To test inter-VPC routing via Transit Gateway, validating a third party router/firewall in a VPC that is accessible from another without the need for a Transit VPC.
- 2x
aws_vpc- For testing routing across the Transit Gateway - 2x
aws_internet_gateway- To give internet access to and from the EC2 instances - 2x
aws_eip- Public IPs for SSH - 2x
aws_subnet- One public subnet per VPC for the EC2 instances and VPC attachments - 2x
aws_security_group- Allow SSH in from my IP, and anything out to the internet or other VPCs, and allow any traffic between the subnets. - 1x
tls_private_key- To generate a key pair for the EC2 instances - 1x
local_file- For saving the generated SSH private key - 2x
aws_instance- EC2 instances for generating traffic and capturing. - 2x
aws_route_table- To direct traffic out the IGW, or over the TGW. This includes 3 routes each. - 2x
aws_route_table_association- Bind the subnets to predefined route tables - 1x
aws_ec2_transit_gateway- For transit between VPCs - 2x
aws_ec2_transit_gateway_vpc_attachment- To bind the TGW with the VPCs - 1x
aws_ec2_transit_gateway_route_table- To direct traffic between the VPCs - 3x
aws_ec2_transit_gateway_route- For routes to either VPC, or the test prefix - 2x
aws_ec2_transit_gateway_route_table_association- To bind the route table with the Transit Gateway
Assuming correct routes between each VPC via the Transit Gateway:
- Ping from one host to the other, and see the traffic using TCPdump
- Ping some other address (subnet outside of VPC ranges, that are added to the routing table), and ping to that, and seeing the traffic reach the other EC2 instance (pretending to be the gateway for that subnet)
chmod 600 instance.pemssh -i instance.pem ec2-user@$(terraform output instance_a_ip)ssh -i instance.pem ec2-user@$(terraform output instance_b_ip)