If you’re managing applications in public cloud providers like AWS, GCP, Azure, etc. you probably heard of VPC peering(connecting VPCs). VPC peering in fact is connecting different VPCs. In this article, I’m gonna explain what VPC peering is, how it works and why we use it.
AWS VPC peering is a point-to-point network connection between two VPCs in AWS. With this, you can connect VPCs which belong to the same or different accounts residing same or different regions. It enables the connection of different VPCs privately.
Why VPC peering?
For example, you have a VPC set up for file sharing. And since it’s a shared resource, you may want to connect with other VPCs without enabling direct communication between the VPCs. Then VPC peering is the solution. You can use VPC peering for various situations where resources need to be connected in different VPCs.
Situation – 1:
Let’s say, your department might be part of a merger and other existing VPCs running similar functionality might need to be connected. In this scenario, VPC peering is the solution for you.
Situation – 2:
One can have centrally shared resources that need to be shared with other departments or VPCs. In this, you can set up centralized services in a VPC with multiple VPCs peering to all other VPCs or departments.
How does it work?
One VPC initiates(requests) the VPC peering process while the other VPC (OR VPCs) accepts the request. Simple as it is.
Now, we configure routes in both VPCs’ routing tables to allow traffic to pass across the new VPC peering connection. Each VPC peering connection owner must manually add the static route that points the CIDR of the other VPC to the VPC peering connection target to their route tables.
To let traffic flow across the peering connection, both the requester and accepter VPCs must update their security groups and NACLs rules.
Prerequisites
- AWS Account
- Understanding of Networking
- Non-overlapping VPC CIDRs
- Two VPCs in the same AWS Region of the same account (for this tutorial)
AWS VPC Peering – Connecting VPCs
Step-1: Create Peering Connections
- Go to AWS console. Search for VPC and click on VPC.
- From the navigation pane, choose Peering Connections, and click on Create Peering Connection.
- Now Configure the information. Name: You can name your VPC peering connection as you wish. VPC ID (Requester): Select the VPC in your account with which you want to create the VPC peering connection.
- Under Select another VPC to peer with: Ensure My account is selected, Select another of your VPCs in VPC ID (Acceptor) field.
The CIDR for VPC-2 is automatically populated when selected in the VPC (Accepter)* field.
- You may add Tags, then click on Create Peering Connection.
- Select the VPC peering connection that you’ve just created. Click on the Actions dropdown menu. Select Accept Request.
- In the confirmation dialogue, choose Accept request.
Step-2: Modify Route tables
Now, Modify the routing tables of VPC-1 and VPC-2 to permit routing between the VPCs via the peering connection.
- Now, go to Route tables. Select the routing table associated with VPC-1.
- Click on the Routes tab. And click on Edit routes.
- Click on Add route. Input the CIDR for VPC-2. Select the peering connection ID (type “pcx-” it will automatically suggest) as the target for the route. Click on Save changes.
- Also, select the routing table for VPC-2. Click on the Routes tab. Click on Edit routes.
- Similarly, Click on Add route. Input the CIDR for VPC-1. Select the peering connection ID (type “pcx-” it will automatically suggest) as the target for the route. Click on Save changes.
Step-3: Confirm the Connections
- On VPC-1’s routing table, you can see a local route for its CIDR range as well as a route for VPC-2’s CIDR of 10.20.0.0/16 with the peering connection as the target.
On VPC-2’s routing table, you can see a local route for its CIDR range as well as a route for VPC-1’s CIDR of 10.1.0.0/16 with the same peering connection as the target.
We can see all the information regarding the VPC peering connection and associated peers.
Now, you can connect the resources of both VPCs privately. (Eg. ssh-ing instances of another vpc)
Important Points to Know
- Connecting VPCs does not support overlapping IPV4 addressing. Subnets of VPCs must be unique.
- AWS VPC peering doesn’t support transitive peering. It means if VPC 1 is connected to VPC 2 and VPC2 is connected to VPC 3, but VPC 1 and VPC 3 are not connected directly, VPC 1 and VPC 3 cannot be able to make their connections to VPC 2. Also other networks like the internet, AWS Direct, VPN, etc.
- You can only have one VPC Peering between two VPCs.
- For more than 10 VPCs peering connections, AWS Transit Gateway might be the best solution for inter-communication.
That’s it!
Conclusion
And that’s how you configure AWS VPC peering, with those VPCs which are in the same account and same region. In a similar way, you can also set up VPC Peering for different accounts’ different regions’ VPCs.
Thanks for reading!!