Linux | Cloud | DevOps | Scripting

Breaking

Tuesday, 4 June 2019

VPC peering in the same Region

VPC Peering:

VPC peering can be used to create secure connectivity and resource sharing between two VPCs. A VPC peering connection helps us to facilitate the transfer of data. For example, if we have more than one AWS account, we can peer the VPCs across those accounts to create a file-sharing network. We can also use a VPC peering connection to allow other VPCs to access resources you have in one of our VPCs.



NOTE: VPC Peering is non-transitive.

Why we need VPC Peering:


  1. To avoid the use of the internet.
  2. Negligible Cost (If not using the internet, then we will not pay for this)
  3. Better speed
  4. Private IP could not travel on the Internet.

VPC Peering in the same region:


In this case, we have a VPC, which is for 'bank-a' in N. Virginia region with the following details:
  1. Region                       : N. Virginia
  2. VPC Name                : bank-a-vpc
  3. Internet Gateway     : bank-a-igw
  4. Subnets                     : 'bank-a-sub1-pub' and 'bank-a-sub2-pvt'
  5. Instances' Name       : 'bank-a-webserver' and 'bank-a-dbserver'
  6. CIDR                         : 10.0.0.0/16

We have one more VPC, which is for 'bank-b' in N. Virginia region with the following details:
  1. Region                       : N. Virginia
  2. VPC Name                : bank-b-vpc
  3. Internet Gateway     : bank-b-igw
  4. Subnets                      : 'bank-b-sub1-pub' and 'bank-b-sub2-pvt'
  5. Instance Name          : 'bank-b-webserver' and 'bank-b-dbserver'
  6. CIDR                         : 172.16.0.0/16

Steps, we need to follow to do VPC Peering in the same region:

  1. Create VPC peering connection at bank-a account
  2. Accept request from bank-b account
  3. Create a route entry in bank-a account
  4. Create a route entry in bank-b account
  5. Verify the access of bank-b-dbserver using its private IP
  6. Delete public subnet, route table, IGW and terminate instance named 'bank-b-webserver' from bank-b account

Step 1: Create VPC Peering connection at 'bank-a' account and send a request to 'bank-b':

AWS  Services  VPC  Peering Connections  Create Peering Connections  Peering connection name tag: bank-a-to-bank-b  VPC (Requester): bank-a-vpc  Select another VPC to pear with  Account: My Account  Region: This Region  VPC (Accepter): bank-b-vpc  Create Peering Connection  OK.

Step 2: Accept request from 'bank-b' account:

AWS ➔ Services  VPC ➔ Peering Connections  Actions  Accept Request  Verify Details  Yes, Accept  Close.

Step 3: Create route entries in 'bank-a' account as a 'Requester':

Here, we make an entry in both route tables
  1. In bank-a public route table and
  2. In bank-a default route table

  • Make route entry in public route table of 'bank-a':

AWS  Services  VPC  Route Tables  In Search bar type 'bank-a' and hit enter to get bank-a route tables  (1) Select bank-a-pub-rt  Routes  Edit routes  Add route  Destination: 172.16.0.0/16  Target: Peering Connection: bank-a-to-bank-b  Save routes ➔ Close.

  • Make route entry in the default route table of 'bank-a':

AWS  Services ➔ VPC ➔ Route Tables ➔ (2) Select bank-a default RT ➔ Routes ➔ Edit routes  Add route ➔ Destination: 172.16.0.0/16  Target: Peering Connection: bank-a-to-bank-b  Save routes  Close.

Step 4: Create route entry in 'bank-b' account:

In this case, we make an entry only in default route table of bank-b:
AWS  Services  VPC  Route Tables  (2) Select bank-b default RT  Routes  Edit routes  Add route  Destination: 10.0.0.0/16 ➔ Target: Peering Connection: bank-a-to-bank-b  Save routes  Close.

Step 5: Verify the access of bank-b-dbserver using its private IP: 

  1. Login to instance named 'bank-a-webserver' 
  2. From inside this 'bank-a-webserver' access bank-b-dbserver using its private IP

GET ACCESS…ENJOY!!!

Step 6: DELETE PUBLIC SUBNET, PUBLIC ROUTE TABLE, IGW AND TERMINATE INSTANCE NAMED 'bank-b-webserver' FROM BANK-B ACCOUNT

As there is no further need for these attributes, we can delete them. But if in the future, we want to have a NAT Gateway on DB Server, then we need to create an IGW and a public subnet again.

  • Terminate the instance named 'bank-b-webserver':
AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select instance named 'bank-b-webserver ➔ Actions ➔ Instance State ➔ Terminate.

  • Delete public subnet of Bank-b:
AWS ➔ Services ➔ VPC ➔ Subnets ➔ Select public subnet of Bank-b ➔ Actions ➔ Delete Subnet ➔ Verify Delete Subnet ➔ Close.

  • Delete public route table of 'bank-b':
AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Select public route table of bank-b ➔ Actions ➔ Delete Route Table ➔ Verify Delete Route Table ➔ Close.

  • Delete IGW created for 'bank-b':
AWS ➔ Services ➔ VPC ➔ Internet Gateways ➔ Select IGW created for 'bank-b' ➔ Actions ➔ Detach from VPC ➔ Delete Internet Gateway ➔ Verify ➔ Close.


Note: Even we deleted this, then too DB-Server of 'bank-b' will get connected to the Web Server of 'bank-a'.




No comments:

Post a Comment

Pages