VPC Peering
🎯 To link the Cloud9-IDE in the Default VPC and the CI/CD VPC (used for the CodeBuild) to the private EKS VPC using VPC Peering.
✍️ Links the Cloud9-IDE and the CI/CD VPC to the private EKS VPC
Allows the required traffic to flow so we can communicate with the EKS Cluster from the Cloud9-IDE in the Default VPC and the CodeBuild ENI that will be provisioned in the private subnet of the CI/CD VPC.
- VPC Peerings
- VPC Route Table entries for the default and EKS subnets:
- A Route to 172.31 via the VPC peering for the
EKS VPC. - A Route to 10.0 via the VPC peering for the
Default VPC.
- A Route to 172.31 via the VPC peering for the
- VPC Route Table entries for the CI/CD subnets and EKS subnets:
- A Route to 172.30 via the VPC peering for the
EKS VPC. - A Route to 10.0 via the VPC peering for the VPC.
- A Route to 172.30 via the VPC peering for the
- A Security Group rule for the Cloud9 Security Group allowing traffic from 10.0.x.x.
- A Security Group rule for the
EKS Worker NodesSecurity Group allowing traffic in port 22 from the Cloud9-IDE Security Group. - A Security Group rule for the
EKS ClusterSecurity Group allowing traffic in port 443 from the Cloud9-IDE Security Group
👉 modules/vpc-peering
export TF_VAR_fully_private_cluster=true
cd modules/vpc-peering
terraform init -reconfigure -backend-config="region=${AWS_REGION}" \
-backend-config="bucket=${TF_STATE_S3_BUCKET}" \
-backend-config="key=${PROJECT_ID}-vpc-peering.tfstate" \
-backend-config="dynamodb_table=${TF_STATE_DYNAMODB_TABLE}"
terraform plan -out tfplan
terraform apply -input=false -auto-approve tfplan
cd ../..
👉 modules/vpc-peering
export TF_VAR_fully_private_cluster=true
cd modules/vpc-peering
terraform init -reconfigure -backend-config="region=${AWS_REGION}" \
-backend-config="bucket=${TF_STATE_S3_BUCKET}" \
-backend-config="key=${PROJECT_ID}-vpc-peering.tfstate" \
-backend-config="dynamodb_table=${TF_STATE_DYNAMODB_TABLE}"
terraform plan -out tfplan
terraform apply -input=false -auto-approve tfplan
cd ../..