A VPC peering connects the Control Room AWS account and the Infrastructure AWS account. VPC peering enables secure and low-latency communication between the resources available in the AWS accounts without the need for an internet gateway or a VPN connection.

Perform the following steps to set up VPC peering between the Control Room AWS and Infrastructure AWS account.

Procedure

  1. Log into the Control Room AWS account console.
  2. Go to VPC > Peering Connections and select Create peering connection.
  3. Go to Select another VPC to peer with and configure the following:
    1. Select Another account and enter the account ID of the Infrastructure AWS account.
    2. Select This Region since both the AWS accounts are deployed in the same region.
    3. Enter the VPC ID of the Infrastructure AWS account in VPC ID (Accepter).
  4. Select Create peering connection to create the peering connection.
    Once the peering is created, you must log in to the Infrastructure AWS account to accept the peering request.
  5. Log in to the Infrastructure AWS account console.
  6. Go to VPN > Peering Connections.
  7. Select the pending VPC peering connection with status pending-acceptance, and then select Actions > Accept request.
  8. Select Accept request in the confirmation prompt.
  9. Select Modify my route tables now to add route table entries for the following route tables.
    api-task-workload-1 api-task-workload-2 api-task-workload-3 api-task-nodes-1 api-task-nodes-2 api-task-nodes-3
  10. Similarly, log into the ControlRoom AWS account and an entry in the route table for the controlroom subnet with Destination equal to the API Task side of the peering’s CIDR block and a Target that points to the peering connection

Next steps

Once you complete the VPC peering, go to the security group associated with the Control Room instance and ensure that it whitelists the following connections:
  • Allow inbound communication on ports 80 and 443 from the CIDR range on the Infrastructure AWS account of the VPC peering.
  • If any firewall is configured on the control room, ensure that it whitelists all port 80/443 traffic coming from the CIDR range on the Infrastructure AWS account of the VPC peering.

Allowed IP addresses