Amazon VPC (Virtual Private Cloud) let you define a private network in the cloud.
This article contains information on Amazon VPC and VPC Peering in general. The information includes how to set up a peering connection between a VPC and a CloudAMQP VPC.
Amazon VPC lets you set up a private network within Amazon Web Services. It is a service that provides isolation and security and is built on deny-all-by-default. This means that inbound and outbound traffic to the instance must be explicitly permitted. In other words: VPC instances are not internet addressable by default.
Amazon VPC is a logically isolated portion of Amazon Web Services. VPC is a virtual network where to launch instances with particular rules and policies with access to the internet. VPC provides granular control over security.
A subnet is a range of IP addresses in the VPC. A public subnet can be used for resources that must be connected to the Internet, while a private subnet should be used for resources that will not be connected to the Internet.
An Internet Gateway resources within the subnets to connect to the internet.
A Routing tables is a service that manages Network traffic of any instance inside a subnet.
VPC significantly simplifies setting up security groups and network access control lists (ACL) because it can be configured to allow traffic from an entire subnet or an entire VPC without having to worry about IP addresses. Amazon VPC provides two features that can be used to increase security in the VPC:
Security groups: Acts as a virtual firewall that can control both inbound and outbound traffic from an Amazon EC2 instance.
Network access control lists (ACLs): Different from Security Groups, ACLs operate at the subnet level and evaluate traffic entering and exiting a subnet.
A VPC peering connection is a networking connection between two VPCs that enables the routing of traffic between them by using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. Lets have a look at how to create a VPC peering connections between a VPC and CloudAMQP VPC.
Launch a CloudAMQP cluster in AWS VPC
Create a plan in a dedicated VPC.A dedicated VPC is only available for dedicated plans.
Select a VPC subnetWhen creating a VPC, the VPC subnet must be selected. Make sure that it does not overlap with any VPC subnets needed for peering.
Create a peering request to CloudAMQPOpen the details for the new instance as soon as it is created and navigate to the VPC tab. At the top of the page, find the information needed to create the peering request.
Create Peering Connection in AWSLog in to the AWS account, go to VPC and click Peering Connections. Click Create Peering Connection and create a request from the VPC to the CloudAMQP VPC. Make sure the DNS Resolution is configured correctly. For more information, see section ‘DNS Resolution’ below.
Accept the peering requestTo accept the peering request, go to the VPC tab in the CloudAMQP Console and click the Accept button for the pending request.
Create a route to CloudAMQP VPCIn AWS, navigate to VPC and select the VPC the peering request was created for. Click on the Route table in the Description tab to go to the routing table associated with the VPC.
Now click the Routes tab, then Edit routes, and finally Add route. Enter the subnet for the CloudAMQP VPC, select Peering connection in the target dropdown and then select the peering connection just created.
Click Save routes button and it is done!
Read more about routing tables here.
When peering a CloudAMQP cluster with a VPC, there are two different hostnames provided, for example; amusing-teddybear.in.cloudamqp.com and amusing-teddybear.rmq.cloudamqp.com. The first one is for communication over the VPC peering and resolves to the the private IP of the server. The second one is for public communication, over the internet, e.g to access the management UI.
Questions and feedback
Hope this article helped you understand how to do a VPC Peering Connections to CloudAMQP VPC!
Please email us at firstname.lastname@example.org if you have any suggestions or feedback.