VPC Peering in AWS

Today I am going to share what I learnt in AWS VPC Peering.

What is VPC Peering?

As per AWS documentation, "Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection)."

How to Create Peering Connection/VPC Peering?

Before Creating a VPC Peering connection we need to understand the requirements for peering connections.

1. If VPC Peering need to be done for VPC's in same account?
2. If peering connection to be created for different accounts then Account ID is required
3. Details of the VPC's to be peered
4. Region for the VPC's to be peered
5. Which VPC to be taken as Source VPC

If we have above details then peering connection for VPC will be easier.

Below section will provide glimpse on VPC Peering Connections for same account and different accounts

Creating Peering Connection in Same AWS Account:

Creating Peering Connection in Same AWS Account:

Hope this will help in your learning.....

References:

https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Network Security in AWS Cloud (BASTION Hosts & NAT Gateways)

During my learning towards AWS, I always thought of how we can secure the network using Bastion Host and NAT Gateways, and here are few pointers which I jotted down.

Bastion Host

As per "wikipedia.org", A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. In simple terms, A bastion host is a proxy server configured in public subnet and is created to provide access to a private network from an external network.

It is configured only in Public Subnet of a VPC (Virtual private Cloud) or a VCN (Virtual Cloud Network) and acts as a bridge between the Public Subnet and your applications configured in Private Subnets.

Bastion Hosts are used to administer EC2 Instances in Private Subnets.

NAT Gateway

A Network Address Translation (NAT) is a method of remapping Source and Destination IP's to connect with the Host systems. NAT gateways are used to enable the instances/services in a private subnet to connect to the internet or other AWS services and prevent the internet from initiating a direct connection with those instances/services.

NAT Gateways are always created inside Public Subnets, and it routes the external network traffic from configured IP's to applications/instances configured inside Private Subnets.

NAT Gateways are used to enable Instance in a private subnet to connect to Internet

Below are few features of NAT Gateways:

1. A NAT gateway supports 5 Gbps of bandwidth and automatically scales up to 45 Gbps
2. We can associate exactly one Elastic IP address with a NAT gateway
3. A NAT gateway can support up to 55,000 simultaneous connections to a unique destination
4. NAT gateways are not supported for IPv6 traffic—use an egress-only internet gateway instead
5. We cannot associate a Security Group with NAT gateway.