VPC Peerings in AWS

January 10, 2018 at 12:59 am

VPC Peerings

An often overlooked feature with VPCs in AWS is your ability to create peering relationships between them. AWS calls this, appropriately, VPC Peerings. These objects permit you to route traffic between VPCs and offer the following killer features:

  • You can route traffic between your own VPCs
  • You can route traffic between your VPC and a VPC in another AWS account
  • Some regions even support an inter-region VPC Peering connection
  • The VPC Peering is not physical hardware, it is not a gateway or VPN connection; this ensures high availability for the peering using the global infrastructure of AWS

The steps you perform for the creation of a VPC Peering are simple:

  1. Request the peering from a Requestor VPC to an Acceptor VPC
  2. Once the Peering is accepted, manually add the routes you desire to the routing tables in the two VPCs
  3. Modify Security Groups appropriately to permit the desired access to resources across the VPCs

There are important restrictions to keep in mind for intra-region VPC Peerings:

  • The CIDR ranges cannot overlap
  • There is a limit to the overall number of VPC Peerings you can have; this is a soft limit that you can contact AWS about of course
  • You cannot have more than one VPC Peering between two VPCs
  • They do support Placement Groups with some limitations
  • There is no Unicast Reverse Path Forwarding security protections permitted

The restrictions for inter-region VPC Peerings are as follows:

  • The Security Groups cannot reference each other across the regions
  • DNS will not function across the regions seamlessly like within a region
  • IPv6 communications are not supported in this design
  • The MTU is 1500
  • Inter-region VPC Peerings are limited to only certain regions currently