Table of content
- Introduction
- Prerequisites
- VPCs Creation
- Route tables creation
- Subnets Creation
- Route tables and subnets association
- Grant Internet access to route tables
- Provision VPCs with EC2 Instances
- Set up the VPC peering connection
- Update the route tables
- Testing the peering connection
- Conclusion
- Resources
Introduction
VPC Peering can be defined as the concept of bringing two VPCs together, allowing instances running into each of them to communicate, share resources, and collaborate as if they're all in the same network. From the definition above, there's no need to explain why VPC peering is important (I'll rather let you discover how important it is in the guide if you've not pictured it yet 😁). The diagram below represents the architecture of the peering connection we'll be implementing during this project. So, without any further ado, let's get started
Prerequisites
All you need is a good knowledge of the AWS Management Console to easily navigate through it.
VPCs Creation
Step 1: Log into your AWS console then access the VPC dashboard. Next, click Your VPCs on the panel on your left.
Step 2: As we'll have to create two different VPCs, this step will be done twice but with different names and IP ranges for each VPC.
1st VPC: testing-vpc-1 --- IPv4 CIDR: 11.0.0.0/16
2nd VPC: testing-vpc-2 --- IPv4 CIDR: 10.0.0.0/16
Click create VPC then enter the VPC's pieces of information accordingly. When everything is set, hit create VPC
Route tables creation
After creating our VPCs we need to create Route tables so that they will route traffic to our subnets.
Step 1: Let's go back to the VPC dashboard click on "Route table" on the left side of the panel and click on "Create route table"
Step 2: Fill in the blank space with the information related to the route table and select the VPC to which it'll be associated. When it's done hit the "Create route table" button
Step 3: Repeat the steps above to create the second Route table for testing-vpc-2
Subnets Creation
Step 1: Still on the VPC dashboard, click on subnets on the left panel and click on create subnet
Step 2:Choose the vpc for private subnet 1 and enter the name of the subnet
Step 3: Choose the availability zone and enter the IPV4 CIDR block 11.0.1.0/24 for the subnet we're creating. click on "create subnet" and our public-subnet-vpc-1 is created
⛔️Repeat the same steps to create the private-subnet-vpc-2 with IPV4 CIDR Block 10.0.1.0/24
Route tables and subnets association
We attach a route table to our subnet to allow communication in the network.
Step 1: Go back to the VPC dashboard. From there select route table on the left panel and click on test-rt-vpc-1 route table ID
Step 2: Select "subnet associations" and click on "edit subnet associations"
Step 3: Click on the checkbox to select public-subnet-vpc-1 as the subnet to associate with test-rt-vpc-1 and validate on "save associations". You'll have the message in the green box confirming the association
⛔️Repeat the same steps to associate private-subnet-vpc-2 to test-rt-vpc-2
Grant Internet access to Route tables using IGW
Step 1: Under the VPC section, click on "Internet gateways" and click on "Create Internet gateway"
Step 2: Enter the name of the IGW related to vpc 1 and hit the "Create Internet Gateway" button
Step 3: You'll receive a notification in the green box stating the Internet Gateway was created but you need to attach it to your VPC. Click on "Attach to a VPC"
Step 4: Click the dropdown, select VPC 1, and click on "Attach Internet Gateway". You'll receive a notification in a green box confirming what you've just succeded in doing.
⛔️Follow the same steps to create test-igw-vpc-2 and attach it to VPC 2
Step 5: Let's create a route for the Internet using the Internet Gateway to allow access from the Internet in testing-subnet-vpc-1.
Still, on the VPC dashboard, click on "Route tables", select test-rt-vpc-1 by checking the box, and click on "Routes"
Step 6: Click on "Add route", and select 0.0.0.0/0 (access from anywhere) as we want our resource to be accessible from the Internet. Next, select the dropdown, choose "Internet gateway" among the options, and pick up the Internet Gateway attached to VPC 1. When it's done, click on Save changes
⛔️Repeat the same steps to grant Internet access to the resources in testing-subnet-vpc-2
EC2 instances provision in VPCs
Step 1: Type in the search box EC2 to quickly search the service and click on the outcome to access its dashboard. On the left panel of the EC2 dashboard, click "Instances" and hit the "Launch Instance" button at the top right of the screen
Step 2: Type in the first blank space the Instance name, select the AMI on which our Instance will be running, and the Instance type
Step 3: Create a keypair to securely connect to the instance. Under the Key pair section, Click "Create new key pair"
Then enter the Key pair details: name, type, format, and hit "Create key pair". It'll be automatically downloaded into your default directory. make sure to move/copy it into the directory you'll ssh from.
Step 4: Edit the network settings. Aside from network settings, there's an edit button you should click on to specify the network configurations for vpc-1-ec2-instance
Select Testing-vpc-1 as the network the Instance will be running under, pick up Public-subnet-vpc-1, select enable under the "Auto-assign public IP, check "Create security group" checkbox and leave the name and description as default.
