示意圖

建置環境

1. 建立provider和region

   1 2 3 4

   provider "aws" { region = "us-west-2" profile = "default" }

2. 建立VPC 1環境

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

   resource "aws_vpc" "vpc-1" { cidr_block = "10.0.0.0/16" tags = { "Name" = "vpc-1" } } resource "aws_subnet" "subnet-1a" { cidr_block = "10.0.1.0/24" vpc_id = aws_vpc.vpc-1.id availability_zone = "us-west-2a" tags = { "Name" = "subnet-1a" } } resource "aws_subnet" "subnet-1b" { cidr_block = "10.0.2.0/24" vpc_id = aws_vpc.vpc-1.id availability_zone = "us-west-2a" tags = { "Name" = "subnet-1b" } } resource "aws_route_table" "route-table-1" { vpc_id = aws_vpc.vpc-1.id route { cidr_block = "20.0.0.0/16" vpc_peering_connection_id = aws_vpc_peering_connection.peer.id } route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw-1.id } tags = { "Name" = "route-table-1" } } resource "aws_route_table_association" "subnet-1a" { subnet_id = aws_subnet.subnet-1a.id route_table_id = aws_route_table.route-table-1.id } resource "aws_route_table_association" "subnet-1b" { subnet_id = aws_subnet.subnet-1b.id route_table_id = aws_route_table.route-table-1.id } resource "aws_internet_gateway" "igw-1" { vpc_id = aws_vpc.vpc-1.id tags = { Name = "igw-1" } } resource "aws_security_group" "sg-1" { name = "sg1" vpc_id = aws_vpc.vpc-1.id ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "sg-1" } } resource "aws_eip" "eip-1a" { vpc = true } resource "aws_eip" "eip-1b" { vpc = true } resource "aws_eip_association" "eipa-1a" { instance_id = aws_instance.ec2-1a.id allocation_id = aws_eip.eip-1a.id } resource "aws_eip_association" "eipa-1b" { instance_id = aws_instance.ec2-1b.id allocation_id = aws_eip.eip-1b.id } resource "aws_instance" "ec2-1a" { ami = "ami-0747e613a2a1ff483" instance_type = "t2.micro" key_name = "demo-key-us-west-2" availability_zone = "us-west-2a" subnet_id = aws_subnet.subnet-1a.id vpc_security_group_ids = [aws_security_group.sg-1.id] tags = { Name = "ec2-1a" } } resource "aws_instance" "ec2-1b" { ami = "ami-0747e613a2a1ff483" instance_type = "t2.micro" key_name = "demo-key-us-west-2" availability_zone = "us-west-2a" subnet_id = aws_subnet.subnet-1b.id vpc_security_group_ids = [aws_security_group.sg-1.id] tags = { Name = "ec2-1b" } }

3. 建立VPC 2環境(與VPC 1環境建置方法雷同)

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

   resource "aws_vpc" "vpc-2" { cidr_block = "20.0.0.0/16" tags = { "Name" = "vpc-2" } } resource "aws_subnet" "subnet-2a" { cidr_block = "20.0.1.0/24" vpc_id = aws_vpc.vpc-2.id availability_zone = "us-west-2b" tags = { "Name" = "subnet-2a" } } resource "aws_subnet" "subnet-2b" { cidr_block = "20.0.2.0/24" vpc_id = aws_vpc.vpc-2.id availability_zone = "us-west-2b" tags = { "Name" = "subnet-2b" } } resource "aws_route_table" "route-table-2" { vpc_id = aws_vpc.vpc-2.id route { cidr_block = "10.0.0.0/16" vpc_peering_connection_id = aws_vpc_peering_connection.peer.id } route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw-2.id } tags = { "Name" = "route-table-2" } } resource "aws_route_table_association" "subnet-2a" { subnet_id = aws_subnet.subnet-2a.id route_table_id = aws_route_table.route-table-2.id } resource "aws_route_table_association" "subnet-2b" { subnet_id = aws_subnet.subnet-2b.id route_table_id = aws_route_table.route-table-2.id } resource "aws_internet_gateway" "igw-2" { vpc_id = aws_vpc.vpc-2.id tags = { Name = "igw-2" } } resource "aws_security_group" "sg-2" { name = "sg2" vpc_id = aws_vpc.vpc-2.id ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "sg-2" } } resource "aws_eip" "eip-2a" { vpc = true } resource "aws_eip" "eip-2b" { vpc = true } resource "aws_eip_association" "eipa-2a" { instance_id = aws_instance.ec2-2a.id allocation_id = aws_eip.eip-2a.id } resource "aws_eip_association" "eipa-2b" { instance_id = aws_instance.ec2-2b.id allocation_id = aws_eip.eip-2b.id } resource "aws_instance" "ec2-2a" { ami = "ami-0747e613a2a1ff483" instance_type = "t2.micro" key_name = "demo-key-us-west-2" availability_zone = "us-west-2b" subnet_id = aws_subnet.subnet-2a.id vpc_security_group_ids = [aws_security_group.sg-2.id] tags = { Name = "ec2-2a" } } resource "aws_instance" "ec2-2b" { ami = "ami-0747e613a2a1ff483" instance_type = "t2.micro" key_name = "demo-key-us-west-2" availability_zone = "us-west-2b" subnet_id = aws_subnet.subnet-2b.id vpc_security_group_ids = [aws_security_group.sg-2.id] tags = { Name = "ec2-2b" } }

4. 建立VPC Peering

   1 2 3 4 5 6 7 8

   resource "aws_vpc_peering_connection" "peer" { vpc_id = aws_vpc.vpc-1.id peer_vpc_id = aws_vpc.vpc-2.id auto_accept = true tags = { "Name" = "peer" } }

後記 : 小提醒

• 記得手動去申請Key Pairs，這裡我使用的是名稱為demo-key-us-west-2的Key Pairs。

參考

https://docs.aws.amazon.com/zh_tw/vpc/latest/userguide/vpc-peering.html