main.tf

provider "aws" {
  alias = "requestor"
}

provider "aws" {
  alias = "acceptor"
}

data "aws_caller_identity" "acceptor" {
  provider = "aws.acceptor"
}

data "aws_region" "acceptor" {
  provider = "aws.acceptor"
}

resource "aws_vpc_peering_connection" "requestor" {
  provider      = "aws.requestor"
  count         = "${var.enabled ? 1 : 0}"
  vpc_id        = "${var.requestor_vpc_id}"
  peer_vpc_id   = "${var.acceptor_vpc_id}"
  peer_owner_id = "${data.aws_caller_identity.acceptor.account_id}"
  peer_region   = "${data.aws_region.acceptor.name}"
  auto_accept   = false
}

resource "aws_vpc_peering_connection_accepter" "acceptor" {
  provider                  = "aws.acceptor"
  count                     = "${var.enabled ? 1 : 0}"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.requestor.id}"
  auto_accept               = true
}

# Lookup requestor VPC so that we can reference the CIDR
data "aws_vpc" "requestor" {
  provider = "aws.requestor"
  id       = "${var.requestor_vpc_id}"
}

data "aws_route_tables" "requestor" {
  provider = "aws.requestor"
  vpc_id   = "${data.aws_vpc.requestor.id}"
}

## Lookup acceptor VPC so that we can reference the CIDR
data "aws_vpc" "acceptor" {
  provider = "aws.acceptor"
  id       = "${var.acceptor_vpc_id}"
}

# Lookup acceptor route tables
data "aws_route_tables" "acceptor" {
  provider = "aws.acceptor"
  vpc_id   = "${var.acceptor_vpc_id}"
}

locals {
  requestor_count = "${length(data.aws_route_tables.requestor.ids) * length(data.aws_vpc.acceptor.cidr_block_associations)}"
  acceptor_count  = "${length(data.aws_route_tables.acceptor.ids)  * length(data.aws_vpc.requestor.cidr_block_associations)}"
}

# Create routes from requestor to acceptor
resource "aws_route" "requestor" {
  provider                  = "aws.requestor"
  count                     = "${var.enabled ? local.requestor_count : 0}"
  route_table_id            = "${data.aws_route_tables.requestor.ids[ceil(count.index / (length(data.aws_vpc.acceptor.cidr_block_associations)))]}"
  destination_cidr_block    = "${lookup(data.aws_vpc.acceptor.cidr_block_associations[count.index % (length(data.aws_vpc.acceptor.cidr_block_associations))], "cidr_block")}"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.requestor.id}"
  depends_on                = ["data.aws_route_tables.requestor", "aws_vpc_peering_connection.requestor"]
}

# Create routes from acceptor to requestor
resource "aws_route" "acceptor" {
  provider                  = "aws.acceptor"
  count                     = "${var.enabled ? local.acceptor_count : 0}"
  route_table_id            = "${data.aws_route_tables.acceptor.ids[ceil(count.index / (length(data.aws_vpc.requestor.cidr_block_associations)))]}"
  destination_cidr_block    = "${lookup(data.aws_vpc.requestor.cidr_block_associations[count.index % (length(data.aws_vpc.requestor.cidr_block_associations))], "cidr_block")}"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.requestor.id}"
  depends_on                = ["aws_vpc_peering_connection.requestor", "data.aws_route_tables.acceptor"]
}

variables.tf

variable "enabled" {}

variable "requestor_vpc_id" {
  type        = "string"
  description = "Requestor VPC ID"
}

variable "acceptor_vpc_id" {
  type        = "string"
  description = "Acceptor VPC ID"
}

variable "acceptor_allow_remote_vpc_dns_resolution" {
  default     = "true"
  description = "Allow acceptor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requestor VPC"
}

variable "requestor_allow_remote_vpc_dns_resolution" {
  default     = "true"
  description = "Allow requestor VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the acceptor VPC"
}

variable depends_on {
  default = []
  type    = "list"
}