Introduction
VPC peering across two AWS regions is a network connection that allows Virtual Private Clouds (VPCs) in different geographic locations to communicate securely and directly with each other, enabling seamless data transfer and resource access while maintaining the isolation and security of each VPC. This inter-region connectivity facilitates distributed application architectures, disaster recovery setups, and data replication scenarios, enhancing the versatility and global reach of AWS infrastructure for businesses and organizations.
Scenario
You have two Amazon VPCs, one located in the US East (N. Virginia) region (us-east-1) and the other in the Asia Pacific (Mumbai) region (ap-south-1). You need to establish VPC peering between these two regions to allow secure communication between resources in these VPCs while keeping them logically isolated.
Solution
To achieve VPC peering across regions, first, create the necessary VPCs in each region, ensuring they have unique CIDR blocks. Next, create VPC peering connections in both regions, accepting the peer requests. Update the route tables in each VPC to include routes for the peer VPC's CIDR block, pointing to the peering connection. Finally, configure security groups and network ACLs to allow the required traffic between the peered VPCs. This setup enables seamless and secure communication between resources in the US East and Asia Pacific South regions while maintaining network isolation.
Step-by-Step Guide:
Step 1: Create a VPC in the Asia Pacific (Mumbai) region (ap-south-1)
- If you don't already have a VPC, you can create one by clicking "Your VPCs" in the VPC Dashboard.
- Click the "Create VPC" button.
- Fill in the VPC details, only the name, and leave the other setting as default. As, it will automatically create Subnets, Route Tables, and Internet Gateway.
- Click "Create VPC."
Step 2: Launching a Windows EC2 Instance
- Click the "Launch Instance" button.
- Select an "Amazon Linux Server" AMI based on your requirements.
- For instance, type, set as "t2.micro" is a free tier eligible.
- If you already have an EC2 "key pair", select it.
- If not, create a "new key pair". You'll use this key pair to securely connect to your Windows EC2 instance.
- "Save the file" on your local device. Make sure it is safe.
- Automatically "assigned public IP" should be "Enabled" for Private Subnet and vice-versa.
- Create a "new security group" or select an "existing one".
- Define rules to allow ALL ICMP (IPv4) and SSH (443) traffic for a web server.
- Click "Launch" to proceed.
Repeat the above two steps in the US-East (N. Virginia) region us-east-1
Step 3: Create a VPC Peering Connection
- In the VPC Dashboard, click on "Peering Connections" in the left sidebar.
- Click on the "Create Peering Connection" button.
- Fill in the details for the peering connection, including a name, your VPC ID (in the current region), and the peer VPC ID (in the other region).
- Repeat this step in the other region to create a peering connection from the second VPC to the first VPC.
Step 4: Accept the Peering Connection
- After you've created the peering connections in both regions, you'll need to accept the peering request.
- In the VPC Dashboard, select "Peering Connections."
- Find the pending peering request, select it, and click "Actions" -> "Accept Request" in both regions.
Step 5: Update Route Tables
- To allow traffic to flow between the peered VPCs, you need to update the route tables.
- In each VPC's route table, add a route to the CIDR block of the other VPC, pointing to the peering connection. This enables traffic to be routed through the peering connection.
- Navigate to the "Route Tables" in the VPC Dashboard, select the route table associated with your VPC, and add a route.
Step 6: Connect to the EC2 Instance
- Open a terminal or command prompt on your local machine.
- Navigate to the directory where your private key (.pem) file is located.
- Use the chmod command to change the permissions of the private key file to be secure: “chmod 400 your-key.pem”
- Connect to your EC2 instance using SSH, replacing your-key.pem with the actual key file and your-instance-public-IP with your EC2 instance's public IP address: “ssh -i your-key.pem ec2-user@your-instance-public-ip”
- If you see a message asking if you want to continue connecting, type "yes" and press Enter.
- You are now connected to your EC2 instance via SSH. You should see the command prompt for your instance in your terminal.
Step 7: Ping the Peered VPC
- Once connected to your EC2 instance, use the ping command to ping an EC2 instance or resource in the peered VPC.
- Replace peer-instance-private-ip with the private IP address of the resource you want to ping in the other VPC: “ping peer-instance-private-ip”
Congratulations! Your VPC peering connection is now established, unlocking seamless communication between your AWS Virtual Private Clouds. Enjoy enhanced network connectivity and flexibility in your AWS architecture.
Conclusion
In conclusion, creating a VPC peering connection across two AWS regions enables secure and efficient communication between separate VPCs in different geographic locations, fostering a global network environment. By following a few straightforward steps, you can seamlessly bridge these regions, allowing resources to interact as if they were on a single network while maintaining isolation and control, enhancing the versatility and scalability of your AWS infrastructure.
Top comments (2)
thank you. helpful. So do you end up with two peer connections, one initiated from each VPC?
If so, in the routing tables, which peer connection do you point to, the one you initiated or the one you accepted?
You have to allow both sides of the route table with their respective peering connections.