Amazon VPC (Virtual Private Cloud) let you define a private network in the cloud.
This article contains information on Amazon VPC and VPC Peering in general. The information includes how to set up a peering connection between a VPC and a CloudAMQP VPC.
Amazon VPC lets you set up a private network within Amazon Web Services. It is a service that provides isolation and security and is built on deny-all-by-default. This means that inbound and outbound traffic to the instance must be explicitly permitted. In other words: VPC instances are not internet addressable by default.
Amazon VPC is a logically isolated portion of Amazon Web Services. VPC is a virtual network where to launch instances with particular rules and policies with access to the internet. VPC provides granular control over security.
A subnet is a range of IP addresses in the VPC. A public subnet can be used for resources that must be connected to the Internet, while a private subnet should be used for resources that will not be connected to the Internet.
An Internet Gateway resources within the subnets to connect to the internet.
A Routing tables is a service that manages Network traffic of any instance inside a subnet.
VPC significantly simplifies setting up security groups and network access control lists (ACL) because it can be configured to allow traffic from an entire subnet or an entire VPC without having to worry about IP addresses. Amazon VPC provides two features that can be used to increase security in the VPC:
Security groups: Acts as a virtual firewall that can control both inbound and outbound traffic from an Amazon EC2 instance.
Network access control lists (ACLs): Different from Security Groups, ACLs operate at the subnet level and evaluate traffic entering and exiting a subnet.
A VPC peering connection is a networking connection between two VPCs that enables the routing of traffic between them by using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. Lets have a look at how to create a VPC peering connections between a VPC and CloudAMQP VPC.
Launch a CloudAMQP cluster in AWS VPC
Create a plan in a dedicated VPC.A dedicated VPC is only available for dedicated plans.
Select a VPC subnetWhen creating a VPC, the VPC subnet must be selected. Make sure that it does not overlap with any VPC subnets needed for peering.
Create a peering request to CloudAMQPOpen the details for the new instance as soon as it is created and navigate to the VPC tab. At the top of the page, find the information needed to create the peering request.
Create Peering Connection in AWSLog in to the AWS account, go to VPC and click Peering Connections. Click Create Peering Connection and create a request from the VPC to the CloudAMQP VPC. Make sure the DNS Resolution is configured correctly. For more information, see section ‘DNS Resolution’ below.
Accept the peering requestTo accept the peering request, go to the VPC tab in the CloudAMQP Console and click the Accept button for the pending request.
Create a route to CloudAMQP VPCIn AWS, navigate to VPC and select the VPC the peering request was created for. Click on the Route table in the Description tab to go to the routing table associated with the VPC.
Now click the Routes tab, then Edit routes, and finally Add route. Enter the subnet for the CloudAMQP VPC, select Peering connection in the target dropdown and then select the peering connection just created.
Click Save routes button and it is done!
Read more about routing tables here.
When peering a CloudAMQP cluster with a VPC, there are two different hostnames provided, for example; amusing-teddybear.in.cloudamqp.com and amusing-teddybear.rmq.cloudamqp.com. The first one is for internal communication between servers in the VPC and the second one is for public communication, e.g to access the management UI.
The public hostname can be set to resolve to the internal IP address if the requester is located inside the VPC. To do this you have to:
- Enable DNS resolution on your VPC (enableDnsSupport)
- Enable DNS Hostnames (enableDnsHostnames)
- Your EC2 instances must use the Amazon resolving DNS servers, which are typically communicated to the EC2 instance using the VPC DHCP Options
- When you have created the VPC Peering Connection between your VPC and the CloudAMQP VPC, you must enable support for DNS resolution
Once these 4 steps have been completed the public hostname can be used wherever required. Outside the VPC it will resolve to its public IP, while inside the VPC it will resolve to the private IP.
Questions and feedback
Hope this article helped you understand how to do a VPC Peering Connections to CloudAMQP VPC!
Please email us at firstname.lastname@example.org if you have any suggestions or feedback.