Skip to content

Create Spoke VPCs

Once the Service VPC is created by the Valtix Controller, create two (2) Spoke VPCs using the AWS console.

Tech Notes

  • You can start with one (1) spoke VPC
  • Usd the CIDRs in the example below since there will be no communication with your existing VPCs
  1. Click this link to launch a Cloud Formation template to create spoke1-vpc
  2. By default the above link opens in us-east-1. Change the region on the AWS console to the same one where you created the Service VPC in the previous section and select the Availability Zones appropriately
  3. The AWS account is assumed to have a SSH keypair already available. If not, please create a SSH keypair in your account before running the CloudFormation template
  4. You can view the template details by looking at the template yml file
  5. The template creates the following resources:
    1. VPC, Internet Gateway
    2. App subnet in Zone1 and Zone2
    3. App route tables associated with the above subnets
    4. Bastion subnet and route table
    5. Add default route to IGW in all the route tables (this can be modified later)
    6. EC2 instance in each of the subnets
  6. Click this link to launch a Cloud Formation template to create spoke2-vpc. This is not required and the tutorial can be completed with just one (1) spoke VPC
  7. Make a note of the IP addresses of the app instances from the Output section of the CloudFormation stack
  1. Using the AWS console, select the Region where the Service VPC was created in the previous step
  2. Select the VPC service and create a new VPC with the Name tag spoke1-vpc (or any other name confirming to your org standards)
  3. Enter the CIDR as 10.0.0.0/16
  4. Create an Internet Gateway with Name tag spoke1-igw and attach to the VPC
  5. Create a subnet spoke1-z1-apps in the above VPC with the CIDR as 10.0.0.0/24 in AZ1 (e.g us-east-1a)
  6. Create a route table spoke1-z1-apps1 and associate with the subnet above
  7. Add a route for 0.0.0.0 in the above route table with destination as the Internet Gateway (we will change this later)
  8. Add a security group spoke1-apps and add inbound rules for 0.0.0.0/0 and port 22
  9. Create a subnet spoke1-z2-apps in the above VPC with the CIDR as 10.0.3.0/24 in AZ2 (e.g us-east-1b)
  10. Create a route table spoke1-z2-apps and associate with the subnet above
  11. Add a route for 0.0.0.0 in the above route table with destination as the Internet Gateway (we will change this later)
  12. Launch an Ubuntu 18.04 EC2 instance (spoke1-z1-app) in the spoke1-z1-apps subnet and associate with the security-group spoke1-apps
  13. Launch an Ubuntu 18.04 EC2 instance (spoke1-z2-app) in the spoke1-z2-apps subnet and associate with the security-group spoke1-apps
  14. EC2 instances need a SSH keypair. Either create this before the instance launch or use the one you already have
  15. Choose to assign a Public IP address to the EC2 instance to allow SSH session.
  16. To create spoke2-vpc, repeat the above steps with CIDR as 192.168.0.0/16 and replace spoke1 with spoke2

SSH to the EC2 instances and ensure it works. From the instances, curl http://www.google.com should provide a response.

We will be using curl and git commands. Install them if these are not available.

CentOS

sudo yum install -y curl git

Ubuntu

sudo apt install -y curl git