Intra-region Vs Inter-region Vpc Peering Connection

Intra-Region VPC peering:

Intra-region VPC peering means the VPC peering connection between different VPCs within the same region.

Inter-Region VPC peering:

Inter-region VPC peering is the VPC connection between different VPCs of different regions.

In VPC peering we have to connect all of these with each other to connect since VPC does not support transition property as shown in the figure above.

In this lab, the following terms are considered:

• we are going to create 3 VPCs, 2 in the same region for intra-region connection and one in a different region for inter-region connection.

• Create at least one public subnet for now for each VPC for creating EC2 instance using that VPC

• EC2 is used to check whether the connection is established or not using the internet gateway and ssh.

Architecture for LAB:

Step 1: Create two VPCs using the configuration in any one region:

• Open your account and select us-east-1 any other region

• Goto VPC and then create two VPCs

For VPC1:

• Your VPCs: VPC settings:

  • Select Resources to create VPC only

  • Name tag - optional: VPC1

  • IPv4 CIDR: 10.0.0.0/16

    Create VPC

• Subnets: Create subnet

  • VPC ID: select VPC1

  • Subnet name: vpc1subnet

  • Availability Zone: us-east-1a or any other as your choice

  • IPv4 CIDR block: 10.0.0.0/24

    Create subnet

• Internet gateways: Create Internet gateway

  • Name tag: vpc1gateway

    Create internet gateway

  • Attach to VPC: Select VPC1

• Route tables: Create route table

  • Name - optional: vpc1route

  • VPC: Select VPC1

    Create route table

  • Select vpc1route ID -> Select Routes -> Edit route -> Add route

    • Destination: 0.0.0.0/0 Target: select internet gateway and then vpc1gateway

      Save changes

  • Select vpc1route ID -> Select Subnet associations->

    Edit subnet associations

    • Select vpc1subnet and Save associations

For VPC2: (in the same region us-east-1)

• Your VPCs: VPC settings:

  • Select Resources to create VPC only

  • Name tag - optional: VPC2

  • IPv4 CIDR: 20.0.0.0/16

    Create VPC

• Subnets: Create subnet

  • VPC ID: select VPC2

  • Subnet name: vpc2subnet

  • Availability Zone: us-east-1a or any other as your choice

  • IPv4 CIDR block: 20.0.0.0/24

    Create subnet

• Internet gateways: Create Internet gateway

  • Name tag: vpc2gateway

    Create internet gateway

  • Attach to VPC: Select VPC2

• Route tables: Create route table

  • Name - optional: vpc2route

  • VPC: Select VPC2

    Create route table

  • Select vpc2route ID -> Select Routes -> Edit route -> Add route

    • Destination: 0.0.0.0/0 Target: select internet gateway and then vpc2gateway

      Save changes

  • Select vpc2route ID -> Select Subnet associations->

    Edit subnet associations

    • Select vpc2subnet and Save associations

Step 2: Create EC2 instances for individual VPCs

FOR first EC2 using VPC1

• Search and open EC2

• Select Instances and Launch instances

  • Name: vpc1server

  • Key pair name - required: Create new key pair

    Key pair name: myk

    For putty select .ppk and for Linux or ssh select .pem

  • Expand Network settings and EDIT as

    • VPC - required: Select VPC1

    • Subnet: Select vpc1subnet

    • Auto-assign public IP: Enable

    • Firewall (security groups): Select Create security group

      (Note: You can individually create SG)

      • Security group name - required: Region1SG

      • Description - required: Its for VPC1 in region 1

      • Inbound Security Group Rules

        • Add security group rule:

          Type: All ICMP - IPv4

          Source type: Anywhere

Launch instances

FOR second EC2 using VPC2

• Search and open EC2

• Select Instances and Launch instances

  • Name: vpc2server

  • Key pair name - required: Create new key pair or Select myk created above

    For putty select .ppk and for Linux or ssh select .pem

  • Expand Network settings and EDIT as

    • VPC - required: Select VPC2

    • Subnet: Select vpc2subnet

    • Auto-assign public IP: Enable

    • Firewall (security groups): Select Create security group

      (Note: You can individually create SG)

      • Security group name - required: Region1SG2

      • Description - required: Its for VPC2 in region 1

      • Inbound Security Group Rules

        • Add security group rule:

          Type: All ICMP - IPv4

          Source type: Anywhere

Launch instances

All Done for Region 1

Step 3: Create VPC in another region as

For VPC3: Change region as us-west-2 or any other region

• Your VPCs: VPC settings:

