AWS VPC Peering
VPC Peering is a networking connection between two VPCs that enable you to route traffic between them privately
VPC Peering connection can be between your own VPC in your AWS account or another VPC of a different AWS account. VPCs can be in different regions as well.
VPC Peering connection are fault tolerant and there is no single point of failure. AWS makes sure the connection is stable irrespective of the load.
VPC Peering uses the existing infrastructure to create the VPC peering. It does not need any additional hardware or even a VPN to establish it.
The communication between VPCs are done via private IPs.
In order to enable VPC Peering between two subnets, you are required to add a route to your VPC route table that points to the IP address range of the peer VPC. Hence routers are required at both sides.
Make sure, the CIDR blocks of two VPCs that you are connecting to have no overlapping.
The connections between VPCs are always point-to-point.
VPC does not support edge-to-edge routing or known as transitive peering. That means it cannot go through one VPC to connect to another VPC.
So lets start experimenting a bit now. The following practical will basically connect two VPCs with an AWS Peering connection.
Steps
Task 1: Create two Custom VPCs in your AWS account within the same region
1. Create the first Custom VPC
Name = custom-vpc-01
CIDR block = 10.1.0.0/16
Tenancy = Default
IPV6 CIDR Block = Select “No IPV6 CIDR Block”
2. Create a public subnet for custom-vpc-01
Name = vpc-01-pub-subnet
VPC = custom-vpc-01
Availability Zone = <Select an AZ>
CIDR block = 10.1.1.0/24
3. Create the second Custom VPC (custom-vpc-02) with following parameters
CIDR block = 10.2.0.0/16
Tenancy = Default
IPV6 CIDR Block = Select “No IPV6 CIDR Block”
Make the subnet public by modifying the auto-assign IP settings
4. Create a public subnet for custom-vpc-02
Name = vpc-02-pub-subnet
VPC = custom-vpc-02
Availability Zone = <Select an AZ>
CIDR block = 10.2.1.0/24
Make the subnet public by modifying the auto-assign IP settings
5. Create two Internet Gateways and attach them to created VPCs respectively.
IGW for vpc-01-pub-subnet = custom-vpc-01-igw
IGW for vpc-02-pub-subnet = custom-vpc-02-igw
6. Add Route entries (0.0.0.0/0 for IGWs) to two Route Tables.
7. Create two EC2 instances in each public subnets in each custom VPCs. SSH into both the public subnets (in both VPCs) and see whether each EC2 instance have the access to the Internet. If they have you have successfully created both the VPCs with two public subnets with two EC2 instances.
8. Using Bastian hosts try to SSH into from custom-vpc-01 to custom-vpc-02 using the VPC2 private IP address. You can see you are not able to do it mainly because theoretically two VPCs cannot communicate with each other unless you have VPC Peering Connection.
Task 2: Create a VPC Peering Connection
1. Go to VPC → Peering Connections
2. Click “Create Peering Connection”
3. Select the following parameters
Peering connection name tag = peering-con
VPC (Requester) = custom-vpc-01
Select My Account and the Same Region
VPC (Accepter) = custom-vpc-02
4. After creating the Peering Connection you can see the status of the connection as “Pending Acceptance”
In order to confirm this you are required to select “Actions” → “Accept Request”.
5. Add two Routing Entries to both the Route Tables of each VPC
For custom-vpc-01, add the following entry
Destination = 10.2.0.0/16
Target = <Select the Peering Connection>
For custom-vpc-02, add the following entry
Destination = 10.1.0.0/16
Target = <Select the Peering Connection>
6. Finally, SSH into custom-vpc-01 EC2 instance and try to SSH to custom-vpc-02 and see whether you are able to do it. If you can, you have done the VPC Peering successfully!. Well done!
