network aws vpc peering transit_gateway
- Use traceroute dns to find which hops are dead.
- Network Analyzer, check the AWS setup logic only to detect the blocker hop.
- AWS Flow logs
- nc -vz to check if the port is opened, blocked
- nslookup to check the DNS resolver
VPC peering
- Create a VPC peering request to another VPC X on another account. Do not need RAM
- Accept request
- Update the destination CIDR on the current account routable to point to the VPC X.
Route tables
- CIDR, IP, IP Prefix
- Destination: NAT, igx, vpc-id, transit-gw-attachment-id
Transit gateway
- Central account to create a HUB, transit gateway, have the id. Use RAM to share this resources to account A & B
- Account A: VPC A, create transit gw attachment request for VPC A to the central transit gateway
- Account B: VPC B, create transit gw attachment request for VPC B to the central transit gateway
- Central account: Approve requests, and propagate the CIRD of VPC A (subnets), and CIRD of the VPC B.
- To access VPC B from account A. Update the account A route table to have VPC B CIRD - Destination: transit gateway id
- To response from account B. Update the account B route table to have VPC A CIRD - Destination: transit gateway id
- Security group/ NACL / VPC Lattice for the one way communication