This repository contains an AWS Cloudformation template for a VPC that can peer with the AWS shared services VPC.
Note that because the shared services VPC is in the us-east-2 (Ohio) region, then if you intend to actually peer your VPC with the shared services VPC, you must also launch into us-east-2. If you don't intend to peer and are just using this template as an easy way to create a standard VPC, then you can launch in any region.
Also note that if you intend to peer this VPC, then the CIDR range you specify when creating the stack must be one assigned by TNS. If you do not intend to peer then you can use any private subnet range.
The CIDRRange parameter should look like e.g. 10.28.100.0/24.
The stack will create a VPC containing two private and two public subnets, each a /27 subnet.
To launch this stack you can use the following command:
aws cloudformation create-stack --stack-name my-vpc-stack --region us-east-2 --template-body file://vpc.yaml --parameters ParameterKey=CIDRRange,ParameterValue=<CIDRRANGE> --tags Key=Environment,Value=<ENVIRONMENT> Key=Application,Value=PeeredVPC Key=Owner,Value=<OWNER>
Replacing the CIDRRANGE, ENVIRONMENT, and OWNER place holders with
appropriate values (and using a different stack name if desired).
Once the peering connection has been initiated and approved, a route needs to be added to the VPC's default public route table from this VPC to the peered VPC. To do this, a second cloudformation template is included which can be created as a stack which creates this route.
You will need the output name of the public routing table from the VPC stack (look for the output with the key "RouteTablePublic" from the VPC stack). In the example above, the output would be "my-vpc-stack-RouteTablePublic". You will also need the peering connection ID (which you can see in the Peering Connections section of the VPC console, and the subnet of the peered VPC (this defaults to 10.28.129.0/24).
You can launch this stack with this command:
aws cloudformation create-stack --stack-name peered-vpc-route --region us-east-2 --template-body file://route-table-update.yaml --parameters ParameterKey=RouteTable,ParameterValue=<ROUTE_TABLE_EXPORT> ParameterKey=PeeringConnectionId,ParameterValue=<PEERING_CONNECTION_ID> ParameterKey=PeerSubnet,ParameterValue=<PEERED_SUBNET_CIDR>
Replacing the ROUTE_TABLE_EXPORT, PEERING_CONNECTION_ID, and
PEERED_SUBNET_CIDR placeholders with appropriate values.
A route from the peered VPC to this VPC will need to be added to the peered VPC's route table as well.