Skip to main content

VPC Peering



VPC Peering


VPC Peering feature is used when we need to establish connectivity between subnet in two different VPCs in the same or different account.
Let’s take a scenario of creating VPC Peering between two VPC in the same account to keep it simple.
NOTE: All the IP address and CIDR range depicted in the below diagram and subsequent steps is for example only.


Step 1: Create a VPC A with CIDR Range 10.0.0.0/16 and keep Default in Tenancy dropdown. 
Step 2: Create a VPC B with CIDR Range 172.16.0.0/16 and keep Default in Tenancy dropdown. 
Step 3: Enter Name tag as SubNetA and map to VPC A in VPC dropdown. Note that VPC CIDRs of VPC A is auto-populated and status as associated.
Selecting Availability zone is not mandatory. However, AWS will select one of the Availability Zone when we create a subnet.
Enter 10.0.1.0/24 as IPv4 CIDR block and then click on Create button.
Step 4: Create SubNet A and map to VPC B in VPC dropdown. Note that CIDR of VPC B is auto-populated and status as associated.
Enter 172.16.1.0/24 as IPv4 CIDR block and then click on Create button.

 Step 5: Create InternetGatewayA required for VPC A
Step 6: Map the InternetGateway A to VPC A from the VPC drop-down

Step 7: Create the InternetGatewayB and attach to VPC B from the VPC dropdown

Step 8: Navigate to Route Tables from left-hand pane and then select default route for VPC A
Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayA 
0.0.0.0/0 is also known as quad-zero route 

Step 9: Navigate to VPC Select default route for VPC A
Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayB

Step 10: Create EC2 Instance in respective VPC and Subnet with Public IP also enabled. To launch the EC2 instance, click on Launch Instance button 

Step 11: For testing, we have selected t2.micro as its eligible for Free tier. 

Step 12: Select the VPC and Subnet created earlier. Also, select Enable in the Auto-assign Public IP dropdown. 
Step 13: Add a tag to assign a Machine Name to differentiate. 
Step 14: You may create a new security group or you can select the existing group if you have already created. Select All traffic in the Type drop-down and select Anywhere in Source dropdown.
Review and Launch
Step 15: Select an existing key pair in the region if you have already or create a new key pair 


Repeat the EC2 creation steps to create another EC2 instance in VPC B.

Step 16: Navigate to VPC Peering Connections from the left-hand pane
Click on Create Peering Connection button to create new peering between VPC A and VPC B. 
Enter the Name tag for the peering connection. Then Select VPC A as VPC Requester and VPC Accepter in VPC B. 
Step 17: Ensure Peering connection is successful 
Step 18: Select Accept Request from the Actions drop down. 




Step 19: Navigate to VPC à Route Tables à Select the Route Table created for VPC A
Add the VPC B’s CIDR as route and target to VPC Peering then click on Save routes
Step 20: Select the Route Table created for VPC B
Add the VPC A’s CIDR as route and target to VPC Peering then click on Save routes.
Step 21: Login to EC2 instance created in VPC A using the Public IP and Private Key then ping to private IP of EC2 instance in VPC B.
Step 22: Login to EC2 instance created in VPC b using the Public IP and Private Key then ping to private IP of EC2 instance in VPC A.
Expected to get the ping response as shown in the screenshot below. 

Little more about VPC Peering:
  1. If there are three VPC named VPC A, VPC B & VPC C. Peering created between Aà B and Bà C then VM in VPC A CANNOT ping to VM in VPC C. This is called VPC Transitive.
  2. To establish VPC Peering, it is mandatory to have two Subnet in different range.
  3. To communicate between to Subnet in Same VPC, no peering to be created as VPC itself will act as a peering connection.
  4. If we are creating the VPC Peering between two VPC in different account/region then VPC peering request approval will go to receiver account.
Labels:

Comments

Post a Comment

Popular posts from this blog

NAT Instance

NAT Instance Requirement: Create EC2 instance in private Subnet and provide Internet access using NAT Instance Solution: 1.        Create One VPC with CIDR Range 10.0.0.0/16 2.       Create a private Subnet with CIDR Range 10.0.1.0/24 3.       Create a public Subnet with CIDR Range 10.0.2.0/24 4.       Create One Internet Gateway and assign to VPC. 5.       Create one custom Route table and associate Public Subnet. a.        Create a global route (0.0.0.0/0) and target to IGW 6.       Associate private subnet to default Route table 7.       Launch the Nat instance using the template from Community AMIs in public Subnet with Public IP enabled. 8.       Select the Nat Instance created à Action à Networking à Change Source/Dest. Check à   Yes, Disable button. 9.       Launch another EC2 instance in private Subnet with only Private IP. 10.   Note the Instance ID of the NAT Instance and identify the Network Interface ID from Network Interfac
Post a Comment
Read more

VPC Peering scenario

Requirement: Create 3 EC2 instances (Machine A, Machine B and Machine C)in 3 different VPCs(VPC A, VPC B, VPC C). We should be able to do SSH from Machine A to Machine B and from Machine B to Machine C. However, we should NOT be allowed to Machine B to Machine A as well as Machine C to Machine B Solution: 1.        Create two VPC with CIDR Range 10.0.1.0/24, 10.0.2.0/24 & 10.0.3.0/24 2.        Create Subnet in respective VPC with range same as VPC CIDR 3.        Create two Internet Gateway and attach to respective VPC. 4.        In default Route Table add the default Rule (0.0.0.0/0) and target to Internet Gateway. 5.        Create Peering connections (for VPC Peering) a.        Select the Source as VPC A and destination as VPC B b.        Accept the Peering request c.        Select the Source as VPC B and destination as VPC C d.        Accept the Peering request 6.        Edit Route table A and add the route to VPC B CIDR Range and target to VPC Pe
Post a Comment
Read more

Install Active directory and federate with AWS account

Active Directory and Federated user creation Requirement: Create users in Active Directory and provide selective access to AWS services. Solution: Create EC2 Windows machine (OS version 2008/2012/2016) Configure AD in windows machine Configure DNS Server Configure PTR record in DNS Create test users in AD Reset the Administrator user password in AD Create Directory service in IAM Create role and policy in Directory Service and establish trust. Create AWS Domain/console URL to access from federated user Enable management console access to Domain URL.  Add users in Directory service Test the access for federated users Detailed steps: Create AD and create users in AD. Should be able to login to AWS Console with selective access. 1.        Launch a Windows 2012 R2 instance in custom VPC and subnet. a.        Create the VPC with CIDR range 10.0.0.0/16 b.        Create two public subnet with CIDR range 10.0.1.0/24 and 10.0.2.0/24 c.      
Post a Comment
Read more