The "Mergers & Acquisitions" Scenario (VPC Peering)
Description
This project demonstrates how to set up VPC Peering between two Virtual Private Clouds (VPCs) in a cloud environment. VPC Peering allows resources in different VPCs to communicate with each other as if they were within the same network.This project simulates two different companies (or departments) needing to share resources.
Goal to achieve :
- Create VPC-A (10.1.0.0/16) and VPC-B (10.2.0.0/16).
- Deploy an EC2 in each.
- Set up a VPC Peering Connection.
- Update Route Tables in both VPCs to point to the other’s CIDR. Challenge: Try to peer VPC-A with a VPC-C that has an overlapping CIDR (10.1.0.0/16) and see why it fails. _ Test connectivity by pinging between the EC2 instances in both VPCs._
Concepts You’ll Learn:
Peering Connections: Request/Accept workflow.
Transitive Routing: Learning that VPC Peering is not transitive (If A peers with B, and B with C, A cannot talk to C).
Overlapping CIDRs: The importance of IP planning.
Prerequisites
- AWS CLI installed and configured.
- Terraform installed.
- Basic understanding of VPCs, subnets, and networking concepts.
- An AWS account with necessary permissions.
- Two VPCs created in the same or different regions.
- Instances or resources deployed in each VPC for testing connectivity.
- Familiarity with security groups and route tables.
- Permissions to create and manage VPCs and peering connections.
Project Structure
├── README.md
├──terraform
│ ├── variables.tf
│ ├── outputs.tf
│ └── provider.tf
│ ├── ec2.tf
│ ├── security_group.tf
│ ├── vpc_peering.tf
│ ├── vpc_A.tf
│ └── vpc_B.tf
Steps to Set Up VPC Peering
- Create VPCs: Set up two separate VPCs in your cloud environment.
- Configure Subnets: Create subnets within each VPC to host your resources.
-
Set Up VPC Peering:
- Initiate a VPC peering connection request from one VPC to the other.
- Accept the peering request in the target VPC.
- Update Route Tables: Modify the route tables in both VPCs to allow traffic to flow between them.
- Configure Security Groups: Adjust security group rules to permit traffic between resources in the peered VPCs.
- Test Connectivity: Launch instances in both VPCs and verify that they can communicate with each other.
VPC peering terraform will look like this:
`resource "aws_vpc_peering_connection" "peer" {
vpc_id = aws_vpc.vpc_a.id
peer_vpc_id = aws_vpc.vpc_b.id
auto_accept = true
tags = {
Name = "VPC-A-to-VPC-B"
Project = var.project_name
}
}
resource "aws_route" "route_a_to_b" {
route_table_id = aws_route_table.rt_a.id
destination_cidr_block = aws_vpc.vpc_b.cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.peer.id
}
resource "aws_route" "route_b_to_a" {
route_table_id = aws_route_table.rt_b.id
destination_cidr_block = aws_vpc.vpc_a.cidr_block
vpc_peering_connection_id = aws_vpc_peering_connection.peer.id
}`
or simply run the following commands in the terraform directory:
cd terraform(your infra code directory)
terraform init
terraform plan(just see what will be created)
terraform apply --auto-approve (always verfiy the plan before applying in production)
terraform destroy --auto-approve (to clean up the resources)
Conclusion
By following these steps, you can successfully set up VPC Peering between two VPCs, enabling seamless communication between resources in different networks. This setup is useful for various scenarios, including multi-region architectures and resource sharing across different environments.
Critical Learning Points
The Peering Handshake: In this code, we used auto_accept = true. In real life, if peering with another AWS account, they must manually "Accept" the request.
Route Tables: Peering creates the "tunnel," but without the aws_route resource, the VPC doesn't know to send traffic through that tunnel.
Security Groups: Notice we allowed "All Traffic." In a real project, you should only allow the Private CIDR of the other VPC.
Top comments (0)