inter-regional-vpc-peering / README.md
README.md
Raw

inter-regional-vpc-peering

This project demonstrates the ability to connect 2 VPCs in different regions using VPC peering. The same steps are involved in the case of 2 VPCs within the same region (intra-regional VPCs peering). The steps followed in the project include...

  1. VPC was created in us-east-1 region.

  2. 2 subnets were created within the VPC in the us-east-1 region - one subnet is public and is used for provisioning a bastion host for accessing private instance, the other subnet is for provisioning an instance that would be inaccessible to the public (i.e a private instance).

  3. 2 security groups are created within the same VPC, one is for the bastion host and is to allow SSH traffic on port 22, the other is to allow ICMP traffic (pinging) and SSH on port 22 from the bastion host security group.

  4. A second VPC is created in us-west-1 region.

  5. This VPC also contains a subnet, with a security group attached. The security group allows ICMP traffic only from the first VPC in us-east-1.

  6. A VPC peering connection is the created in us-east-1, with the requester being the first VPC, and the accepter being the second VPC in us-west-1.

  7. Once the connection is created, it is then accepted in us-west-1.

  8. To use this connection, a Route table is created in the VPC in us-east-1 and a route is added to allow traffic coming from the VPC in us-west-1 to go through the peering connection.

  9. The subnet that will host the private instance in us-east-1 is then associated with this Route table.

  10. The same is done in us-west-1 where a Route table is created and a route added to allow traffic from the VPC in us-east-1 to pass through the peering connection. The subnet created in this VPC is then associated with the Route table. This subnet will contain the private instance in this region.

  11. A second Route table is created in us-east-1, with a route stating that traffic bound for the internet should pass through internet gateway (this should first be created and attached to the VPC in us-east-1).

  12. The bastion host, private istance (use same key pair for the bastion host and the private instance) in us-east-1 and private instance in us-west-1 (provision this instance without a key pair) are created in their specific subnets and associated with their respective security groups.

  13. SSH into the bastion host using the key pair used to provion it.

  14. From the bastion host, ping the private instance in us-east-1. Also, create a .pem file in bastion host, and copy the ssh private key content from local machine to the file. Use this to ssh into the private instance.

  15. Once in the private instance in us-east-1, run a ping command to get a response from the private instance in the VPC in us-west-1.

Powered by GitFront