From 8f1b148ee02e285438c0956ff337b53154a800a2 Mon Sep 17 00:00:00 2001 From: heathsnow Date: Fri, 4 Jun 2021 11:40:46 -0700 Subject: [PATCH 01/13] remove provider config from module --- accepter.tf | 16 +--------------- requester.tf | 51 +-------------------------------------------------- variables.tf | 34 ---------------------------------- 3 files changed, 2 insertions(+), 99 deletions(-) diff --git a/accepter.tf b/accepter.tf index 37046bb..2fad70b 100644 --- a/accepter.tf +++ b/accepter.tf @@ -1,20 +1,6 @@ # Accepter's credentials provider "aws" { - alias = "accepter" - region = var.accepter_region - profile = var.accepter_aws_profile - skip_metadata_api_check = var.skip_metadata_api_check - - dynamic "assume_role" { - for_each = var.accepter_aws_assume_role_arn != "" ? ["true"] : [] - content { - role_arn = var.accepter_aws_assume_role_arn - } - } - - access_key = var.accepter_aws_access_key - secret_key = var.accepter_aws_secret_key - token = var.accepter_aws_token + alias = "accepter" } module "accepter" { diff --git a/requester.tf b/requester.tf index 467fc76..47bf66a 100644 --- a/requester.tf +++ b/requester.tf @@ -1,37 +1,3 @@ -variable "requester_aws_profile" { - description = "Profile used to assume requester_aws_assume_role_arn" - type = string - default = "" -} - -variable "requester_aws_access_key" { - description = "Access key id to use in requester account" - type = string - default = null -} - -variable "requester_aws_assume_role_arn" { - description = "Requester AWS Assume Role ARN" - type = string -} - -variable "requester_aws_secret_key" { - description = "Secret access key to use in requester account" - type = string - default = null -} - -variable "requester_aws_token" { - description = "Session token for validating temporary credentials" - type = string - default = null -} - -variable "requester_region" { - type = string - description = "Requester AWS region" -} - variable "requester_subnet_tags" { type = map(string) description = "Only add peer routes to requester VPC route tables of subnets matching these tags" @@ -58,22 +24,7 @@ variable "requester_allow_remote_vpc_dns_resolution" { # Requestors's credentials provider "aws" { - alias = "requester" - region = var.requester_region - profile = var.requester_aws_profile - skip_metadata_api_check = var.skip_metadata_api_check - - dynamic "assume_role" { - for_each = var.requester_aws_assume_role_arn != "" ? ["true"] : [] - content { - role_arn = var.requester_aws_assume_role_arn - } - } - - access_key = var.requester_aws_access_key - secret_key = var.requester_aws_secret_key - token = var.requester_aws_token - + alias = "requester" } module "requester" { diff --git a/variables.tf b/variables.tf index 771f39a..9eb9b2e 100644 --- a/variables.tf +++ b/variables.tf @@ -4,40 +4,6 @@ variable "auto_accept" { description = "Automatically accept the peering" } -variable "accepter_aws_access_key" { - description = "Access key id to use in accepter account" - type = string - default = null -} - -variable "accepter_aws_profile" { - description = "Profile used to assume accepter_aws_assume_role_arn" - type = string - default = "" -} - -variable "accepter_aws_assume_role_arn" { - description = "Accepter AWS Assume Role ARN" - type = string -} - -variable "accepter_aws_secret_key" { - description = "Secret access key to use in accepter account" - type = string - default = null -} - -variable "accepter_aws_token" { - description = "Session token for validating temporary credentials" - type = string - default = null -} - -variable "accepter_region" { - type = string - description = "Accepter AWS region" -} - variable "accepter_vpc_id" { type = string description = "Accepter VPC ID filter" From e21e18dbe07e3ac6d595d2ccec3ca9f116f7e361 Mon Sep 17 00:00:00 2001 From: heathsnow Date: Fri, 4 Jun 2021 12:00:44 -0700 Subject: [PATCH 02/13] README updates --- README.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.yaml b/README.yaml index fcc44fc..97474a3 100644 --- a/README.yaml +++ b/README.yaml @@ -77,19 +77,20 @@ usage: |2- stage = "dev" name = "cluster" - requester_aws_assume_role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test" - requester_region = "us-west-2" requester_vpc_id = "vpc-xxxxxxxx" requester_allow_remote_vpc_dns_resolution = true - accepter_aws_assume_role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test" - accepter_region = "us-east-1" accepter_vpc_id = "vpc-yyyyyyyy" accepter_allow_remote_vpc_dns_resolution = true + + providers = { + aws.accepter = aws.accepter + aws.requester = aws.requester + } } ``` - The `arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test` requester IAM Role should have the following Trust Policy: + The requester IAM Role should have the following Trust Policy:
