search

KristanMcDonald / serverless-vpc-peering-options

Plugin to set VPC peering options after deployment that are unavailable via Cloudformation
MIT License
0 stars 0 forks source link

Not an issue: but a question #1

Closed quapaw closed 3 years ago

quapaw commented 3 years ago

What do you use to setup your peering connection This is a good example of accepting a peering connection but I have not found something on setting up the base

KristanMcDonald commented 3 years ago

So this won't accept a peering connection, it just allows you to set options that aren't available via normal cloudformation templates.

It's worth noting that when setting up peering via cloudformation if both sides are in the same account then there's no acceptance needed, it seems to do it automatically. I struggled with this for a while too until I actually tried it as it's not well documented!

If you want to use serverless to set up a peering connection, you can use the VPCPeeringConnection resource type : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcpeeringconnection.html

My VPC's are totally defined in severless/cf YAMLs, so I have resources for the VPC itself, the subnets, route tables, the associations of subnets to route tables, gateways etc. etc. so if you actually want to route traffic, you then also need to add the appropriate routes into the route table and point it to the peering resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html

quapaw commented 3 years ago

Thank you for the links I have everything setup using serverless outside a VPC Peering with MongoDB Atlas So I am looking for some way to automate this.

There is this article on how to do this with Terraform https://cloudskiff.com/vpc-peering-mongodbatlas-aws-terraform/

But trying to stay with serverless

KristanMcDonald commented 3 years ago

Ok interesting. I'm not familiar with MongoDB Atlas, but if all the VPC's are within your own AWS account and you're creating it all via serverless / cloudformation then you shouldn't have any issues as long as you set up the routing etc.

You would probably only need this plugin to enable DNS resolution between the VPC's (which was the functionality I needed and why I ended up writing the plugin), otherwise just creating the peering using the normal CF scripts should be enough.