SOLVED

Peering between tw vnets accross subscription -- terraform

Brass Contributor

Hello, 

 

 i have two folders, one for connectivity subscription and the second for identity subscription. 

How to configure the peering between the vnet of connectivity and the vnet of identity ? 

 

How to call the  "remote_virtual_network_id" from the other folder of identity ?

 

thanks

 

hamma91_0-1647284852695.png

 

 

2 Replies
best response confirmed by hamma91 (Brass Contributor)
Solution
Hello you need to use aliases like this ( provider version to update) :

In main.tf
provider "azurerm" {
alias = "vnet1"
version = "=2.23.0"
features {}

client_id = var.vnet1_client_id
tenant_id = var.vnet1_tenant_id
client_secret = var.vnet1_client_secret
subscription_id = var.vnet1_subscription_id

}

provider "azurerm" {
alias = "vnet2"
version = "=2.23.0"
features {}

client_id = var.vnet2_client_id
tenant_id = var.vnet2_tenant_id
client_secret = var.vnet2_client_secret
subscription_id = var.vnet2_subscription_id

}

resource "azurerm_virtual_network_peering" "peer-to-vnet1" {
name = "peer-to-${var.vnet1_name}"
resource_group_name = var.vnet2_resource_group_name
virtual_network_name = var.vnet2_name
remote_virtual_network_id = var.vnet1_id
allow_virtual_network_access = var.allow_virtual_network_access_vnet2_to_vnet1
allow_forwarded_traffic = var.allow_forwarded_traffic_vnet2_to_vnet1
allow_gateway_transit = var.allow_gateway_transit_vnet2_to_vnet1
use_remote_gateways = var.use_remote_gateways_vnet2_to_vnet1
provider = azurerm.vnet2
}

resource "azurerm_virtual_network_peering" "peer-to-vnet2" {
name = "peer-to-${var.vnet2_name}"
resource_group_name = var.vnet1_resource_group_name
virtual_network_name = var.vnet1_name
remote_virtual_network_id = var.vnet2_id
allow_virtual_network_access = var.allow_virtual_network_access_vnet1_to_vnet2
allow_forwarded_traffic = var.allow_forwarded_traffic_vnet1_to_vnet2
allow_gateway_transit = var.allow_gateway_transit_vnet1_to_vnet2
use_remote_gateways = var.use_remote_gateways_vnet1_to_vnet2
provider = azurerm.vnet1
}
In variables.tf

#Varibles related to Vnet 2 : spoke

variable "vnet2_resource_group_name" {
type = string
description = "name of the ressource group"
}
variable "vnet2_name" {
type = string
description = "Names of the spoke virtual network"
}
variable "vnet2_id" {
description = "Id of the spoke virtual network"
}
variable "allow_virtual_network_access_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if the VMs in the remote virtual network can access VMs in the local virtual network. default to true."
default = true
}
variable "allow_forwarded_traffic_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if forwarded traffic from VMs in the remote virtual network is allowed. default to false."
default = true
}
variable "allow_gateway_transit_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network."
default = false
}
variable "use_remote_gateways_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to true, and allow_gateway_transit on the remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. default to false."
default = false
}

#variables related to Vnet 1 : hub
variable "vnet1_resource_group_name" {
type = string
description = "name of the ressource group"
}
variable "vnet1_name" {
type = string
description = "Names of the hub virtual network"
}
variable "vnet1_id" {
description = "Id of the spoke virtual network"
}
variable "allow_virtual_network_access_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if the VMs in the remote virtual network can access VMs in the local virtual network. default to true."
default = true
}
variable "allow_forwarded_traffic_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if forwarded traffic from VMs in the remote virtual network is allowed. default to false."
default = true
}
variable "allow_gateway_transit_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network."
default = true
}
variable "use_remote_gateways_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to true, and allow_gateway_transit on the remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. default to false."
default = false
}
variable "vnet2_client_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_tenant_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_client_secret" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_subscription_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet1_client_id" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_tenant_id" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_client_secret" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_subscription_id" {
description = "vnet1 SP creds for provider"
}
1 best response

