swade1987/main-1.tf Secret

## main-1.tf
locals {
  current_region = data.aws_region.current.name
  peer_region    = data.aws_region.peer.name

  same_region             = data.aws_region.current.name == data.aws_region.peer.name
  same_account            = data.aws_caller_identity.current.account_id == data.aws_caller_identity.peer.account_id
  same_account_and_region = local.same_region && local.same_account

  # Route table should either be the one for the vpc, or the ones associated to the subnets if subnets are provided.
  current_rts_ids_new = data.aws_route_tables.current_vpc_rts.ids
  peer_rts_ids_new    = data.aws_route_tables.peer_vpc_rts.ids

  current_rts_ids = length(var.current_subnets_ids) == 0 ? local.current_rts_ids_new : data.aws_route_table.current_subnet_rts[*].route_table_id
  peer_rts_ids    = length(var.peer_subnets_ids) == 0 ? local.peer_rts_ids_new : data.aws_route_table.peer_subnet_rts[*].route_table_id

  # Destination cidrs for current are in peer and vice versa
  current_dest_cidrs = length(var.peer_subnets_ids) == 0 ? toset([data.aws_vpc.peer_vpc.cidr_block]) : toset(data.aws_subnet.peer[*].cidr_block)
  peer_dest_cidrs    = length(var.current_subnets_ids) == 0 ? toset([data.aws_vpc.current_vpc.cidr_block]) : toset(data.aws_subnet.current[*].cidr_block)

  # In each route table there should be 1 route for each subnet, so combining the two sets
  current_routes = [
    for pair in setproduct(local.current_rts_ids, local.current_dest_cidrs) : {
      rts_id    = pair[0]
      dest_cidr = pair[1]
    }
  ]

  # In each route table there should be 1 route for each subnet, so combining the two sets
  peer_routes = [
    for pair in setproduct(local.peer_rts_ids, local.peer_dest_cidrs) : {
      rts_id    = pair[0]
      dest_cidr = pair[1]
    }
  ]
}

## main-2.tf
# Current Account: VPC peering connection
resource "aws_vpc_peering_connection" "current" {
  provider      = aws.current
  peer_owner_id = data.aws_caller_identity.peer.account_id
  peer_vpc_id   = var.peer_vpc_id
  vpc_id        = var.current_vpc_id
  peer_region   = data.aws_region.peer.name
  tags          = merge(var.tags, map("Side", local.same_account_and_region ? "Both" : "Requester"))
}

# Peering Account: VPC peering connection
resource "aws_vpc_peering_connection_accepter" "peer_accepter" {
  provider                  = aws.peer
  vpc_peering_connection_id = aws_vpc_peering_connection.current.id
  auto_accept               = var.auto_accept_peering
  tags                      = merge(var.tags, map("Side", local.same_account_and_region ? "Both" : "Accepter"))
}

# Current Account: VPC peering options
resource "aws_vpc_peering_connection_options" "current" {
  provider                  = aws.current
  vpc_peering_connection_id = aws_vpc_peering_connection_accepter.peer_accepter.id

  requester {
    allow_remote_vpc_dns_resolution  = var.current_dns_resolution
    allow_classic_link_to_remote_vpc = var.current_link_to_peer_classic
    allow_vpc_to_remote_classic_link = var.current_link_to_local_classic
  }
}

# Peering Account: VPC peering options
resource "aws_vpc_peering_connection_options" "accepter" {
  provider                  = aws.peer
  vpc_peering_connection_id = aws_vpc_peering_connection_accepter.peer_accepter.id

  accepter {
    allow_remote_vpc_dns_resolution  = var.peer_dns_resolution
    allow_classic_link_to_remote_vpc = var.peer_link_to_peer_classic
    allow_vpc_to_remote_classic_link = var.peer_link_to_local_classic
  }
}

# Current Account: Route from current route table to Peer CIDR block.
# Only create routes for current route table if input dictates it, and in that case, for all combinations
resource "aws_route" "current_routes" {
  provider                  = aws.current
  count                     = var.from_current ? length(local.current_routes) : 0
  route_table_id            = local.current_routes[count.index].rts_id
  destination_cidr_block    = local.current_routes[count.index].dest_cidr
  vpc_peering_connection_id = aws_vpc_peering_connection.current.id
}

# Peering Account: Route from peering route table to current CIDR block.
# Only create routes for peer route table if input dictates it, and in that case, for all combinations
resource "aws_route" "peer_routes" {
  provider                  = aws.peer
  count                     = var.from_peer ? length(local.peer_routes) : 0
  route_table_id            = local.peer_routes[count.index].rts_id
  destination_cidr_block    = local.peer_routes[count.index].dest_cidr
  vpc_peering_connection_id = aws_vpc_peering_connection.current.id
}

## main-3.tf
module "vpc_peering" {
  source = "git::git@gitlab.com:redacted/tf-modules.git//modules/vpc-peering?ref=6b18322"

  providers = {
    aws.current = aws.current-account
    aws.peer    = aws.peering-account
  }

  auto_accept_peering = true

  current_dns_resolution = true
  current_subnets_ids    = data.terraform_remote_state.current_base.outputs.subnets["private"]
  current_vpc_id         = data.terraform_remote_state.current_base.outputs.vpc_id

  peer_dns_resolution = true
  peer_subnets_ids    = data.terraform_remote_state.peer_base.outputs.subnets["database"]
  peer_vpc_id         = data.terraform_remote_state.peer_base.outputs.vpc_id
}
	locals {
	current_region = data.aws_region.current.name
	peer_region = data.aws_region.peer.name

	same_region = data.aws_region.current.name == data.aws_region.peer.name
	same_account = data.aws_caller_identity.current.account_id == data.aws_caller_identity.peer.account_id
	same_account_and_region = local.same_region && local.same_account

