DEV Community

Cover image for How to create a VPC Peering connection?
Hermann ESSOH
Hermann ESSOH

Posted on

How to create a VPC Peering connection?

Table of content


Introduction

VPC Peering can be defined as the concept of bringing two VPCs together, allowing instances running into each of them to communicate, share resources, and collaborate as if they're all in the same network. From the definition above, there's no need to explain why VPC peering is important (I'll rather let you discover how important it is in the guide if you've not pictured it yet 😁). The diagram below represents the architecture of the peering connection we'll be implementing during this project. So, without any further ado, let's get started
Image description


Prerequisites

All you need is a good knowledge of the AWS Management Console to easily navigate through it.


VPCs Creation

Step 1: Log into your AWS console then access the VPC dashboard. Next, click Your VPCs on the panel on your left.
Image 1

Step 2: As we'll have to create two different VPCs, this step will be done twice but with different names and IP ranges for each VPC.
1st VPC: testing-vpc-1 --- IPv4 CIDR: 11.0.0.0/16
2nd VPC: testing-vpc-2 --- IPv4 CIDR: 10.0.0.0/16
Click create VPC then enter the VPC's pieces of information accordingly. When everything is set, hit create VPC
Image description
Image description
Image description
Image description


Route tables creation

After creating our VPCs we need to create Route tables so that they will route traffic to our subnets.
Step 1: Let's go back to the VPC dashboard click on "Route table" on the left side of the panel and click on "Create route table"
Image description

Step 2: Fill in the blank space with the information related to the route table and select the VPC to which it'll be associated. When it's done hit the "Create route table" button
Image description

Step 3: Repeat the steps above to create the second Route table for testing-vpc-2
Image description


Subnets Creation

Step 1: Still on the VPC dashboard, click on subnets on the left panel and click on create subnet
Image description

Step 2:Choose the vpc for private subnet 1 and enter the name of the subnet
Image description

Step 3: Choose the availability zone and enter the IPV4 CIDR block 11.0.1.0/24 for the subnet we're creating. click on "create subnet" and our public-subnet-vpc-1 is created
Image description
Image description
⛔️Repeat the same steps to create the private-subnet-vpc-2 with IPV4 CIDR Block 10.0.1.0/24
Image description


Route tables and subnets association

We attach a route table to our subnet to allow communication in the network.
Step 1: Go back to the VPC dashboard. From there select route table on the left panel and click on test-rt-vpc-1 route table ID
Image description

Step 2: Select "subnet associations" and click on "edit subnet associations"
Image description

Step 3: Click on the checkbox to select public-subnet-vpc-1 as the subnet to associate with test-rt-vpc-1 and validate on "save associations". You'll have the message in the green box confirming the association
Image description
Image description
⛔️Repeat the same steps to associate private-subnet-vpc-2 to test-rt-vpc-2


Grant Internet access to Route tables using IGW

Step 1: Under the VPC section, click on "Internet gateways" and click on "Create Internet gateway"
Image description

Step 2: Enter the name of the IGW related to vpc 1 and hit the "Create Internet Gateway" button
Image description

Step 3: You'll receive a notification in the green box stating the Internet Gateway was created but you need to attach it to your VPC. Click on "Attach to a VPC"
Image description

Step 4: Click the dropdown, select VPC 1, and click on "Attach Internet Gateway". You'll receive a notification in a green box confirming what you've just succeded in doing.
Image description
Image description
⛔️Follow the same steps to create test-igw-vpc-2 and attach it to VPC 2

Step 5: Let's create a route for the Internet using the Internet Gateway to allow access from the Internet in testing-subnet-vpc-1.
Still, on the VPC dashboard, click on "Route tables", select test-rt-vpc-1 by checking the box, and click on "Routes"
Image description

Step 6: Click on "Add route", and select 0.0.0.0/0 (access from anywhere) as we want our resource to be accessible from the Internet. Next, select the dropdown, choose "Internet gateway" among the options, and pick up the Internet Gateway attached to VPC 1. When it's done, click on Save changes
Image description
Image description
Image description
⛔️Repeat the same steps to grant Internet access to the resources in testing-subnet-vpc-2


EC2 instances provision in VPCs

Step 1: Type in the search box EC2 to quickly search the service and click on the outcome to access its dashboard. On the left panel of the EC2 dashboard, click "Instances" and hit the "Launch Instance" button at the top right of the screen
Image description

Step 2: Type in the first blank space the Instance name, select the AMI on which our Instance will be running, and the Instance type
Type in the Instance name
Select the AMI
Specify the Instance type

Step 3: Create a keypair to securely connect to the instance. Under the Key pair section, Click "Create new key pair"
Image description

Then enter the Key pair details: name, type, format, and hit "Create key pair". It'll be automatically downloaded into your default directory. make sure to move/copy it into the directory you'll ssh from.
Image description

Step 4: Edit the network settings. Aside from network settings, there's an edit button you should click on to specify the network configurations for vpc-1-ec2-instance
Image description

Select Testing-vpc-1 as the network the Instance will be running under, pick up Public-subnet-vpc-1, select enable under the "Auto-assign public IP, check "Create security group" checkbox and leave the name and description as default.
Image description

Under the "Inbound security group rules" section, leave the first rule as SSH on port 22 and select the source type as anywhere to allow secure remote access from anywhere to the instance. Then, click on "Add a security group rule"
Image description

Also, allow HTTP on port 80 from anywhere to authorize traffic from the Internet to reach the instance.
Image description

Step 5: Create Instance. Leave other settings as default and under user data, enter the script below to directly update the server, install Apache2, and restart the server when booting the Instance. Then launch the Instance.