Accepted Solutions
best response confirmed by hamma91 (Brass Contributor)
Solution
Hello you need to use aliases like this ( provider version to update) :

In main.tf
provider "azurerm" {
alias = "vnet1"
version = "=2.23.0"
features {}

client_id = var.vnet1_client_id
tenant_id = var.vnet1_tenant_id
client_secret = var.vnet1_client_secret
subscription_id = var.vnet1_subscription_id

}

provider "azurerm" {
alias = "vnet2"
version = "=2.23.0"
features {}

client_id = var.vnet2_client_id
tenant_id = var.vnet2_tenant_id
client_secret = var.vnet2_client_secret
subscription_id = var.vnet2_subscription_id

}

resource "azurerm_virtual_network_peering" "peer-to-vnet1" {
name = "peer-to-${var.vnet1_name}"
resource_group_name = var.vnet2_resource_group_name
virtual_network_name = var.vnet2_name
remote_virtual_network_id = var.vnet1_id
allow_virtual_network_access = var.allow_virtual_network_access_vnet2_to_vnet1
allow_forwarded_traffic = var.allow_forwarded_traffic_vnet2_to_vnet1
allow_gateway_transit = var.allow_gateway_transit_vnet2_to_vnet1
use_remote_gateways = var.use_remote_gateways_vnet2_to_vnet1
provider = azurerm.vnet2
}

resource "azurerm_virtual_network_peering" "peer-to-vnet2" {
name = "peer-to-${var.vnet2_name}"
resource_group_name = var.vnet1_resource_group_name
virtual_network_name = var.vnet1_name
remote_virtual_network_id = var.vnet2_id
allow_virtual_network_access = var.allow_virtual_network_access_vnet1_to_vnet2
allow_forwarded_traffic = var.allow_forwarded_traffic_vnet1_to_vnet2
allow_gateway_transit = var.allow_gateway_transit_vnet1_to_vnet2
use_remote_gateways = var.use_remote_gateways_vnet1_to_vnet2
provider = azurerm.vnet1
}
In variables.tf

#Varibles related to Vnet 2 : spoke

variable "vnet2_resource_group_name" {
type = string
description = "name of the ressource group"
}
variable "vnet2_name" {
type = string
description = "Names of the spoke virtual network"
}
variable "vnet2_id" {
description = "Id of the spoke virtual network"
}
variable "allow_virtual_network_access_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if the VMs in the remote virtual network can access VMs in the local virtual network. default to true."
default = true
}
variable "allow_forwarded_traffic_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if forwarded traffic from VMs in the remote virtual network is allowed. default to false."
default = true
}
variable "allow_gateway_transit_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network."
default = false
}
variable "use_remote_gateways_vnet2_to_vnet1" {
type = bool
description = "(Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to true, and allow_gateway_transit on the remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. default to false."
default = false
}

#variables related to Vnet 1 : hub
variable "vnet1_resource_group_name" {
type = string
description = "name of the ressource group"
}
variable "vnet1_name" {
type = string
description = "Names of the hub virtual network"
}
variable "vnet1_id" {
description = "Id of the spoke virtual network"
}
variable "allow_virtual_network_access_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if the VMs in the remote virtual network can access VMs in the local virtual network. default to true."
default = true
}
variable "allow_forwarded_traffic_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if forwarded traffic from VMs in the remote virtual network is allowed. default to false."
default = true
}
variable "allow_gateway_transit_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network."
default = true
}
variable "use_remote_gateways_vnet1_to_vnet2" {
type = bool
description = "(Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to true, and allow_gateway_transit on the remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. default to false."
default = false
}
variable "vnet2_client_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_tenant_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_client_secret" {
description = "vnet2 SP creds for provider"
}
variable "vnet2_subscription_id" {
description = "vnet2 SP creds for provider"
}
variable "vnet1_client_id" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_tenant_id" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_client_secret" {
description = "vnet1 SP creds for provider"
}
variable "vnet1_subscription_id" {
description = "vnet1 SP creds for provider"
}

View solution in original post