Inter Region VPC Peering

Lab Details

1. This lab walks you through the steps to create a VPC in the us-east-1 region with an EC2 instance launched in a public subnet and another VPC in ap-south-1 region with an EC2 instance launched in a private subnet. Now you will perform inter region VPC peering and then SSH into the private EC2 from the public EC2 instance.

2. You will practice the lab using VPC and EC2.

3. Duration: 90 minutes

4. AWS Region: US East (N. Virginia) and Asia Pacific (Mumbai)

Introduction

What is inter region VPC peering?

VPC (Virtual Private Cloud) is an isolated network of resources created in the cloud, basically your isolated data center created in the cloud. Inter-region VPC peering permits resources like, EC2 instances, databases, lambda functions running in VPCs within different AWS regions to communicate with each other using private addresses without requiring gateways or VPN connections. Traffic using inter-region peering actually stays on the AWS global backbone network and never passes through the public internet where it is exposed to threats vectors like DDoS attacks, making it a more secure means of communication. It is a simple and cost effective way to share resources between different regions.

DNS hostnames

AWS provides your instance in a VPC with public and private DNS hostnames that correspond to the public IPv4 and private IPv4 addresses for the instance but  do not provide DNS hostnames for IPv6 addresses.

 

Public DNS format : ec2-public-ipv4-address.compute-1.amazonaws.com

Private DNS format : ip-private-ipv4-address.ec2.internal

 

If you enable DNS hostname, AWS will provide DNS hostname to the EC2 created in that VPC.

Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. You need to enable DNS Resolver in your VPC so that the DNS hostnames get resolved to the corresponding IPv4 IP address.

Case study

With the prevalence of remote work, Whizlabs-Lab, an e-learning company based in India, has outsourced software development of their customer-facing application to a team in N.Virginia. Whizlabs-Lab Development Team in the USA has created a VPC, at their home region - US East (N.Virginia), configured and provisioned it for the internet-facing Web Application in EC2 Instance. They create a VPC, in Asia Pacific (Mumbai) region - where the company is headquartered. As part of regulatory, critical uptime and devops architecture requirements, there is a need for simple, low-cost, secure communication and sharing of resources between the two EC2.

 

In this lab we shall create a VPC in the US East (N.Virginia) region, configure and provision it for the simple internet facing website and in a different region - Asia Pacific (Mumbai).  We shall create and configure an VPC with an EC2 instance, then we perform inter-region VPC peering to connect both regions and finally test to ensure resources in both VPCs can communicate with each other. Thus the EC2 can share data from one another.

Case study Diagram

Task Details

1. Launching Lab Environment

2. Create a VPC in N.Virginia Region

3. Create a Public subnet

4. Create and attach an Internet Gateway

5. Create a Public Route Table and associate it with the subnet

6. Add public Route in the Route table

7. Launch an EC2 instance

8. Create a VPC in the Mumbai Region.

9. Create a Private subnet

10. Launch an EC2 instance

11. Test the connectivity between two regions

12. Perform Inter VPC Peering

13. Test the connectivity between two regions.

14. Validation of the lab

Architecture Diagram