AWS — VPC PEERING
A connection or virtual tunnel between two isolated networks in AWS.
Hey! there.
Last week I was working on one of the AWS setups and came across a scenario to deploy some piece of code via Jenkins on some of the application instances i.e. via automated pipelines.
Sounds easy but my problem was, the Jenkin node was running in VPC J(of AWS) and the application instances are in another VPC i.e. VPC A.So, no connection across both the VPC’s…got Stuck! 🚫
And actually this is a very common scenario in the fast-paced DevOps model where we continue to expand and merge various environments therefore AWS does provide a smart solution to it i.e. in terms of VPC Peering.
VPC is a virtual network in AWS cloud and VPC Peering is a mechanism via which we can connect two isolated VPC’s (virtual networks) to enable the traffic across both and so it acts as a virtual tunnel.
So, let’s see things in actions i.e. how to set up a peering connection between two VPC’s in AWS.
SETUP
In short, our purpose is to establish a connection between two existing isolated VPC’s i.e VPC J (VPC Jenkins) and VPC A(VPC Application).
Steps we going to perform!
Let us first jot down the steps that we need to perform to set up a VPC peering connection ⬇️
a) Request a VPC peering connection from VPC J to VPC A.
b) The acceptor VPC i.e. VPC A accepts a peering connection.
c) Add a route to both the VPC’s to enable traffic flow.
d) Edit Security groups associated with an instance/s in Peered VPC’s.
What do we need?
- A computer and working internet connection
- A working AWS account
- Basic VPC and networking knowledge
Implementation
To start with our peering setup we need two VPC’s i.e. VPC J & VPC A and running EC2 instances in both the VPC’s so as to test our connection. I already have a setup like below
VPC J — CIDR: 10.0.0.0/16 (Region → Oregon)
Jenkins Node(EC2 Instance) → VPC J
VPC A — CIDR: 172.23.0.0/16 (Region → Mumbai)
App Node(EC2 Instance) → VPC A
To make our life easier, I set up the same SG rules in both the VPC’s that are allowed SSH traffic from my IP and ICMP(ping) traffic from all machines.
And a quick ping test from both machines gives me a negative response.
So, here arise the need for a VPC Peering connection. 😊
VPC Peering
1. Create a peering connection (VPC Dashboard → Peering Connections)
Fill in the requestor and acceptor VPC details and hit create peering connection.
The peering connection created...
2. Accept a peering connection (VPC Dashboard → Peering Connections)
Select peering connection and click on accept the request and confirm if asked.
3. Add routes to both ends of VPC’s
Next, add routes to both the VPC’s for public/private subnets i.e. to redirect the flow of traffic via peering gateway that we created.
VPCA/VPCJ — Public/Private Subnets routes as below
As soon as we add routes, the tunnel is up and we can try out ping test to check the connectivity across VPC’s.
4. Edit/Update Security Groups
Lastly, edit SG’s(if required) to allow SSH or access as per requirement.
Test SSH i.e. VPC J(EC2 J)→ VPC A(EC2 A) or vice versa…Voila! 🙂
So, we are good for our application deployment as we successfully peered our two isolated VPC’s.
Cleanup
Please do remember to perform the cleanup in case doing it for the sake of testing that is avoid any charges @ AWS.
Terminate/Delete EC2 instances, VPC’s, and associated components too, if not in use as it will save you some bucks! 💰.
Cheers!
— A blog by teckdevOps
