____. ________ ________
| |____ ___.__.\_____ \ \_____ \ ____ ____
| \__ \< | | / / \ \ / | \ / \_/ __ \
/\__| |/ __ \\___ |/ \_/. \ / | \ | \ ___/
\________(____ / ____|\_____\ \_/_____\_______ /___| /\___ >
\/\/ \__>_____/ \/ \/ \/
--=[ PrEsENtZ ]=--
--=[ AwS CLouD NeTWoRkiNg SuiTE 3000 ]=--
--=[ #StayUp ]=--
Terraform Networking Trifecta Demo
- Compose a hub and spoke Transit Gateway topology using Tiered VPC-NG and Centralized Router modules.
- Validate connectivity with EC2 instances.
- Compose a decentralized hub and spoke Transit Gateway topology using Tiered VPC-NG, Centralized Router, and Super Router modules.
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway topology across 3 regions using Tiered VPC-NG, Centralized Router and Full Mesh Trio modules.
- Includes an VPC peering examples within a full mesh configuration for high traffic workloads to save on cost using the VPC Peering Deluxe module.
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway topology across 10 regions using Tiered VPC-NG, Centralized Router and Mega Mesh modules.
- Validate connectivity with AWS Route Analyzer.
Notes:
- Sometimes I'll blog about ideas at jq1.io.
- All modules are first developed in the terraform-modules repo.
- The most useful modules are published to the Public Terraform Registry.
- All demos include an example of generating security group rules for inter-region and cross-region VPCs for each TGW configuration.
- Intra VPC Security Group Rule
- Super Intra VPC Security Group Rules
- Full Mesh Intra VPC Security Group Rules
- TODO: Mega Mesh Intra VPC Security Group Rules
- The Centralized Router module is an implementation of the AWS Centralized Router concept but without VPN Gateway or Direct Connect, only VPCs.
- Available AZs (a,b,c etc) in a region are different per AWS account (ie. your us-west-2a is not the same AZ as my us-west-2a) so it's possible you'll need to change the AZ letter for a VPC if the provider is saying it's not available for the region.
- There is no overlapping CIDR detection inter-region or cross-region so it's important that the VPC's network and subnet CIDRs are allocated correctly.
Updates:
-
Demos have been updated to use Tiered VPC-NG and Centralized Router at
v1.0.1
.- This version now only uses the AWS 5.x provider.
- Demonstrates using private subnets only, public subnets only
or both using
special = true
on either subnet per AZ. - Build a NATGW for all private subnets by adding
natgw = true
to any public subnet. - Is still compatible with all other modules at
v1.0.0
(super router, full mesh trio, mega mesh etc) - No provided move blocks for migration path to Tiered VPC-NG
v1.0.1
so it's best to start fresh. - It's possible you might need to run
terraform init -upgrade
in each demo to upgrade to the latest 5.x provider. - Or run
terraform get -update
to refresh module code.
-
Visual inspiration to spice up the concept: