**Thank you for your interest in this content. Unfortunately, this content is no longer being updated and some of it may be out-of-date.**
In this live environment, you will learn how to create, and configure VPC peering within AWS. VPC peering is a feature of AWS which allows cross-VPC communication, without additional hardware, or software solutions. VPC peering is a feature you will use daily in production environments, and it’s useful to know for all of the AWS exams. The environment is split into three stages. There is an architectural overview first, followed by the creation and configuration of a VPC peer, and finally the live environment will finish by demonstrating the limitations of VPC peering and some advanced features. By the end of the lab, you will be able to comfortably implement VPC peering, know it’s limitations, and perhaps more importantly understand when and why you would use the feature.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a VPC Peer
- Change the NACL for Public2 Subnet – change
ICMPfrom,0.0.0.0/0to10.0.0.0/13. - Create a VPC peer from
VPC1, toVPC2. Accept the VPC peer between
VPC1, andVPC2.Note: Ensure you are logged in to the AWS account, INSTANCE1, and INSTANCE2 using the cloud_user credentials provided.
- Change the NACL for Public2 Subnet – change
- Configure Routing
- Locate the route tables associated with
PublicSubnet1, andPrivateSubnet1. - In each – Add a route for the CIDR of
VPC2and the target of the VPC Peer created in Task 1. - Locate the route tables associated with
PublicSubnet2, andPrivateSubnet2. - In each – Add a route for the CIDR of
VPC1and the target of the VPC Peer created in Task 1. Obtain the privateIP for
Instance2, and ping it fromInstance1.Note: Ensure the VPC peer is created and active from Task 1.
- Locate the route tables associated with
- Create VPC Peer Mesh
Create and Accept a VPC peer from
VPC2toVPC3Locate the route tables associated with
PublicSubnet2andPrivateSubnet2.In each – Add a route for the CIDR of
VPC3and the target of the VPC Peer created in Task 1.Locate the route tables associated with
PublicSubnet3andPrivateSubnet3.In each – Add a route for the CIDR of
VPC2and the target of the VPC Peer created in Task 1.Edit the NACL associated with the subnet
Instance3is in. Add a INGRESS rule allowing ICMP IPv4 from10.0.0.0/13.Edit the NACL associated with the subnet
Instance3is in. Add a EGRESS rule allowing ICMP IPv4 to10.0.0.0/13.Ping the privateIP of
Instance3fromInstance2– does it work? Why?Note: VPC peering isn’t transitive. A pair of peers from VPC1 <-> VPC2 and from VPC2 <-> VPC3 does not mean VPC1 and VPC3 can communicate.
Create and accept a VPC peer from
VPC1toVPC3.Locate the route tables associated with
PublicSubnet1, andPrivateSubnet1.In each – Add a route for the CIDR of
VPC3, and the target of the VPC Peer created in Task 1.Locate the route tables associated with
PublicSubnet3, andPrivateSubnet3.In each – Add a route for the CIDR of
VPC1, and the target of the VPC Peer created in Task 1.From
Instance1, ping the privateIP ofInstance3.Note: Ensure the VPC Peer from Task 1 is created and active.
- DNS Over VPC Peer
Note: Ensure that the VPC peer created in Task 1, the routing from Task 2, and the VPC peer mesh and routing from Task 3 are all active:
- From the EC2 console, locate the public DNS name, and private DNS name for
Instance2 - From
Instance1, ping the public hostname ofInstance2, and it should return a public IP - From the VPC peer options between
VPC1, andVPC2, enable both DNS resolution check boxes If you wait a few minutes and ping the public DNS name of
Instance2fromInstance1, what happens?Note: Enabling DNS support for VPC peers allows the private IP usage to be forced, if applications always use the instance DNS name.
- From the EC2 console, locate the public DNS name, and private DNS name for
