AWS Transit Gateway Peering-2VPCs in different regions

·

4 min read

🚀 Day 5 of 7 days of AWS challenge

VPC :-A virtual private cloud (VPC) is a cloud-based virtual network. It enables you to have a private area of the internet that functions similarly to a separate network inside a bigger network. You can construct and manage a variety of resources within this VPC, including servers, databases, and storage.You can define access rules, set up firewalls, and configure security groups to regulate who can access your resources and how they can communicate.


A VPC with an internet gateway and subnets in three Availability Zones.

VPC components

  • Subnets: Within your VPC, a subnet is a range of IP addresses. A single availability zone is where a subnet must be located. You can start using AWS resources in your VPC after adding subnets.

  • Internet Gateways: Your VPC is connected to another network via a gateway. For instance, to link your VPC to the internet, use an internet gateway. To access AWS services privately, you can utilize a VPC endpoint instead of a NAT or internet gateway.

  • Route table: Use route tables to determine where network traffic from your subnet or gateway is directed.

  • Peering connections: To route traffic between the resources in two VPCs, use a VPC peering connection.

  • #AWS Transit Gateway Peering-2VPCs in different regions

  • Scenario -

  • We have 2 AWS regions Ohio and Oregon. Both of these regions have 1 unpeered VPC with 1 subnet.

  • you need to change Telnet Port 22 from a public-facing EC2 instance launched in Ohio-VPC to a private EC2 instance running in Oregon-VPC

  • Provision VPCs:

  • Step 1:

  • Create 2 VPCs in different regions.(e.g., Ohio, Oregon)

  • Create subnets in their different VPCs.(e.g., Subnet1 , Subnet2)

  • Provision 2 Internet gateways (e.g., Ohio IGW1, Oregon IGW2) and connect the internet gateways with the VPCs (e.g. Ohio-VPC1-IGW1, Oregon-VPC2-IGW2)

  • Rename default 2 route tables as Ohio-VPC1-RT1 and Oregon-VPC2-RT2

  • Change the default route tables to add a route to its IGW.

  • Ensure that the subnets are associated with V PC's default route tables.

  • Provision Transit Gateway

  • Step 2:

  • Provision Transit Gateways with the name (e.g. Ohio-TG1, Oregon-TG2)

  • Provide Amazon side Autonomous System Number (ANS): 4200000000

  • Leave all other settings as default.

  • After creating both transit gateways with both VPCs as an attachment,.

  • Observe both transit gateway routing tables. VPC's should be propagated.

  • Provision EC2

  • Step 3:

  • Modify the security groups in their different regions to open Inbound port for Telnet, i.e. Port 23

  • Port 23 should be opened to the CIDR block of the other VPC

  • (Note: For Ohio-VPC-1, it should be open to the CIDR block of Oregon-VPC2, i.e., 198.0.0.0/16. For Oregon-VPC-2: It should be open to the CIDR

  • block of Ohio-VPC1.

  • Create 2 EC2 instances in different regions. (e.g.Ohio-EC2-1 and Oregon-EC2-2)

    Note: Any instance should be disabled as a public IP.

  • Associate it with its security groups.

  • Create Peering

  • Step 4:

  • Add a peering attachment for both different regions.(e.g. Ohio,Oregon)

  • Note: You will need a Transit Gateway ID for both regions.

  • While creating peer attachments, change the attachment type form VPC to peering

Accept the peer attachment request

  • Step 5:

  • Go to Transit Gateway attachments and select the accept peer attachment request from Oregon-TG2.

  • Modify Transit Gateway Route Table

  • Step 6:

  • Modify the route tables of BOTH Transit Gateway-

  • For Oregon:Create a static route for Ohio-VPC-1, i.e. 10.0.0.0/16

  • For Ohio:Create a static route for Oregon-VPC-2, i.e. 198.0.0.0/16

  • SSH and TELNET

  • Step 7:

  •   For SSH : chmod 400 (keypair file name)
                ssh-i(keypair file name) ubuntu@Ip address
    
  • Commands for Telnet

  • Step 8:

1. to check

apt show telnetd

2. Install Telnet

sudo apt install telnetd -y

3. Check the Telnet’s Status

$ sudo systemctl status inetd

4. Configure Firewall for Telnet

$ sudo ufw enable

$ sudo ufw allow 23

6. Test the Telnet Server

$ telnet 192.168.1.25

  1. $exit

NOW YOU SHOULD BE ABLE TO TELNET FROM EC2-1 TO EC2-2 VIA TRANSIT GATEWAY PEERING.

Happy Learning

Â