Creating a VPC
- Create a new VPC with CIDR block
Eg .
10.0.0.0/16
Number of ips = 2 ^ (32-16)
Ips range in the VPC (1.0.0.0 – 10.0.255.255) - Create Public and private Subnets inside the VPC
Eg. CIDR block (10.0.0.0/24) – 256 ips in a subnet
Public subnet will have Internet gateway attached to their route table while private ones won’t - Create an Internet Gateway and attach it to the VPC, Instance in the VPC will be able to connect to the internet though the Internet gateway
- Create a NAT Gateway inside a public subnet, NAT gateway allows one way traffic from Private Subnet to the internet
- Create 2 Route tables one for public subnet and one for private subnet
Assign subnet to corresponding route table through subnet Association Tab- For Private Subnet, add these routes
- For outgoing connection-
Destination: 0.0.0.0/0 —- Target: NAT-gateway(eg. nat-foobar)
Now instance in private subnet can access the outside world through NAT but outside world can’t connect to the instances
- For outgoing connection-
- For Public Sunet, add these routes
- For in and out connection through internet
Destination: 0.0.0.0/0 —- Target: internet-gateway(eg. igw-loremipsum)
Now instances in public subnet can access and be accessed from the internet through the Internet Gateway
- For in and out connection through internet
- For Private Subnet, add these routes
VPC Peering
- Make sure the ip CIDR block of the 2 VPCS do not collide. If the existing VPC has CIDR block 10.0.0.0/16, then the new VPC should use CIDR block like 10.1.0.0/16 so the ips in the two VPCs don’t collide
- Creating Peering Connection from Peering Connections Page
- Give a proper Peering connection name tag
- Select new VPC as the Requester VPC
- Select old VPC as the another VPC and submit
- Click on the Newly Created Peering Connection and press Actions and press Accept Request to accept the peering.
- Now the route tables need to be updated to add routes to each others ips
- Edit the private and public Route table of both VPC and add an entry on each
Destination = CIDR block of the other VPC
Target = Peering connection. Eg pcx-foobar - Edit DNS Settings:
Check both checkboxes
Allow DNS resolution from peer VPC (vpc-dc700db8) to private IP
Allow DNS resolution from local VPC (vpc-6bcf1b0f) to private IP
- Edit the private and public Route table of both VPC and add an entry on each
- For accessing rds from other VPC, add the CIDR block of the current VPC in the security group of rds instance.