Nayak's devlog

Aws Devops..

Anirudh Nayak's photo
Anirudh Nayak
·

4 min read

Aws Devops..

AWS VPC AND VPC PEERING

Hi guys I'm Anirudh, I'm passionate about DevOps and currently learning to become a skilled engineer in the field. I'm excited to connect with like-minded individuals and contribute my knowledge to the community.

Today we're about to dive into the fascinating world of VPC and would like to discuss about a project to conquer the challenge of VPC peering!

1. What is VPC?

Virtual Private Cloud (VPC) - Our devices / resources runs in a network which is isolated called VPC, this means without our intervention vpc cannot get or send request from outside.

Here are few components of the VPC

  • Subnets: These are smaller part of your VPC that you can use to group your resources by location or function.

  • Route tables: These control how traffic flows within your VPC and to the outside world.

  • Security groups: These define the rules for inbound and outbound traffic for your resources.

  • Gateways: These allow your resources to connect to the internet, other VPCs, or your on-premises network.

  • Here are the refined points, incorporating clarity, accuracy, and additional considerations:

    1. Create a VPC:

    • Access the VPC section of your cloud provider's console.

    • Initiate VPC creation, defining:

      • CIDR block [Classless inter domain routing]: The overall IP address range for your VPC (e.g., 10.0.0.0/16). [https://cidr.xyz/]

      • IPv6 CIDR block : Optional, for IPv6 support.

    • Name your VPC.

2. Create a subnet:

  • Within the VPC, navigate to subnet creation.

  • Specify:

    • Availability Zone (AZ): The physical location where the subnet resources reside.

    • CIDR block: A portion of the VPC's CIDR block for this subnet (e.g., 10.0.1.0/24).

3. Select availability zone:

  • During instance launch, choose the desired Availability Zones (Az) for placement.

  • Align AZ with subnet choice, as instances reside within subnets in specific AZs.

4. Launch a new instance:

  • Initiate instance creation process.

  • Select:

    • Instance type: Desired virtual hardware configuration (CPU, memory, storage).

    • AMI (Amazon Machine Image): Basically this is nothing but Operating system / software template.

    • VPC and subnet: The VPC and subnet created in steps 1 and 2.

    • Security group: Inbound and outbound traffic rules for the instance.[i suggest to let it be default]

  • Launch the instance.

5. Attempt SSH connection (expected failure):

  • Use a terminal or SSH client to connect to the instance's public IP or DNS name.

  • Connection failure is expected as the instance is in a private subnet without a public IP or external connectivity.

Additional considerations:

  • To enable SSH access, consider:

    • VPN: Establishing a virtual private network connection for secure access.

    • NAT gateway: For outbound internet access from private instances.

  • Review security group rules to ensure SSH access is allowed from your IP address or network.

  • 6. Attach an internet gateway to the VPC (not subnet):

    • Navigate to the Internet Gateways section in your cloud provider's console.

    • Create a new Internet Gateway (IGW).

    • Attach the IGW to your VPC, not directly to a subnet. This enables internet access for the entire VPC, but individual subnets can still be private or public.

7. Create public route table:

  • Within the VPC, create a new route table.

  • Add a route with a destination of 0.0.0.0/0 (traffic from everywhere) and target the IGW.

  • This route table will direct all outbound traffic from associated subnets to the internet.

8. Associate public route table with subnet:

  • Select the subnet you want to make public.

  • Edit its route table association and choose the public route table you created.

  • This ensures traffic from instances in this subnet will flow to the IGW for internet access.

Key points:

  • Route tables control traffic flow within a VPC.

  • Public route tables direct traffic to the IGW for internet access.

  • Private subnets can still exist within a VPC with an IGW, using private route tables without internet access.

Additional considerations:

  • You should make sure that security group rules that you set will allow inbound SSH traffic for successful connections.

  • It is better to use EIP (Elastic IPs) for static public IP addresses for instances.

  • Monitor and manage internet traffic for security and cost optimization.

DevopsAWSvpcvpc peering