DevOps / Sys Admin Q & A #6B : AWS VPC Peering
In this tutorial, we will do peering connection with VPCs in the same account.
So, we must both create and accept the VPC peering connection request to activate it.
To create a VPC peering connection, first we need to create a request to peer with another VPC. We can request a VPC peering connection with another VPC in our account, or with a VPC in a different AWS account. To activate the request, the owner of the accepter VPC must accept the request.
Here are the steps to create a VPC peering connection:
- In the VPC navigation pane, choose Peering Connections, Create Peering Connection.
- Peering connection name tag: We can optionally name our VPC peering connection. Doing so creates a tag with a key of Name and a value that we specify.
- VPC (Requester): Select the VPC in our account with which we want to create the VPC peering connection.
- Under Select another VPC to peer with: Ensure My account is selected, and select another of our VPCs from VPC (Accepter). Only VPCs in the current region are displayed.
- Choose Create Peering Connection when we are done.
- In the confirmation dialog box, choose OK.
- Select the VPC peering connection that we've created, and choose Actions, Accept Request.
- In the confirmation dialog, choose Yes, Accept.
- A second confirmation dialog displays; choose Modify my route tables now to go directly to the route tables page, or choose Close to do this later.
- Now that our VPC peering connection is active, we must add an entry to our VPC route tables to enable traffic to be directed between the peered VPCs.
To send traffic from an instance to an instance in a peer VPC using private IPv4 addresses, we must add a route to the route table that's associated with the subnet in which the instance resides. The route points to the CIDR block (or portion of the CIDR block) of the other VPC in the VPC peering connection.
The other VPC in the peering connection must also should have a route to their subnet's route table to direct traffic back to the VPC.
Here are the steps for adding an IPv4 route for a VPC peering connection:
- In the VPC navigation pane, choose Route Tables.
- Select the route table that's associated with the subnet in which our instance resides. If we do not have a route table associated with that subnet, select the main route table for the VPC, as the subnet then uses this route table by default.
- Choose Routes, Edit, Add Route.
- For Destination, enter the IPv4 address range to which the network traffic in the VPC peering connection must be directed. You can specify the entire IPv4 CIDR block of the peer VPC, a specific range, or an individual IPv4 address, such as the IP address of the instance with which to communicate. For example, if the CIDR block of the peer VPC is 10.0.0.0/16, you can specify a portion 10.0.0.0/28, or a specific IP address 10.0.0.7/32.
- Select the VPC peering connection from Target, and then choose Save.
- Repeat the same to the other VPC.
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization