VPC Peering:
VPC peering can be used to create secure connectivity and resource sharing between two VPCs. A VPC peering connection helps us to facilitate the transfer of data. For example, if we have more than one AWS account, we can peer the VPCs across those accounts to create a file-sharing network. We can also use a VPC peering connection to allow other VPCs to access resources you have in one of our VPCs.
NOTE: VPC Peering is non-transitive.
Why we need VPC Peering:
- To avoid the use of the internet.
- Negligible Cost (If not using the internet, then we will not pay for this)
- Better speed
- Private IP could not travel on the Internet.
VPC Peering in the Cross Regions:
In this case, we have a VPC, which is for 'bank-a' in N. Virginia region with the following details:
- Region : N. Virginia
- VPC Name : bank-a-vpc
- Internet Gateway : bank-a-igw
- Subnets : 'bank-a-sub1-pub' and 'bank-a-sub2-pvt'
- Instances' Name : 'bank-a-webserver' and 'bank-a-dbserver'
- CIDR : 10.0.0.0/16
We have one more VPC, which is for 'bank-xyz' in Ohio region with the following details:
- Region : Ohio
- VPC Name : bank-xyz-vpc
- Internet Gateway : bank-xyz-igw
- Subnets : 'bank-xyz-sub1-pub' and 'bank-xyz-sub2-pvt'
- Instance Name : 'bank-xyz-webserver' and 'bank-xyz-dbserver'
- CIDR : 172.16.0.0/16
Steps, we need to follow to do VPC Peering in cross regions:
In the case of Cross Region VPC Peering, we just require the Database Server of the Accepter Account. So, for this practical, I have a VPC in N. Virginia region named 'bank-a-vpc' and another VPC in Ohio region named 'bank-xyz-vpc'.- Create VPC Peering connection at bank-a account.
- Accept request from bank-xyz account
- Create route entries in bank-a account as a 'requester'
- Create route entry in bank-xyz account
- Verify the access of bank-xyz-dbserver using its private IP
Step 1: Create VPC Peering connection at bank-a account:
AWS ➔ Services ➔ VPC ➔ Peering Connections ➔ Create Peering Connections ➔ Peering connection name tag: bank-a-to-bank-xyz ➔ VPC (Requester): bank-a-vpc ➔ Select another VPC to pear with ➔ Account: My Account ➔ Region: Another Region: Ohio ➔ VPC (Accepter): copy VPC-ID of 'bank-xyz-vpc' from Ohio region ➔ Create Peering Connection ➔ OK.
Step 2: Accept request from bank-xyz account:
Navigate to Ohio region and accept request:
AWS ➔ Services ➔ VPC ➔ Peering Connection ➔ Select connection ➔ Actions ➔ Accept request ➔ Yes, Accept ➔ Close.
Now, again go back to N. Virginia region and refresh page. We can see it's status is now Active.
Step 3: Create route entries in bank-a account as a 'requester':
Here, we make entry in both route tables; 1. In public route of bank-a table and 2. In default route table bank-a:
- Make route entry in public route table of bank-a:
AWS ➔ Services ➔ VPC ➔ Route Tables ➔ In Search bar type 'bank-a' and hit enter to get bank-a route tables ➔ (1) Select bank-a-pub-rt ➔ Routes ➔ Edit routes ➔ Add route ➔ Destination: 192.168.0.0/16 ➔ Target: Peering Connection: bank-a-to-bank-xyz ➔ Save routes ➔ Close.
- Make route entry in default route table of bank-a:
AWS ➔ Services ➔ VPC ➔ Route Tables ➔ (2) Select bank-a default RT ➔ Routes ➔ Edit routes ➔ Add route ➔ Destination: 192.168.0.0/16 ➔ Target: Peering Connection: bank-a-to-bank-b ➔ Save routes ➔ Close.
Step 4: Create route entry in bank-xyz account:
Navigate to Ohio. In this case, we make an entry only in the default route table of bank-xyz:
AWS ➔ Services ➔ VPC ➔ Route Tables ➔ (2) Select bank-xyz default RT ➔ Routes ➔ Edit routes ➔ Add route ➔ Destination: 10.0.0.0/16 ➔ Target: Peering Connection: bank-a-to-bank-xyz (there is a possibility that this will show pcx-id only) ➔ Save routes ➔ Close.
Step 5: Verify the access of bank-xyz-dbserver using its private IP:
- Login to instance named 'bank-a-webserver'
- From inside this 'bank-a-webserver' access 'bank-xyz-dbserver' using its private IP.
GET ACCESS…ENJOY!!!
Good Article...
ReplyDelete