search

cloudposse / terraform-aws-vpc-peering-multi-account

Terraform module to provision a VPC peering across multiple VPCs in different accounts by using multiple providers
https://cloudposse.com/accelerate
Apache License 2.0
129 stars 92 forks source link

Naming convention support for multi-project - multi-region - multi environment peering and multi-tenant VPCs #50

Closed samuelmattjohnston closed 2 years ago

samuelmattjohnston commented 3 years ago

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Slack Community

Describe the Feature

Support for multi-tenant peering / peering that spans projects, regions, environments, etc.

The naming convention created by https://registry.terraform.io/modules/cloudposse/label/null/latest -- in the way that has been set up in this repo -- it is assumed these are single tenant.

I am happy to make a pull request for this, as I've done this myself, but I'm not a complete terraform export and am not as familiar with your testing requirements / conventions as you might like.

Expected Behavior

Separately named resources for requester/accepter depending on project

Use Case

I have infrastructure that is shared between multiple projects, regions, and environments. One of these resources is our database VPC, which needs to peer with stage, prod, and a test resource (due to some limitations of instance sizes, pricing, and availability, it is a multi-tenant DB)

Describe Ideal Solution

If there was an option of setting:

for both requester and accepter, that would be very useful, as these are not always the same. I can see supporting the current behavior and the new feature by:

  1. Create module.requester_context and module.accepter_context separately instead of using the module.this
  2. use the var.requester_X / var.accepter_X first, then default to var.X for the module.accepter_context / module.requester_context
  3. use module.requester_context and module.accepter _context instead of your current module.this

that should allow for this repo to support multi-tenant VPC peering, or projects that need to peer between projects/regions/etc.

Alternatives Considered

Set values that expand to both resources, however that breaks tag lookup

Additional Context

Add any other context or screenshots about the feature request here.

nitrocode commented 2 years ago

Looks like we now use a custom label for requester and accepter. 😄

https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/blob/67f1be28c474144878294d626d5650224bc60443/requester.tf#L79-L86

https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/blob/67f1be28c474144878294d626d5650224bc60443/accepter.tf#L20-L30

Please comment if this is still an issue.