Added vpc_peering module

Author: Dmitry Berezovsky

modules/domain_controller/output.tf

@@ -0,0 +1,11 @@
+output "private_ip" {
+  value = "${aws_instance.clearos.private_ip}"
+}
+
+output "instance_id" {
+  value = "${aws_instance.clearos.id}"
+}
+
+output "public_ip" {
+  value = "${aws_eip.clearos.public_ip}"
+}

modules/domain_controller/resources/centos-to-clearos.sh

@@ -38,7 +38,7 @@ yum-config-manager --enable clearos-centos-extras
 yum-config-manager --enable clearos-centos
 yum-config-manager --enable clearos-centos-fasttrack clearos-centos-updates
 
-yum install -y app-openvpn app-openldap-directory app-administrators app-dns app-storage
+yum install -y app-openvpn app-openldap-directory app-administrators app-dns app-storage app-firewall app-firewall-custom
 
 # Default networking
 yum -y remove NetworkManager

modules/vpc_peering/README.MD

@@ -0,0 +1,7 @@
+VPC Peering
+===========
+
+This module allow to link to AWS 2 VPCs. Basically it creates peering connection and configures routes 
+for VPC which initiates connection. It is important to understand that in order to have complete setup
+you might need to configure routes and security groups on the receiving side
+

modules/vpc_peering/output.tf

@@ -0,0 +1,7 @@
+output "remote_vpc_connection" {
+  value = "${aws_vpc_peering_connection.remote_vpc_link.id}"
+}
+
+output "remote_network_access_sg_id" {
+  value = "${aws_security_group.allow_access_to_remote_vpc.id}"
+}

modules/vpc_peering/peering.tf

@@ -0,0 +1,44 @@
+resource "aws_vpc_peering_connection" "remote_vpc_link" {
+  count = "${var.target_vpc_id != "" ? 1 : 0}"
+  peer_vpc_id = "${var.target_vpc_id}"
+  vpc_id = "${var.current_vpc_id}"
+  auto_accept = "${var.peering_auto_accept}"
+
+  accepter {
+    allow_remote_vpc_dns_resolution = true
+  }
+
+  requester {
+    allow_remote_vpc_dns_resolution = false
+  }
+
+  tags {
+    Env = "${var.env_name}"
+    Name = "${var.env_name}: ${var.remote_vpc_name} Link"
+  }
+}
+
+resource "aws_route" "remote_vpc_routes" {
+  count = "${var.target_vpc_id != "" ? length(var.local_route_tables_to_support_link) : 0 }"
+  route_table_id = "${element(var.local_route_tables_to_support_link, count.index)}"
+  vpc_peering_connection_id = "${aws_vpc_peering_connection.remote_vpc_link.id}"
+  destination_cidr_block = "${var.target_vpc_network}"
+}
+
+resource "aws_security_group" "allow_access_to_remote_vpc" {
+  count = "${var.target_vpc_id != "" ? 1 : 0}"
+  name = "${lower(var.env_name)}-access-${lower(var.remote_vpc_name)}-lan"
+  vpc_id = "${var.current_vpc_id}"
+
+  egress {
+    from_port = 0
+    to_port = 0
+    protocol = "-1"
+    cidr_blocks = ["${var.allow_access_to_remote_vpc_cidrs}"]
+  }
+
+  tags {
+    Env = "${var.env_name}"
+    Name = "${var.env_name}: Allow Access to ${var.remote_vpc_name} LAN"
+  }
+}

modules/vpc_peering/variables.tf

@@ -0,0 +1,41 @@
+variable "env_name" {
+  type = "string"
+}
+
+variable "remote_vpc_name" {
+  description = "Name of the remote VPC to be used in resources names. E.g. Production"
+  type = "string"
+}
+
+variable "current_vpc_id" {
+  type = "string"
+}
+
+variable "target_vpc_id" {
+  type = "string"
+}
+
+variable "target_vpc_network" {
+  type = "string"
+  default = ""
+}
+
+variable "peering_auto_accept" {
+  type = "string"
+  default = true
+}
+
+variable "local_route_tables_to_support_link" {
+  description = "Traffic from given networks will be routed to remote VPC. Expects the list of route table IDs"
+  type = "list"
+  default = []
+}
+
+variable "vpc_availability_zones" {
+  type = "list"
+  default = []
+}
+
+variable "allow_access_to_remote_vpc_cidrs" {
+  type = "list"
+}