DEV Community

Walkthrough on AWS VPC Peering

Background

VPC peering allows for a network connection between two AWS virtual private clouds, and enables routing of traffic private. Resources/instances in either of the VPCs can communicate provided the correct security groups/network access lists are in place to allow permitted traffic to flow.


Use Case

  • Peering two or more VPCs to provide full access to resources.

  • VPC peering connection helps you to facilitate transfer of data β€” if you have more than one AWS account, you can peer VPCs across those accounts to create a file sharing network.


Architecture

Image description
docs.aws.amazon.com


Let's Build

To create a VPC peering connection with a VPC in the same Region

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/

  1. Peering Connections, Create Peering Connection.

  2. Choose Create Peering Connection when you are done.

  • You can optionally name your VPC peering connection.

  • Select the VPC in your account with which you want to create the VPC peering connection.

  • Select another VPC to peer with

  • choose OK.

  • Select the VPC peering connection that you've created from the steps above, and choose Actions, Accept Request.

The owner of each VPC in the VPC peering connection must manually add a route to one or more of their VPC route tables that points to the IP address range of the other VPC (the peer VPC).
Update the security group rules that are associated with your instance to ensure that traffic to and from the peer VPC is not restricted.


Update Route Tables for VPC peering connection

Image description

Note: If you have a VPC peered with multiple VPCs, and they have overlapping or matching CIDR blocks, its important to ensure that the route tables are configured to avoid sending response traffic from one VPC to another potentially incorrect VPC.


More Info

VPC Peering Limitations
VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.
VPC peering does not support transitive peering relationships.
If A is peered with B, B is peered with C, A is not peered with C. For this, you may want to look at using a Transit gateway.
VPC does not have access to any other connection that the peer VPC may have and vice versa. Connections that the peer VPC can include:

  • VPN connection
  • AWS Direct Connect connection
  • Internet connection through an Internet gateway
  • Internet connection in a private subnet through a NAT device
  • VPC endpoint to an AWS service VPC peering does not support Edge to Edge Routing through a Gateway or Private Connection. You cannot have more than one VPC peering connection between the same two VPCs at the same time. Inter-region VPC peering doesn’t support IPv6. Unicast reverse path forwarding (RPF) in VPC peering connections is not supported. VPC peering connection are limited on the number active and pending VPC peering connections that you can have per VPC.

Discussion (0)