Single bastion host for all the VPC using peering on Aws
To reduce and optimize cost, manage fewer resources, and establish secured and single-place connectivity to other Vpc’s; Vpc peering can be used.
VPC Peering: It allows you to connect VPCs and share resources across them securely using private IP addresses.
Practical: We need to set up 2 VPC, in which VPC-A will have a public subnet and VPC-B will have a private subnet.
One InternetGW will be associated with VPC-A as the subnet that resides inside VPC-A will have internet connectivity.
Now we need to set VPC peering so that the requestor vpc would be VPC-A and the acceptor would be VPC-B. Also once we set the peering, the acceptor vpc needs to explicitly accept the peering request.
Once the peering has been done, we need to update the route table to flow traffic from one VPC to another. Hence we will allow traffic from VPC-A to VPC-B. Hence we will add rules for peering in VPC-B subnet for VPC-A CIDR.
Further, There are 2 EC2 instances one in in VPC-A (public) and other in VPC-B(private)
Catch: The security group of one VPC cannot be allowed to another VPC’s security group. Hence if we want to allow traffic from one vpc to another; at the security group level, we need to allow CIDR range from that VPC. Here I have to allow CIDR range to VPC-A to the security group of EC2 instance of residing in VPC-B. You can give any port depending upon the requirement. Here I am trying to ping and as ping works on ICMP protocol hence I have allowed ICMP protocol.
Now, I am trying to ping the Ec2 residing in VPC-B from the instance residing in VPC-A.
ubuntu@ip-12-0-1-42:~$ ping 13.0.1.135
PING 13.0.1.135 (13.0.1.135) 56(84) bytes of data.
64 bytes from 13.0.1.135: icmp_seq=1 ttl=64 time=0.185 ms
64 bytes from 13.0.1.135: icmp_seq=2 ttl=64 time=0.181 ms
64 bytes from 13.0.1.135: icmp_seq=3 ttl=64 time=0.179 ms
64 bytes from 13.0.1.135: icmp_seq=4 ttl=64 time=0.177 ms
64 bytes from 13.0.1.135: icmp_seq=5 ttl=64 time=0.193 ms
64 bytes from 13.0.1.135: icmp_seq=6 ttl=64 time=0.190 ms
64 bytes from 13.0.1.135: icmp_seq=7 ttl=64 time=0.184 ms
64 bytes from 13.0.1.135: icmp_seq=8 ttl=64 time=0.186 ms
64 bytes from 13.0.1.135: icmp_seq=9 ttl=64 time=0.210 ms
64 bytes from 13.0.1.135: icmp_seq=10 ttl=64 time=0.185 ms
64 bytes from 13.0.1.135: icmp_seq=11 ttl=64 time=0.197 ms
64 bytes from 13.0.1.135: icmp_seq=12 ttl=64 time=0.184 ms
64 bytes from 13.0.1.135: icmp_seq=13 ttl=64 time=0.218 ms
64 bytes from 13.0.1.135: icmp_seq=14 ttl=64 time=0.189 msSo, this is how peering helps in reducing infra overhead and can connect to multiple private servers in different VPCs.
Thanks and Happy Learning