Show Trust Policy @@ -173,7 +174,7 @@ usage: |2-
- The `arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test` accepter IAM Role should have the following Trust Policy: + The accepter IAM Role should have the following Trust Policy:
Show Trust Policy From 68aa8e5139f8382a32f69dce1a9fb4477f771ab0 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Fri, 4 Jun 2021 19:11:10 +0000 Subject: [PATCH 03/13] Auto Format --- README.md | 28 ++++++++-------------------- docs/terraform.md | 12 ------------ 2 files changed, 8 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 7f0d0d0..f6c952c 100644 --- a/README.md +++ b/README.md @@ -120,19 +120,20 @@ module "vpc_peering_cross_account" { stage = "dev" name = "cluster" - requester_aws_assume_role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test" - requester_region = "us-west-2" requester_vpc_id = "vpc-xxxxxxxx" requester_allow_remote_vpc_dns_resolution = true - accepter_aws_assume_role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test" - accepter_region = "us-east-1" accepter_vpc_id = "vpc-yyyyyyyy" accepter_allow_remote_vpc_dns_resolution = true + + providers = { + aws.accepter = aws.accepter + aws.requester = aws.requester + } } ``` -The `arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test` requester IAM Role should have the following Trust Policy: +The requester IAM Role should have the following Trust Policy:
Show Trust Policy @@ -216,7 +217,7 @@ where `XXXXXXXX` is the requester AWS account ID.
-The `arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test` accepter IAM Role should have the following Trust Policy: +The accepter IAM Role should have the following Trust Policy:
Show Trust Policy @@ -370,12 +371,6 @@ Available targets: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | `bool` | `true` | no | -| [accepter\_aws\_access\_key](#input\_accepter\_aws\_access\_key) | Access key id to use in accepter account | `string` | `null` | no | -| [accepter\_aws\_assume\_role\_arn](#input\_accepter\_aws\_assume\_role\_arn) | Accepter AWS Assume Role ARN | `string` | n/a | yes | -| [accepter\_aws\_profile](#input\_accepter\_aws\_profile) | Profile used to assume accepter\_aws\_assume\_role\_arn | `string` | `""` | no | -| [accepter\_aws\_secret\_key](#input\_accepter\_aws\_secret\_key) | Secret access key to use in accepter account | `string` | `null` | no | -| [accepter\_aws\_token](#input\_accepter\_aws\_token) | Session token for validating temporary credentials | `string` | `null` | no | -| [accepter\_region](#input\_accepter\_region) | Accepter AWS region | `string` | n/a | yes | | [accepter\_subnet\_tags](#input\_accepter\_subnet\_tags) | Only add peer routes to accepter VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | | [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | Accepter VPC ID filter | `string` | `""` | no | | [accepter\_vpc\_tags](#input\_accepter\_vpc\_tags) | Accepter VPC Tags filter | `map(string)` | `{}` | no | @@ -395,12 +390,6 @@ Available targets: | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | `bool` | `true` | no | -| [requester\_aws\_access\_key](#input\_requester\_aws\_access\_key) | Access key id to use in requester account | `string` | `null` | no | -| [requester\_aws\_assume\_role\_arn](#input\_requester\_aws\_assume\_role\_arn) | Requester AWS Assume Role ARN | `string` | n/a | yes | -| [requester\_aws\_profile](#input\_requester\_aws\_profile) | Profile used to assume requester\_aws\_assume\_role\_arn | `string` | `""` | no | -| [requester\_aws\_secret\_key](#input\_requester\_aws\_secret\_key) | Secret access key to use in requester account | `string` | `null` | no | -| [requester\_aws\_token](#input\_requester\_aws\_token) | Session token for validating temporary credentials | `string` | `null` | no | -| [requester\_region](#input\_requester\_region) | Requester AWS region | `string` | n/a | yes | | [requester\_subnet\_tags](#input\_requester\_subnet\_tags) | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | | [requester\_vpc\_id](#input\_requester\_vpc\_id) | Requester VPC ID filter | `string` | `""` | no | | [requester\_vpc\_tags](#input\_requester\_vpc\_tags) | Requester VPC Tags filter | `map(string)` | `{}` | no | @@ -427,6 +416,7 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) + ## Related Projects Check out these related projects. @@ -436,8 +426,6 @@ Check out these related projects. - [terraform-aws-kops-vpc-peering](https://github.com/cloudposse/terraform-aws-kops-vpc-peering) - Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops - - ## References For additional context, refer to some of these links. diff --git a/docs/terraform.md b/docs/terraform.md index ce738f8..4f89642 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -48,12 +48,6 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | `bool` | `true` | no | -| [accepter\_aws\_access\_key](#input\_accepter\_aws\_access\_key) | Access key id to use in accepter account | `string` | `null` | no | -| [accepter\_aws\_assume\_role\_arn](#input\_accepter\_aws\_assume\_role\_arn) | Accepter AWS Assume Role ARN | `string` | n/a | yes | -| [accepter\_aws\_profile](#input\_accepter\_aws\_profile) | Profile used to assume accepter\_aws\_assume\_role\_arn | `string` | `""` | no | -| [accepter\_aws\_secret\_key](#input\_accepter\_aws\_secret\_key) | Secret access key to use in accepter account | `string` | `null` | no | -| [accepter\_aws\_token](#input\_accepter\_aws\_token) | Session token for validating temporary credentials | `string` | `null` | no | -| [accepter\_region](#input\_accepter\_region) | Accepter AWS region | `string` | n/a | yes | | [accepter\_subnet\_tags](#input\_accepter\_subnet\_tags) | Only add peer routes to accepter VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | | [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | Accepter VPC ID filter | `string` | `""` | no | | [accepter\_vpc\_tags](#input\_accepter\_vpc\_tags) | Accepter VPC Tags filter | `map(string)` | `{}` | no | @@ -73,12 +67,6 @@ | [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | `bool` | `true` | no | -| [requester\_aws\_access\_key](#input\_requester\_aws\_access\_key) | Access key id to use in requester account | `string` | `null` | no | -| [requester\_aws\_assume\_role\_arn](#input\_requester\_aws\_assume\_role\_arn) | Requester AWS Assume Role ARN | `string` | n/a | yes | -| [requester\_aws\_profile](#input\_requester\_aws\_profile) | Profile used to assume requester\_aws\_assume\_role\_arn | `string` | `""` | no | -| [requester\_aws\_secret\_key](#input\_requester\_aws\_secret\_key) | Secret access key to use in requester account | `string` | `null` | no | -| [requester\_aws\_token](#input\_requester\_aws\_token) | Session token for validating temporary credentials | `string` | `null` | no | -| [requester\_region](#input\_requester\_region) | Requester AWS region | `string` | n/a | yes | | [requester\_subnet\_tags](#input\_requester\_subnet\_tags) | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | | [requester\_vpc\_id](#input\_requester\_vpc\_id) | Requester VPC ID filter | `string` | `""` | no | | [requester\_vpc\_tags](#input\_requester\_vpc\_tags) | Requester VPC Tags filter | `map(string)` | `{}` | no | From 8232f990977edd85ccb5d4928017bb2de7494b4b Mon Sep 17 00:00:00 2001 From: heathsnow Date: Mon, 7 Jun 2021 14:05:40 -0700 Subject: [PATCH 04/13] Update `complete` test - Remove `requester_aws_assume_role_arn` - Remove `requester_region` --- examples/complete/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4a7d1e9..fa4c4be 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -5,13 +5,9 @@ provider "aws" { module "vpc_peering_cross_account" { source = "../../" - requester_aws_assume_role_arn = var.requester_aws_assume_role_arn - requester_region = var.requester_region requester_vpc_id = var.requester_vpc_id requester_allow_remote_vpc_dns_resolution = var.requester_allow_remote_vpc_dns_resolution - accepter_aws_assume_role_arn = var.accepter_aws_assume_role_arn - accepter_region = var.accepter_region