Configuring Inter-Region VPC Peering in an AWS Environment

Hands-On Lab

 

Photo of Craig Arcuri

Craig Arcuri

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Advanced

This Learning Activity introduces the student to Inter-Region VPC Peering. Inter-Region VPC Peering is a relatively new feature (December 2017) that allows for VPC Peering between VPCs in two different regions. The Learning Activity will walk students through configuring VPCs in two different regions, and setting up the peering connection between the two VPCs. We'll configure an EC2 instance on a public subnet in the Northern Virginia region, and we'll create a private instance the Oregon region. It is necessary to share a key pair between the two regions, in order to allow the EC2 instance in Northern Virginia to access the private instance in Oregon. The video shows techniques to configure sharing of the Key Pair from the AWS Management Console and the CLI.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring Inter-Region VPC Peering in an AWS Environment

Introduction

In this hands-on lab, we'll configure VPCs in two different regions and set up the peering connection between the two VPCs.

For help with PuTTY on Windows for SSH, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html?icmpid=docs_ec2_console

Solution

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region when you sign in.

Create a VPC in the us-west-2 Region

  1. Navigate to VPC.
  2. Head to the one we currently have one in the N. Virginia region, and copy its VPC ID into a text file — we'll need it later on.
  3. Open a new browser tab, and click the N. Virginia region listed in the upper right corner of the AWS console to select US West (Oregon).
  4. In the Oregon AWS console, click Your VPCs in the left-hand corner.
  5. Click Your VPCs in the sidebar.
  6. Click Create VPC.
  7. In the dialog, set the following values:
    • Name tag: VPC2
    • IPv4 CIDR block: 10.0.0.0/16
  8. Leave the IVv6 CIDR block and Tenancy fields as their default values.
  9. Click Yes, Create.

Create a Private Subnet in the New VPC (Oregon Region)

  1. Click Subnets in the left-hand menu.
  2. Click Create subnet.
    • Name tag: SubnetWest
    • VPC: VPC2
    • Availability Zone: Any availability zone except us-west-2d
    • IPv4 CIDR block: 10.0.0.0/24
  3. Click Create, and close out of the success message.

Create an Inter-Region VPC Peering Connection

  1. With SubnetWest selected, click Peering Connections in the left-hand menu.
  2. Click Create Peering Connection.
  3. Set the following values:
    • Peering connection name tag: peering1
    • VPC (Requestor): VPC2
    • Account: My account
    • Region: Another Region, N. Virginia (us-east-1)
    • VPC (Accepter): Paste in the VPC ID of our VPC in N. Virginia
  4. Click Create Peering Connection.
  5. In the N. Virginia AWS console, click Peering Connections in the left-hand menu.
  6. Click Actions, and select Accept Request.
  7. Click Yes, Accept.
  8. In the Description section below, copy its Accepter VPC CIDRs — we'll need it in a minute.

Set Up a Route Table

  1. In the Oregon AWS console, click Route Tables in the left-hand menu.
  2. Select the one associated with VPC2.
  3. Click the Routes tab below.
  4. Click Edit.
  5. Click Add another route.
  6. Set the following values:
    • Destination: Paste in the VPC CIDR you copied a minute ago
    • Target: peering1
  7. Click Save.
  8. In the N. Virginia AWS console, click Route Tables in the left-hand menu.
  9. Select the PublicRT.
  10. Click the Routes tab below.
  11. Click Edit.
  12. Click Add another route.
  13. Set the following values:
    • Destination: 10.0.0.0/16
    • Target: The pcx- peering connection
  14. Click Save.

Create a Public Instance for the N. Virginia Region

  1. In the N. Virginia AWS console, navigate to EC2.
  2. Click Launch Instance.
  3. On the AMI page, select the Amazon Linux 2 AMI.
  4. Leave t2.micro selected, and click Next: Configure Instance Details.
  5. On the Configure Instance Details page:
    • Network: VPC1
    • Subnet: DMZ1public
    • Auto-assign Public IP: Enable
  6. Leave the rest of the settings at their defaults.
  7. Click Next: Add Storage, then Next: Add Tags, and then Next: Configure Security Group.
  8. Select Create a new security group.
  9. Click Review and Launch, and then Launch.
  10. In the key pair dialog, select Create a new key pair.
  11. Give it a Key pair name of "keypeer".
  12. Click Download Key Pair, and then Launch Instances.
  13. Click View Instances.
  14. Once its status changes to running, copy the public IP (listed in the Description section below) into a text file. We'll need it in a minute.

Share the Key Pair Between Both Regions

  1. Open a terminal session, and change the permissions on the key pair:

    chmod 400 keypeer.pem
  2. Set up SSH forwarding:

    ssh-agent bash
  3. Add the identity, which is our key pair:

    ssh-add keypeer.pem
  4. Run the following command to extract the key pair's public key:

    ssh-keygen -y -f keypeer.pem
  5. Copy the result.

  6. In the Oregon AWS console, navigate to EC2.

  7. Click Key Pairs in the left-hand menu.

  8. Click Import Key Pair.

  9. In the dialog, set the following values:

    • Key pair name: keypeer
    • Public key contents: Paste in the public key
  10. Click Import.

Create a Private EC2 Instance for the Oregon Region

  1. Click EC2 Dashboard in the left-hand menu, and click Launch Instance.
  2. On the AMI page, select the Amazon Linux 2 AMI.
  3. Leave t2.micro selected, and click Next: Configure Instance Details.
  4. On the Configure Instance Details page:
    • Network: VPC2
    • Subnet: SubnetWest
    • Auto-assign Public IP: Disable
  5. Leave the rest of the settings at their defaults.
  6. Click Next: Add Storage, then Next: Add Tags, and then Next: Configure Security Group.
  7. Select Create a new security group.
  8. Click Review and Launch, and then Launch.
  9. In the key pair dialog, select Choose an existing key pair.
  10. Leave keypeer selected, and click Launch Instances.
  11. Click View Instances.
  12. Once its status changes to running, copy the private IP (listed in the Description section below) into a text file. We'll need it in a minute.

Connect to the Instances

  1. Log in via SSH to our public instance (replacing <PUBLIC_IP> with the public IP of the N. Virginia instance you copied a minute ago):

    ssh -A ec2-user@<PUBLIC_IP>
  2. Run an update:

    sudo yum update
  3. Log in via SSH to our private instance (replacing <PRIVATE_IP> with the private IP of the Oregon instance you copied a minute ago):

    ssh ec2-user@<PRIVATE_IP>

Conclusion

Congratulations on completing this hands-on lab!