Create a VPC peering
Welcome to CloudAffaire and this is Debjeet
In the last blog post, we have created a VPC endpoint service.
In this blog post, we are going to create a VPC peering between two VPC in different regions. Below is the configuration diagram for this demo.
VPC Peering: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions also known as an inter-region VPC peering connection.
In this demo, we are going to create a VPC peering between two VPC hosted in different regions. Below are the prerequisites for this demo
- One VPC with public and private subnet and EC2 instances hosted inside them.
- One VPC (Different region from the 1st) with private subnet and EC2 instance hosted inside it.
We have already created the VPC’s and subnets and created EC2 instances inside them.
Instance1 (In public subnet of VPC1):
Instance2 (In private subnet of VPC1):
Instance3 (In private subnet of VPC2 hosted in a different region):
If we try to ping instance3 from instance2, it will not ping as no connection is present. In order to connect instance2 to instance3, you can create a VPC peering between VPC1 and VPC2.
Next, we are going to create a VPC peering between VPC1 and VPC2.
Create a VPC peering
Step 1: Login to AWS console and navigate to ‘VPC’.
Step 2: Navigate to ‘Peering Connections’ and click ‘Create Peering Connection’.
Note: Our VPC1 is hosted in Mumbai region and VPC2 is hosted in Ohio region. Currently, we are creating the peering in the VPC1 region (Mumbai).
Step 3: Provide a VPC peering connection name and select VPC1 (requester).
Select ‘My account’ in the account section and ‘Another Region’ in region section and select VPC2. Click ‘Create Peering Connection’.
Note: VPC peering connection can be set up between cross AWS account and cross region. In this demo, we are using the same AWS account but VPC’s are is cross region.
One success message will come, click ‘Close’.
Our new VPC peering connection successfully created.
Note: Current status is reflected as ‘Pending Acceptance’. In order to make this peering connection active, we need to navigate to the VPC2 region and accept this peering connection.
Step 4: Change the region to VPC2.
Step 5: Navigate to ‘Peering Connections’ and ‘Actions’. From the drop-down click ‘Accept Request’.
Click ‘Yes, Accept’.
One success message will be displayed, click ‘Close’.
Our VPC peering connection is now active and ready to use.
Next, let’s try to ping instance3 from instance2
Note: Still we are unable to connect to VPC2 from VPC1, though our VPC peering connection is active. This is due to the fact that VPC peering is not yet visible to the routers in VPC1 and VPC2. In order to use this VPC peering connection, we need to add subsequent route entry in both VPC.
VPC1 route table:
VPC2 route table:
Now we should be able to connect to instance3 from instance2
Cleanup: Navigate to ‘Peering Connections’ and from ‘Actions’ click ‘Delete VPC Peering Connections’.
Click ‘Yes, Delete’.
Hope you have enjoyed this blog post. In the next blog post, we are going to discuss security groups.
To get more details on VPC, please refer below AWS documentation