Terraform - Authorizing Security Groups between VPC Peering Connection

Question

I'm working with AWS, where I have two VPC, say VPC-A and VPC-B and I have VPC peering between the two VPCs. I want tp allow traffic from VPC-B's SecurityGroup to VPC-A's SecurityGroup, I did this with the following call

 security_group_a.authorize_ingress(

          ip_permissions: [

            {

              from_port: "-1",

              ip_protocol: "-1",

              to_port: "-1",

              user_id_group_pairs: [

                {

                  description: "Accept all traffic from SecurityGroupB",

                  group_id: security_group_b.id,

                  vpc_id: vpc_b.id,

                  vpc_peering_connection_id: peering_connection_id,

                },

              ],

            },

          ]

        )

When I try to put the Security group B in the ingress of Security Group A, I'm getting an error:

Error: Error authorizing security group rule type ingress: InvalidGroup.NotFound: You have specified two resources that belong to different networks

What am I doing wrong? Any suggestion?

Answer 1

Security group rule can reference security groups in peered VPCs if these following conditions are met:

• The VPCs must be in the same region.
• The peering connection should be in the active state.
• If the peered VPC is in another account, then the reference should include the account number as a prefix.

You can look at the below example of how Terraform resource would look:

resource "aws_security_group_rule" "example" {

  type                     = "ingress"

  from_port                = 0

  to_port                  = 65535

  protocol                 = "tcp"

  security_group_id        = "sg-123456"

  source_security_group_id = "sg-789012"

}

Do Check out the AWS Certification Course offered by Intellipaat.