VPC Peering:
VPC peering can be used to create secure connectivity and resource sharing between two VPCs. A VPC peering connection helps us to facilitate the transfer of data. For example, if we have more than one AWS account, we can peer the VPCs across those accounts to create a file-sharing network. We can also use a VPC peering connection to allow other VPCs to access resources you have in one of our VPCs.
NOTE: VPC Peering is non-transitive.
Why we need VPC Peering:
- To avoid the use of the internet.
- Negligible Cost (If not using the internet, then we will not pay for this)
- Better speed
- Private IP could not travel on the Internet.
VPC Peering in the Cross Regions:
In this case, we have a VPC, which is for 'bank-a' in N. Virginia region with the following details:
- Region : N. Virginia
- VPC Name : bank-a-vpc
- Internet Gateway : bank-a-igw
- Subnets : 'bank-a-sub1-pub' and 'bank-a-sub2-pvt'
- Instances' Name : 'bank-a-webserver' and 'bank-a-dbserver'
- CIDR : 10.0.0.0/16
We have one more VPC, which is for 'bank-xyz' in Ohio region with the following details:
- Region : Ohio
- VPC Name : bank-xyz-vpc
- Internet Gateway : bank-xyz-igw
- Subnets : 'bank-xyz-sub1-pub' and 'bank-xyz-sub2-pvt'
- Instance Name : 'bank-xyz-webserver' and 'bank-xyz-dbserver'
- CIDR : 172.16.0.0/16
Steps, we need to follow to do VPC Peering in cross regions:
In the case of Cross Region VPC Peering, we just require the Database Server of the Accepter Account. So, for this practical, I have a VPC in N. Virginia region named 'bank-a-vpc' and another VPC in Ohio region named 'bank-xyz-vpc'.- Create VPC Peering connection at bank-a account.
- Accept request from bank-xyz account
- Create route entries in bank-a account as a 'requester'
- Create route entry in bank-xyz account
- Verify the access of bank-xyz-dbserver using its private IP
Step 1: Create VPC Peering connection at bank-a account:
AWS âž” Services âž” VPC âž” Peering Connections âž” Create Peering Connections âž” Peering connection name tag: bank-a-to-bank-xyz âž” VPC (Requester): bank-a-vpc âž” Select another VPC to pear with âž” Account: My Account âž” Region: Another Region: Ohio âž” VPC (Accepter): copy VPC-ID of 'bank-xyz-vpc' from Ohio region âž” Create Peering Connection âž” OK.
Step 2: Accept request from bank-xyz account:
Navigate to Ohio region and accept request:
AWS âž” Services âž” VPC âž” Peering Connection âž” Select connection âž” Actions âž” Accept request âž” Yes, Accept âž” Close.
Now, again go back to N. Virginia region and refresh page. We can see it's status is now Active.
Step 3: Create route entries in bank-a account as a 'requester':
Here, we make entry in both route tables; 1. In public route of bank-a table and 2. In default route table bank-a:
- Make route entry in public route table of bank-a:
AWS âž” Services âž” VPC âž” Route Tables âž” In Search bar type 'bank-a' and hit enter to get bank-a route tables âž” (1) Select bank-a-pub-rt âž” Routes âž” Edit routes âž” Add route âž” Destination: 192.168.0.0/16 âž” Target: Peering Connection: bank-a-to-bank-xyz âž” Save routes âž” Close.
- Make route entry in default route table of bank-a:
AWS âž” Services âž” VPC âž” Route Tables âž” (2) Select bank-a default RT âž” Routes âž” Edit routes âž” Add route âž” Destination: 192.168.0.0/16 âž” Target: Peering Connection: bank-a-to-bank-b âž” Save routes âž” Close.
Step 4: Create route entry in bank-xyz account:
Navigate to Ohio. In this case, we make an entry only in the default route table of bank-xyz:
AWS âž” Services âž” VPC âž” Route Tables âž” (2) Select bank-xyz default RT âž” Routes âž” Edit routes âž” Add route âž” Destination: 10.0.0.0/16 âž” Target: Peering Connection: bank-a-to-bank-xyz (there is a possibility that this will show pcx-id only) âž” Save routes âž” Close.
Step 5: Verify the access of bank-xyz-dbserver using its private IP:
- Login to instance named 'bank-a-webserver'
- From inside this 'bank-a-webserver' access 'bank-xyz-dbserver' using its private IP.
GET ACCESS…ENJOY!!!
Good Article...
ReplyDelete