AWS VPC Peering
Video Transcript
Today, we're setting up a VPC peering connection between a Cycle VPC and another AWS VPC. First, create a new user in AWS IAM called "Cycle" and attach the 'EC2 Full Access' policy. Generate an access key, select "third-party service," and input it into Cycle to verify. Once AWS is live, deploy a tiny server in the Ohio region. Cycle will automatically create a VPC in AWS for infrastructure deployment.
Next, create a secondary VPC in AWS for RDS, using the default settings. After setting up both the Cycle and RDS VPCs, establish a peering connection between them. In "Peering Connections," create a new connection named "Cycle Peering Connection," setting the Cycle VPC as the requester and the RDS VPC as the accepter. Accept the request and modify the route tables for both VPCs to include the peering connection. Create a security group for the RDS VPC, allowing inbound traffic on port 3306 from the Cycle VPC’s CIDR block to ensure proper routing and security.
While the server is provisioning, import the MySQL image from Docker Hub and create a DB subnet group in the RDS VPC. Delete any existing subnet groups and create a new one. Then, create a MySQL database using the free tier, setting the necessary parameters and choosing the RDS subnet group. Disable public access and use the previously created security group. Once the RDS instance is provisioned, deploy a MySQL container in Cycle to test connectivity. Use Cycle's two-way console to interact with the container. If you encounter connection issues, use the VPC reachability analyzer to debug.
When the RDS instance is ready, grab its endpoint URL and connect using the MySQL client in the container. This connection should work without public internet access, confirming the VPC peering setup is correct. Attempting to connect from a local machine should fail, proving the database is securely inaccessible from the public internet. For each new region deployment, set up another peering connection as Cycle creates a new VPC each time.