CloudWiki

Amazon Web Service (AWS)

VPC Peering

Network
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they were within the same network.
aws_vpc_peering_connection
VPC Peering
attributes:
  • peer_owner_id - (Optional) The AWS account ID of the owner of the peer VPC. Defaults to the account ID the AWS provider is currently connected to.
  • peer_vpc_id - (Required) The ID of the VPC with which you are creating the VPC Peering Connection.
  • vpc_id - (Required) The ID of the requester VPC.
  • auto_accept - (Optional) Accept the peering (both VPCs need to be in the same AWS account and region).
  • peer_region - (Optional) The region of the accepter VPC of the VPC Peering Connection. auto_accept must be false, and use the aws_vpc_peering_connection_accepter to manage the accepter side.
  • accepter (Optional) - An optional configuration block that allows for VPC Peering Connection options to be set for the VPC that accepts the peering connection (a maximum of one).
  • requester (Optional) - A optional configuration block that allows for VPC Peering Connection options to be set for the VPC that requests the peering connection (a maximum of one).
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Accepter and Requester Arguments

Note:

When enabled, the DNS resolution feature requires that VPCs participating in the peering must have support for the DNS hostnames enabled. This can be done using the enable_dns_hostnames attribute in the aws_vpc resource. See Using DNS with Your VPC user guide for more information.

  • allow_remote_vpc_dns_resolution - (Optional) Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.
  • allow_classic_link_to_remote_vpc - (Optional) Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC.
  • allow_vpc_to_remote_classic_link - (Optional) Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection.

Associating resources with a
VPC Peering
Resources do not "belong" to a
VPC Peering
Rather, one or more Security Groups are associated to a resource.
Create
VPC Peering
via Terraform:
The following HCL requests a peering connection between a VPC in region us-east-1 and a VPC in region us-west-2
Syntax:

resource "aws_vpc_peering_connection" "foo" {
 peer_owner_id = var.peer_owner_id
 peer_vpc_id   = aws_vpc.bar.id
 vpc_id        = aws_vpc.foo.id
 peer_region   = "us-east-1"
}

resource "aws_vpc" "foo" {
 provider   = aws.us-west-2
 cidr_block = "10.1.0.0/16"
}

resource "aws_vpc" "bar" {
 provider   = aws.us-east-1
 cidr_block = "10.2.0.0/16"
}

Create
VPC Peering
via CLI:
Parametres:

create-vpc-peering-connection
[--dry-run | --no-dry-run]
[--peer-owner-id <value>]
[--peer-vpc-id <value>]
[--vpc-id <value>]
[--peer-region <value>]
[--tag-specifications <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-vpc-peering-connection --vpc-id vpc-1a2b3c4d --peer-vpc-id vpc-11122233 --peer-region us-west-2

Best Practices for
VPC Peering

Categorized by Availability, Security & Compliance and Cost

Warning
Ensure VPC Peering DNS resolution is enabled
No items found.
Info
VPC Peering changes alarm
Explore all the rules our platform covers
All Resources