From b43598812d14b70dcf8f3da1ae2c43a526e75285 Mon Sep 17 00:00:00 2001 From: Krzysztof Wilczynski Date: Wed, 17 Aug 2016 22:36:21 +0900 Subject: [PATCH] Add ability to set peering options in aws_vpc_peering_connection. This commit adds two optional blocks called "accepter" and "requester" to the resource allowing for setting desired VPC Peering Connection options for VPCs that participate in the VPC peering. Signed-off-by: Krzysztof Wilczynski --- .../resource_aws_vpc_peering_connection.go | 142 +++++++++-- ...esource_aws_vpc_peering_connection_test.go | 229 +++++++++++++++--- .../providers/aws/r/vpc_peering.html.markdown | 62 ++++- 3 files changed, 375 insertions(+), 58 deletions(-) diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection.go b/builtin/providers/aws/resource_aws_vpc_peering_connection.go index c712e45740cb..94d3c7f6c72d 100644 --- a/builtin/providers/aws/resource_aws_vpc_peering_connection.go +++ b/builtin/providers/aws/resource_aws_vpc_peering_connection.go @@ -47,7 +47,9 @@ func resourceAwsVpcPeeringConnection() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "tags": tagsSchema(), + "accepter": vpcPeeringConnectionOptionsSchema(), + "requester": vpcPeeringConnectionOptionsSchema(), + "tags": tagsSchema(), }, } } @@ -61,7 +63,8 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error PeerVpcId: aws.String(d.Get("peer_vpc_id").(string)), VpcId: aws.String(d.Get("vpc_id").(string)), } - log.Printf("[DEBUG] VPCPeeringCreate create config: %#v", createOpts) + log.Printf("[DEBUG] VPC Peering Create options: %#v", createOpts) + resp, err := conn.CreateVpcPeeringConnection(createOpts) if err != nil { return fmt.Errorf("Error creating vpc peering connection: %s", err) @@ -73,9 +76,7 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error log.Printf("[INFO] VPC Peering Connection ID: %s", d.Id()) // Wait for the vpc peering connection to become available - log.Printf( - "[DEBUG] Waiting for vpc peering connection (%s) to become available", - d.Id()) + log.Printf("[DEBUG] Waiting for VPC Peering Connection (%s) to become available.", d.Id()) stateConf := &resource.StateChangeConf{ Pending: []string{"pending"}, Target: []string{"pending-acceptance"}, @@ -84,7 +85,7 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error } if _, err := stateConf.WaitForState(); err != nil { return fmt.Errorf( - "Error waiting for vpc peering (%s) to become available: %s", + "Error waiting for VPC Peering Connection (%s) to become available: %s", d.Id(), err) } @@ -97,6 +98,7 @@ func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error { if err != nil { return err } + if pcRaw == nil { d.SetId("") return nil @@ -108,25 +110,46 @@ func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error { // connection is gone. Destruction isn't allowed, and it eventually // just "falls off" the console. See GH-2322 if pc.Status != nil { - if *pc.Status.Code == "failed" || *pc.Status.Code == "deleted" || *pc.Status.Code == "rejected" || *pc.Status.Code == "deleting" || *pc.Status.Code == "expired" { - log.Printf("[DEBUG] VPC Peering Connect (%s) in state (%s), removing", d.Id(), *pc.Status.Code) + status := map[string]bool{ + "deleted": true, + "deleting": true, + "expired": true, + "failed": true, + "rejected": true, + } + if _, ok := status[*pc.Status.Code]; ok { + log.Printf("[DEBUG] VPC Peering Connection (%s) in state (%s), removing.", + d.Id(), *pc.Status.Code) d.SetId("") return nil } } d.Set("accept_status", *pc.Status.Code) - d.Set("peer_owner_id", pc.AccepterVpcInfo.OwnerId) - d.Set("peer_vpc_id", pc.AccepterVpcInfo.VpcId) - d.Set("vpc_id", pc.RequesterVpcInfo.VpcId) - d.Set("tags", tagsToMap(pc.Tags)) + d.Set("peer_owner_id", *pc.AccepterVpcInfo.OwnerId) + d.Set("peer_vpc_id", *pc.AccepterVpcInfo.VpcId) + d.Set("vpc_id", *pc.RequesterVpcInfo.VpcId) + + err = d.Set("accepter", flattenPeeringOptions(pc.AccepterVpcInfo.PeeringOptions)) + if err != nil { + return err + } + + err = d.Set("requester", flattenPeeringOptions(pc.RequesterVpcInfo.PeeringOptions)) + if err != nil { + return err + } + + err = d.Set("tags", tagsToMap(pc.Tags)) + if err != nil { + return err + } return nil } func resourceVPCPeeringConnectionAccept(conn *ec2.EC2, id string) (string, error) { - - log.Printf("[INFO] Accept VPC Peering Connection with id: %s", id) + log.Printf("[INFO] Accept VPC Peering Connection with ID: %s", id) req := &ec2.AcceptVpcPeeringConnectionInput{ VpcPeeringConnectionId: aws.String(id), @@ -137,7 +160,37 @@ func resourceVPCPeeringConnectionAccept(conn *ec2.EC2, id string) (string, error return "", err } pc := resp.VpcPeeringConnection - return *pc.Status.Code, err + + return *pc.Status.Code, nil +} + +func resourceVPCPeeringConnectionOptionsModify(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + + modifyOpts := &ec2.ModifyVpcPeeringConnectionOptionsInput{ + VpcPeeringConnectionId: aws.String(d.Id()), + } + + if v, ok := d.GetOk("accepter"); ok { + if s := v.