hayderimran7/EKS_RDS_VPC_Peering_script.sh

## EKS_RDS_VPC_Peering_script.sh
#!/bin/bash -xe
## Create a VPC Peering connection between EKS and RDS Postgres
echo """ run this script as:
 ./eks-rds-peering.sh
+ read -p 'Enter name of EKS Cluster: ' EKS_CLUSTER
Enter name of EKS Cluster: xolv-dev-cluster
+ EKS_VPC=eksctl-xolv-dev-cluster-cluster/VPC
+ EKS_PUBLIC_ROUTING_TABLE=eksctl-xolv-dev-cluster-cluster/PublicRouteTable
+ read -p 'Enter name of RDS: ' RDS_DB_NAME
Enter name of RDS: sfstackuat
+ read -p 'Enter name of RDS VPC: ' RDS_VPC
Enter name of RDS VPC: sfstack-uat-vpc
+ RDS_PRIVATE_ROUTING_TABLE=sfstack-uat-vpc-private
"""
# Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC
# please fix this script according to your naming convention

# Set some basic information
read -p  "Enter name of EKS Cluster: " EKS_CLUSTER

EKS_VPC=eksctl-"$EKS_CLUSTER"-cluster/VPC
EKS_PUBLIC_ROUTING_TABLE=eksctl-"$EKS_CLUSTER"-cluster/PublicRouteTable

read -p  "Enter name of RDS: " RDS_DB_NAME # e.g. sfstackuat
read -p  "Enter name of RDS VPC: " RDS_VPC # e.g. sfstack-uat-vpc
RDS_PRIVATE_ROUTING_TABLE="$RDS_VPC"-private


## Get VPC ID of acceptor i.e. RDS
echo "getting the VPC ID and CIDR of acceptor(RDS instance)"
ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text)
ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

## Get VPC ID of requestor i.e. EKS
REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text)
REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

## get Public Route table ID of requestor and acceptor
REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)

### Create Peering Connection
read -p "Are you sure to create peering connection? " -n 1 -r response
echo    # (optional) move to a new line
if [[ $response =~ ^[Yy]$ ]]
then
    # do dangerous stuff
peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text)
aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags "Key=Name,Value=$EKS_CLUSTER-$RDS_DB_NAME"
else
exit 0
fi

#### Adding the private VPC CIDR block to our public VPC route table as destination
aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID"


### Add a rule that allows inbound RDS (from our Public Instanes source)
RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text)
aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR"
	#!/bin/bash -xe
	## Create a VPC Peering connection between EKS and RDS Postgres
	echo """ run this script as:
	./eks-rds-peering.sh
	+ read -p 'Enter name of EKS Cluster: ' EKS_CLUSTER
	Enter name of EKS Cluster: xolv-dev-cluster
	+ EKS_VPC=eksctl-xolv-dev-cluster-cluster/VPC
	+ EKS_PUBLIC_ROUTING_TABLE=eksctl-xolv-dev-cluster-cluster/PublicRouteTable
	+ read -p 'Enter name of RDS: ' RDS_DB_NAME
	Enter name of RDS: sfstackuat
	+ read -p 'Enter name of RDS VPC: ' RDS_VPC
	Enter name of RDS VPC: sfstack-uat-vpc
	+ RDS_PRIVATE_ROUTING_TABLE=sfstack-uat-vpc-private
	"""
	# Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC
	# please fix this script according to your naming convention

	# Set some basic information
	read -p "Enter name of EKS Cluster: " EKS_CLUSTER

	EKS_VPC=eksctl-"$EKS_CLUSTER"-cluster/VPC
	EKS_PUBLIC_ROUTING_TABLE=eksctl-"$EKS_CLUSTER"-cluster/PublicRouteTable

	read -p "Enter name of RDS: " RDS_DB_NAME # e.g. sfstackuat
	read -p "Enter name of RDS VPC: " RDS_VPC # e.g. sfstack-uat-vpc
	RDS_PRIVATE_ROUTING_TABLE="$RDS_VPC"-private


	## Get VPC ID of acceptor i.e. RDS
	echo "getting the VPC ID and CIDR of acceptor(RDS instance)"
	ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text)
	ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

	## Get VPC ID of requestor i.e. EKS
	REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text)
	REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

	## get Public Route table ID of requestor and acceptor
	REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
	ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)

	### Create Peering Connection
	read -p "Are you sure to create peering connection? " -n 1 -r response
	echo # (optional) move to a new line
	if [[ $response =~ ^[Yy]$ ]]
	then
	# do dangerous stuff
	peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text)
	aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID"
	aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags "Key=Name,Value=$EKS_CLUSTER-$RDS_DB_NAME"
	else
	exit 0
	fi

	#### Adding the private VPC CIDR block to our public VPC route table as destination
	aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID"
	aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID"


	### Add a rule that allows inbound RDS (from our Public Instanes source)
	RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text)
	aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR"