Creating and Testing a Peering Connection with a Private VPC

Hands-On Lab

 

Photo of Trent Hayes

Trent Hayes

Training Architect

Length

00:30:00

Difficulty

Intermediate

Welcome to this hands-on AWS lab where we will be creating and testing a VPC peering connection. You will gain knowledge and experience with: 1. Creating a VPC 2. Creating a VPC peering connection 3. Editing route tables for the peering connection 4. Launching EC2 instances in each VPC 5. Testing the connection over SSH using private IP addresses VPC peering connections are important in many scenarios. If your organization has resources in different regions or has business partnerships that may need access to your VPC, it is important to know how to create and configure these connections. They can also be used to satisfy security regulations. Good luck and enjoy the lab!

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating and Testing a Peering Connection with a Private VPC

Introduction

Welcome to this hands-on AWS lab where we will be creating and testing a VPC peering connection.

You will gain knowledge and experience with:

  1. Creating a VPC
  2. Creating a VPC peering connection
  3. Editing route tables for the peering connection
  4. Launching EC2 instances in each VPC
  5. Testing the connection over SSH using private IP addresses

VPC peering connections are important in many scenarios. If your organization has resources in different regions or has business partnerships that may need access to your VPC, it is important to know how to create and configure these connections. They can also be used to satisfy security regulations.

Log in to the Azure Portal using the credentials provided on the hands-on lab page.

Creating and Configuring a Private VPC Peering Connection

Create a VPC

The environment already has one VPC. Now you need to create a second VPC so there are two that can be peered together.

  1. Navigate to the VPC page and click Your VPCs in the left sidebar
    • Click Create VPC
    • Give it a name of "VPC2" and a CIDR block of "10.0.0.0/16"
    • Note: Do not use the SysOPs VPC CIDR 10.99.0.0/16
    • Click Yes, Create

Create a Public Subnet in the new VPC

Create a public subnet in the VPC you just created.

  1. Choose Subnets in the left column
    • Click Create Subnet
    • Give it a name of "Subnet1", choose the new VPC2, and add a CIDR block of "10.0.0.0/24"
    • Note: That is a part of your VPC CIDR
    • Click Yes, Create

Create a VPC Peering Connection

Create a VPC peering connection between the two VPCs in the account (and make sure the connection is accepted/active).

  1. Create the Peering Connection
    1. Choose Peering Connections in the left sidebar
      • Click Create Peering Connection
      • Supply it a name tag of "peering1"
      • Use your new VPC2 as the Requester
      • Use SysOps VPC1 as the Accepter
      • Click Create Peering Connection
      • Click OK
      • Check the box beside your new Peering Connection
      • Click Actions
      • Choose "Accept Request
      • Click Yes, Accept, then Close
      • Set up the necessary routing
    2. Choose Route Tables in the left sidebar
      • Check the box next to the PublicRT route in the SysOps VPC
      • Edit the route table to add a route to your new VPC CIDR using the Peering Connection as a Target
      • Click Edit
      • Click Add another route
      • Destination: 10.0.0.0/16
      • Target: peering1 Peering Connection
      • Click Save
      • Check the box next to your new VPC2's route table
      • Edit the route table to add a route to the SysOps VPC CIDR (10.99.0.0/16) using the Peering Connection as a Target
      • Click Edit
      • Click Add another route
      • Destination: 10.99.0.0/16
      • Target: peering1 Peering Connection
      • Click Save
      • In that same route table, associate the subnet from your new VPC with the table
      • Click Save

Create two EC2 instances, one in each VPC, and test the connection using SSH

Create two EC2 instances (one in each VPC). These instances will be used to test the VPC peering connection.

  • Create two instances
    • One in SysOPs VPC in one of the DMZ subnets with a public IP
      • Click Launch Instance
      • Select the Amazon Linux AMI
      • Select t.2 micro
      • Network: VPC2
      • Auto-assign Public IP: Disable
      • Proceed through the steps using the default settings
      • Click Launch
      • Create and download a new key pair
        • Key pair name: peeringkey
        • Click Download Key Pair
      • Click Launch Instances and then click View Instances
      • Name this new instance "Bastion-VPC2"
    • One in the new VPC in the public subnet with a public IP
      • Click Launch Instance
      • Select the Amazon Linux AMI
      • Select t.2 micro
      • Network: VPC1
      • Auto-assign Public IP: Enable
      • Proceed through the steps using the default settings
      • Click Launch
      • Use the same key pair as the other instance
        • Check the box to acknowledge that you already have the key pair
      • Click Launch Instances and then click View Instances
      • Name this new instance "Bastion-VPC1"
  • Connect across the Peering Connection

    • Copy the public IP of the Bastion-VPC1 instance

    • Go to the terminal

    • Change the permissions on the downloaded key (chmod 400 peeringkey.pem)

    • Set up SSH forwarding, use the following commands:

      ssh-agent bash
      ssh-add peeringkey.pem
      ssh -A ec2-user@<BASTION-VPC1-PUBLIC-IP>
    • Go to the EC2 console and copy the private IP of the Bastion-VPC2 instance

    • Back in the terminal, type the following:

      $ ssh ec2-user@<BASTION-VPC2-PRIVATE-IP>
    • You just connected across the peering connection using a private IP!

Conclusion

Congratulations, you've completed this hands-on lab!