- Notifications
You must be signed in to change notification settings - Fork2
AwS CLouD NeTWoRkiNg SuiTE 3000
License
NotificationsYou must be signed in to change notification settings
JudeQuintana/terraform-main
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
____. ________ ________ | |____ ___.__.\_____ \ \_____ \ ____ ____ | \__ \< | | / / \ \ / | \ / \_/ __ \/\__| |/ __ \\___ |/ \_/. \ / | \ | \ ___/\________(____ / ____|\_____\ \_/_____\_______ /___| /\___ > \/\/ \__>_____/ \/ \/ \/--=[ PrEsENtZ ]=----=[ AwS CLouD NeTWoRkiNg SuiTE 3000 ]=----=[ Build and scale cloud network topologies from base components in AWS and Terraform ]=----=[ #StayUp ]=--Centralized Egress Dual Stack Full Mesh Trio Demo
- Compose a Centralized IPv4 Egress and Decentralized IPv6 Egress within a Dual Stack Full Mesh Topology across 3 regions usingTiered VPC-NG (at
v1.0.7),Centralized Router (atv1.0.6) andFull Mesh Trio (atv1.0.1) modules. - Includes an VPC peering examples within a full mesh configuration used for high traffic workloads to save on cost using theVPC Peering Deluxe module (at
v1.0.1). - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate connectivity with Route Analyzer.
Dual Stack Full Mesh Trio Demo
- Compose a dual stack Full Mesh Transit Gateway across 3 regions usingTiered VPC-NG (at
v1.0.7),Centralized Router (atv1.0.6) andFull Mesh Trio (atv1.0.1) modules. - Includes an VPC peering examples within a full mesh configuration used for high traffic workloads to save on cost using theVPC Peering Deluxe module (at
v1.0.1). - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate connectivity with Route Analyzer.
Dual Stack Terraform Networking Trifecta Demo
- Compose a dual stack hub and spoke Transit Gateway usingTiered VPC-NG (at
v1.0.7) andCentralized Router (atv1.0.6) modules. - Requires IPAM Pools for IPv4 and IPv6 cidrs.
- Validate connectivity with EC2 instances.
Terraform Networking Trifecta Demo
- Compose a hub and spoke Transit Gateway usingTiered VPC-NG (at
v1.0.1) andCentralized Router (atv1.0.1) modules. - IPv4 only (no IPAM).
- Validate connectivity with EC2 instances.
- Compose a decentralized hub and spoke Transit Gateway usingTiered VPC-NG (at
v1.0.1),Centralized Router (atv1.0.1), andSuper Router (atv1.0.0) modules. - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway across 3 regions usingTiered VPC-NG (at
v1.0.1),Centralized Router (atv1.0.1) andFull Mesh Trio (atv1.0.0) modules. - Includes an VPC peering examples within a full mesh configuration for high traffic workloads to save on cost for intra-region using theVPC Peering Deluxe module (at
v1.0.0). - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- Compose a Full Mesh Transit Gateway across 10 regions usingTiered VPC-NG (at
v1.0.1),Centralized Router (atv1.0.1) andMega Mesh (atv1.0.0) modules. - IPv4 only (no IPAM).
- Validate connectivity with AWS Route Analyzer.
- IPv4 Subnet Calculator
- IPv6 Subnet Calculator
brew install ipcalc
- Sometimes I'll blog about ideas atjq1.io.
- All modules are first developed in theterraform-modules repo.
- The most useful modules arepublished to the Public Terraform Registry.
- All demos include an example of generating security group rules for intra-region and cross-region VPCs for each TGW configuration.
- Intra VPC Security Group Rule (IPv4 only)
- Super Intra VPC Security Group Rules (IPv4 only)
- Full Mesh Intra VPC Security Group Rules (IPv4 only)
- IPv6 Intra VPC Security Group Rule (IPv6 only, for use with dual stack VPCs)
- NewIPv6 Full Mesh Intra VPC Security Group Rules (IPv6 only, for use with dual stack VPCs)
- TODO: Mega Mesh Intra VPC Security Group Rules
- The Centralized Router module is an implementation of both
AWS Centralized RouterandCentralized outbound routing to the internetconcepts and but without VPN Gateway or Direct Connect, only VPCs. - Available AZs (a,b,c etc) in a region are different per AWS account (ie. your us-west-2a is not the same AZ as my us-west-2a)so it's possible you'll need to change the AZ letter for a VPC if the provider is saying it's not available for the region.
- There is no overlapping CIDR detection intra-region or cross-region so it's important that the VPC's network and subnet CIDRs are allocated correctly.