This lab walks you through the steps to create a VPC in the us-east-1 region with an EC2 instance launched in a public subnet and another VPC in ap-south-1 region with an EC2 instance launched in a private subnet. Now you will perform inter region VPC peering and then SSH into the private EC2 from the public EC2 instance.
You will practice the lab using VPC and EC2.
Duration: 90 minutes
AWS Region: US East (N. Virginia) and Asia Pacific (Mumbai)
VPC (Virtual Private Cloud) is an isolated network of resources created in the cloud, basically your isolated data center created in the cloud. Inter-region VPC peering permits resources like, EC2 instances, databases, lambda functions running in VPCs within different AWS regions to communicate with each other using private addresses without requiring gateways or VPN connections. Traffic using inter-region peering actually stays on the AWS global backbone network and never passes through the public internet where it is exposed to threats vectors like DDoS attacks, making it a more secure means of communication. It is a simple and cost effective way to share resources between different regions.
AWS provides your instance in a VPC with public and private DNS hostnames that correspond to the public IPv4 and private IPv4 addresses for the instance but do not provide DNS hostnames for IPv6 addresses.
Public DNS format : ec2-public-ipv4-address.compute-1.amazonaws.com
Private DNS format : ip-private-ipv4-address.ec2.internal
If you enable DNS hostname, AWS will provide DNS hostname to the EC2 created in that VPC.
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. You need to enable DNS Resolver in your VPC so that the DNS hostnames get resolved to the corresponding IPv4 IP address.
With the prevalence of remote work, Whizlabs-Lab, an e-learning company based in India, has outsourced software development of their customer-facing application to a team in N.Virginia. Whizlabs-Lab Development Team in the USA has created a VPC, at their home region - US East (N.Virginia), configured and provisioned it for the internet-facing Web Application in EC2 Instance. They create a VPC, in Asia Pacific (Mumbai) region - where the company is headquartered. As part of regulatory, critical uptime and devops architecture requirements, there is a need for simple, low-cost, secure communication and sharing of resources between the two EC2.
In this lab we shall create a VPC in the US East (N.Virginia) region, configure and provision it for the simple internet facing website and in a different region - Asia Pacific (Mumbai). We shall create and configure an VPC with an EC2 instance, then we perform inter-region VPC peering to connect both regions and finally test to ensure resources in both VPCs can communicate with each other. Thus the EC2 can share data from one another.
Launching Lab Environment
Create a VPC in N.Virginia Region
Create a Public subnet
Create and attach an Internet Gateway
Create a Public Route Table and associate it with the subnet
Add public Route in the Route table
Launch an EC2 instance
Create a VPC in the Mumbai Region.
Create a Private subnet
Launch an EC2 instance
Test the connectivity between two regions
Perform Inter VPC Peering
Test the connectivity between two regions.
Validation of the lab