____. ________ ________
| |____ ___.__.\_____ \ \_____ \ ____ ____
| \__ \< | | / / \ \ / | \ / \_/ __ \
/\__| |/ __ \\___ |/ \_/. \ / | \ | \ ___/
\________(____ / ____|\_____\ \_/_____\_______ /___| /\___ >
\/\/ \__>_____/ \/ \/ \/
--=[ PrEsENtZ ]=--
--=[ AwS CLouD NeTWoRkiNg SuiTE 3000 ]=--
--=[ #StayUp ]=--
Centralized Egress Dual Stack Full Mesh Trio Demo
- Compose a Centralized IPv4 Egress and Decentralized IPv6 Egress within a Dual Stack Full Mesh Topology across 3 regions using Tiered VPC-NG (at
v1.0.7
), Centralized Router (atv1.0.6
) and Full Mesh Trio (atv1.0.1
) modules. - Includes an VPC peering examples within a full mesh configuration used high traffic workloads to save on cost using the VPC Peering Deluxe module (at
v1.0.1
). - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate mesh connectivity with Route Anlyzer.
Dual Stack Full Mesh Trio Demo
- Compose a dual stack Full Mesh Transit Gateway across 3 regions using Tiered VPC-NG (at
v1.0.7
), Centralized Router (atv1.0.6
) and Full Mesh Trio (atv1.0.1
) modules. - Includes an VPC peering examples within a full mesh configuration used high traffic workloads to save on cost using the VPC Peering Deluxe module (at
v1.0.1
). - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate connectivity with Route Anlyzer.
Dual Stack Terraform Networking Trifecta Demo
- Compose a dual stack hub and spoke Transit Gateway using Tiered VPC-NG (at
v1.0.7
) and Centralized Router (atv1.0.6
) modules. - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate connectivity with EC2 instances.
Terraform Networking Trifecta Demo
- Compose a hub and spoke Transit Gateway using Tiered VPC-NG (at
v1.0.1
) and Centralized Router (atv1.0.1
) modules. - IPv4 only (no IPAM).
- Validate connectivity with EC2 instances.
- Compose a decentralized hub and spoke Transit Gateway using Tiered VPC-NG (at
v1.0.1
), Centralized Router (atv1.0.1
), and Super Router (atv1.0.0
) modules. - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway across 3 regions using Tiered VPC-NG (at
v1.0.1
), Centralized Router (atv1.0.1
) and Full Mesh Trio (atv1.0.0
) modules. - Includes an VPC peering examples within a full mesh configuration for high traffic workloads to save on cost for intra-region using the VPC Peering Deluxe module (at
v1.0.0
). - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway across 10 regions using Tiered VPC-NG (at
v1.0.1
), Centralized Router (atv1.0.1
) and Mega Mesh (atv1.0.0
) modules. - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- Sometimes I'll blog about ideas at jq1.io.
- All modules are first developed in the terraform-modules repo.
- The most useful modules are published to the Public Terraform Registry.
- All demos include an example of generating security group rules for inter-region and cross-region VPCs for each TGW configuration.
- Intra VPC Security Group Rule (IPv4 only)
- Super Intra VPC Security Group Rules (IPv4 only)
- Full Mesh Intra VPC Security Group Rules (IPv4 only)
- IPv6 Intra VPC Security Group Rule (IPv6 only, for use with dual stack VPCs)
- New IPv6 Full Mesh Intra VPC Security Group Rules (IPv6 only, for use with dual stack VPCs)
- TODO: Mega Mesh Intra VPC Security Group Rules
- The Centralized Router module is an implementation of the AWS Centralized Router concept but without VPN Gateway or Direct Connect, only VPCs.
- Available AZs (a,b,c etc) in a region are different per AWS account (ie. your us-west-2a is not the same AZ as my us-west-2a) so it's possible you'll need to change the AZ letter for a VPC if the provider is saying it's not available for the region.
- There is no overlapping CIDR detection inter-region or cross-region so it's important that the VPC's network and subnet CIDRs are allocated correctly.