VPC Peering

Overview

Definition: A networking connection between two VPCs (in Cloud only, not on-prem VPCs) allowing traffic routing using private IPv4 or IPv6 addresses.

Communication: Instances in either VPC can communicate as if within the same network.

Types of VPC Peering Connections

Intra-Account: Between your own VPCs.

Inter-Account: With a VPC in another AWS account.

Inter-Region: Between VPCs in different regions.

Inter-Region VPC Peering

Encryption: Data sent between VPCs in different regions is encrypted (traffic charges apply).

Limitations:

Cannot create a security group rule referencing a peer security group.

Cannot enable DNS resolution.

Maximum MTU is 1500 bytes (no jumbo frames).

Limited region support.

Characteristics and Capabilities

Infrastructure: Uses existing VPC infrastructure (not a gateway or VPN, no separate physical hardware).

Reliability: No single point of failure or bandwidth bottleneck.

One-to-One Relationship: Only one peering connection between any two VPCs at a time.

No Overlapping CIDR: CIDR ranges of the peered VPCs must not overlap.

Multiple Connections: Can create multiple peering connections for each VPC, but transitive peering is not supported.

Non-Transitive: No peering relationship with VPCs that are not directly peered.

Limits: 50 VPC peers per VPC (up to 125 by request).

DNS and Routing

DNS Support: Supported for VPC peering.

Route Tables: Must update route tables to configure routing through the peering connection.

Security Groups: Update inbound and outbound rules to reference security groups in the peered VPC.

Creating VPC Peering Connections

Inter-Account Peering:

Requires account ID and VPC ID from the other account.

Must accept the pending access request in the peered VPC.

Route Table Target: VPC peering connection appears as a target starting with "pcx-".

⁠

Loading docs.aws.amazon.com⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.