accepter_vpc_id = var.accepter_vpc_id accepter_allow_remote_vpc_dns_resolution = var.accepter_allow_remote_vpc_dns_resolution From 1a2299135601977b116bec61867d1b5686aa742a Mon Sep 17 00:00:00 2001 From: heathsnow Date: Mon, 7 Jun 2021 14:10:50 -0700 Subject: [PATCH 05/13] remove defunct variables --- examples/complete/variables.tf | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 22e69df..4b81b12 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -4,17 +4,6 @@ variable "region" { default = "us-east-1" } -variable "requester_aws_assume_role_arn" { - type = string - description = "Requester AWS Assume Role ARN" -} - -variable "requester_region" { - type = string - description = "Requester AWS region" - default = "us-west-2" -} - variable "requester_vpc_id" { type = string description = "Requester VPC ID filter" @@ -26,17 +15,6 @@ variable "requester_allow_remote_vpc_dns_resolution" { default = true } -variable "accepter_aws_assume_role_arn" { - type = string - description = "Accepter AWS Assume Role ARN" -} - -variable "accepter_region" { - type = string - description = "Accepter AWS region" - default = "us-east-1" -} - variable "accepter_vpc_id" { type = string description = "Accepter VPC ID filter" From 44d47698b265012aa229a3831d1ca40a67005efa Mon Sep 17 00:00:00 2001 From: heathsnow Date: Tue, 8 Jun 2021 10:26:39 -0700 Subject: [PATCH 06/13] Add configuration_aliases and provider documentation --- README.yaml | 21 +++++++++++++++++++-- versions.tf | 1 + 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/README.yaml b/README.yaml index 97474a3..b6f51e8 100644 --- a/README.yaml +++ b/README.yaml @@ -69,6 +69,23 @@ usage: |2- For a complete example, see [examples/complete](examples/complete) ```hcl + + provider "aws" { + alias = "requester" + region = "us-west-2" + assume_role { + role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test" + } + } + + provider "aws" { + alias = "accepter" + region = "us-west-2" + assume_role { + role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test" + } + } + module "vpc_peering_cross_account" { source = "cloudposse/vpc-peering-multi-account/aws" # Cloud Posse recommends pinning every module to a specific version @@ -90,7 +107,7 @@ usage: |2- } ``` - The requester IAM Role should have the following Trust Policy: + The `arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test` requester IAM Role should have the following Trust Policy:
Show Trust Policy @@ -174,7 +191,7 @@ usage: |2-
- The accepter IAM Role should have the following Trust Policy: + The `arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test` accepter IAM Role should have the following Trust Policy:
Show Trust Policy diff --git a/versions.tf b/versions.tf index 971ae24..cada334 100644 --- a/versions.tf +++ b/versions.tf @@ -5,6 +5,7 @@ terraform { aws = { source = "hashicorp/aws" version = ">= 2.0" + configuration_aliases = [ aws.accepter, aws.requester ] } null = { source = "hashicorp/null" From f5977b1d06c013afb642d30883f3d119b84e65c9 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Tue, 8 Jun 2021 17:29:05 +0000 Subject: [PATCH 07/13] Auto Format --- README.md | 21 +++++++++++++++++++-- versions.tf | 6 +++--- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f6c952c..55d6ecf 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,23 @@ The table below correctly indicates which inputs are required. For a complete example, see [examples/complete](examples/complete) ```hcl + +provider "aws" { + alias = "requester" + region = "us-west-2" + assume_role { + role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test" + } +} + +provider "aws" { + alias = "accepter" + region = "us-west-2" + assume_role { + role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test" + } +} + module "vpc_peering_cross_account" { source = "cloudposse/vpc-peering-multi-account/aws" # Cloud Posse recommends pinning every module to a specific version @@ -133,7 +150,7 @@ module "vpc_peering_cross_account" { } ``` -The requester IAM Role should have the following Trust Policy: +The `arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test` requester IAM Role should have the following Trust Policy:
Show Trust Policy @@ -217,7 +234,7 @@ where `XXXXXXXX` is the requester AWS account ID.
