AWS VPC Peering: A Quick Guide

What is VPC Peering?

VPC peering in AWS (Amazon Web Services) is a networking connection between two Virtual Private Clouds (VPCs) that allows them to communicate as though they are on the same network. This enables resources in different VPCs to interact directly, facilitating data sharing and resource collaboration. VPC peering is established without the need for a VPN (Virtual Private Network) or dedicated network connection, providing a seamless and secure connection between VPCs within the AWS infrastructure.

Before we begin, make sure to read my previous blog on AWS VPC, covering how to create and configure one. We’ll follow similar steps to set up another VPC for the VPC peering demo, so take a quick look before we dive in.

1. Now, follow the same steps we took to create the “TEST VPC” — setting up the “Internet Gateway” (IG), creating a “Subnet,” and configuring a “Route Table.” Repeat these actions for the “Prod VPC.”
2. Create the “Prod-VPC” with CIDR (192.168.0.0/16), then establish a “Subnet” with CIDR range (192.168.0.0/24). Proceed to create an “IG,” followed by setting up a “Route Table” (RT). In “Subnet Associations,” attach the “IG” to the “VPC.” In the RT’s routes, add the “Internet Gateway” (IGW). Launch an EC2 instance in the “Prod-VPC,” and configure it to allow HTTP traffic to a specific CIDR (192.168.0.0/16). You should now be able to access the server.

3. Here, we’ll conduct a ping test by sending requests from the test server to the prod server. It’s crucial to note that both servers reside in different VPCs. This scenario introduces the concept of “VPC Peering,” enabling seamless communication between the two isolated VPCs.

4. Using ICMP (Internet Control Message Protocol), let’s attempt to send messages and determine if communication is successful. However, please note that the attempt is unsuccessful.

5. In the context of “VPC Peering,” sending messages or data from one VPC to another involves initiating a request to the target VPC. If the target VPC accepts the request, successful communication between the VPCs is established. This controlled interaction enhances security and allows for secure data exchange between isolated network environments.

6. To enable communication between VPCs, go to the “VPC” service, navigate to “Peering Connection,” and click on “Create VPC Peering.” Provide a name, select the first VPC to connect to another VPC, and then click on “Create.” This initiates the process of establishing a peering connection between the selected VPCs.

7. Now, if the status shows “Pending,” to complete the peering connection, click on the peering connection, go to “Action,” and click on “Accept.” This step finalizes the connection between the VPCs.

8. After creating the connection, it won’t work immediately. You’ll need to configure the route tables. Go back to the route table associated with your subnets and add the necessary routes for the peered VPC. This ensures that the traffic is directed properly between the connected VPCs.

9. To enable “production peering” in the “test-route” table, select the “test-route,” go to “Route,” click on “Edit route,” add the “CIDR block” for the production VPC, set the target as “Peering Connection,” and then save the changes. This configuration allows traffic to flow between the test and production VPCs through the established peering connection.

10. Similarly, in the production route table, repeat the process. Go to the production route table, navigate to “Route,” click on “Edit route,” add the “CIDR block” for the test VPC, set the target as “Peering Connection,” and save the changes. This ensures bidirectional communication between the test and production VPCs through the established peering connection.

11. If you recall, I mentioned using the “ICMP” protocol for this. Now, go to the “EC2,” open the “test-server” security group (SG), go to “Edit Inbound Rule,” and add “ICMP.” This step ensures that the security group allows incoming ICMP traffic, facilitating the ping test between the test and production servers across the peered VPCs.

12. Likewise, repeat the process for the production server’s security group. Open the “prod-server” security group, go to “Edit Inbound Rule,” and add “ICMP.” This step ensures that both servers, in the test and production VPCs, allow incoming ICMP traffic, enabling the ping test between them through the established VPC peering connection.

13. Now, try pinging from the test server to the production server or vice versa. You should observe a successful output, confirming the communication between the servers across the VPC peering connection. This validates the established connection and demonstrates the seamless interaction between resources in different VPCs.

Conclusion:

VPC peering in AWS provides a secure and controlled means for interconnecting isolated Virtual Private Clouds. By establishing peering connections, resources in different VPCs can communicate seamlessly. This blog walked through the step-by-step process of creating VPC peering, configuring route tables, and ensuring security group settings to enable successful communication between servers in distinct VPCs. VPC peering proves to be a powerful solution for designing scalable and interconnected cloud architectures.