VPC Peering

VPC Peering

VPC Peering feature is used when we need to establish connectivity between subnet in two different VPCs in the same or different account.

Let’s take a scenario of creating VPC Peering between two VPC in the same account to keep it simple.

NOTE: All the IP address and CIDR range depicted in the below diagram and subsequent steps is for example only.

Step 1: Create a VPC A with CIDR Range 10.0.0.0/16 and keep Default in Tenancy dropdown. 

Step 2: Create a VPC B with CIDR Range 172.16.0.0/16 and keep Default in Tenancy dropdown. 

Step 3: Enter Name tag as SubNetA and map to VPC A in VPC dropdown. Note that VPC CIDRs of VPC A is auto-populated and status as associated.

Selecting Availability zone is not mandatory. However, AWS will select one of the Availability Zone when we create a subnet.

Enter 10.0.1.0/24 as IPv4 CIDR block and then click on Create button.

Step 4: Create SubNet A and map to VPC B in VPC dropdown. Note that CIDR of VPC B is auto-populated and status as associated.

Enter 172.16.1.0/24 as IPv4 CIDR block and then click on Create button.

Step 5: Create InternetGatewayA required for VPC A

Step 6: Map the InternetGateway A to VPC A from the VPC drop-down

Step 7: Create the InternetGatewayB and attach to VPC B from the VPC dropdown

Step 8: Navigate to Route Tables from left-hand pane and then select default route for VPC A

Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayA 

0.0.0.0/0 is also known as quad-zero route 

Step 9: Navigate to VPC Select default route for VPC A

Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayB

Step 10: Create EC2 Instance in respective VPC and Subnet with Public IP also enabled. To launch the EC2 instance, click on Launch Instance button 

Step 11: For testing, we have selected t2.micro as its eligible for Free tier. 

Step 12: Select the VPC and Subnet created earlier. Also, select Enable in the Auto-assign Public IP dropdown. 

Step 13: Add a tag to assign a Machine Name to differentiate. 

Step 14: You may create a new security group or you can select the existing group if you have already created. Select All traffic in the Type drop-down and select Anywhere in Source dropdown.

Review and Launch

Step 15: Select an existing key pair in the region if you have already or create a new key pair 

Repeat the EC2 creation steps to create another EC2 instance in VPC B.

Step 16: Navigate to VPC Peering Connections from the left-hand pane

Click on Create Peering Connection button to create new peering between VPC A and VPC B. 

Enter the Name tag for the peering connection. Then Select VPC A as VPC Requester and VPC Accepter in VPC B. 

Step 17: Ensure Peering connection is successful 

Step 18: Select Accept Request from the Actions drop down. 

Step 19: Navigate to VPC à Route Tables à Select the Route Table created for VPC A

Add the VPC B’s CIDR as route and target to VPC Peering then click on Save routes

Step 20: Select the Route Table created for VPC B

Add the VPC A’s CIDR as route and target to VPC Peering then click on Save routes.

Step 21: Login to EC2 instance created in VPC A using the Public IP and Private Key then ping to private IP of EC2 instance in VPC B.

Step 22: Login to EC2 instance created in VPC b using the Public IP and Private Key then ping to private IP of EC2 instance in VPC A.

Expected to get the ping response as shown in the screenshot below. 

Little more about VPC Peering:

1. If there are three VPC named VPC A, VPC B & VPC C. Peering created between Aà B and Bà C then VM in VPC A CANNOT ping to VM in VPC C. This is called VPC Transitive.
2. To establish VPC Peering, it is mandatory to have two Subnet in different range.
3. To communicate between to Subnet in Same VPC, no peering to be created as VPC itself will act as a peering connection.
4. If we are creating the VPC Peering between two VPC in different account/region then VPC peering request approval will go to receiver account.