How to setup VPC Peering in AWS?

What is VPC Peering?

Its a networking connection between two different VPCs in same or different AWS account that enables routes traffic between them using IPv4 or IPv6 addresses. With this, Instances between two VPC’s could communicate with each other. The VPC peering supports VPC for different regions as well which is called inter-region VPC peering connection.

VPC peering makes easier to establish the connection without any need of VPN or gateway. AWS resources like EC2, RDS instances, Lambda function could connect with each other in different regions using private IPv4 addresses.

How to setup VPC peering?

In order two setup peering, you need to have two non-default VPC created in your AWS account. In following article we would setup the peering based on below architecture diagram.

Create VPC & Subnets

We would create two non-default VPC and corresponding subnets for the peering connection.

Create Primay VPC & Subnets

Create Primary VPC with CIDR

In primary VPC, we would create two subnets (public & private)

Create Public Subnet

Create a public subnet with CIDR

Create Private Subnet

Create a private subnet with CIDR

Create Internet gateway

Now we would create an internet gateway and would attach it to primary VPC

Create Custom Route Table

Create a Custom route table and associated it with public subnet.

Now update the route to add internet gateway in the target.

Further, you need to associate private subnet with main route table of your VPC

Create Secondary VPC & Subnet

Here, we would crate a Secondary VPC with CIDR followed by a private subnet.

Create Private Subnet

Create one private subnet with CIDR

Route Table Association

By default, your main route table of secondary VPC would not be associated with any subnets. Now associate your private subnet with main route table

You’re all set with your VPC configuration. Now we would proceed with VPC peering creation.

Configure VPC peering

1. Go to VPC console and create VPC peering

2. Configure peering connection

Here, you need to Requestor and Accepter details.

  • VPC (Requester) – VPC from where you are requesting the peering connection.
  • VPC (Accepter) – VPC where you would accept the peering connection.

Within a same AWS account, you’re the Requestor as well as Accepter. However, lets say if you are creating a peering connection with your customer AWS account. In that case, you would be Requester and your Customer would be Accepter and vice versa.

Here, Primary VPC is the Requester from there the request is originating and Secondary VPC is the Accepter.

Once you created the peering connection, it would display you the AWS Account owner ID of the Requester as well as Accepter.

3. Accept Peering Request

Also the status of the peering connection would Pending Acceptance upon the connection creation. As an Accepter, you’re authorize to accept or reject the request.

Here, we would click on Accept Request to proceed further. The status would be changed to Active once the request is accepted.

Now if we would try to connect from Private subnet of Primary VPC to private subnet of Secondary VPC, then the connection would timeout. As we have not updated the route table yet.

4. Update Route Table

First, we would update the main route table of Primary VPC first where the private subnet has been associated.

During route table update, you could either specify the CIDR of private subnet of secondary VPC or any specific server IP addresses with peering connection details at the target.

Now, update the main route table of secondary VPC to allow peering connection from primary VPC.

With these route table update, we should be able to connect from primary VPC to secondary VPC. Lets test that out

Launch EC2 in Primary VPC

Here, we would launch two EC2 one in public subnet as bastion host and secondly in private subnet. Refer How to Launch an Amazon EC2 to create EC2 in AWS

Launch EC2 in public subnet

Launch EC2 in private subnet

Launch EC2 in private subnet of secondary VPC

Connect to Bastion Host using SSH

Connect to EC2 in private subnet

Now, ping the EC2 resides in secondary VPC private subnet from here.

As we saw the timeout issues, lets update the security group to allow ping from primary VPC subnet.

Now, lets try pinging to EC2 server again

That’s great. We are able to connect from Primary VPC to Secondary VPC using peering connection. You could also connect in the same way from Secondary to Primary VPC.

I hope this blog helps you. Please comment below for any concerns related to this blog.

Leave a Reply

%d bloggers like this: