1 00:00:00,130 --> 00:00:02,300 So now let's talk about VPC peering. 2 00:00:02,300 --> 00:00:03,960 So the idea is that we can create VPCs 3 00:00:03,960 --> 00:00:05,740 and in different regions, different accounts, 4 00:00:05,740 --> 00:00:09,500 and we want to connect them together using the AWS network. 5 00:00:09,500 --> 00:00:10,640 So to why do we do this? 6 00:00:10,640 --> 00:00:12,280 Well, we want to make them behave 7 00:00:12,280 --> 00:00:13,900 as if they were in the same network, okay? 8 00:00:13,900 --> 00:00:15,170 So it could be very specific. 9 00:00:15,170 --> 00:00:17,080 Maybe you could have a BC in other regions, 10 00:00:17,080 --> 00:00:17,913 in other accounts, 11 00:00:17,913 --> 00:00:19,220 or even within your same accounts 12 00:00:19,220 --> 00:00:20,160 and you wanted to connect them. 13 00:00:20,160 --> 00:00:22,670 So in order for them not to connect, remember I said, 14 00:00:22,670 --> 00:00:24,120 the VPC network CIDRs is, 15 00:00:24,120 --> 00:00:26,620 must be distinct from each other because when we connect 16 00:00:26,620 --> 00:00:28,680 them together, if they have overlapping centers, 17 00:00:28,680 --> 00:00:30,930 they will not be able to communicate. 18 00:00:30,930 --> 00:00:34,300 So VPC Peering can happen between two VPCs 19 00:00:34,300 --> 00:00:35,920 and they're not transitive. 20 00:00:35,920 --> 00:00:38,560 That means that each VPC that wants to communicate 21 00:00:38,560 --> 00:00:41,410 with one another must have VPC Peering enabled. 22 00:00:41,410 --> 00:00:44,570 So if you have a look at 3D PCs right now, A, B, and C, 23 00:00:44,570 --> 00:00:47,320 then we can create a peering connection between A and B 24 00:00:47,320 --> 00:00:51,020 and this is allowing you to connect them together. 25 00:00:51,020 --> 00:00:54,470 And we can create another peering connection between B and C 26 00:00:54,470 --> 00:00:57,050 and again, they can communicate together, 27 00:00:57,050 --> 00:01:01,390 but even though A and B and B and C are connected, 28 00:01:01,390 --> 00:01:04,480 you still need to enable a VPC Peering connection 29 00:01:04,480 --> 00:01:07,130 between A and C to have them communicate. 30 00:01:07,130 --> 00:01:09,450 This is very, very, very, very important. 31 00:01:09,450 --> 00:01:12,160 Also, when you have VPC Peering, 32 00:01:12,160 --> 00:01:14,103 you must enable share sure, 33 00:01:15,273 --> 00:01:16,880 but you also need to ability to update the root tables 34 00:01:16,880 --> 00:01:19,785 in VPC subnets to ensure that the EC2 instances 35 00:01:19,785 --> 00:01:22,140 can communicate with each other 36 00:01:22,140 --> 00:01:23,840 and we'll see this in the hands-on. 37 00:01:23,840 --> 00:01:26,110 So some good things to know about VPC Peering. 38 00:01:26,110 --> 00:01:28,140 They can happen within your own accounts, 39 00:01:28,140 --> 00:01:30,160 but they can cross account. 40 00:01:30,160 --> 00:01:33,200 So if you want to connect a VPC from one accounts 41 00:01:33,200 --> 00:01:35,660 A to account B, you could, and also cross regions. 42 00:01:35,660 --> 00:01:37,520 So this is very, very powerful. 43 00:01:37,520 --> 00:01:39,430 And you remember security groups. 44 00:01:39,430 --> 00:01:41,980 We can reference other security groups in it 45 00:01:41,980 --> 00:01:44,350 while it's possible to also reference a security group 46 00:01:44,350 --> 00:01:48,250 from appeared VBC across accounts in the same region. 47 00:01:48,250 --> 00:01:50,330 And this is very powerful because we don't need to have 48 00:01:50,330 --> 00:01:51,780 the source as a CIDR or an IP, 49 00:01:51,780 --> 00:01:53,840 we can also reference a security group. 50 00:01:53,840 --> 00:01:55,320 Extremely powerful. 51 00:01:55,320 --> 00:01:57,240 So back into our networking diagram, 52 00:01:57,240 --> 00:01:58,277 we're here and now we're going to add 53 00:01:58,277 --> 00:02:02,500 a VPC Peering connection to connect our VPC to other VPCs. 54 00:02:02,500 --> 00:02:04,950 So that's it, I will see you in the next lecture.