-The accepter IAM Role should have the following Trust Policy: +The `arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test` accepter IAM Role should have the following Trust Policy:
Show Trust Policy diff --git a/versions.tf b/versions.tf index cada334..4528f42 100644 --- a/versions.tf +++ b/versions.tf @@ -3,9 +3,9 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" - version = ">= 2.0" - configuration_aliases = [ aws.accepter, aws.requester ] + source = "hashicorp/aws" + version = ">= 2.0" + configuration_aliases = [aws.accepter, aws.requester] } null = { source = "hashicorp/null" From 88456a83413c386a3101eb67f4d06dcca5e8db5e Mon Sep 17 00:00:00 2001 From: heathsnow Date: Thu, 10 Jun 2021 12:06:33 -0700 Subject: [PATCH 08/13] update required terraform version --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 4528f42..fc69770 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.15.0" required_providers { aws = { From b825a4d32d51b574c1239a6876bc6ca15f105afe Mon Sep 17 00:00:00 2001 From: heathsnow Date: Thu, 10 Jun 2021 12:15:41 -0700 Subject: [PATCH 09/13] remove provider blocks as they are passed into module now --- accepter.tf | 5 ----- requester.tf | 5 ----- 2 files changed, 10 deletions(-) diff --git a/accepter.tf b/accepter.tf index 2fad70b..d341eb0 100644 --- a/accepter.tf +++ b/accepter.tf @@ -1,8 +1,3 @@ -# Accepter's credentials -provider "aws" { - alias = "accepter" -} - module "accepter" { source = "cloudposse/label/null" version = "0.24.1" diff --git a/requester.tf b/requester.tf index 47bf66a..6539a67 100644 --- a/requester.tf +++ b/requester.tf @@ -22,11 +22,6 @@ variable "requester_allow_remote_vpc_dns_resolution" { description = "Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC" } -# Requestors's credentials -provider "aws" { - alias = "requester" -} - module "requester" { source = "cloudposse/label/null" version = "0.24.1" From 3da0b714a97e2a01b53c0390a63bfd3609c43a21 Mon Sep 17 00:00:00 2001 From: heathsnow Date: Thu, 10 Jun 2021 12:18:52 -0700 Subject: [PATCH 10/13] update min required version for examples/vpc-only --- examples/vpc-only/versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/vpc-only/versions.tf b/examples/vpc-only/versions.tf index 87fe940..ce4c769 100644 --- a/examples/vpc-only/versions.tf +++ b/examples/vpc-only/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.13.0" + required_version = ">= 0.15.0" required_providers { aws = { From fe1f9a6e390ca8ffad3e8b103cc11c59e463a8c0 Mon Sep 17 00:00:00 2001 From: heathsnow Date: Tue, 15 Jun 2021 08:28:41 -0700 Subject: [PATCH 11/13] trigger GitHub actions From e0c0419df8a3d6fb8394718247848482231e5952 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Fri, 12 Nov 2021 23:46:23 -0600 Subject: [PATCH 12/13] Delete README.md --- README.md | 623 ------------------------------------------------------ 1 file changed, 623 deletions(-) delete mode 100644 README.md diff --git a/README.md b/README.md deleted file mode 100644 index 55d6ecf..0000000 --- a/README.md +++ /dev/null @@ -1,623 +0,0 @@ - - -# terraform-aws-vpc-peering-multi-account - - [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-vpc-peering-multi-account.svg)](https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) - - -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) - - - -Terraform module to create a peering connection between any two VPCs existing in different AWS accounts. - -This module supports performing this action from a 3rd account (e.g. a "root" account) by specifying the roles to assume for each member account. - -**IMPORTANT:** AWS allows a multi-account VPC Peering Connection to be deleted from either the requester's or accepter's side. -However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side by removing the corresponding `aws_vpc_peering_connection` resource from your configuration. -[Read more about this](https://www.terraform.io/docs/providers/aws/r/vpc_peering_accepter.html) on Terraform's documentation portal. - ---- - -This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. -[][share_email] -[][share_googleplus] -[][share_facebook] -[][share_reddit] -[][share_linkedin] -[][share_twitter] - - -[![Terraform Open Source Modules](https://docs.cloudposse.com/images/terraform-open-source-modules.svg)][terraform_modules] - - - -It's 100% Open Source and licensed under the [APACHE2](LICENSE). - - - - - - - -We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! - - - -## Screenshots - - -![vpc-peering](images/vpc-peering.png) -*VPC Peering Connection in the AWS Web Console* - - - -## Security & Compliance [](https://bridgecrew.io/) - -Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. - -| Benchmark | Description | -|--------|---------------| -| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | -| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | -| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | -| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | -| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | -| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | -| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | -| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=SOC2)| Service Organization Control 2 Compliance | -| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | -| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-vpc-peering-multi-account/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-vpc-peering-multi-account&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | - - - -## Usage - - -**IMPORTANT:** We do not pin modules to versions in our examples because of the -difficulty of keeping the versions in the documentation in sync with the latest released versions. -We highly recommend that in your code you pin the version to the exact version you are -using so that your infrastructure remains stable, and update versions in a -systematic way so that they do not catch you by surprise. - -Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), -the registry shows many of our inputs as required when in fact they are optional. -The table below correctly indicates which inputs are required. - - - -**IMPORTANT:** Do not pin to `master` because there may be breaking changes between releases. Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/releases). - -For a complete example, see [examples/complete](examples/complete) - -```hcl - -provider "aws" { - alias = "requester" - region = "us-west-2" - assume_role { - role_arn = "arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test" - } -} - -provider "aws" { - alias = "accepter" - region = "us-west-2" - assume_role { - role_arn = "arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test" - } -} - -module "vpc_peering_cross_account" { - source = "cloudposse/vpc-peering-multi-account/aws" - # Cloud Posse recommends pinning every module to a specific version - # version = "x.x.x" - namespace = "eg" - stage = "dev" - name = "cluster" - - requester_vpc_id = "vpc-xxxxxxxx" - requester_allow_remote_vpc_dns_resolution = true - - accepter_vpc_id = "vpc-yyyyyyyy" - accepter_allow_remote_vpc_dns_resolution = true - - providers = { - aws.accepter = aws.accepter - aws.requester = aws.requester - } -} -``` - -The `arn:aws:iam::XXXXXXXX:role/cross-account-vpc-peering-test` requester IAM Role should have the following Trust Policy: - -
Show Trust Policy - -```js -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::XXXXXXXX:root" - }, - "Action": "sts:AssumeRole", - "Condition": {} - } - ] -} -``` - -
-
- -and the following IAM Policy attached to it: - -__NOTE:__ the policy specifies the permissions to create (with `terraform plan/apply`) and delete (with `terraform destroy`) all the required resources in the requester AWS account - -
Show IAM Policy - -```js -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:CreateRoute", - "ec2:DeleteRoute" - ], - "Resource": "arn:aws:ec2:*:XXXXXXXX:route-table/*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:ModifyVpcPeeringConnectionOptions", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeRouteTables" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:DeleteVpcPeeringConnection", - "ec2:CreateVpcPeeringConnection", - "ec2:RejectVpcPeeringConnection" - ], - "Resource": [ - "arn:aws:ec2:*:XXXXXXXX:vpc-peering-connection/*", - "arn:aws:ec2:*:XXXXXXXX:vpc/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:XXXXXXXX:vpc-peering-connection/*" - } - ] -} -``` - -
- -where `XXXXXXXX` is the requester AWS account ID. - -
- -The `arn:aws:iam::YYYYYYYY:role/cross-account-vpc-peering-test` accepter IAM Role should have the following Trust Policy: - -
Show Trust Policy - -```js -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::XXXXXXXX:root" - }, - "Action": "sts:AssumeRole", - "Condition": {} - } - ] -} -``` - -
- -__NOTE__: The accepter Trust Policy is the same as the requester Trust Policy since it defines who can assume the IAM Role. -In the requester case, the requester account ID itself is the trusted entity. -For the accepter, the Trust Policy specifies that the requester account ID `XXXXXXXX` can assume the role in the accepter AWS account `YYYYYYYY`. - -and the following IAM Policy attached to it: - -__NOTE:__ the policy specifies the permissions to create (with `terraform plan/apply`) and delete (with `terraform destroy`) all the required resources in the accepter AWS account - -
Show IAM Policy - -```js -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:CreateRoute", - "ec2:DeleteRoute" - ], - "Resource": "arn:aws:ec2:*:YYYYYYYY:route-table/*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:ModifyVpcPeeringConnectionOptions", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeRouteTables" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:DeleteVpcPeeringConnection", - "ec2:CreateVpcPeeringConnection", - "ec2:RejectVpcPeeringConnection" - ], - "Resource": [ - "arn:aws:ec2:*:YYYYYYYY:vpc-peering-connection/*", - "arn:aws:ec2:*:YYYYYYYY:vpc/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:YYYYYYYY:vpc-peering-connection/*" - } - ] -} -``` - -
- -where `YYYYYYYY` is the accepter AWS account ID. - -For more information on IAM policies and permissions for VPC peering, see [Creating and managing VPC peering connections](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_IAM.html#vpcpeeringiam). - - - - - - - -## Makefile Targets -```text -Available targets: - - help Help screen - help/all Display help for all targets - help/short This help short screen - lint Lint terraform code - -``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | -| [null](#requirement\_null) | >= 2.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws.accepter](#provider\_aws.accepter) | >= 2.0 | -| [aws.requester](#provider\_aws.requester) | >= 2.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [accepter](#module\_accepter) | cloudposse/label/null | 0.24.1 | -| [requester](#module\_requester) | cloudposse/label/null | 0.24.1 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | - -## Resources - -| Name | Type | -|------|------| -| [aws_route.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_vpc_peering_connection.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource | -| [aws_vpc_peering_connection_accepter.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource | -| [aws_vpc_peering_connection_options.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource | -| [aws_vpc_peering_connection_options.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource | -| [aws_caller_identity.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_caller_identity.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_region.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_route_table.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | -| [aws_route_table.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | -| [aws_subnet_ids.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source | -| [aws_subnet_ids.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source | -| [aws_vpc.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | -| [aws_vpc.