Under the "Inbound security group rules" section, leave the first rule as SSH on port 22 and select the source type as anywhere to allow secure remote access from anywhere to the instance. Then, click on "Add a security group rule"
Also, allow HTTP on port 80 from anywhere to authorize traffic from the Internet to reach the instance.
Step 5: Create Instance. Leave other settings as default and under user data, enter the script below to directly update the server, install Apache2, and restart the server when booting the Instance. Then launch the Instance.
#!/bin/bash
yes | sudo apt update
yes | sudo apt install apache2
echo "<h1>Server Details</h1><p><strong>Hostname:</strong> $(hostname)</p><p><strong>IP Address:</strong> $/hostname -I | cut -d" "-f1)</p>" >
var/www/html/index.html
sudo systemctl restart apache2
Step 6: Connect to the instance for testing purposes. Click on the Instance ID of our newly created Instance and click on open address
Here's the display that shows us our Instance is up and running. It's the default Apache page, it can be changed to display the content we want but because I don't want this article lengthier than it is already, we'll leave it like that. I may write another article to show you how to go about that.
⛔️ Repeat the steps to create vpc-2-ec2-instance and connect to it.
Setting up the VPC Peering connection
Step 1: Access back the vpc dashboard. At the left side of the screen, click peering connections then hit the create peering connection at the top right side of the screen.
Step 2: Enter the peering connection's name and select Testing-vpc-1 as the requester, enter its CIDR (11.0.0.0/16) in the next box and select "my account" as the second vpc we'll be peering this with is still in our account.
💡An Inter-region VPC peering connection is when the peered VPCs are in two different regions
Step 3: Select "this region (us-east-1)" (it may be different from your side if you created your VPCs in a different region), select Testing-vpc-2 as the accepter vpc, enter its CIDR (10.0.0.0/16) and click on "create peering connection"
Step 4: After creating a peering connection, a request is sent by the requester vpc to the accepter vpc. this later has to approve or accept the connection to establish the peering connection. To do so, click on the dropdown aside action and select "accept request"
Step 5: Verify the requester and accepter and click on accept request.
Step 6: Our vpc peering connection is successfully established. Now let's update our route tables for a vpc peering connection. To do so, click on modify my route tables now
Modify or update your route tables for a VPC peering connection
Step 1: Access test-rt-vpc-1 by clicking on its ID then click on "edit routes"
Step 2: Click on add route and copy testing-rt-vpc-2 IPV4 CIDR in the clipboard.
Paste the copied IPV4 CIDR as the destination of our route table testing-rt-vpc-1, click on the dropdown under target, select "peering connection", choose the created peering connection then save all changes.
We've successfully added a new route to the "testing-rt-vpc-1" route table.
⛔️ Replicate the steps above to add a new route to the "testing-rt-vpc-2" route table as well.
Testing
Step 1: Change permissions
a- Open your terminal and check the availability of your keys by entering this command: Ls -lart
.
Ensure you're in the same directory in which you stored your key pairs. If you are not, change your directory with the cd
command
b- Change the permission for both Instances to give the read (r) only permission. Enter the command :
chmod 400 vpc-1-ec2-keypair.pem
chmod 400 vpc-2-ec2-keypair.pem
c- Check permissions once again with Ls -lart
. You'll notice there's no more "write (w)" permission for both key pairs.
Step 2: SSH into both created instances
SSH into vpc-1-ec2-Instance. Enter the command:
ssh -i "vpc-1-ec2-keypair.pem" ubuntu@44.192.57.248
press enter on the keyboard and answer yes to the following question. And there it goes, you've successfully SSH into your vpc-1-ec2-instance.
⛔️ Replicate this step 2 to SSH into vpc-2-ec2-instance
I split my terminal and you'll notice that we're successfully connected to both ec2 Instances.
Step 3: Curl from each instance
⚠️ Unexpectedly, I had to terminate my ec2 instances and create new ones. You'll notice the public IP addresses in this screenshot are different from the ones above, don't mind that.
Now, let's access vpc-2-ec2-instance from vpc-1-ec2-instance and vice versa. To do so, we use the curl
command followed by the private IP address of the instance we want to access.
As we're able to access one instance from the other, it simply means that the vpc peering connection has been successfully established ✅.
Conclusion
A VPC peering connection is of the greatest importance in today's digital world when it comes to creating private and secure communication between entities such as companies, branch offices of the same company, business units, or departments for an effective workflow. It's helpful as well for businesses looking to scale, allowing them to share resources, to collaborate with partners across the globe while maintaining the security and performance of their network, and to coordinate a wide project between two or more separate branches in different countries, and cities. So, by creating a peering connection we contribute to preventing delays and failures of projects and building robust cloud infrastructure.
Top comments (0)