Deep dive into AWS VPC And VPC peering

What is VPC:
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

what is VPC peering:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

I’m going to design the VPC environment using the following architecture

Architecture Diagram

Let’s start:

  1. we have to create the vpc
     Name Tag : vpc1
    CIDR: 10.0.0.0/16
Main VPC

2.Create another vpc
Name Tag : vpc-bastian
CIDR : 10.1.0.0/16

Bastian VPC

3. creat private and public subnets for vpc1
Name Tag : vpc1-subnet-private
VPC : vpc1
Availability Zone: us-east-1a
CIDR: 10.0.1.0/24

Subnet1

Name Tag : vpc1-subnet-public
VPC : vpc1
Availability Zone : us-east-1a
CIDR: 10.0.2.0/24

subnet 2

4. create a public subnet for vpc-bastian
Name Tag : vpc-bastian-subnet-public
VPC : vpc1
Availability Zone : us-east-1a
CIDR: 10.0.2.0/24

subnet bastian

5. Now we are creating a security group for Ec2 instance

A security group is a work as a local firewall for instance.
Security Group

Add inbound for an ec2-instance-sg security group

ec2 instance security group

6. Create a security group for Bastian ec2 instance

ec2-Bastian instance security group

Add inbound for bastian-ec2instance-sg

Bastin security group inbounds
Security groups are using for ec2 instance creating mainly it’s using to Ristic the all port access and allow particular well-known ports

7. Now we are creating an Internet gateway for vpc1

VPC1 IGW

and attach the vpc1 to vpc-IGW

Attach vpc to IGW

8. Now we are creating an Internet gateway for vpc-bastian

Note:
Follow same steps as “ vpc1-IGW” create

Now we have 2 IGW

IGW2 create
Note:
 igw and vpc are one to one relationship one vpc can have one IGW

9. Now we are going to create the Routing table for VPC1 to route public subnets to access the private instance.

VPC1 rout Table

And we have to add vpc-IGW in vpc1-RT Route ad route tab

And add vpc1’s public subnet to vpc1-RT’s subnet association

Vpc1-RT subnet association

And now we are again creating rut table for our “VPC-bastian” VPC

Add vpc-bastian-IGW in vpc-bastian-RT at routs tab

And add vpc-bastian’s public subnet to vpc-bastian-RT’s subnet association

Subnet association vpc-bastian-RT

10. Now we have to Create Peering Connection between Two VPC that we created “VPC1” and “VPC-bastian” to communicate with each other
* select local vpc as vpc-bastian
* select another vpc as vpc1

After Creating the VPC peering The status will be Pending Acceptance
To make activate 
Click Action →Click Accept request → click ok 
and your peering status will be active status
Peering status active

11. Now we have to add routes to our two routing tables to communicate each other routing table using vpc peering

11.1. Add another routing rule to “vpc1-RT” routing table 
Destination as vpc-bastian’s CIDR(10.1.0.0/16)
Target as vpc peering connection (vpc1-vpcBastian-Peering)

11.2. Add another routing rule to “vpc-bastian-RT” routing table 
Destination as vpc-bastian’s CIDR(10.0.0.0/16)
Target as vpc peering connection(vpc1-vpcBastian-Peering)

11.3. Name the main route table of created vpc’s accordingly

Main RT

11.4. Add another routing rule to “vpc1-RT-main” routing table 
Destination as vpc-bastian’s CIDR(10.1.0.0/16)
Target as vpc peering connection(vpc1-vpcBastian-Peering)

11.5. Add another routing rule to “vpc-bastian-RT-main” routing table 
Destination as vpc-bastian’s CIDR(10.0.0.0/16)
Target as vpc peering connection(vpc1-vpcBastian-Peering)

Bastian Main RT
Now we are end up with vpc and vpc peering now we have to create the ec2 instance for vpc1 private subnet with ec2-instance-s security group and
 vpc-bastian public subnet with bastian-ec2instance-sg security group

12. Go to the ec2 instance management console
 12.1. Create t2.micro ubuntu instance

Instance 1

12.2. Select Configure Instance Details as
 Network: vpc1
 Subnet :
vpc1-subnet-private
 Auto-assign Public IP: Enable

Leave Add Storage and Add Tags Configuration as default

12.3 Navigate to the Configure Security Group
 Assign a security group: Select an existing security group

And select “ ec2-instance-sg” as a security group of an instance and launch the instance

12.4. Create a new key pair as “vpc-vpc_peering.pem”

Key pair

13. Create another t2.micro ubuntu instance for Bastian vpc
 13.1

13.2. Select Configure Instance Details as
 Network: vpc-bastian
 Subnet :
vpc-bastian-subnet-public
 Auto-assign Public IP : Enable

Leave Add Storage and Add Tag sConfiguration as default

13.3.Navigate to the Configure Security Group
 Assign a security group: Select an existing security group

And select “ bastian-ec2instance-sg” as a security group of an instance and launch the instance

13.4. Choose existing Key pair as “vpc-vpc_peering.pem”

Key pair

14. Name 2 instances accordingly

Instance details
We end up all the configurations now we have to ssh to the Bastian server. And from the Bastian server ssh to the private server.

15. Now we have to SSH to the Bastian server
 navigate to the pem file location and change the pem file permission as 400

15.1. And ssh to the bastian server with “ec2-vpc-bastian- instance” public IP

15.2 Now scp your pem file into the Bastian server

15.3. Now Try to connect your private instance using your ec2-vpc1-private-instance’s private IP

Success login

Thanks For reading…………………………………

If you face any trouble feel free and comment below
cheers 
Happy AWS