In this recipe, we will configure VPC peering. VPC peering helps you connect instances in two different VPCs using their private IP addresses. VPC peering is limited to within a region. However, you can create a VPC peering connection between VPCs that belong to different AWS accounts. The two VPCs that participate in VPC peering must not have matching or overlapping CIDR addresses. To create a VPC connection, the owner of the local VPC has to send the request to the owner of the peer VPC located in the same account or a different account. Once the owner of peer VPC accepts the request, the VPC peering connection is activated. You will need to update the routes in your route table to send traffic to the peer VPC and vice versa. You will also need to update your instance security groups to allow traffic from-to the peer VPC.
In this section, we present the commands to creating a VPC peering connection, accepting a peering request, and adding the appropriate route in your routing table.
- Create a VPC peering connection between two VPCs with IDs
vpc-9c19a3f4andvpc-0214e967. Record the VPC peering connection ID for further use.$ aws ec2 create-vpc-peering-connection --vpc-id vpc-9c19a3f4 --peer-vpc-id vpc-0214e967
- Accept VPC peering connection.
Here, we will accept the VPC peering connection request with ID
pcx-cf6aa4a6.$ aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-cf6aa4a6
- Add a route in the route table for the VPC peering connection.
The following command creates the route with the destination CIDR (172.31.16.0/20) and VPC peer connection ID (
pcx-0e6ba567) in route tablertb-7f1bda1a.$ aws ec2 create-route --route-table-id rtb-7f1bda1a --destination-cidr-block 172.31.16.0/20 --vpc-peering-connection-id pcx-0e6ba567
First, we request a VPC peering connection between two VPCs: a requester VPC that we own (that is, vpc-9c19a3f4)and a peer VPC with that we want to create a connection (vpc-0214e967). Note that the peering connection request expires after 7 days.
In order to activate the VPC peering connection, the owner of the peer VPC must accept the request. In our recipe, as the owner of the peer VPC, we accept the VPC peering connection request. However, note that the owner of the peer VPC may be a person other than you. You can use the describe-vpc-peering-connections command to view your outstanding peering connection requests. The VPC peering connection should be in the pending-acceptance state for you to accept the request.
After creating the VPC peering connection, we created a route in our local VPC subnet's route table to direct traffic to the peer VPC. You can also create peering connections between two or more VPCs to provide full access to resources or peer one VPC to access centralized resources. In addition, peering can be implemented between a VPC and specific subnets or instances in one VPC with instances in another VPC. Refer to the Amazon VPC documentation to set up the most appropriate peering connections for your specific requirements.