How to configure VPC Peering on AWS in 5 min
19 Jun 2021 | 2 min read
What is a VPC?
If you are here, the chances are you know what a VPC is. But just in case, a VPC or Virtual Private Cloud is an isolated network that exists inside your AWS account. Each VPC has two kinds of subnets, think of subnets as boxes that are inside one big box which is your VPC. We can use the networking configuration to specify which boxes are open to the world and which boxes are not visible. The boxes open to the world are public subnet items (resources ie. EC2 box) placed in a public subnet that can be accessed via the internet. We can also have boxes where they aren't open to the internet but is accessible within the VPCs network only these boxes are often referred to as the private subnet
Below is a video that explain the fundamentals of an VPC and how networking works in AWS in relation to VPC's
What is VPC Peering?
VPC Peering is basically allowing multiple VPC's to communicate with each other. Since a VPC is an isolated network. Other VPC's can't access the resources inside one VPC. VPC peering links two of these isolated networks so they can communicate with each other.
With VPC peering, resources in both private subnets can resolve resources in the other private subnet.
** The peering connection can be established across multiple AWS accounts and the VPC's don't necessarily have to be under the same AWS account.
- VPC A, Request a peering connection to connect to VPC B
- VPC B, Accept the peering connection from VPC A
- VPC A, Update the routing table for the VPC to send requests to VPC B
- VPC B, update the routing table to respond to a request from VPC A
The following two VPC's existed:
Select the Peering Connections menu item and select Create new peering connection.
Summary of the newly added peering connection will be as follows:
Once the peering connection is created it will show up as a pending request.
VPC B needs to accept the request, when you are in the same AWS account it will just appear under the Actions dropdown.
Below are the two main routing tables available for the VPCs we have.
Update the routing tables for the VPC A, when you do this you will add the CIDR block for VPC B and then select Peering Connection and pick the VPC Peering connection to associate requests coming into that range of IPs.
In the below example we are telling the routing table that any resource in the VPC A that is trying to resolve an IP in the range of
10.0.0.0/24should try to look in the VPC that is connected by the VPC Peering Connection ID associated.
Similar to step 3 this is the inverse. Here we specify that any resource that resides in VPC B when trying to resolve resource in the CIDR block IP range of
172.31.0.0/16 should look in the specified peering connection.
For testing this, I have created two instances in each of the VPCs and then ssh into the instance in the other VPC using the private IP. For the example below, I am forwarding the ssh-agent with the key hence the subsequent ssh into the instance with the IP
10.0.0.12 doesn't require the ssh-key.
Hope this was helpful, feel free to get in touch with me if you run into any issues or if you have questions. I am reachable over Twitter @phantom6thdev