Overview:
In this blog I will discuss building a VPC peering and why and when should we consider VPC peering over other services for connecting two VPCs.I will also write the script in which we create two VPC, connect using Terraform and check their connectivity
There are several advantages to using VPC peering over Other(transit gateway,VPN,DirectConnect):
Cost: VPC peering is free of charge, whereas other methods such as VPNs and Direct Connect may have a monthly fee. Simplicity: VPC peering is easy to set up and manage, whereas other methods can be more complex.
Flexibility: VPC Peering allows you to connect VPCs in any region or account, while other methods may be limited to VPCs in the same region.
Performance: VPC peering can provide better performance than other methods, especially for traffic between VPCs in different regions.
However, there are some drawbacks to using VPC peering:
Limited scalability: VPC peering is limited to 100 peering connections per VPC, whereas other methods can support more connections.
Security: VPC peering does not provide the same level of security as other methods, as you cannot control traffic between VPCs.
I Tried:
IAM roles for cross-accounting
provider "aws" {
region = "ap-northeast-1"
}
resource "aws_vpc" "vpc1" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc" "vpc2" {
cidr_block = "10.1.0.0/16"
}
resource "aws_vpc_peering_connection" "vpc_peering_connection" {
peer_vpc_id = aws_vpc.vpc1.id
vpc_id = aws_vpc.vpc2.id
}
resource "aws_route_table" "route_table1" {
vpc_id = aws_vpc.vpc1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_vpc_peering_connection.vpc_peering_connection.id
}
}
resource "aws_route_table" "route_table2" {
vpc_id = aws_vpc.vpc2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_vpc_peering_connection.vpc_peering_connection.id
}
}
resource "aws_subnet" "subnet1" {
vpc_id = aws_vpc.vpc1.id
cidr_block = "10.0.0.0/24"
availability_zone = "ap-northeast-1a"
tags = {
Name = "vpc1-subnet"
}
}
resource "aws_subnet" "subnet2" {
vpc_id = aws_vpc.vpc2.id
cidr_block = "10.1.0.0/24"
availability_zone = "ap-northeast-1a"
tags = {
Name = "vpc2-subnet"
}
}
For Testing
Lets you deploy EC2 instances in different VPCs with security groups that allow ICMP from each other's security groups.
resource "aws_instance" "ec2-01" {
ami = "ami-079338d49bc60aabc"
instance_type = "t2.small"
security_groups = [aws_security_group.sg1.id]
subnet_id = aws_subnet.subnet1.id
monitoring = false
}
resource "aws_security_group" "sg1" {
name = "sg1"
description = "sg"
vpc_id = aws_vpc.vpc1.id
}
resource "aws_instance" "ec2-02" {
ami = "ami-079338d49bc60aabc"
instance_type = "t2.small"
security_groups = [aws_security_group.sg2.id]
subnet_id = aws_subnet.subnet2.id
monitoring = false
}
resource "aws_security_group" "sg2" {
name = "sg2"
description = "sg"
vpc_id = aws_vpc.vpc2.id
}
We will add ingress rule and accept peering connection Using management console and try to ping from one vpc to another vpc
- I used reachability analyzer to track the path
- ssh into 1 vpc and ping to second vpc private ip
- ssh into 1 vpc and ping to second vpc private ip
Conclusion
Once the VPC peering connection is created, you can use it to connect resources in the two VPCs. For example, you could create an EC2 instance in one VPC and connect it to an RDS database in the other VPC.
VPC peering is a powerful tool that can be used to connect VPCs in the same AWS account or in different AWS accounts. By using VPC peering, you can extend your network and make it easier to share resources between VPCs.
16
