VPC CIDRS for cross-region peering
_This message was extracted from a discussion that originally took place in Gruntwork Community Slack. Names and URLs have been removed where appropriate_ **From a customer** Picking through our new reference architecture deployment, I have a strategic question about VPC CIDRs related to cross-region peering: the `app_vpc_cidrs` variable in `common.hcl` is not region-aware so if we add a new regions to an env, each `app` VPC will have the same CIDR - so we can't cross-region-peer them. How have others handled this in the reference architecture? I guess we could change: ``` app_vpc_cidrs = { development = "10.0.0.0/16" production = "10.4.0.0/16" staging = "10.2.0.0/16" } ``` to ``` app_vpc_cidrs = { "eu-central-1" = { development = "10.0.0.0/16" staging = "10.2.0.0/16" production = "10.4.0.0/16" } "eu-north-1" = { development = "10.1.0.0/16" staging = "10.3.0.0/16" production = "10.5.0.0/16" } } ``` and update all the Terragrunt code accordingly, but would that send us down a bad path of messing too deeply with the base of the reference architecture?
**From a grunt** Hey, Adam! So I’ve actually asked for some help from our subject matter experts on the Ref Arch & here’s the answer: - You can nest the structure of `app_vpc_cidrs` to include the region, and then update the references to inject the region accordingly. - You can change the `common.hcl` in whatever shape works for you! Here’s the example steps: 1) Update `app_vpc_cidrs` to look like the following: ``` app_vpc_cidrs = { dev = { "us-east-1" = "10.0.0.0/16" "us-west-1" = "10.1.0.0/16" } stage = { "us-east-1" = "10.2.0.0/16" "us-west-1" = "10.3.0.0/16" } } ``` 2) Update the reference to `app_vpc_cidrs`` to include the region. E.g., dev currently references the block like the following: ``` cidr_block = local.common_vars.locals.app_vpc_cidrs[local.account_name] ``` (see https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/master/examples/for-production/infrastructure-live/dev/us-west-2/dev/networking/vpc/terragrunt.hcl#L49) This should be updated to: ``` cidr_block = local.common_vars.locals.app_vpc_cidrs[local.account_name][local.aws_region] ``` make sure that you’re not missing any references as well (e.g. `grep` to see what the references there are to `app_vpc_cidrs`