AWS

AWS VPC and VPC Peering

shakyaabiralLeave a comment

 

Creating a VPC

  1. Create a new VPC with CIDR block
    Eg .
    10.0.0.0/16
    Number of ips = 2 ^ (32-16)
    Ips range in the VPC (1.0.0.0 – 10.0.255.255)
  2. Create Public and private Subnets inside the VPC
    Eg. CIDR block (10.0.0.0/24) – 256 ips in a subnet
    Public subnet will have Internet gateway attached to their route table while private ones won’t
  3. Create an Internet Gateway and attach it to the VPC, Instance in the VPC will be able to connect to the internet though the Internet gateway
  4. Create a NAT Gateway inside a public subnet, NAT gateway allows one way traffic from Private Subnet to the internet
  5. Create 2 Route tables one for public subnet and one for private subnet
    Assign subnet to corresponding route table through subnet Association Tab

    1. For Private Subnet, add these routes
      1. For outgoing connection-
        Destination: 0.0.0.0/0 —- Target: NAT-gateway(eg. nat-foobar)
        Now instance in private subnet can access the outside world through NAT but outside world can’t connect to the instances
    2. For Public Sunet, add these routes
      1. For in and out connection through internet
        Destination: 0.0.0.0/0 —- Target: internet-gateway(eg. igw-loremipsum)
        Now instances in public subnet can access and be accessed from the internet through the Internet Gateway

VPC Peering

  1. Make sure the ip CIDR block of the 2 VPCS do not collide. If the existing VPC has CIDR block 10.0.0.0/16, then the new VPC should use CIDR block like 10.1.0.0/16 so the ips in the two VPCs don’t collide
  2. Creating Peering Connection from Peering Connections Page
    1. Give a proper Peering connection name tag
    2. Select new VPC as the Requester VPC
    3. Select old VPC as the another VPC and submit
    4. Click on the Newly Created Peering Connection and press Actions and press Accept Request to accept the peering.
  3. Now the route tables need to be updated to add routes to each others ips
    1. Edit the private and public Route table of both VPC and add an entry on each
      Destination = CIDR block of the other VPC
      Target = Peering connection. Eg pcx-foobar
    2. Edit DNS Settings:
      Check both checkboxes
      Allow DNS resolution from peer VPC (vpc-dc700db8) to private IP
      Allow DNS resolution from local VPC (vpc-6bcf1b0f) to private IP
  4. For accessing rds from other VPC, add the CIDR block of the current VPC in the security group of rds instance.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.