#!/bin/bash
yes | sudo apt update
yes | sudo apt install apache2
echo "<h1>Server Details</h1><p><strong>Hostname:</strong> $(hostname)</p><p><strong>IP Address:</strong> $/hostname -I | cut -d" "-f1)</p>" >
var/www/html/index.html
sudo systemctl restart apache2
Enter fullscreen mode Exit fullscreen mode

Image description

Step 6: Connect to the instance for testing purposes. Click on the Instance ID of our newly created Instance and click on open address
Image description
Image description

Here's the display that shows us our Instance is up and running. It's the default Apache page, it can be changed to display the content we want but because I don't want this article lengthier than it is already, we'll leave it like that. I may write another article to show you how to go about that.
Image description

⛔️ Repeat the steps to create vpc-2-ec2-instance and connect to it.
Image description


Setting up the VPC Peering connection

Step 1: Access back the vpc dashboard. At the left side of the screen, click peering connections then hit the create peering connection at the top right side of the screen.
Image description

Step 2: Enter the peering connection's name and select Testing-vpc-1 as the requester, enter its CIDR (11.0.0.0/16) in the next box and select "my account" as the second vpc we'll be peering this with is still in our account.
💡An Inter-region VPC peering connection is when the peered VPCs are in two different regions
Image description

Step 3: Select "this region (us-east-1)" (it may be different from your side if you created your VPCs in a different region), select Testing-vpc-2 as the accepter vpc, enter its CIDR (10.0.0.0/16) and click on "create peering connection"
Image description

Step 4: After creating a peering connection, a request is sent by the requester vpc to the accepter vpc. this later has to approve or accept the connection to establish the peering connection. To do so, click on the dropdown aside action and select "accept request"
Image description
Image description

Step 5: Verify the requester and accepter and click on accept request.
Image description

Step 6: Our vpc peering connection is successfully established. Now let's update our route tables for a vpc peering connection. To do so, click on modify my route tables now
Image description


Modify or update your route tables for a VPC peering connection

Step 1: Access test-rt-vpc-1 by clicking on its ID then click on "edit routes"
Image description

Step 2: Click on add route and copy testing-rt-vpc-2 IPV4 CIDR in the clipboard.
Image description
Image description

Paste the copied IPV4 CIDR as the destination of our route table testing-rt-vpc-1, click on the dropdown under target, select "peering connection", choose the created peering connection then save all changes.
Image description

We've successfully added a new route to the "testing-rt-vpc-1" route table.
Image description

⛔️ Replicate the steps above to add a new route to the "testing-rt-vpc-2" route table as well.


Testing

Step 1: Change permissions
a- Open your terminal and check the availability of your keys by entering this command: Ls -lart.
Ensure you're in the same directory in which you stored your key pairs. If you are not, change your directory with the cd command
b- Change the permission for both Instances to give the read (r) only permission. Enter the command :
chmod 400 vpc-1-ec2-keypair.pem
chmod 400 vpc-2-ec2-keypair.pem
c- Check permissions once again with Ls -lart. You'll notice there's no more "write (w)" permission for both key pairs.
Image description

Step 2: SSH into both created instances
SSH into vpc-1-ec2-Instance. Enter the command:
ssh -i "vpc-1-ec2-keypair.pem" ubuntu@44.192.57.248 press enter on the keyboard and answer yes to the following question. And there it goes, you've successfully SSH into your vpc-1-ec2-instance.
Image description

⛔️ Replicate this step 2 to SSH into vpc-2-ec2-instance
Image description
Image description

I split my terminal and you'll notice that we're successfully connected to both ec2 Instances.
Image description

Step 3: Curl from each instance
⚠️ Unexpectedly, I had to terminate my ec2 instances and create new ones. You'll notice the public IP addresses in this screenshot are different from the ones above, don't mind that.

Now, let's access vpc-2-ec2-instance from vpc-1-ec2-instance and vice versa. To do so, we use the curl command followed by the private IP address of the instance we want to access.
Image description
Image description

As we're able to access one instance from the other, it simply means that the vpc peering connection has been successfully established ✅.


Conclusion

A VPC peering connection is of the greatest importance in today's digital world when it comes to creating private and secure communication between entities such as companies, branch offices of the same company, business units, or departments for an effective workflow. It's helpful as well for businesses looking to scale, allowing them to share resources, to collaborate with partners across the globe while maintaining the security and performance of their network, and to coordinate a wide project between two or more separate branches in different countries, and cities. So, by creating a peering connection we contribute to preventing delays and failures of projects and building robust cloud infrastructure.


Resources

  1. What's VPC peering connection ?

  2. AWS VPC peering connection tutorial

Top comments (0)