What you need to know about AWS VPC Peering

Amazon Web Services (AWS) offers a wide range of services to integrate local resources with the cloud seamlessly. One such service is the Amazon Virtual Private Cloud (VPC). In this article, we will discuss the basics of AWS VPC peering.

In this article, we will discussthe basics of VPC peering, including how to set it up, its benefits, and how it works.

1 — What and why ?

A virtual private cloud (VPC) is a dedicated virtual network within a specific region in the AWS cloud account, where resources like EC2 instance fir ewample can be launched in a complete isolation from any other resources in a different private networks.

A VPC peering connection is a networking connection between two VPCs that enables traffic routing between them using private IPv4 addresses or IPv6 addresses. This ensures a private and confidential exchange or data transfer between the components of each while remaining within the AWS environment. It is a good choice for connecting VPCs in the same region or in different regions. It is also a good choice for connecting VPCs that are owned by different AWS accounts.

VPC Peering in the same aws region

2 — Why using AWS VPC peering ?

If we want to list the advantages VPC peering, we can mention the following :

• Simple and seamless interconnection of resources in different VPCs without the need for complex and costly VPN infrastructure.
• Facilitates the connectivity in complex environment where resources are required to be in different VPCs in the same or different regions for compliance or security needs.
• Low latency and high bandwidth, as traffic between peered VPCs does not traverse the public internet.
• No single point of failure, as each VPC has its own routing infrastructure and we will see how that works in a second.

3 — How does it work?

A VPC peering connection requires two VPCs to connect and it also requires some routing configuration and some security groups configuration as well. When we create a peering connection between two VPCs, AWS creates a virtual tunnel between the two VPCs. This tunnel allows traffic to flow between the two VPCs without traversing the public internet.

The routing configuration for a VPC peering connection is done in the routing tables of the two VPCs. In each VPC, we need to add a route to the routing table that points to the peered VPC. The route will have the peered VPC’s CIDR block as the destination and the VPC peering connection as the next hop.

VPC peering routing configuration

The security groups configuration for a VPC peering connection is done in the security groups that are associated with the resources in the two VPCs. We need to add rules to the security groups that allow traffic from the peered VPC. The rules will need to specify the source and destination CIDR blocks, the protocol, and the ports.

4 — What are the limitations?

• VPC peering cannot be used to connect VPCs that have overlapping CIDR blocks. If you have two VPCs with overlapping CIDR blocks, you will not be able to create a VPC peering connection between them as the routing won’t be possible.
• A VPC can be peered with multiple VPCs at the same time (same or different regions and same or different AWS accounts in the limit of 50 active peering connection per VPC).

• VPC peering does not support transitive routing. This means that if you have a VPC peering connection between VPC 1 and VPC 2, and you also have a VPC peering connection between VPC 2 and VPC 3, VPC 1and VPC 3 will not be able to communicate with each other without a dedicated peering connection between them

• VPC peering connections have a limited bandwidth. The maximum bandwidth for a VPC peering connection is 1 Gbps. If you need more bandwidth, you will need to look into other alternatives like a VPN connection or an AWS Direct Connect connection.

5 — Conclusion

To summarize, VPC peering is a powerful tool that can be used to connect VPCs in a variety of ways. It is a simple and reliable way to connect VPCs, and it is a good choice for many use cases. However, it is important to be aware of its limitations before using it.

Here are some additional resources if you want to learn more:

I have an article detailing how to setup VPC peering using Terraform, feel free to check it :

AWS multi-region VPC peering using Terraform

If you have specific constraints or you can’t use VPC peering but you want alternatives, feel free to check this comparison I made between VPC peering and Transit Gateways:

AWS Transit Gateway vs AWS VPC Peering

Follow AWS MOROCCO on twitter/X for updates : https://twitter.com/AwsInMorocco