  • Select Resources to create VPC only

  • Name tag - optional: VPC3

  • IPv4 CIDR: 30.0.0.0/16

    Create VPC

• Subnets: Create subnet

  • VPC ID: select VPC3

  • Subnet name: vpc3subnet

  • Availability Zone: us-west-1a or any other as your choice

  • IPv4 CIDR block: 30.0.0.0/24

    Create subnet

• Internet gateways: Create Internet gateway

  • Name tag: vpc3gateway

    Create internet gateway

  • Attach to VPC: Select VPC3

• Route tables: Create route table

  • Name - optional: vpc3route

  • VPC: Select VPC3

    Create route table

  • Select vpc3route ID -> Select Routes -> Edit route -> Add route

    • Destination: 0.0.0.0/0 Target: select internet gateway and then vpc3gateway

      Save changes

  • Select vpc3route ID -> Select Subnet associations->

    Edit subnet associations

    • Select vpc3subnet and Save associations

Step 4: Create an EC2 instance for VPC in that region

FOR EC2 using VPC3

• Search and open EC2

• Select Instances and Launch instances

  • Name: vpc3server

  • Key pair name - required: Create new key pair

    Key pair name: mykey3

    For putty select .ppk and for Linux or ssh select .pem

  • Expand Network setting and EDIT as

    • VPC - required: Select VPC3

    • Subnet: Select vpc3subnet

    • Auto-assign public IP: Enable

    • Firewall (security groups): Select Create security group

      (Note: You can individually create SG)

      • Security group name - required: Region2SG3

      • Description - required: Its for VPC3 in region 2

      • Inbound Security Group Rules

        • Add security group rule:

          Type: All ICMP - IPv4

          Source type: Anywhere

Launch instances

Step 5: Connect to any initial server

• Change the region: us-east-1

• Select the vpc1server and copy Public IPv4 address

• For window user

  • Download and Open Putty and in session:

    • Host Name (or IP address): paste Public IPv4 address

  • In left Expand +Connection -> Expand +SSH -> Expand +Auth -> Credentials

    • Private key file for authentication: browse and choose myk.ppk that automatically downloaded while creating key pair

  • Click Open

  • Accept if any alert box appears and login as: ec2-user in your case enter the IAM username to connect

• For Linux user

  • Open Bash terminal and go to the directory where you want to perform the SSH command

  • Locate the key pair that downloaded automatically while creating as myk.pem and move to that directory

  • Then paste the following code:

    ssh -i "myk.pem" <IAM-user-name>@<public-ip-address>

Replace <IAM-user-name> and <public-ip-address> with your own.

• Try the following command to check the initial connection with the internet

    ping google.com
  

• Also, try to ping the public IPs of other servers i.e. vpc2server and vpc3server

    ping <public-ip-address>
  

  Replace <public-ip-address> with copied public IP of the server and check connection is established or not.

Step 6: Connect to another server of the same region using the virtual server that we are connected in

• For window users only

  • Open myk.ppk from the downloaded location and copy all contents

  • Using PuttyGen or another platform convert it to pem for example, let's choose any trusted online converter and copy the contents of pem file

• If you are a Linux user you already had pem file so open it and copy the contents

• Now, go to the previously connected server and perform the following command

    nano new.pem
  

  And paste all that you copied using right-click, then Ctrl+O to save and Ctrl+X to exit.

• Now. copy the public IP of vpc2server and perform the following command

    sudo su
    ssh -i "new.pem" <IAM-user-name>@<public-ip-address>
  

  • Replace <IAM-user-name> and <public-ip-address> and select yes if any prompt is asked.

  • Through vpc1server you connected with vpc2server

  • Similarly, ping the public IPs of other servers i.e. vpc1server and vpc3server

      ping <public-ip-address>
    

    Copy and Replace <public-ip-address> with copied public IP of the server and check connection is established or not.

Step 7: Similarly, Connect to the server of the other region

• For window users only

  • Open mykey3.ppk from the downloaded location and copy all contents

  • Using PuttyGen or another platform convert it to pem for example, let's choose any trusted online converter and copy the contents of pem file

• If you are a Linux user you already had pem file so open it and copy the contents

• Now, go to the previously connected server and perform the following command

    nano new.pem
  

  And paste all that you copied using right-click, then Ctrl+O to save and Ctrl+X to exit.

• Now. copy the public IP of vpc2server and perform the following command

    sudo su
    ssh -i "new.pem" <IAM-user-name>@<public-ip-address>
  

  Replace <IAM-user-name> and <public-ip-address> and select yes if any prompt is asked.

  • Through vpc2server you connected with vpc3server located in a different region

  • Similarly, ping the public IPs of other servers i.e. vpc1server and vpc2server

      ping <public-ip-address>
    

    Copy and Replace <public-ip-address> with copied public IP of the server and check connection is established or not.

Which shows the use case of VPC peering.

Close all resources you created

Thank you !!! Happy Learning!