web-dev-qa-db-ja.com

Terraformを使用してAWSでクロスリージョンVPCピアリングを構成する方法

異なるリージョンで複数のVPCを起動し、それらの間にVPCピア接続を作成するために、Teraform構成を作成しようとしています。

これはVPCの私のモジュールです

# Required Variables

variable "region" {}
variable "cluster_name" {}
variable "region_name" {}
variable "nb_nodes" {}
variable "vpc_cidr" {}

# Default Variables

variable "instance_type" {
    default = "t2.nano"
}

variable "public_key_path" {
    default = "id_rsa.pub"
}

variable "private_key_path" {
    default = "id_rsa"
}

variable "AMI-username" {
    default = "ubuntu"
}

variable "AMI" {
    type = "map"

    default = {
        us-east-1 = "AMI-0f9cf087c1f27d9b1"
        us-east-2 = "AMI-0653e888ec96eab9b"
    }
}

variable "availability_zone" {
    type = "map"

    default = {
        us-east-1 = "us-east-1a"
        us-east-2 = "us-east-2a"
    }
}

provider "aws" {
    region = "${var.region}"
}

# Network Resources

resource "aws_vpc" "vpc" {
    cidr_block = "${var.vpc_cidr}"
    enable_dns_hostnames = true

    tags {
        Name = "${var.cluster_name}-${var.region_name}-vpc"
    }
}

resource "aws_subnet" "subnet" {
    vpc_id = "${aws_vpc.vpc.id}"
    cidr_block = "${var.vpc_cidr}"
    availability_zone = "${lookup(var.availability_zone, var.region)}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-subnet"
    }
}

resource "aws_security_group" "sg" {
    name = "vpc_test"
    description = "Allow all"

    ingress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }

    egress {
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }

    vpc_id="${aws_vpc.vpc.id}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-security-group"
    }
}

resource "aws_internet_gateway" "gw" {
    vpc_id = "${aws_vpc.vpc.id}"

    tags {
        Name = "${var.cluster_name}-${var.region_name}-gateway"
    }
}

resource "aws_route_table" "public-rt" {
    vpc_id = "${aws_vpc.vpc.id}"

    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.gw.id}"
    }

    tags {
        Name = "${var.cluster_name}-${var.region_name}-subnet-rt"
    }
}

resource "aws_route_table_association" "public-rt" {
    subnet_id = "${aws_subnet.subnet.id}"
    route_table_id = "${aws_route_table.public-rt.id}"
}


# Instance Resources

resource "aws_key_pair" "kp" {
    key_name = "${var.cluster_name}-${var.region_name}-key"
    public_key = "${file("${var.public_key_path}")}"
}

resource "aws_instance" "node" {
    AMI = "${lookup(var.AMI, var.region)}"
    instance_type = "${var.instance_type}"
    count = "${var.nb_nodes}"

    key_name = "${aws_key_pair.kp.id}"
    subnet_id = "${aws_subnet.subnet.id}"
    vpc_security_group_ids = ["${aws_security_group.sg.id}"]
    source_dest_check = false
    associate_public_ip_address = true

    root_block_device {
        volume_size = 20
    }

    tags {
        Name = "${var.cluster_name}-${var.region_name}-${count.index}"
    }
}

output "region" {
    value = "${var.region}"
}

output "vpc_id" {
    value = "${aws_vpc.vpc.id}"
}

これはピア接続を作成するモジュールです

# Required Variables

variable "request_vpc_id" {}
variable "accept_vpc_id" {}
variable "request_region" {}
variable "accept_region" {}

data "aws_caller_identity" "current" {}

provider "aws" {
    region = "${var.request_region}"
}

resource "aws_vpc_peering_connection" "con" {
    peer_owner_id = "${data.aws_caller_identity.current.account_id}"
    vpc_id        = "${var.request_vpc_id}"
    peer_vpc_id   = "${var.accept_vpc_id}"
    auto_accept   = true
}

同じリージョンに2つのVPCを作成するこのようなことをすると、正常に動作します

variable "cluster_name"{
    default = "aws-multi-region"
}

variable "nodes_per_region" {
    default = "1"
}

module "region-1" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "east"
    vpc_cidr = "10.0.0.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "region-2" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "west"
    vpc_cidr = "11.1.1.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "vpc_peer_1" {
    source  = "./vpc_peer/"
    request_region = "${module.region-1.region}"
    request_vpc_id = "${module.region-1.vpc_id}"
    accept_region = "${module.region-2.region}"
    accept_vpc_id = "${module.region-2.vpc_id}"
}

このように別のリージョンにVPCを作成しようとすると、問題が発生します

variable "cluster_name"{
    default = "aws-multi-region"
}

variable "nodes_per_region" {
    default = "1"
}

module "region-1" {
    source  = "./simple_region/"
    region = "us-east-1"
    cluster_name = "${var.cluster_name}"
    region_name = "east"
    vpc_cidr = "10.0.0.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "region-2" {
    source  = "./simple_region/"
    region = "us-east-2"
    cluster_name = "${var.cluster_name}"
    region_name = "west"
    vpc_cidr = "11.1.1.0/24"
    nb_nodes = "${var.nodes_per_region}"
}

module "vpc_peer_1" {
    source  = "./vpc_peer/"
    request_region = "${module.region-1.region}"
    request_vpc_id = "${module.region-1.vpc_id}"
    accept_region = "${module.region-2.region}"
    accept_vpc_id = "${module.region-2.vpc_id}"
}

エラーが出る

Error: Error applying plan:

1 error(s) occurred:

* module.vpc_peer_1.aws_vpc_peering_connection.con: 1 error(s) occurred:

* aws_vpc_peering_connection.con: Error waiting for VPC Peering Connection to become available: Error waiting for VPC Peering Connection (pcx-0d423f938490fde63) to become available: Failed due to incorrect VPC-ID, Account ID, or overlapping CIDR range

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

私はaws uiでvpc接続を手動で作成しようとしましたが、これは正常に機能するので、これがterraformのバグなのか、vpc_peerモジュールの領域で何かする必要があるのか​​疑問に思っています。

5
rvabdn

これが答えのようです

# Required Variables

variable "request_vpc_id" {}
variable "accept_vpc_id" {}
variable "request_region" {}
variable "accept_region" {}

data "aws_caller_identity" "current" {}

provider "aws" {
    region = "${var.request_region}"
}

provider "aws" {
  alias  = "peer"
  region = "${var.accept_region}"
}

# Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
  vpc_id        = "${var.request_vpc_id}"
  peer_vpc_id   = "${var.accept_vpc_id}"
  peer_owner_id = "${data.aws_caller_identity.current.account_id}"
  peer_region   = "${var.accept_region}"
  auto_accept   = false

  tags = {
    Side = "Requester"
  }
}

# Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
  provider                  = "aws.peer"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
  auto_accept               = true

  tags = {
    Side = "Accepter"
  }
}           
5
rvabdn