Next-Gen Transit Network

Network as Code

Aviatrix offers the ability to bring networking functions into the Infrastructure-as-Code paradigm. Aviatrix provides terraform resources that allow you to deploy and operate secure connectivity just as easily as you’d deploy and operate compute resources in the public clouds.

  • Aviatrix supports network as code. There are many ways you can leverage Aviatrix for cloud network automation: Terraform provider, Python SDK, REST APIs etc.
  • Aviatrix terraform provider and python SDK provides use-case driven constructs. So, you can orchestrate architectural changes, connectivity and security policies at scale. These constructs are not available natively from Cloud providers like AWS and Azure.
  • Aviatrix controller provides an integrated environment that allows you to build, visualize, make changes and troubleshooting your cloud networking.

Code Examples


To create Egress Security NAT Gateway

# Create Aviatrix AWS gateway for Egress Filtering

# account_name - Aviatrix account name to launch GW with.
# gw_name - Name for the gateway.
# enale_nat - Allows gateway to inspect internet egress traffic.
# vpc_id - AWS VPC ID.
# vpc_reg - AWS VPC region.
# vpc_size - Gateway instance size
# vpc_net - VPC subnet CIDR where you want to launch GW instance

resource "aviatrix_gateway" "test_gateway1" {
  cloud_type = 1 #AWS
  account_name = "devops"
  gw_name = "avtxgw1"
  vpc_id = "vpc-abcdef"
  vpc_reg = "us-west-1"
  enable_nat = “yes”
  vpc_size = "t2.micro"
  vpc_net = "10.0.0.0/24"
  tag_list = ["k1:v1","k2:v2"]
}

To create AWS TGW and attach VPCs to Aviatrix security domains

# Create AWS TGW with Security Domains
# and Propagate Routes to Spoke VPCs
resource "aviatrix_aws_tgw" "test_aws_tgw" {
  tgw_name = "testAWSTgw"
  account_name = "devops"
  region = "us-east-1"
  aws_side_as_number = "64512"
  attached_aviatrix_transit_gateway = ["avxtransitgw", "avxtransitgw2"]
  security_domains = [
  {
    security_domain_name = "Shared_Service_Domain"
    connected_domains = ["Aviatrix_Edge_Domain", Default_Domain"]
    attached_vpc = []
  },
  {
    security_domain_name = “Production”
    connected_domains = ["Aviatrix_Edge_Domain"]
    attached_vpc = [
                    {
                      vpc_region = "us-east-1"
                      vpc_account_name = "devops1"
                      vpc_id = "vpc-0e2fac2b91"
                    },
                    {
                      vpc_region = "us-east-1"
                      vpc_account_name = "devops1"
                      vpc_id = "vpc-0c63660a16"
                    },
                    {
                      vpc_region = "us-east-1"
                      vpc_account_name = "devops2"
                      vpc_id = "vpc-032005cc37"
                    },
                    ]
  },
  {
    security_domain_name = “Test”
    connected_domains = []
    attached_vpc = [
                    {
                      vpc_region = "us-east-1"
                      vpc_account_name = "devops"
                      vpc_id = "vpc-032005cc371"
                    },
                    ]
  },
  ]
}

To add new user to Aviatrix UserVPN Gateway

# Add User to Aviatrix User VPN Gateway
resource "aviatrix_vpn_user" "test_vpn_user" {
  vpc_id = "vpc-abcd1234"
  gw_name = "gw1"
  user_name = "username1"
  user_email = "user@aviatrix.com"
}

When to use terraform for cloud networking?

  • If you are currently using terraform as a automation platform for public clouds.
  • If you want to practice infrastructure as code for automation and version control of your cloud infrastructure.

Support available

Aviatrix terraform provider is fully supported by the Aviatrix Support team. If you have questions on how to get started, then goto https://docs.aviatrix.com/HowTos/aviatrix_terraform.html

If you are stuck, you can reach out to support@aviatrix.com

Why Aviatrix Terraform Provider?

Aviatrix Terraform provider gives you use-case driven modules that you can easily create and modify based on requirements. For example:

  1. AWS Transit Gateway Route Propagation
  2. AWS Transit Gateway Security Domains and VPC isolation
  3. Build and manage domain-name based egress control
  4. Build and manage transit DMZ by bringing your own firewall to the cloud.
  5. Azure Transit Hub Gateway
  6. Cross-Cloud Encrypted Peering Gateways
  7. Site to Cloud VPN Gateways (with IP overlap handling)
  8. VPC Egress Filtering Gateways (based on Domain Names)
  9. Layer 4 Firewall Policies
  10. User VPN Gateways
  11. VPN Users and MFA configurations
  12. Bring-your-own-Firewall (DMZ) Orchestration

Sample Cloud Environment Build Workflow



Sample Cloud Maintenance Workflow