GithubHelp home page GithubHelp logo

ddericco / aws-hub-and-spoke-with-connect-peer-terraform Goto Github PK

View Code? Open in Web Editor NEW

This project forked from aws-samples/aws-hub-and-spoke-with-connect-peer-terraform

0.0 0.0 0.0 281 KB

License: MIT No Attribution

Smarty 7.09% HCL 92.91%

aws-hub-and-spoke-with-connect-peer-terraform's Introduction

AWS Hub and Spoke Architecture with Shared Services and Transit Gateway Connect VPCs - Terraform Sample

This repository contains terraform code to deploy a sample AWS Hub and Spoke architecture with Shared Services and Transit Gateway Connect VPC, with the following centralized services:

  • Managing EC2 instances using AWS Sytems Manager - ssm, ssmmessages and ec2messages VPC Endpoints.
  • Deploy a Cisco CSR1000v iinto the Transit Gateway Connect VPC
    • Configure the Cisco CSR1000v using a templated user_data boot strap:
      • Connect to the Transit Gateway Connect Peer using a GRE Tunnel
      • Peer with the Transit Gateway Connect Peer BGP address using BGP
  • Deploy a Cisco CSR1000v into a Remote Spoke VPC
    • Configure IPsec from the Remote Spoke VPC CSR1000v instance to the Connect VPC CSR1000v instance
    • Configure BGP neighbours between the Remote Spoke CSR1000v and the CSR1000v in the Connect VPC over the IPSec tunnel

The resources deployed and the architectural pattern they follow is purely for demonstration/testing purposes.

Prerequisites

  • An AWS account with an IAM user with the appropriate permissions
  • Have a local RSA key (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub). If none exists, use 'ssh-keygen' to generate
  • Have an AWS Marketplace subscription for Cisco Cloud Services Router (CSR) 1000v - Transit Network VPC - BYOL software
  • Terraform installed

Code Principles:

  • Writing DRY (Do No Repeat Yourself) code using a modular design pattern

Usage

  • Clone the repository
  • Edit the variables.tf file in the project root directory. This file contains the variables that are used to configure the VPCs to create, and Hybrid DNS configuration needed to work with your environment.
  • To change the configuration about the Security Groups and VPC endpoints to create, edit the locals.tf file in the project root directory
  • Initialize Terraform using terraform init
  • Deploy the template using terraform apply

Terraform Output:

After the 'terraform apply' has completed, the output will provide all the information required to connect to the CSR 1000v as well as the AWS CLI command to query the relevant AWS Transit Gateway Route Table for propogated routes once BGP neighbours have formed between the AWS Transit Gateway and the Cisco CSR1000v.

Target Architecture

Architecture diagram

References

Cleanup

Remember to clean up after your work is complete. You can do that by doing terraform destroy.

Note that this command will delete all the resources previously created by Terraform.

Requirements

Name Version
terraform >= 1.1.0
aws ~> 4.4

Providers

Name Version
aws 4.4.0
external 2.2.0
random 3.1.0

Modules

Name Source Version
compute ./modules/compute n/a
connect_vpc ./modules/connect_vpc n/a
iam_kms ./modules/iam_kms n/a
key_pairs ./modules/key_pairs n/a
remote_vpc ./modules/remote_vpc n/a
transit_gateway ./modules/transit_gateway n/a
vpc ./modules/vpc n/a
vpc_endpoints ./modules/vpc_endpoints n/a

Resources

Name Type
aws_eip.csr_public_ip resource
random_password.isakmp_secret resource
external_external.curlip data source

Inputs

Name Description Type Default Required
amazon_side_asn BGP ASN for the TGW. number 64512 no
aws_region AWS Region to create the environment. string "eu-west-1" no
connect_peer_cidr_blocks cidr blocks for connect peer list(string) 
[
  "169.254.200.0/29"
]
 no
eips n/a map(any) 
{
  "connect_csr_eip": {
    "tags": {
      "Name": "connect-csr-eip",
      "Type": "ConnectCSR"
    }
  },
  "remote_csr_eip": {
    "tags": {
      "Name": "remote-csr-eip",
      "Type": "RemoteSR"
    }
  }
}
 no
on_premises_cidr On-premises CIDR block. string "192.168.0.0/16" no
project_identifier Project Name, used as identifer when creating resources. string "hub-spoke-connect" no
transit_gateway_cidr_block cidr blocks for connect peer string "192.168.100.0/24" no
tunnel_cidr_block cidr blocks for connect peer string "169.254.201.0/29" no
vpcs VPCs to create. map(any) 
{
  "connect-vpc-1": {
    "cidr_block": "10.132.0.0/16",
    "csr_hostname_prefix": "csr",
    "csr_instance_size": "c5.large",
    "instance_count": 1,
    "local_bgp_asn": 64515,
    "number_azs": 2,
    "remote_bgp_asn": 64512,
    "spoke_type": "connect"
  },
  "remote-vpc-1": {
    "cidr_block": "10.251.0.0/16",
    "csr_hostname_prefix": "csr",
    "csr_instance_size": "c5.large",
    "instance_count": 1,
    "local_bgp_asn": 64516,
    "number_azs": 2,
    "remote_bpg_asn": 64515,
    "spoke_type": "remote"
  },
  "spoke-vpc-1": {
    "cidr_block": "10.11.0.0/16",
    "instance_type": "t2.micro",
    "number_azs": 1,
    "spoke_type": "spoke"
  },
  "spoke-vpc-2": {
    "cidr_block": "10.12.0.0/16",
    "instance_type": "t2.micro",
    "number_azs": 1,
    "spoke_type": "spoke"
  }
}
 no

Outputs

Name Description
connect_aws_eip_csr_public_ip Public IP of the AWS EIP Connect CSR instance
connect_csr_instance_id Instance ID of the CSR instance created
instances_created Instances created in each VPC
isakmp_secret ISAKMP secret key
remote_aws_eip_csr_public_ip Public IP of the AWS EIP remote CSR instance
tgw_route_table_id Transit Gateway Route Table ID
transit_gateway Transit Gateway ID
vpc_endpoints DNS name (regional) of the VPC endpoints created.
vpcs List of VPCs created
z_output_user_message Route table search command
| |

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

aws-hub-and-spoke-with-connect-peer-terraform's People

Contributors

amazon-auto avatar netdevautomate avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.