____.             ________        ________
    |    |____  ___.__.\_____  \       \_____  \   ____   ____
    |    \__  \<   |  | /  / \  \       /   |   \ /    \_/ __ \
/\__|    |/ __ \\___  |/   \_/.  \     /    |    \   |  \  ___/
\________(____  / ____|\_____\ \_/_____\_______  /___|  /\___  >
              \/\/            \__>_____/       \/     \/     \/

--=[ PrEsENtZ ]=--

--=[ AwS CLouD NeTWoRkiNg SuiTE 3000 ]=--

--=[ #StayUp ]=--

TNT Architecture!

Terraform Networking Trifecta Demo

• Compose a hub and spoke Transit Gateway topology using Tiered VPC-NG and Centralized Router modules.
• Validate connectivity with EC2 instances.

Super Router!

Super Router Demo

• Compose a decentralized hub and spoke Transit Gateway topology using Tiered VPC-NG, Centralized Router, and Super Router modules.
• Validate connectivity with AWS Route Analyzer.

Full Mesh Trio!

Full Mesh Trio Demo

• Compose a Full Mesh Transit Gateway topology across 3 regions using Tiered VPC-NG, Centralized Router and Full Mesh Trio modules.
• Includes an VPC peering examples within a full mesh configuration for high traffic workloads to save on cost using the VPC Peering Deluxe module.
• Validate connectivity with AWS Route Analyzer.

Mega Mesh!

Mega Mesh Demo

• Compose a Full Mesh Transit Gateway topology across 10 regions using Tiered VPC-NG, Centralized Router and Mega Mesh modules.
• Validate connectivity with AWS Route Analyzer.

---

Notes:

• Sometimes I'll blog about ideas at jq1.io.
• All modules are first developed in the terraform-modules repo.
• The most useful modules are published to the Public Terraform Registry.
• All demos include an example of generating security group rules for inter-region and cross-region VPCs for each TGW configuration.
  • Intra VPC Security Group Rule
  • Super Intra VPC Security Group Rules
  • Full Mesh Intra VPC Security Group Rules
  • TODO: Mega Mesh Intra VPC Security Group Rules
• The Centralized Router module is an implementation of the AWS Centralized Router concept but without VPN Gateway or Direct Connect, only VPCs.
• Available AZs (a,b,c etc) in a region are different per AWS account (ie. your us-west-2a is not the same AZ as my us-west-2a) so it's possible you'll need to change the AZ letter for a VPC if the provider is saying it's not available for the region.
• There is no overlapping CIDR detection inter-region or cross-region so it's important that the VPC's network and subnet CIDRs are allocated correctly.

Updates:

• Demos have been updated to use Tiered VPC-NG and Centralized Router at v1.0.1.

  • This version now only uses the AWS 5.x provider.
  • Demonstrates using private subnets only, public subnets only or both using special = true on either subnet per AZ.
  • Build a NATGW for all private subnets by adding natgw = true to any public subnet.
  • Is still compatible with all other modules at v1.0.0 (super router, full mesh trio, mega mesh etc)
  • No provided move blocks for migration path to Tiered VPC-NG v1.0.1 so it's best to start fresh.
  • It's possible you might need to run terraform init -upgrade in each demo to upgrade to the latest 5.x provider.
  • Or run terraform get -update to refresh module code.

• Visual inspiration to spice up the concept:

  • https://twitter.com/MAKIO135/status/1378469836305666055
  • https://twitter.com/MAKIO135/status/1380634991818911746
  • https://twitter.com/MAKIO135/status/1379931304863657984
  • https://twitter.com/MAKIO135/status/1404543066724253699
  • https://twitter.com/MAKIO135/status/1368340867803660289