How to Create a Site-to-Site VPN in Terraform


To create a site-to-site VPN using Terraform, you can use the aws_vpn_gateway and aws_vpn_connection resources from the AWS provider. Here’s an example Terraform configuration to create a site-to-site VPN:

resource "aws_vpn_gateway" "vpn_gateway" {
  vpc_id       = "<VPC_ID>"
  tags = {
    Name = "SiteToSiteVPN"
  }
}

resource "aws_vpn_connection" "vpn_connection" {
  customer_gateway_id = "<CUSTOMER_GATEWAY_ID>"
  vpn_gateway_id     = aws_vpn_gateway.vpn_gateway.id
  type               = "ipsec.1"
  static_routes_only = true

  tags = {
    Name = "SiteToSiteVPNConnection"
  }
}

resource "aws_vpn_connection_route" "vpn_connection_route" {
  destination_cidr_block = "<DESTINATION_CIDR_BLOCK>"
  vpn_connection_id     = aws_vpn_connection.vpn_connection.id
}

In the above Terraform configuration, you need to replace <VPC_ID> with the ID of the VPC where the VPN gateway will be attached, <CUSTOMER_GATEWAY_ID> with the ID of the customer gateway representing the remote site, and <DESTINATION_CIDR_BLOCK> with the CIDR block of the remote network you want to connect to.

This configuration creates a VPN gateway (aws_vpn_gateway), a VPN connection (aws_vpn_connection), and a VPN connection route (aws_vpn_connection_route). The VPN gateway is attached to the specified VPC, and the VPN connection is associated with the customer gateway and the VPN gateway. The VPN connection route specifies the destination CIDR block that should be routed through the VPN connection.

Once you have the Terraform configuration ready, you can initialize the Terraform project, plan the infrastructure changes, and apply them using the Terraform CLI. The VPN resources will be provisioned based on the configuration provided.