/vpc/dayonep_apnortheast2/variables.tf
Copy # peering ID with dayonep VPC
variable "vpc_peer_connection_id_dayonep_apne2" {}
variable "dayonep_destination_cidr_block" {} 변수에 해당하는 값을 terraform.tfvars에 추가합니다.
terraform/vpc/dayoned_apnortheast2/terraform.tfvars
Copy # VPC Peering Connection Variables
vpc_peer_connection_id_dayonep_apne2 = "pcx-xxxxx"
dayonep_destination_cidr_block = "10.20.0.0/16"
이렇게 세팅을 한 후에 terraform plan / apply를 통해 리소스를 생성합니다. 과정은 생략하겠습니다.