	# Route table should either be the one for the vpc, or the ones associated to the subnets if subnets are provided.
	current_rts_ids_new = data.aws_route_tables.current_vpc_rts.ids
	peer_rts_ids_new = data.aws_route_tables.peer_vpc_rts.ids

	current_rts_ids = length(var.current_subnets_ids) == 0 ? local.current_rts_ids_new : data.aws_route_table.current_subnet_rts[*].route_table_id
	peer_rts_ids = length(var.peer_subnets_ids) == 0 ? local.peer_rts_ids_new : data.aws_route_table.peer_subnet_rts[*].route_table_id

	# Destination cidrs for current are in peer and vice versa
	current_dest_cidrs = length(var.peer_subnets_ids) == 0 ? toset([data.aws_vpc.peer_vpc.cidr_block]) : toset(data.aws_subnet.peer[*].cidr_block)
	peer_dest_cidrs = length(var.current_subnets_ids) == 0 ? toset([data.aws_vpc.current_vpc.cidr_block]) : toset(data.aws_subnet.current[*].cidr_block)

	# In each route table there should be 1 route for each subnet, so combining the two sets
	current_routes = [
	for pair in setproduct(local.current_rts_ids, local.current_dest_cidrs) : {
	rts_id = pair[0]
	dest_cidr = pair[1]
	}
	]

	# In each route table there should be 1 route for each subnet, so combining the two sets
	peer_routes = [
	for pair in setproduct(local.peer_rts_ids, local.peer_dest_cidrs) : {
	rts_id = pair[0]
	dest_cidr = pair[1]
	}
	]
	}
	# Current Account: VPC peering connection
	resource "aws_vpc_peering_connection" "current" {
	provider = aws.current
	peer_owner_id = data.aws_caller_identity.peer.account_id
	peer_vpc_id = var.peer_vpc_id
	vpc_id = var.current_vpc_id
	peer_region = data.aws_region.peer.name
	tags = merge(var.tags, map("Side", local.same_account_and_region ? "Both" : "Requester"))
	}

	# Peering Account: VPC peering connection
	resource "aws_vpc_peering_connection_accepter" "peer_accepter" {
	provider = aws.peer
	vpc_peering_connection_id = aws_vpc_peering_connection.current.id
	auto_accept = var.auto_accept_peering
	tags = merge(var.tags, map("Side", local.same_account_and_region ? "Both" : "Accepter"))
	}

	# Current Account: VPC peering options
	resource "aws_vpc_peering_connection_options" "current" {
	provider = aws.current
	vpc_peering_connection_id = aws_vpc_peering_connection_accepter.peer_accepter.id

	requester {
	allow_remote_vpc_dns_resolution = var.current_dns_resolution
	allow_classic_link_to_remote_vpc = var.current_link_to_peer_classic
	allow_vpc_to_remote_classic_link = var.current_link_to_local_classic
	}
	}

	# Peering Account: VPC peering options
	resource "aws_vpc_peering_connection_options" "accepter" {
	provider = aws.peer
	vpc_peering_connection_id = aws_vpc_peering_connection_accepter.peer_accepter.id

	accepter {
	allow_remote_vpc_dns_resolution = var.peer_dns_resolution
	allow_classic_link_to_remote_vpc = var.peer_link_to_peer_classic
	allow_vpc_to_remote_classic_link = var.peer_link_to_local_classic
	}
	}

	# Current Account: Route from current route table to Peer CIDR block.
	# Only create routes for current route table if input dictates it, and in that case, for all combinations
	resource "aws_route" "current_routes" {
	provider = aws.current
	count = var.from_current ? length(local.current_routes) : 0
	route_table_id = local.current_routes[count.index].rts_id
	destination_cidr_block = local.current_routes[count.index].dest_cidr
	vpc_peering_connection_id = aws_vpc_peering_connection.current.id
	}

	# Peering Account: Route from peering route table to current CIDR block.
	# Only create routes for peer route table if input dictates it, and in that case, for all combinations
	resource "aws_route" "peer_routes" {
	provider = aws.peer
	count = var.from_peer ? length(local.peer_routes) : 0
	route_table_id = local.peer_routes[count.index].rts_id
	destination_cidr_block = local.peer_routes[count.index].dest_cidr
	vpc_peering_connection_id = aws_vpc_peering_connection.current.id
	}
	module "vpc_peering" {
	source = "git::git@gitlab.com:redacted/tf-modules.git//modules/vpc-peering?ref=6b18322"

	providers = {
	aws.current = aws.current-account
	aws.peer = aws.peering-account
	}

	auto_accept_peering = true

	current_dns_resolution = true
	current_subnets_ids = data.terraform_remote_state.current_base.outputs.subnets["private"]
	current_vpc_id = data.terraform_remote_state.current_base.outputs.vpc_id

	peer_dns_resolution = true
	peer_subnets_ids = data.terraform_remote_state.peer_base.outputs.subnets["database"]
	peer_vpc_id = data.terraform_remote_state.peer_base.outputs.vpc_id
	}