AWS VPC Peering

VPC Peering:
Amazon Virtual Private Cloud (VPC) Peering is a networking service provided by Amazon Web Services (AWS) that enables you to connect two VPCs together, allowing them to communicate with each other as if they were in the same network. VPC Peering is a secure and private connection that does not require a Virtual Private Network (VPN) or an internet gateway.

In this article, let’s discuss the benefits of using VPC Peering and how to set it up in AWS.

Benefits of VPC Peering:
1. Simplicity: VPC Peering provides a simple and straightforward way to connect two VPCs, without the need for complex configurations or additional hardware.
2. Cost-effective: VPC Peering is a cost-effective solution for connecting VPCs, as it eliminates the need for a VPN connection or an internet gateway.
3. Increased security: VPC Peering is a secure and private connection between two VPCs, which means that traffic between them does not traverse the internet.
4. Improved network performance: By connecting VPCs together, you can improve network performance by reducing latency and improving bandwidth.

Setting up VPC Peering in AWS:
Step 1. Create two Custom VPCs in your AWS account within the same region
1. Create the first Custom VPC

Name = custom-vpc-01

CIDR block = 10.1.0.0/16

Tenancy = Default

IPV6 CIDR Block = Select “No IPV6 CIDR Block”

2. Create a public subnet for custom-vpc-01

Name = vpc-01-pub-subnet

VPC = custom-vpc-01

Availability Zone = <Select an AZ>

CIDR block = 10.1.1.0/24

3. Create the second Custom VPC (custom-vpc-02) with following parameters

CIDR block = 10.2.0.0/16

Tenancy = Default

IPV6 CIDR Block = Select “No IPV6 CIDR Block”

Make the subnet public by modifying the auto-assign IP settings

4. Create a public subnet for custom-vpc-02

Name = vpc-02-pub-subnet

VPC = custom-vpc-02

Availability Zone = <Select an AZ>

CIDR block = 10.2.1.0/24

Make the subnet public by modifying the auto-assign IP settings

5. Create two Internet Gateways and attach them to created VPCs respectively.

IGW for vpc-01-pub-subnet = custom-vpc-01-igw

IGW for vpc-02-pub-subnet = custom-vpc-02-igw

6. Add Route entries (0.0.0.0/0 for IGWs) to two Route Tables.

7. Create two EC2 instances in each public subnets in each custom VPCs. SSH into both the public subnets (in both VPCs) and see whether each EC2 instance have the access to the Internet. If they have you have successfully created both the VPCs with two public subnets with two EC2 instances.

8. Using Bastian hosts try to SSH into from custom-vpc-01 to custom-vpc-02 using the VPC2 private IP address. You can see you are not able to do it mainly because theoretically two VPCs cannot communicate with each other unless you have VPC Peering Connection.

Step 2. Create a VPC Peering Connection
1. Go to VPC → Peering Connections

2. Click “Create Peering Connection”

3. Select the following parameters

Peering connection name tag = peering-con

VPC (Requester) = custom-vpc-01

Select My Account and the Same Region

VPC (Accepter) = custom-vpc-02

4. After creating the Peering Connection you can see the status of the connection as “Pending Acceptance”

In order to confirm this you are required to select “Actions” → “Accept Request”.

5. Add two Routing Entries to both the Route Tables of each VPC

For custom-vpc-01, add the following entry

Destination = 10.2.0.0/16

Target = <Select the Peering Connection>

custom-vpc-01 routing entries

For custom-vpc-02, add the following entry

Destination = 10.1.0.0/16

Target = <Select the Peering Connection>

custom-vpc-02 routing entries

6. Finally, SSH into custom-vpc-01 EC2 instance and try to SSH to custom-vpc-02 and see whether you are able to do it. If you can, you have done the VPC Peering successfully!. Well done!

Multiple VPC peering connections:
The following diagram is an example of one VPC peered to two different VPCs. There are two VPC

A VPC peering connection is a one to one relationship between two VPCs. You can create multiple VPC
peering connections for each VPC that you own, but transitive peering relationships are not supported.
You do not have any peering relationship with VPCs that your VPC is not directly peered with.
peering connections: VPC A is peered with both VPC B and VPC C. VPC B and VPC C are not peered, and you cannot use VPC A as a transit point for peering between VPC B and VPC C. If you want to enable routing of traffic between VPC B and VPC C, you must create a unique VPC peering connection between them.

VPC Peering Rules & Limitations
VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.

(NOTE — VPC Peering is now supported inter-region.)
VPC peering connection are limited on the number active and pending VPC peering connections that you can have per VPC.

VPC peering does not support transitive peering relationships. In a VPC peering connection, the VPC does not have access to any other VPCs that the peer VPC may be peered with even if established entirely within your own AWS account.

VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection

Only one VPC peering connection can be established between the same two VPCs at the same time
Instance’s public DNS hostname does not resolve to its private IP address across peered VPCs.
Limitations:

• Endpoint cannot be created between a VPC and an AWS service in a different region.

• Endpoint cannot be tagged

• Endpoint cannot be transferred from one VPC to another, or from one service to another

• Endpoint connections cannot be extended out of a VPC i.e. resources across the VPN connection, VPC peering connection, AWS Direct Connect connection cannot use the endpoint

Conclusion:
VPC Peering is a powerful networking feature provided by AWS that enables you to connect VPCs together in a secure and private way. With VPC Peering, you can simplify your network architecture, reduce costs, and improve network performance. By following the steps outlined in this blog, you can set up VPC Peering in your AWS environment and start reaping the benefits of this powerful feature.