Creating a VPC Peering Connection

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi guys so in this lesson we're going to set up vpc peering and we'll do so between two regions and in each region we'll have a vpc so a custom vpc with these cider blocks now we did create one earlier on but i'm going to create both of these fresh so that you can start from scratch with this section if you want to otherwise if you've already created your first region you can just use the one we used earlier so we'll create two vpcs in different regions using these cider blocks we'll have a public subnet we'll launch ec2 instances into those public subnets update our route tables and set up our security groups and then we'll try and ping these instances using private addresses so firstly i'm in usc north virginia here and what i'm going to do is create a vpc i'm going to call this my bpc dash nv i'm going to create this one as 10.0.0.0.16 and we'll create that vpc we're then going to go to internet gateways create an internet gateway call this my dash igw so it's really good to get more practice because you really need to know how to use vpcs for the exam so let's now attach our igw so we've got our internet gateway attached now i want to go back to my vpc actually i need to set up a couple of things so under actions i want to set up dns host names i want to enable that i want to go to dns resolution and make sure that's checked so we've got that checked as well so we've got our internet gateway and what we need to do now is go to our route table because we need a route to our internet gateway so let's choose the correct route table here and we're going to edit add and put in 0.00 i'll just take that from the drop down so it's going to be any address that's outside of our range here is going to go via the internet gateway let's save that and i'm just going to create one public subnet so let's create one and this is going to go into the us east 1a availability zone i'm going to call this public dash 1a make sure it's in the correct vpc and it will be 10.0.0.0.24 for the subnet mask and that's basically that site set up now in the interest of time what i'm going to do is launch of a instance into this vpc so let's choose to launch an instance i'm going to use a linux 2ami t2 micro we're going to make sure we choose the new vpc and we're in our public subnet here and then let's go to security groups and we're going to create a new security group so it's going to be called web access it's going to have port 22 initially we'll need to add in another entry later on we'll see that shortly so let's just i need to create a new key pair for this region so let's create a new key pair call it my kp dash nv and i'm going to download that one and let's launch that instance and then what we need to do is head over to our second region my second region is going to be northern california so here i'm going to create a vpc called my vpc dash nc the cider block is going to be 10.1.0.0.16. let's create that one then we're going to do the same process so we're going to go create our internet gateway attach it to the vpc set up the correct options here for i want dns hostnet names to be enabled we'll go to our route table select the correct route table and again just put that route in so we've got our 0.0.0.0 and then that's going to go to our internet gateway click on save and then lastly we go to subnets again create a public subnet so this is going to be called public dash what's the availability zone it's 1b so i'm going to call that 1b put it in the correct vpc cider block will be 10.1.0.0.20 and create that subnet and the last thing that i've got to do and i have to do this on the other one as well actually is modify auto assign ipv4 addresses you've got to make sure you assign that because we want to get a public address so we can connect to our instances so back in region 1 i'm going to do the same thing make sure i've got my public subnet set to pick up public ip addresses so now instances launched into this public subnet will get an ip a public ip and they've got a route to an internet gateway so that's all good so the next thing to do is set up our peering connection and for this we'll need the vpc id of the other vpc so back in north california i'm going to copy the vpc id and then we're going to create a pairing connection in our primary region just call this my dash pier we choose the vpc for the requester that's going to be the vpc that we just created now it's going to be in the same account if it was in a different account you'd have to put in the account id we don't have to do that now so let's choose my account other region and we're going to choose us west north california put in the id of the vpc and then create peering connection so that's been created let's okay there and come back and it says it's initiating the request so let's come back over to north california click on peering connections and this one is pending acceptance so we just need to go in and accept the request so that's done what we need to do now is make sure we update our route tables because remember we've got to have the destinations and appearing ids set so that routing can happen between the vpcs so in north california we're going to have this entry here which is 10 0 0 16 which is going to go to this vpc so we go to route tables choose our route table and we're going to enter this route and this is going to be to 10.0.0.0.16 and this data is going to go via the peering connection we'll save that now back on the vpc in north virginia we need to do the same thing so we go to route tables choose our route table edit add and it's going to be 10.1.0.0 and again we choose the vpc peering connection and save the route and that's it so now we can launch two instances so we need to launch our instances into those public subnets and then we should be able to connect to them and see if we can ping the instance in the opposite vpc we might have to modify our security group so before we can do that so let's go to ec2 i'm going to launch a linux 2 ami t2 micro choose my new vpc it's got one subnet which is public i'm going to select a security group that has port 22 open and then let's launch this instance you need to do that for the other vpc now so just launch another instance with the same settings in the public subnet we just created and then once you've connected into both instances we'll see if we can ping from one instance to the other so i'm connected into my instances i've got the one in north california excuse me north virginia in blue and then north california is in green so what i'm going to do is i'm going to try and ping across from one of these instances to the other so let's try and ping 10.1.0.31 and i'm not expecting this to work because we don't have the security group set up but i just wanted to show you that it's not working first so it's zero percent zero received 100 packet loss and then it should be the same the other way around so that's what's expected let's go and set up our security groups properly back in ec2 in north virginia let's go to security groups i'm going to select my web access security group let's edit the inbound rules and then let's add one and this is going to be icmp all and then we're going to put in the cider block of the opposite vpc so it's going to be this 10 1 0 0 16. so obviously you could lock that down to your subnets or individual instances whatever you want but you can't use security group ids in this case because it's across regions so let's save that rule and now let's try and update the northern california security group so we'll just add the same rule in icmp all for v4 and then this should be 10.0.0.0.16. so that's the cider block for region one so that's set up let's try and rerun those pings so let's rerun and there we go we get a successful connection and we're pinging using the private ip address of the instance in that vpc let's try it the other way around just to make sure this works as well and that's all working so that's great so we're now connecting across vpcs in different regions using a vpc peering connection so that'll work very well let's just clean up our configuration now all we need to do is come back in obviously we need to terminate our instances and once those are terminated we can then go to vpc and we can just delete our vpc peering connection so we literally just come in and delete vpc peering connection and that will delete both sides of the connection as well so that's all you need to do really it was just the ec2 instances that were costing money anyway but we removed the peering connection and it's totally up to you whether you removed the vpc as well

Info

Channel: Digital Cloud Training

Views: 2,460

Rating: undefined out of 5

Keywords: AWS, AWS Certification, Amazon Web Services, AWS Amazon, AWS Certified, AWS Training, AWS tutorial, Amazon AWS, Getting started with AWS, Amazon AWS tutorials, AWS Fundamentals, free aws, free aws tutorials, AWS Cloud, AWS Exam, Cloud Computing, Cloud Technology, AWS Services, creating vpc in aws, vpc peering, vpc peering connection aws, aws sysops, aws sysops associate certification, aws certified sysops administrator, aws certified sysops administrator training

Id: GKFFjRzQa6c

Channel Id: undefined

Length: 10min 45sec (645 seconds)

Published: Tue Nov 17 2020