Mini project to demonstrate VPC peering in AWS using Terraform

#aws #tutorial #terraform #networking

Day 15 of #30daysofawsterraform challenge

🎯 This mini project demonstrates cross-region VPC peering, enabling secure private communication between EC2 instances in different AWS regions while maintaining network isolation and controlled access. The setup enables secure, low-latency communication between resources in both VPCs using private IP addresses.

✅ What is VPC Peering?

VPC Peering is a networking connection between two Virtual Private Clouds (VPCs) that enables private IP communication between them as if they were part of the same network.

Architecture:

✅ In this demo we creates:

✨ Networking section:
1. Two VPC in us-east-1 & us-west-2
2. Configure one public subnet in each VPC
3. Internet Gateways - one for each VPC to allow internet access
4. Custom route tables with routes to internet and peered VPC
5. VPC peering - Cross-region peering between the two VPCs

✨ Compute Resources:
1. EC2 instances in each VPC

✨ Configure Security Groups:
1. SSH access from anywhere (port 22)
2. ICMP (ping) allowed from peered VPC
3. All TCP traffic allowed between VPCs

💡 Below are the detailed steps we followed to implement the project:

📌Step 1: Prerequisites:

aws cli should be installed
Terraform should be installed
Configure AWS Credentials using "aws configure" command

📌Step 2: Create SSH Key Pairs in each region

# Create key pair in us-east-1
aws ec2 create-key-pair \
--key-name vpc-peering-demo-east \
--region us-east-1 \
--query 'KeyMaterial' \
--output text > vpc-peering-demo-east.pem

# Create key pair in us-west-2
aws ec2 create-key-pair \
--key-name vpc-peering-demo-west \
--region us-west-2 \
--query 'KeyMaterial' \
--output text > vpc-peering-demo-west.pem

✅ Main.tf file:

📌Step 3:
Provisioned a Primary VPC in us-east-1 and a Secondary VPC in us-west-2 using separate provider aliases.

📌Step 4:
Public subnet was created in each VPC using region-specific availability zones.

📌Step 5:
Internet Gateways were created and attached to both VPCs. This enables outbound internet access and inbound connectivity for public resources.

📌Step 6:
Custom route tables were created for both VPCs with a default route (0.0.0.0/0) pointing to the Internet Gateway. Each route table was associated with its corresponding subnet. This ensures proper routing for internet traffic within each VPC.

📌Step 7:
A VPC peering connection was initiated from the Primary VPC to the Secondary VPC across regions. This establishes private connectivity between the two isolated networks.

Same has to be done from secondary VPC to primary VPC

📌Step 8:
Routes were added in both VPC route tables to direct traffic destined for the peer VPC CIDR via the peering connection. This enables bidirectional communication using private IP addresses.

Same has to be done from secondary VPC to primary VPC

📌Step 9:
Security groups were defined in each VPC to allow SSH access for administration. ICMP and TCP traffic were permitted between the VPC CIDR ranges to validate connectivity.