Skip to content
Personal Docs

VPCs, Peer Connection, CloudWatch

Part 1 : Architecture

Architecture

1.1 : Create a VPC_1

  • name : my-vpc1-ab = 10.7.0.0/16
  • Region eu-west-2

VPC_Creation

Subnets :

- my-private-subnet-vpc1-ab = 10.7.1.0/24
- my-public-subnet-vpc1-ab = 10.7.2.0/24

Subnet_Creation

Internet Gateway : my-internet-gateway-vpc1-ab

Gateway_Creation

Route Table :

- my-route-table-private-subnet-vpc1-ab
- my-route-table-public-subnet-vpc1-ab

Route_Table_Creation

Internet Connection :

Internet_Connection

1.2 : Create a VPC_2

name : my-vpc2-ab = 10.8.0.0/16

VPC_Creation

Subnets :

- my-private-subnet-vpc2-ab = 10.8.1.0/24

Subnet_Creation

Route Table :

- my-route-table-private-subnet-vpc2-ab

Route_Table_Creation

1.3 : Create a Instances

Instance creation :

- AB_VM1_VPC_01
- AB_VM2_VPC_01
- AB_VM3_VPC_02

Instance_Creation

1.4 : Ping test

AB_VM1_VPC_01 ssh connection :

VM1_SSH_Connection

Ping AB_VM2_VPC_01

VM1_Ping_VM2

Create Peer Connection :

Peer_Connection

Ping AB_VM3_VPC_02

VM1_Ping_VM3

Part 2 : Create VPC on different Regions

AWS Architecture

Architecture

2.1 : Create a VPC_3

  • Name : my-vpc3-ab = 10.9.0.0/16
  • Region : eu-west-1

VPC_Creation

Subnet :

my-public-subnet-vpc1-ab = 10.9.1.0/24

Subnet_Creation

Internet Gateway : my-internet-gateway-vpc3

Gateway_Creation

Route Table :

my-route-table-vpc3-ab

Route_Table_Creation

Instance creation : AB_VM4_VPC_03

Instance_Creation

2.2 : Create a Peer Connection VPC_1 & VPC_3

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.

Peer_Connection

2.3 : Ping test

Ping AB_VM1_VPC_01 to AB_VM4_VPC_03

Ping_VM1_VM4

Part 3 : CloudWatch

3.1 : Configure log flow

Create policie

Policie_Creation

iam.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Create role

Role_Creation

role.json

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
           "Service": "vpc-flow-logs.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
}

Create log group

Log_Group_Creation

Create logs flow

Log_Stream_Creation

3.2 : Create a web server and get logs

Create a web server page

Web_Server_Creation

Log request 1

stats sum(packets) as packetsTransferred
by srcAddr, dstAddr
| sort packetsTransferred desc
| limit 10

Result :

Log_Request_1

Log request 2

fields @timestamp, @message
| stats count(*) as records by dstPort, srcAddr, dstAddr as Destination
| filter interfaceId="eni-051f20d7aa3334d64"
| filter dstPort="80" or dstPort="443" or dstPort="22" or dstPort="25"
| sort HitCount desc
| limit 10

Result :

Log_Request_2