Amazon AWS: VPC PEERING
Today we are going to talk about the features of the Amazon AWS VPC. As in our earlier article we talked about the basics of the VPC.
Let's talk about the features of VPC as below
VPC PEERING:
It is used to connect one VPC to another via a direct network route using private IP addresses. Instances behave as they are on the same private network.
VPC peering can be done between two amazon accounts or between two different regions.
 |
| Fig 1.1- VPC Peering in AWS |
Note: Transitive peering is not allowed. Transitive peering means one VPC connects to another VPC through a VPC.
Subnet: For the case of Subnet, one subnet is one Availability zone.
One subnet can't be stretched to multiple availability zones, while various subnets can be a part of one availability zone.
Note: Security groups are stateless, and ACLs are stateful.
Ways of accessing the internet by EC2 instances in private subnet
There are two ways by which instances in the private subnet can access the internet:
NAT Gateway and NAT Instance. Let's talk about both one by one.
NAT Gateway: For the NAT Gateway we have the following steps to be taken care.
- Preferred by the enterprise.
- No need for patching.
- Highly redundant inside an availability zone.
- No need to disable source/destination check
- Public IP addresses are allocated automatically.
- They aren't associated with any security groups.
NAT Instance: For the NAT Instance we have the following steps to be taken care.
- Source/Destination check needs to be disabled during the NAT instance is created.
- The amount of traffic depends upon the size of the instance; Autoscaling groups can be used to increase the instance's size.
- They are behind the security group.
- They should be in the public subnet.
