AWS REFRESHER

  1. Home
  2. General Middleware
  3. AWS REFRESHER
General Middleware
April 17, 2025    anbanerj   1 Comment

AWS REFRESHER

In this post, let’s look at the different important areas of AWS, which comes handy for our day to day admin and architect roles.

AWS Networking

1. Create a new VPC and the associated components

  1. To create a network, we start with the VPC. Note that we define the CIDR (Private IP Range) that the VPC can support.
  2. Once you create the VPC, define one or more subnets which will be part of the VPC. You can associate different IP ranges with each of the subnets, but any IP Range must be between the the one defined in the VPC.
  3. Associate each of the subnets with route tables. You can have one route table shared by all subnets, or separate ones.
  4. If the VPC needs to have public connectivity, we have to create an Internet Gateway (IGW) and add a rule to the route table to use the IGW for all such traffic coming from 0.0.0.0/0
  5. Note that IGW works both ways, it allows inbound as well as outbound traffic from and to the internet.

Once the VPC is created, the Resource Maps look like below in the console.

2. Establish connection between 2 VPCs using a VPC Peering

The two VPCs will look like below:

VPC1

VPC2

Now follow the below steps to create 2 VPCs and the necessary components and establish connection between the 2.

  1. Create the first VPC – VPC1 with the CIDR range as 10.0.0.0/16
  2. Create the Subnet in VPC1 and provide the IP range, same as the VPC CIDR or a subset of it e.g. 10.0.0.0/24 or 10.0.0.0/28
  3. Create a Route Table and associate the table with the above Subnet
  4. Create an Internet Gateway for the VPC1
  5. Create the second VPC – VPC2 with the CIDR range as 10.1.0.0/16. Note that this CIDR and the CIDR of VPC1 should not overlap in order to create a VPC Peering.
  6. Create the Subnet in VPC2 and provide the IP range, same as the VPC CIDR or a subset of it e.g. 10.1.0.0/24 or 10.1.0.0/28
  7. Create a Route Table and associate the table with the above Subnet
  8. Create an Internet Gateway for the VPC2
  9. Once both the VPCs are created, you can create the VPC Peering, with the requestor as VPC1 and the receiver as VPC2.
  10. Then, Accept the connection request at the VPC2 end.
  11. Now, Add the below routes to the two Routing Table

Routing Table for VPC1

Routing Table for VPC2

Note that the routing table for VPC1 will route the traffic to VPC2 CIDR (10.1.0.0/16) via the VPC Peering and vice versa for the routing table for VPC2.

Post this, create two EC2 instances, each on one VPC and try connecting from one another via SSH.

Another point to note is that, we need to allow the SSH connections for the EC2 instances via port 22 in the respective Security Groups.

3. Establish connection between 2 VPCs using a Transit Gateway

Transit Gateways are even more powerful than VPC Peering, as the former can not only connect two VPCs, but it can serve as a central gateway for your entire infrastructure, comprising of on-prem datacentres, multiple cloud providers, multiple VPCs within AWS or multiple VPNs. A transit gateway can connect all of these components together and enable communication.

For connecting between two VPCs, follow the below 3 simple steps:

  1. First, create VPC Attachments, tied to each of the VPCs.
  2. Then navigate to the routing table for each of the VPCs and add a route to communicate to the other VPC using the Transit Gateway.
  3. Last step would be to make sure that the Security Groups for each of the EC2 instances are configured properly to allow incoming traffic from the other VPC CIDR.

AWS Automations (IAC)

1. Terraform

In order to run Terraform scripts, you need to configure your client to be able to connect to the AWS environment. Run the below command to configure the credentials and config:

aws configure

This will ask for the two important parameters:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

You can get the above IDs and Keys by logging into the AWS Console, navigating to the IAM section, choosing the User ID that you want to use for the login from terraform and Generate Access Key option.

This will configure the ~/.aws/credentials and the ~/.aws/config files, that will be used by terraform later.

Now, to run terraform for the first time, download the terraform client and initialise it.

terraform init

Now, there are primarily 3 main commands in terraform that you use for new configurations and rollback.

terraform plan
terraform apply
terraform destroy

2. Python Boto3 SDK

3. Cloud Formation

Leave a Reply

Your email address will not be published. Required fields are marked *