Inter-region Peering

在本章中,我们将在us-east-1中创建额外的 VPC 和 Transit Gateway ,并与ap-northeast-2中的tgw进行peering

创建资源

首先在EC2中创建一个新的Keypair,命名为keypair-iad

创建IAD-VPC:

aws cloudformation deploy \
  --region us-east-1 \
  --stack-name "IAD-VPC" \
  --template-file "IAD-VPC.yml" \
  --parameter-overrides "KeyPair=keypair-iag" \
  --capabilities CAPABILITY_NAMED_IAM

等创建完成后,创建TGW:

aws cloudformation deploy \
  --region us-east-1 \
  --stack-name "IAD-TGW" \
  --template-file "IAD-TGW-1.yml" \
  --capabilities CAPABILITY_NAMED_IAM

Transit Gateway 部署应在 5 分钟内完成

验证资源

检查TGW配置。选择VPC - TransitGateway并检查 Transit Gateway 是否已创建:

TGW 设置

检查TGW attachment

选择VPC - Transit Gateway - Transit Gateway Attachment,然后检查 Transit Gateway Attachment是否配置正确:

image-20231207105741714

查看TGW路由表

检查tgw路由表配置:

image-20231207105909329

image-20231207105926737

检查实例

IAD-VPC-Private-10.5.21.101的实例ID保存到环境变量:

aws ec2 describe-instances --filters 'Name=tag:Name,Values=IAD-VPC-Private-10.5.21.101' 'Name=instance-state-name,Values=running' --region us-east-1 | jq -r '.Reservations[].Instances[].InstanceId'
export IAD_VPC_Private_10_5_21_101=$(aws ec2 describe-instances --filters 'Name=tag:Name,Values=IAD-VPC-Private-10.5.21.101' 'Name=instance-state-name,Values=running' --region us-east-1 | jq -r '.Reservations[].Instances[].InstanceId')
echo "export IAD_VPC_Private_10_5_21_101=${IAD_VPC_Private_10_5_21_101}"| tee -a ~/.bash_profile

source ~/.bash_profile

登录实例:

aws ssm start-session --target $IAD_VPC_Private_10_5_21_101 --region us-east-1

并在host文件中注册待测试的主机:

sudo -s
echo 10.0.21.101 SEOUL-VPC-HQ-Private >> /etc/hosts
echo 10.1.21.101 SEOUL-VPC-PRD-Private >> /etc/hosts
echo 10.2.21.101 SEOUL-VPC-STG-Private >> /etc/hosts
echo 10.3.21.101 SEOUL-VPC-DEV-Private >> /etc/hosts
echo 10.4.21.101 SEOUL-VPC-PRT-Private >> /etc/hosts
echo 10.5.21.101 IAD-VPC-Private >> /etc/hosts

image-20231207142204206

下一节我们将正式开始进行TGW inter-region Peering