AWS 上に Terraform で Transit Gateway を作成する .tf ファイルをメモしておきます。 AWS Provider は 3.54.0 を使いました。
構成
今回は以下の構成を作成します。
.tf ファイル
今回は検証用である為、.tf ファイルは「ログイン情報も直接記載する」「変数やループ処理は使わない」と、簡素な方針にしています。
provider "aws" {
access_key = "ACCESS_KEY"
secret_key = "SECRET_KEY"
region = "ap-northeast-1"
}
# VPC1
resource "aws_vpc" "vpc1" {
cidr_block = "10.111.0.0/16"
tags = { Name = "VPC1" }
}
resource "aws_internet_gateway" "igw1" {
tags = { Name = "IGW1" }
vpc_id = aws_vpc.vpc1.id
}
resource "aws_subnet" "subnet1" {
availability_zone = "ap-northeast-1a"
cidr_block = "10.111.0.0/24"
tags = { Name = "Subnet1" }
vpc_id = aws_vpc.vpc1.id
}
resource "aws_route_table" "routetable1" {
vpc_id = aws_vpc.vpc1.id
tags = { Name = "RouteTable1" }
}
resource "aws_route" "route1" {
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw1.id
route_table_id = aws_route_table.routetable1.id
}
resource "aws_route_table_association" "association1" {
route_table_id = aws_route_table.routetable1.id
subnet_id = aws_subnet.subnet1.id
}
resource "aws_security_group" "sg1" {
description = "SG1"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
name = "SG1"
tags = { Name = "SG1" }
vpc_id = aws_vpc.vpc1.id
}
resource "aws_instance" "vm1" {
ami = "ami-06b31a9cee8dfac33"
instance_type = "t4g.micro"
key_name = "id_rsa"
monitoring = true
security_groups = ["${aws_security_group.sg1.id}"]
subnet_id = aws_subnet.subnet1.id
tags = { Name = "VM1" }
}
resource "aws_eip" "eip1" {
instance = aws_instance.vm1.id
vpc = true
}
# VPC2
resource "aws_vpc" "vpc2" {
cidr_block = "10.222.0.0/16"
tags = { Name = "VPC2" }
}
resource "aws_internet_gateway" "igw2" {
tags = { Name = "IGW2" }
vpc_id = aws_vpc.vpc2.id
}
resource "aws_subnet" "subnet2" {
availability_zone = "ap-northeast-1c"
cidr_block = "10.222.0.0/24"
tags = { Name = "Subnet2" }
vpc_id = aws_vpc.vpc2.id
}
resource "aws_route_table" "routetable2" {
vpc_id = aws_vpc.vpc2.id
tags = { Name = "RouteTable2" }
}
resource "aws_route" "route2" {
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw2.id
route_table_id = aws_route_table.routetable2.id
}
resource "aws_route_table_association" "association2" {
route_table_id = aws_route_table.routetable2.id
subnet_id = aws_subnet.subnet2.id
}
resource "aws_security_group" "sg2" {
description = "SG2"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
name = "SG2"
tags = { Name = "SG2" }
vpc_id = aws_vpc.vpc2.id
}
resource "aws_instance" "vm2" {
ami = "ami-06b31a9cee8dfac33"
instance_type = "t4g.micro"
key_name = "id_rsa"
monitoring = true
security_groups = ["${aws_security_group.sg2.id}"]
subnet_id = aws_subnet.subnet2.id
tags = { Name = "VM2" }
}
resource "aws_eip" "eip2" {
instance = aws_instance.vm2.id
vpc = true
}
# Transit Gateway
resource "aws_ec2_transit_gateway" "tgw" {
amazon_side_asn = "65000"
auto_accept_shared_attachments = "disable"
default_route_table_association = "disable"
default_route_table_propagation = "disable"
tags = { Name = "TGW" }
vpn_ecmp_support = "disable"
}
resource "aws_ec2_transit_gateway_route_table" "tgwroute" {
tags = { Name = "TGW_Route" }
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
}
resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment1" {
subnet_ids = [aws_subnet.subnet1.id]
tags = { Name = "VPC_Attachment1" }
transit_gateway_default_route_table_association = false
transit_gateway_default_route_table_propagation = false
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
vpc_id = aws_vpc.vpc1.id
}
resource "aws_ec2_transit_gateway_vpc_attachment" "vpc_attachment2" {
subnet_ids = [aws_subnet.subnet2.id]
tags = { Name = "VPC_Attachment2" }
transit_gateway_default_route_table_association = false
transit_gateway_default_route_table_propagation = false
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
vpc_id = aws_vpc.vpc2.id
}
resource "aws_ec2_transit_gateway_route_table_association" "association1" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment1.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgwroute.id
}
resource "aws_ec2_transit_gateway_route_table_propagation" "propagation1" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment1.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgwroute.id
}
resource "aws_ec2_transit_gateway_route_table_association" "association2" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment2.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgwroute.id
}
resource "aws_ec2_transit_gateway_route_table_propagation" "propagation2" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.vpc_attachment2.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgwroute.id
}
resource "aws_route" "to-trgw1" {
route_table_id = aws_route_table.routetable1.id
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
destination_cidr_block = "10.222.0.0/16"
}
resource "aws_route" "to-trgw2" {
route_table_id = aws_route_table.routetable2.id
transit_gateway_id = aws_ec2_transit_gateway.tgw.id
destination_cidr_block = "10.111.0.0/16"
}
コメント