AWS VPC peering allows you to route traffic between two VPCs using their respective private IPv4 or IPv6 addresses. It is possible for instances in either VPC to talk with one another as though they were on the same network. Between your own VPCs or with a VPC in another AWS account, you can establish a VPC peering connection. The VPCs may be located in many regions (also known as an inter-region VPC peering connection).
This lab will consist of a way to configure aws vpc peering between to vpc’s in the same account.
When to use aws vpc peering
Aws vpc peering connections are best made when you have a small amount of accounts that needs access to each other. Peering connections can also be useful when two departments of a business would like access to share resources. For example lets say you have an IT department that houses file servers, and the HR department needs to utilize them, then a vpc peer would make since.
At small scale, a vpc peer works very well when needing to connect up separate vpc’s. As you start to grow vpc peering can become hard to manage for reasons like this:
- Because the operational overhead and peering limitations start to come into play
- No ability for transitive routing when needing cross account connections
Creating your VPC
First if you need to create two separate vpc’s and subnets. The Ip addresses cannot overlap or the aws vpc peering connection will not be made. Using AWS’s easy vpc creator, We created an HR & IT VPC.
Now that these two accounts are setup we need to determine the subnets that we will be using for the aws vpc peering connection. In the image below we identified the subnets that we will be utilizing. As mentioned the subnet Ipv4 CIDR blocks do not overlap.
Create your AWS VPC Peering Connection
Now to start the peering connection, navigate to your vpc console in aws and select “peering connections” on the left. You will then have the option to choose a requester vpc and acceptor vpc.
Once the peering connection is in a pending state you have a week to accept the request. You should notice an actions icon in the right hand corner. Click the dropdown and select accept request.
To send and receive traffic across this VPC peering connection, you must add a route to the peered VPC in one or more of your VPC route tables. Take the CIDRs of each vpc’s subnet and note them down.
Next you will go into each route table and edit the routes to create a route to each CIDR destination to the peering connection.
Conclusion
You have successfully learned how to deploy a vpc peering connection between multiple vpc’s in the same account. This can now be paired with creating ec2 instances and resources that can talk with each other.