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | `bool` | `true` | no | -| [accepter\_subnet\_tags](#input\_accepter\_subnet\_tags) | Only add peer routes to accepter VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | -| [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | Accepter VPC ID filter | `string` | `""` | no | -| [accepter\_vpc\_tags](#input\_accepter\_vpc\_tags) | Accepter VPC Tags filter | `map(string)` | `{}` | no | -| [add\_attribute\_tag](#input\_add\_attribute\_tag) | If `true` will add additional attribute tag to the requester and accceptor resources | `bool` | `true` | no | -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| [auto\_accept](#input\_auto\_accept) | Automatically accept the peering | `bool` | `true` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | `bool` | `true` | no | -| [requester\_subnet\_tags](#input\_requester\_subnet\_tags) | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | -| [requester\_vpc\_id](#input\_requester\_vpc\_id) | Requester VPC ID filter | `string` | `""` | no | -| [requester\_vpc\_tags](#input\_requester\_vpc\_tags) | Requester VPC Tags filter | `map(string)` | `{}` | no | -| [skip\_metadata\_api\_check](#input\_skip\_metadata\_api\_check) | Don't use the credentials of EC2 instance profile | `bool` | `false` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [accepter\_accept\_status](#output\_accepter\_accept\_status) | Accepter VPC peering connection request status | -| [accepter\_connection\_id](#output\_accepter\_connection\_id) | Accepter VPC peering connection ID | -| [requester\_accept\_status](#output\_requester\_accept\_status) | Requester VPC peering connection request status | -| [requester\_connection\_id](#output\_requester\_connection\_id) | Requester VPC peering connection ID | - - - - -## Share the Love - -Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account)! (it helps us **a lot**) - -Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) - - - -## Related Projects - -Check out these related projects. - -- [terraform-aws-vpc](https://github.com/cloudposse/terraform-aws-vpc) - Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways -- [terraform-aws-vpc-peering](https://github.com/cloudposse/terraform-aws-vpc-peering) - Terraform module to create a peering connection between two VPCs in the same AWS account -- [terraform-aws-kops-vpc-peering](https://github.com/cloudposse/terraform-aws-kops-vpc-peering) - Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops - - -## References - -For additional context, refer to some of these links. - -- [What is VPC Peering?](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) - VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. - - -## Help - -**Got a question?** We got answers. - -File a GitHub [issue](https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/issues), send us an [email][email] or join our [Slack Community][slack]. - -[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] - -## DevOps Accelerator for Startups - - -We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. - -[![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] - -Work directly with our team of DevOps experts via email, slack, and video conferencing. - -We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet. - -- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code. -- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments. -- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices. -- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes. -- **GitOps.** You'll be able to operate your infrastructure via Pull Requests. -- **Training.** You'll receive hands-on training so your team can operate what we build. -- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel. -- **Troubleshooting.** You'll get help to triage when things aren't working. -- **Code Reviews.** You'll receive constructive feedback on Pull Requests. -- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects. - -## Slack Community - -Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. - -## Discourse Forums - -Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. - -## Newsletter - -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. - -## Office Hours - -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! - -[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] - -## Contributing - -### Bug Reports & Feature Requests - -Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/issues) to report any bugs or file feature requests. - -### Developing - -If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email]. - -In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. - - 1. **Fork** the repo on GitHub - 2. **Clone** the project to your own machine - 3. **Commit** changes to your own branch - 4. **Push** your work back up to your fork - 5. Submit a **Pull Request** so that we can review your changes - -**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! - - -## Copyright - -Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) - - - -## License - -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) - -See [LICENSE](LICENSE) for full details. - -```text -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -``` - - - - - - - - - -## Trademarks - -All other trademarks referenced herein are the property of their respective owners. - -## About - -This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]! - -[![Cloud Posse][logo]][website] - -We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. - -We offer [paid support][commercial_support] on all of our projects. - -Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. - - - -### Contributors - - -| [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | -|---|---| - - - [aknysh_homepage]: https://github.com/aknysh - [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png - [osterman_homepage]: https://github.com/osterman - [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png - -[![README Footer][readme_footer_img]][readme_footer_link] -[![Beacon][beacon]][website] - - [logo]: https://cloudposse.com/logo-300x69.svg - [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=docs - [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=website - [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=github - [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=jobs - [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=hire - [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=slack - [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=linkedin - [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=twitter - [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=testimonial - [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=office_hours - [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=newsletter - [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=discourse - [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=email - [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=commercial_support - [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=we_love_open_source - [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=terraform_modules - [readme_header_img]: https://cloudposse.com/readme/header/img - [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=readme_header_link - [readme_footer_img]: https://cloudposse.com/readme/footer/img - [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=readme_footer_link - [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img - [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-vpc-peering-multi-account&utm_content=readme_commercial_support_link - [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-vpc-peering-multi-account&url=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-vpc-peering-multi-account&url=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [share_email]: mailto:?subject=terraform-aws-vpc-peering-multi-account&body=https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account - [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-vpc-peering-multi-account?pixel&cs=github&cm=readme&an=terraform-aws-vpc-peering-multi-account From d44f2796f6f7bf7116e73f21adee740124e8f0d9 Mon Sep 17 00:00:00 2001 From: nitrocode Date: Fri, 12 Nov 2021 23:47:11 -0600 Subject: [PATCH 13/13] Delete terraform.md --- docs/terraform.md | 85 ----------------------------------------------- 1 file changed, 85 deletions(-) delete mode 100644 docs/terraform.md diff --git a/docs/terraform.md b/docs/terraform.md deleted file mode 100644 index 4f89642..0000000 --- a/docs/terraform.md +++ /dev/null @@ -1,85 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | -| [aws](#requirement\_aws) | >= 2.0 | -| [null](#requirement\_null) | >= 2.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws.accepter](#provider\_aws.accepter) | >= 2.0 | -| [aws.requester](#provider\_aws.requester) | >= 2.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [accepter](#module\_accepter) | cloudposse/label/null | 0.24.1 | -| [requester](#module\_requester) | cloudposse/label/null | 0.24.1 | -| [this](#module\_this) | cloudposse/label/null | 0.24.1 | - -## Resources - -| Name | Type | -|------|------| -| [aws_route.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_route.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | -| [aws_vpc_peering_connection.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource | -| [aws_vpc_peering_connection_accepter.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource | -| [aws_vpc_peering_connection_options.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource | -| [aws_vpc_peering_connection_options.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options) | resource | -| [aws_caller_identity.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_caller_identity.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_region.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_region.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_route_table.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | -| [aws_route_table.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source | -| [aws_subnet_ids.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source | -| [aws_subnet_ids.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source | -| [aws_vpc.accepter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | -| [aws_vpc.requester](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [accepter\_allow\_remote\_vpc\_dns\_resolution](#input\_accepter\_allow\_remote\_vpc\_dns\_resolution) | Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC | `bool` | `true` | no | -| [accepter\_subnet\_tags](#input\_accepter\_subnet\_tags) | Only add peer routes to accepter VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | -| [accepter\_vpc\_id](#input\_accepter\_vpc\_id) | Accepter VPC ID filter | `string` | `""` | no | -| [accepter\_vpc\_tags](#input\_accepter\_vpc\_tags) | Accepter VPC Tags filter | `map(string)` | `{}` | no | -| [add\_attribute\_tag](#input\_add\_attribute\_tag) | If `true` will add additional attribute tag to the requester and accceptor resources | `bool` | `true` | no | -| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| [auto\_accept](#input\_auto\_accept) | Automatically accept the peering | `bool` | `true` | no | -| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| [requester\_allow\_remote\_vpc\_dns\_resolution](#input\_requester\_allow\_remote\_vpc\_dns\_resolution) | Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC | `bool` | `true` | no | -| [requester\_subnet\_tags](#input\_requester\_subnet\_tags) | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no | -| [requester\_vpc\_id](#input\_requester\_vpc\_id) | Requester VPC ID filter | `string` | `""` | no | -| [requester\_vpc\_tags](#input\_requester\_vpc\_tags) | Requester VPC Tags filter | `map(string)` | `{}` | no | -| [skip\_metadata\_api\_check](#input\_skip\_metadata\_api\_check) | Don't use the credentials of EC2 instance profile | `bool` | `false` | no | -| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [accepter\_accept\_status](#output\_accepter\_accept\_status) | Accepter VPC peering connection request status | -| [accepter\_connection\_id](#output\_accepter\_connection\_id) | Accepter VPC peering connection ID | -| [requester\_accept\_status](#output\_requester\_accept\_status) | Requester VPC peering connection request status | -| [requester\_connection\_id](#output\_requester\_connection\_id) | Requester VPC peering connection ID | -