([]interface{}); len(s) > 0 { + modifyOpts.AccepterPeeringConnectionOptions = expandPeeringOptions( + s[0].(map[string]interface{})) + } + } + + if v, ok := d.GetOk("requester"); ok { + if s := v.([]interface{}); len(s) > 0 { + modifyOpts.RequesterPeeringConnectionOptions = expandPeeringOptions( + s[0].(map[string]interface{})) + } + } + + log.Printf("[DEBUG] VPC Peering Connection modify options: %#v", modifyOpts) + if _, err := conn.ModifyVpcPeeringConnectionOptions(modifyOpts); err != nil { + return err + } + + return nil } func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error { @@ -151,10 +204,10 @@ func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error if _, ok := d.GetOk("auto_accept"); ok { pcRaw, _, err := resourceAwsVPCPeeringConnectionStateRefreshFunc(conn, d.Id())() - if err != nil { return err } + if pcRaw == nil { d.SetId("") return nil @@ -166,9 +219,13 @@ func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error if err != nil { return err } - log.Printf( - "[DEBUG] VPC Peering connection accept status: %s", - status) + log.Printf("[DEBUG] VPC Peering Connection accept status: %s", status) + } + } + + if d.HasChange("accepter") || d.HasChange("requester") { + if err := resourceVPCPeeringConnectionOptionsModify(d, meta); err != nil { + return err } } @@ -182,6 +239,7 @@ func resourceAwsVPCPeeringDelete(d *schema.ResourceData, meta interface{}) error &ec2.DeleteVpcPeeringConnectionInput{ VpcPeeringConnectionId: aws.String(d.Id()), }) + return err } @@ -213,3 +271,49 @@ func resourceAwsVPCPeeringConnectionStateRefreshFunc(conn *ec2.EC2, id string) r return pc, *pc.Status.Code, nil } } + +func vpcPeeringConnectionOptionsSchema() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "allow_remote_vpc_dns_resolution": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, + "allow_classic_link_to_remote_vpc": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, + "allow_vpc_to_remote_classic_link": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, + }, + }, + } +} + +func flattenPeeringOptions(options *ec2.VpcPeeringConnectionOptionsDescription) (results []map[string]interface{}) { + m := map[string]interface{}{ + "allow_remote_vpc_dns_resolution": *options.AllowDnsResolutionFromRemoteVpc, + "allow_classic_link_to_remote_vpc": *options.AllowEgressFromLocalClassicLinkToRemoteVpc, + "allow_vpc_to_remote_classic_link": *options.AllowEgressFromLocalVpcToRemoteClassicLink, + } + results = append(results, m) + return +} + +func expandPeeringOptions(m map[string]interface{}) *ec2.PeeringConnectionOptionsRequest { + return &ec2.PeeringConnectionOptionsRequest{ + AllowDnsResolutionFromRemoteVpc: aws.Bool(m["allow_remote_vpc_dns_resolution"].(bool)), + AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(m["allow_classic_link_to_remote_vpc"].(bool)), + AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(m["allow_vpc_to_remote_classic_link"].(bool)), + } +} diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go index 5aefdd6a9c03..67d6a60ad7f2 100644 --- a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go +++ b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go @@ -4,6 +4,7 @@ import ( "fmt" "log" "os" + "reflect" "testing" "github.com/aws/aws-sdk-go/aws" @@ -19,7 +20,7 @@ func TestAccAWSVPCPeeringConnection_basic(t *testing.T) { PreCheck: func() { testAccPreCheck(t) if os.Getenv("AWS_ACCOUNT_ID") == "" { - t.Fatal("AWS_ACCOUNT_ID must be set") + t.Fatal("AWS_ACCOUNT_ID must be set.") } }, @@ -32,7 +33,9 @@ func TestAccAWSVPCPeeringConnection_basic(t *testing.T) { resource.TestStep{ Config: testAccVpcPeeringConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection), + testAccCheckAWSVpcPeeringConnectionExists( + "aws_vpc_peering_connection.foo", + &connection), ), }, }, @@ -45,7 +48,7 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) { // reach out and DELETE the VPC Peering connection outside of Terraform testDestroy := func(*terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).ec2conn - log.Printf("[DEBUG] Test deleting VPC Peering connection") + log.Printf("[DEBUG] Test deleting the VPC Peering Connection.") _, err := conn.DeleteVpcPeeringConnection( &ec2.DeleteVpcPeeringConnectionInput{ VpcPeeringConnectionId: connection.VpcPeeringConnectionId, @@ -60,7 +63,7 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) { PreCheck: func() { testAccPreCheck(t) if os.Getenv("AWS_ACCOUNT_ID") == "" { - t.Fatal("AWS_ACCOUNT_ID must be set") + t.Fatal("AWS_ACCOUNT_ID must be set.") } }, Providers: testAccProviders, @@ -69,7 +72,9 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) { resource.TestStep{ Config: testAccVpcPeeringConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection), + testAccCheckAWSVpcPeeringConnectionExists( + "aws_vpc_peering_connection.foo", + &connection), testDestroy, ), ExpectNonEmptyPlan: true, @@ -82,7 +87,7 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) { var connection ec2.VpcPeeringConnection peerId := os.Getenv("TF_PEER_ID") if peerId == "" { - t.Skip("Error: TestAccAWSVPCPeeringConnection_tags requires a peer id to be set") + t.Skip("Error: TestAccAWSVPCPeeringConnection_tags requires a peer ID to be set.") } resource.Test(t, resource.TestCase{ @@ -97,7 +102,9 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) { resource.TestStep{ Config: fmt.Sprintf(testAccVpcPeeringConfigTags, peerId), Check: resource.ComposeTestCheckFunc( - testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection), + testAccCheckAWSVpcPeeringConnectionExists( + "aws_vpc_peering_connection.foo", + &connection), testAccCheckTags(&connection.Tags, "foo", "bar"), ), }, @@ -105,6 +112,106 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) { }) } +func TestAccAWSVPCPeeringConnection_options(t *testing.T) { + var connection ec2.VpcPeeringConnection + + testAccepterChange := func(*terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).ec2conn + log.Printf("[DEBUG] Test change to the VPC Peering Connection Options.") + + _, err := conn.ModifyVpcPeeringConnectionOptions( + &ec2.ModifyVpcPeeringConnectionOptionsInput{ + VpcPeeringConnectionId: connection.VpcPeeringConnectionId, + AccepterPeeringConnectionOptions: &ec2.PeeringConnectionOptionsRequest{ + AllowDnsResolutionFromRemoteVpc: aws.Bool(false), + }, + }) + if err != nil { + return err + } + return nil + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + if os.Getenv("AWS_ACCOUNT_ID") == "" { + t.Fatal("AWS_ACCOUNT_ID must be set") + } + }, + + IDRefreshName: "aws_vpc_peering_connection.foo", + IDRefreshIgnore: []string{"auto_accept"}, + + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSVpcPeeringConnectionDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccVpcPeeringConfigOptions, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSVpcPeeringConnectionExists( + "aws_vpc_peering_connection.foo", + &connection), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "accepter.#", "1"), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "accepter.0.allow_remote_vpc_dns_resolution", "true"), + testAccCheckAWSVpcPeeringConnectionOptions( + "aws_vpc_peering_connection.foo", "accepter", + &ec2.VpcPeeringConnectionOptionsDescription{ + AllowDnsResolutionFromRemoteVpc: aws.Bool(true), + AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(false), + AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(false), + }), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "requester.#", "1"), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "requester.0.allow_classic_link_to_remote_vpc", "true"), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "requester.0.allow_vpc_to_remote_classic_link", "true"), + testAccCheckAWSVpcPeeringConnectionOptions( + "aws_vpc_peering_connection.foo", "requester", + &ec2.VpcPeeringConnectionOptionsDescription{ + AllowDnsResolutionFromRemoteVpc: aws.Bool(false), + AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(true), + AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(true), + }, + ), + testAccepterChange, + ), + ExpectNonEmptyPlan: true, + }, + resource.TestStep{ + Config: testAccVpcPeeringConfigOptions, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSVpcPeeringConnectionExists( + "aws_vpc_peering_connection.foo", + &connection), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "accepter.