salmon-account-74572
08/19/2021, 11:14 PMbored-table-20691
08/19/2021, 11:24 PMsalmon-account-74572
08/20/2021, 12:25 AMacoustic-window-73051
08/20/2021, 2:31 PMsalmon-account-74572
08/20/2021, 4:30 PMbored-table-20691
08/20/2021, 5:12 PMdevProvider, err := aws.NewProvider(ctx, "dev-provider", &aws.ProviderArgs{
AccessKey: pulumi.String(okeraCfg.Require("vpc-credential-key")),
SecretKey: okeraCfg.RequireSecret("vpc-credential-secret"),
AllowedAccountIds: pulumi.ToStringArray([]string{okeraCfg.Require("peer-aws-account")}),
// TODO: region
})
if err != nil {
return nil, err
}
devPeering, err := ec2.NewVpcPeeringConnection(ctx, "ssa-dev-peering", &ec2.VpcPeeringConnectionArgs{
PeerOwnerId: pulumi.String(okeraCfg.Require("peer-aws-account")),
PeerRegion: pulumi.String(okeraCfg.Require("peer-vpc-region")),
PeerVpcId: pulumi.String(okeraCfg.Require("peer-vpc")),
VpcId: vpc.ID(),
})
if err != nil {
return nil, err
}
Here I create the peering acceptor (note it is using the devProvider):
_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, "ssa-dev-peering-acceptor", &ec2.VpcPeeringConnectionAccepterArgs{
VpcPeeringConnectionId: devPeering.ID(),
AutoAccept: pulumi.Bool(true),
}, pulumi.Provider(devProvider))
if err != nil {
return nil, err
}
Here it’s added to a specific route table (this is part of creating a new subnet and a new route table in this VPC) in the new VPC:
privateRouteTable, err := ec2.NewRouteTable(ctx, fmt.Sprintf("private-rt-ssa-%s", az), &ec2.RouteTableArgs{
VpcId: vpc.ID(),
Routes: ec2.RouteTableRouteArray{
ec2.RouteTableRouteArgs{CidrBlock: pulumi.String("0.0.0.0/0"), NatGatewayId: natGateway.ID()},
ec2.RouteTableRouteArgs{CidrBlock: pulumi.String(okeraCfg.Require("peer-vpc-cidr")), VpcPeeringConnectionId: devPeering.ID()},
},
})
if err != nil {
and here we go and add the routes to the other VPC:
peeredRoutes := make(ec2.RouteTableRouteArray, len(privateCidrs))
for idx, privateCidr := range privateCidrs {
peeredRoutes[idx] = ec2.RouteTableRouteArgs{CidrBlock: pulumi.String(privateCidr), VpcPeeringConnectionId: devPeering.ID()}
}
devVpcId := okeraCfg.Require("peer-vpc")
devVpc, err := ec2.LookupVpc(ctx, &ec2.LookupVpcArgs{
Id: &devVpcId,
}, pulumi.Provider(devProvider))
if err != nil {
return nil, err
}
for idx, privateCidr := range privateCidrs {
ec2.NewRoute(ctx, fmt.Sprintf("dev-vpc-peering-%s-route-%d", awsCfg.Require("region"), idx), &ec2.RouteArgs{
RouteTableId: pulumi.String(devVpc.MainRouteTableId),
DestinationCidrBlock: pulumi.String(privateCidr),
VpcPeeringConnectionId: devPeering.ID(),
}, pulumi.Provider(devProvider))
if err != nil {
return nil, err
}
}
salmon-account-74572
08/20/2021, 5:36 PM