AWS Transit Gateway Peering-2VPCs in different regions
🚀 Day 5 of 7 days of AWS challenge
VPC :-A virtual private cloud (VPC) is a cloud-based virtual network. It enables you to have a private area of the internet that functions similarly to a separate network inside a bigger network. You can construct and manage a variety of resources within this VPC, including servers, databases, and storage.You can define access rules, set up firewalls, and configure security groups to regulate who can access your resources and how they can communicate.
VPC components
Subnets: Within your VPC, a subnet is a range of IP addresses. A single availability zone is where a subnet must be located. You can start using AWS resources in your VPC after adding subnets.
Internet Gateways: Your VPC is connected to another network via a gateway. For instance, to link your VPC to the internet, use an internet gateway. To access AWS services privately, you can utilize a VPC endpoint instead of a NAT or internet gateway.
Route table: Use route tables to determine where network traffic from your subnet or gateway is directed.
Peering connections: To route traffic between the resources in two VPCs, use a VPC peering connection.
#AWS Transit Gateway Peering-2VPCs in different regions
Scenario -
We have 2 AWS regions Ohio and Oregon. Both of these regions have 1 unpeered VPC with 1 subnet.
you need to change Telnet Port 22 from a public-facing EC2 instance launched in Ohio-VPC to a private EC2 instance running in Oregon-VPC
Provision VPCs:
Step 1:
Create 2 VPCs in different regions.(e.g., Ohio, Oregon)
Create subnets in their different VPCs.(e.g., Subnet1 , Subnet2)
Provision 2 Internet gateways (e.g., Ohio IGW1, Oregon IGW2) and connect the internet gateways with the VPCs (e.g. Ohio-VPC1-IGW1, Oregon-VPC2-IGW2)
Rename default 2 route tables as Ohio-VPC1-RT1 and Oregon-VPC2-RT2
Change the default route tables to add a route to its IGW.
Ensure that the subnets are associated with V PC's default route tables.
Provision Transit Gateway
Step 2:
Provision Transit Gateways with the name (e.g. Ohio-TG1, Oregon-TG2)
Provide Amazon side Autonomous System Number (ANS): 4200000000
Leave all other settings as default.
After creating both transit gateways with both VPCs as an attachment,.
Observe both transit gateway routing tables. VPC's should be propagated.
Provision EC2
Step 3:
Modify the security groups in their different regions to open Inbound port for Telnet, i.e. Port 23
Port 23 should be opened to the CIDR block of the other VPC
(Note: For Ohio-VPC-1, it should be open to the CIDR block of Oregon-VPC2, i.e., 198.0.0.0/16. For Oregon-VPC-2: It should be open to the CIDR
block of Ohio-VPC1.
Create 2 EC2 instances in different regions. (e.g.Ohio-EC2-1 and Oregon-EC2-2)
Note: Any instance should be disabled as a public IP.
Associate it with its security groups.
Create Peering
Step 4:
Add a peering attachment for both different regions.(e.g. Ohio,Oregon)
Note: You will need a Transit Gateway ID for both regions.
While creating peer attachments, change the attachment type form VPC to peering
Accept the peer attachment request
Step 5:
Go to Transit Gateway attachments and select the accept peer attachment request from Oregon-TG2.
Modify Transit Gateway Route Table
Step 6:
Modify the route tables of BOTH Transit Gateway-
For Oregon:Create a static route for Ohio-VPC-1, i.e. 10.0.0.0/16
For Ohio:Create a static route for Oregon-VPC-2, i.e. 198.0.0.0/16
SSH and TELNET
Step 7:
For SSH : chmod 400 (keypair file name) ssh-i(keypair file name) ubuntu@Ip addressCommands for Telnet
Step 8:
1. to check
apt show telnetd
2. Install Telnet
sudo apt install telnetd -y
3. Check the Telnet’s Status
$ sudo systemctl status inetd
4. Configure Firewall for Telnet
$ sudo ufw enable
$ sudo ufw allow 23
6. Test the Telnet Server
$ telnet 192.168.1.25
- $exit
NOW YOU SHOULD BE ABLE TO TELNET FROM EC2-1 TO EC2-2 VIA TRANSIT GATEWAY PEERING.
Happy Learning