#", "1"), + resource.TestCheckResourceAttr( + "aws_vpc_peering_connection.foo", + "accepter.0.allow_remote_vpc_dns_resolution", "true"), + testAccCheckAWSVpcPeeringConnectionOptions( + "aws_vpc_peering_connection.foo", "accepter", + &ec2.VpcPeeringConnectionOptionsDescription{ + AllowDnsResolutionFromRemoteVpc: aws.Bool(true), + AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(false), + AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(false), + }, + ), + ), + }, + }, + }) +} + func testAccCheckAWSVpcPeeringConnectionDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).ec2conn @@ -138,12 +245,12 @@ func testAccCheckAWSVpcPeeringConnectionDestroy(s *terraform.State) error { if *pc.Status.Code == "deleted" { return nil } - return fmt.Errorf("Found vpc peering connection in unexpected state: %s", pc) + return fmt.Errorf("Found the VPC Peering Connection in an unexpected state: %s", pc) } // return error here; we've found the vpc_peering object we want, however // it's not in an expected state - return fmt.Errorf("Fall through error for testAccCheckAWSVpcPeeringConnectionDestroy") + return fmt.Errorf("Fall through error for testAccCheckAWSVpcPeeringConnectionDestroy.") } return nil @@ -157,7 +264,7 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer } if rs.Primary.ID == "" { - return fmt.Errorf("No vpc peering connection id is set") + return fmt.Errorf("No VPC Peering Connection ID is set.") } conn := testAccProvider.Meta().(*AWSClient).ec2conn @@ -169,7 +276,7 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer return err } if len(resp.VpcPeeringConnections) == 0 { - return fmt.Errorf("VPC peering connection not found") + return fmt.Errorf("VPC Peering Connection could not be found.") } *connection = *resp.VpcPeeringConnections[0] @@ -178,43 +285,105 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer } } +func testAccCheckAWSVpcPeeringConnectionOptions(n, block string, options *ec2.VpcPeeringConnectionOptionsDescription) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No VPC Peering Connection ID is set.") + } + + conn := testAccProvider.Meta().(*AWSClient).ec2conn + resp, err := conn.DescribeVpcPeeringConnections( + &ec2.DescribeVpcPeeringConnectionsInput{ + VpcPeeringConnectionIds: []*string{aws.String(rs.Primary.ID)}, + }) + if err != nil { + return err + } + + pc := resp.VpcPeeringConnections[0] + + o := pc.AccepterVpcInfo + if block == "requester" { + o = pc.RequesterVpcInfo + } + + if !reflect.DeepEqual(o.PeeringOptions, options) { + return fmt.Errorf("Expected the VPC Peering Connection Options to be %#v, got %#v", + options, o.PeeringOptions) + } + + return nil + } +} + const testAccVpcPeeringConfig = ` resource "aws_vpc" "foo" { - cidr_block = "10.0.0.0/16" - tags { - Name = "TestAccAWSVPCPeeringConnection_basic" - } + cidr_block = "10.0.0.0/16" + tags { + Name = "TestAccAWSVPCPeeringConnection_basic" + } } resource "aws_vpc" "bar" { - cidr_block = "10.1.0.0/16" + cidr_block = "10.1.0.0/16" } resource "aws_vpc_peering_connection" "foo" { - vpc_id = "${aws_vpc.foo.id}" - peer_vpc_id = "${aws_vpc.bar.id}" - auto_accept = true + vpc_id = "${aws_vpc.foo.id}" + peer_vpc_id = "${aws_vpc.bar.id}" + auto_accept = true } ` const testAccVpcPeeringConfigTags = ` resource "aws_vpc" "foo" { - cidr_block = "10.0.0.0/16" - tags { - Name = "TestAccAWSVPCPeeringConnection_tags" - } + cidr_block = "10.0.0.0/16" + tags { + Name = "TestAccAWSVPCPeeringConnection_tags" + } } resource "aws_vpc" "bar" { - cidr_block = "10.1.0.0/16" + cidr_block = "10.1.0.0/16" } resource "aws_vpc_peering_connection" "foo" { - vpc_id = "${aws_vpc.foo.id}" - peer_vpc_id = "${aws_vpc.bar.id}" - peer_owner_id = "%s" - tags { - foo = "bar" - } + vpc_id = "${aws_vpc.foo.id}" + peer_vpc_id = "${aws_vpc.bar.id}" + peer_owner_id = "%s" + tags { + foo = "bar" + } +} +` + +const testAccVpcPeeringConfigOptions = ` +resource "aws_vpc" "foo" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_vpc" "bar" { + cidr_block = "10.1.0.0/16" + enable_dns_hostnames = true +} + +resource "aws_vpc_peering_connection" "foo" { + vpc_id = "${aws_vpc.foo.id}" + peer_vpc_id = "${aws_vpc.bar.id}" + auto_accept = true + + accepter { + allow_remote_vpc_dns_resolution = true + } + + requester { + allow_vpc_to_remote_classic_link = true + allow_classic_link_to_remote_vpc = true + } } ` diff --git a/website/source/docs/providers/aws/r/vpc_peering.html.markdown b/website/source/docs/providers/aws/r/vpc_peering.html.markdown index c083591f4a91..82b94cdd7431 100644 --- a/website/source/docs/providers/aws/r/vpc_peering.html.markdown +++ b/website/source/docs/providers/aws/r/vpc_peering.html.markdown @@ -22,6 +22,24 @@ resource "aws_vpc_peering_connection" "foo" { } ``` +Basic usage with connection options: + +``` +resource "aws_vpc_peering_connection" "foo" { + peer_owner_id = "${var.peer_owner_id}" + peer_vpc_id = "${aws_vpc.bar.id}" + vpc_id = "${aws_vpc.foo.id}" + + accepter { + allow_remote_vpc_dns_resolution = true + } + + requester { + allow_remote_vpc_dns_resolution = true + } +} +``` + Basic usage with tags: ``` @@ -30,10 +48,11 @@ resource "aws_vpc_peering_connection" "foo" { peer_owner_id = "${var.peer_owner_id}" peer_vpc_id = "${aws_vpc.bar.id}" vpc_id = "${aws_vpc.foo.id}" - + auto_accept = true - tags { - Name = "VPC Peering between foo and bar" + + tags { + Name = "VPC Peering between foo and bar" } } @@ -51,26 +70,51 @@ resource "aws_vpc" "bar" { The following arguments are supported: * `peer_owner_id` - (Required) The AWS account ID of the owner of the peer VPC. -* `peer_vpc_id` - (Required) The ID of the VPC with which you are creating the VPC peering connection. +* `peer_vpc_id` - (Required) The ID of the VPC with which you are creating the VPC Peering Connection. * `vpc_id` - (Required) The ID of the requester VPC. * `auto_accept` - (Optional) Accept the peering (you need to be the owner of both VPCs). +* `accepter` (Optional) - An optional configuration block that allows for [VPC Peering Connection] +(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options to be set for the VPC that accepts +the peering connection (a maximum of one). +* `requester` (Optional) - A optional configuration block that allows for [VPC Peering Connection] +(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options to be set for the VPC that requests +the peering connection (a maximum of one). * `tags` - (Optional) A mapping of tags to assign to the resource. +#### Accepter and Requester Arguments + +-> **Note:** When enabled, the DNS resolution feature requires that VPCs participating in the peering +must have support for the DNS hostnames enabled. This can be done using the [`enable_dns_hostnames`] +(vpc.html#enable_dns_hostnames) attribute in the [`aws_vpc`](vpc.html) resource. See [Using DNS with Your VPC] +(http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html) user guide for more information. + +* `allow_remote_vpc_dns_resolution` - (Optional) Allow a local VPC to resolve public DNS hostnames to private +IP addresses when queried from instances in the peer VPC. +* `allow_classic_link_to_remote_vpc` - (Optional) Allow a local linked EC2-Classic instance to communicate +with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection +to the remote VPC. +* `allow_vpc_to_remote_classic_link` - (Optional) Allow a local VPC to communicate with a linked EC2-Classic +instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink +connection. + ## Attributes Reference The following attributes are exported: -* `id` - The ID of the VPC Peering Connections -* `accept_status` - The Status of the VPC peering connection request. +* `id` - The ID of the VPC Peering Connection. +* `accept_status` - The status of the VPC Peering Connection request. ## Notes -If you are not the owner of both VPCs, or do not enable auto_accept you will still have to accept the peering with the AWS Console, aws-cli or aws-sdk-go. + +If you are not the owner of both VPCs, or do not enable the `auto_accept` attribute you will still +have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI, +through SDKs, etc. ## Import -VPC Peering resources can be imported using the `vpc peering id`, e.g. +VPC Peering resources can be imported using the `vpc peering id`, e.g. ``` $ terraform import aws_vpc_peering_connection.test_connection pcx-111aaa111 -``` \ No newline at end of file +```