Imagine you and your friend live in two different neighborhoods. Each neighborhood has its own set of houses, streets, and rules. But what if you want to visit your friend’s house and share resources like food or a Wi-Fi connection? You’d need a road connecting the two neighborhoods.
In AWS, these "neighborhoods" are called VPCs (Virtual Private Clouds), and the "road" that connects them is called VPC Peering.
What is a VPC?
A VPC (Virtual Private Cloud) is like your own private space inside AWS. It contains servers, databases, and other resources that you control. Think of it as your own neighborhood inside AWS where you decide who can enter and what goes in or out.
Why do we need VPCs?
Security: Each VPC is isolated, meaning no one else can access it unless you allow them.
Customization: You can create custom networks with your own IP addresses.
Scalability: You can expand your network as your business grows.
What is VPC Peering?
VPC Peering is like building a private road between two neighborhoods (VPCs) so that they can communicate directly.
Why Do We Need VPC Peering?
Secure Communication: Instead of using the internet, VPC Peering allows private and secure communication.
Faster Access: Since it doesn’t go through the internet, data transfer is faster.
Cost-Effective: AWS doesn’t charge for VPC Peering itself, only for data transfer between VPCs.
How VPC Peering Works (Simple Explanation)
Request: One VPC owner sends a request to connect to another VPC.
Approval: The owner of the other VPC accepts the request.
Routing: Both VPCs update their route tables to recognize each other.
Connection Established: Now, they can securely communicate!
Let’s see an demonstration of VPC Peering on AWS!
Hands On
First of all we need to create 2 VPCs (web and app)with the following configurations in 2 different availability zones.
Create a security group each in both the VPCs and allow all traffic. In production level only the required ports are allowed but as we are practicing we are opening all traffic.
Create 2 EC2 instances: app server in app-VPC and web server in web-VPC and attach the security groups that we have created in the last step to the respective EC2 instance.
Now try to ping from web server to app server and app server to web server.
As we can see we are not able to connect the instances because they are in different VPCs and there is no connection between these VPCs. Let’s connect these VPCs with VPC peering.
Go to peering connections in VPC and create a peering connection with the following configuration. We are creating a peering connection from app-VPC to web-VPC.
Now we need to accept the peering request for peering connection.
Now we need to edit the route tables for both the VPCs and add route to the other VPC. Following is the route table for app-VPC. Similarly, edit the routes for web-VPC.
Now the connection between two VPCs is established successfully. Let’s try connecting from the servers within the VPCs.
ping app from web
ping web from app
We have successfully done VPC peering. We can follow similar steps to establish connection between 2 VPCs from different regions.