Configuring virtual private cloud (VPC) peering for Amazon Web Services (AWS) installations

If you are planning on using IP partnerships between two VPC that hosts the IBM Spectrum Virtualize for Public Cloud configurations, you need to configure Virtual Private Cloud (VPC) Peering in Amazon Web Services (AWS).

1. Determine whether all partnership requirements are met, as described in IP partnership requirements.
   The CIDR block of the two VPCs that you are connecting must not overlap, or VPC peering cannot be established.
2. Create a peering connection between the two VPCs that you want them to be connected.
   You need the VPC-related user permission under your account.
   1. Log in to the AWS management console with the IAM default user profile.
   2. Select VPC to open the VPC Dashboard and select Peering Connection > Create Peering.
   3. Choose the VPC that your primary cluster resides as VPC (Requester), and select the VPC that your secondary cluster resides as VPC (Accepter).
      If they are under different account or region, select correct account and region to locate the VPC (Accepter).
   4. Enter a name for the peering connection and click Create Peering Connection.
   5. Switch AWS console to the account and region where your secondary cluster resides in, open the VPC Dashboard and select Peering Connection > Create Peering > .
   6. Find the peering connection request that you created, and choose Actions -> Accept Request.
3. Update route tables in the two VPC that you want them to be connected.
   You need the VPC-related user permission under your account.
   1. Log in to the AWS management console with the IAM default user profile.
   2. Select EC2 > Instance and select the primary instance that contains the configuration.
   3. On the Description tab, select the link that is associated to the Subnet ID field.
      The VPC Dashboard > Subnets page opens.
   4. On the Description tab, select the link that is associated to the Route Table field
      The VPC Dashboard > Route Tables page opens.
   5. On the Routes tab, select Edit routes > Add route.
   6. In the Targetfield, select Peering Connection and select the peering connection that you created in step 2.
   7. In the Destination field, enter the CIDR block of the VPC where your secondary configuration resides.
      Note: If you are repeating these steps for the secondary cluster, the completing the Destination field is the CIDR block of the VPC where your primary cluster resides.
   8. Click Save Routes.
   9. Repeat from step a to step g on your secondary cluster's route table.

      For example, if the CIDR block of your VPC of primary cluster is 172.16.0.0/16, the CIDR block of your VPC of secondary cluster is 10.0.0.0/16, and you've already created a peering connection named pcx-11112222. After making these updates, the route table looks like the following example:

      Route table Destination Target
      VPC A 172.16.0.0/16 Local
      10.0.0.0/16 pcx-11112222
      VPC B 10.0.0.0/16 Local
      172.16.0.0/16 pcx-11112222

4. Update security groups of the instances that you want to connect. To do this, you need security group-related user permission under your account.
   1. Log in to the AWS management console with the IAM default user profile.
   2. Select EC2 > Instance and select the primary instance that contains the configuration.
   3. On the Description tab, select the link that is associated to the Security Groups field
      The VPC Dashboard > Security Groups page opens.
   4. On the Inbound tab, select Edit > Add Rule.
   5. Under Type, select Custom TPC Rule and enter 3260 in Port Range.
   6. Under Source, select Custom and enter the CIDR block of the VPC where your secondary cluster resides.
      Note: If you are repeating these steps for the secondary cluster, the completing the Source field is the CIDR block of the VPC where your primary cluster resides.
   7. Click Add Rule and repeat step 4.d but enter 3265 .
   8. Click Save.
   9. Repeat from step a to step g on your secondary cluster's security group.