Create Spoke VPCs¶
Once the Service VPC is created by the Valtix Controller, create two (2) Spoke VPCs using the AWS console.
Tech Notes
- You can start with one (1) spoke VPC
- Usd the CIDRs in the example below since there will be no communication with your existing VPCs
- Click this link to launch a Cloud Formation template to create spoke1-vpc
- By default the above link opens in us-east-1. Change the region on the AWS console to the same one where you created the Service VPC in the previous section and select the Availability Zones appropriately
- The AWS account is assumed to have a SSH keypair already available. If not, please create a SSH keypair in your account before running the CloudFormation template
- You can view the template details by looking at the template yml file
- The template creates the following resources:
- VPC, Internet Gateway
- App subnet in Zone1 and Zone2
- App route tables associated with the above subnets
- Bastion subnet and route table
- Add default route to IGW in all the route tables (this can be modified later)
- EC2 instance in each of the subnets
- Click this link to launch a Cloud Formation template to create spoke2-vpc. This is not required and the tutorial can be completed with just one (1) spoke VPC
- Make a note of the IP addresses of the app instances from the Output section of the CloudFormation stack
- Using the AWS console, select the Region where the Service VPC was created in the previous step
- Select the VPC service and create a new VPC with the Name tag spoke1-vpc (or any other name confirming to your org standards)
- Enter the CIDR as 10.0.0.0/16
- Create an Internet Gateway with Name tag spoke1-igw and attach to the VPC
- Create a subnet spoke1-z1-apps in the above VPC with the CIDR as 10.0.0.0/24 in AZ1 (e.g us-east-1a)
- Create a route table spoke1-z1-apps1 and associate with the subnet above
- Add a route for 0.0.0.0 in the above route table with destination as the Internet Gateway (we will change this later)
- Add a security group spoke1-apps and add inbound rules for 0.0.0.0/0 and port 22
- Create a subnet spoke1-z2-apps in the above VPC with the CIDR as 10.0.3.0/24 in AZ2 (e.g us-east-1b)
- Create a route table spoke1-z2-apps and associate with the subnet above
- Add a route for 0.0.0.0 in the above route table with destination as the Internet Gateway (we will change this later)
- Launch an Ubuntu 18.04 EC2 instance (spoke1-z1-app) in the spoke1-z1-apps subnet and associate with the security-group spoke1-apps
- Launch an Ubuntu 18.04 EC2 instance (spoke1-z2-app) in the spoke1-z2-apps subnet and associate with the security-group spoke1-apps
- EC2 instances need a SSH keypair. Either create this before the instance launch or use the one you already have
- Choose to assign a Public IP address to the EC2 instance to allow SSH session.
- To create spoke2-vpc, repeat the above steps with CIDR as 192.168.0.0/16 and replace spoke1 with spoke2
SSH to the EC2 instances and ensure it works. From the instances, curl http://www.google.com
should provide a response.
We will be using curl
and git
commands. Install them if these are not available.
CentOS
sudo yum install -y curl git
Ubuntu
sudo apt install -y curl git