Amazon Web Service (AWS)

VPC Peering

Network

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they were within the same network.

Costs

The cost of using VPC Peering is determined by the amount of data transferred between peered VPCs. Basic data transfer costs for VPC Peering start at $0.01 per GB and decrease as the amount of data transferred increases.

Direct Cost

Indirect Cost

No items found.

Terraform Name

aws_vpc_peering_connection

VPC Peering

attributes:

peer_owner_id - (Optional) The AWS account ID of the owner of the peer VPC. Defaults to the account ID the AWS provider is currently connected to.
peer_vpc_id - (Required) The ID of the VPC with which you are creating the VPC Peering Connection.
vpc_id - (Required) The ID of the requester VPC.
auto_accept - (Optional) Accept the peering (both VPCs need to be in the same AWS account and region).
peer_region - (Optional) The region of the accepter VPC of the VPC Peering Connection. auto_accept must be false, and use the aws_vpc_peering_connection_accepter to manage the accepter side.
accepter (Optional) - An optional configuration block that allows for VPC Peering Connection options to be set for the VPC that accepts the peering connection (a maximum of one).
requester (Optional) - A optional configuration block that allows for VPC Peering Connection options to be set for the VPC that requests the peering connection (a maximum of one).
tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Accepter and Requester Arguments

Note:

When enabled, the DNS resolution feature requires that VPCs participating in the peering must have support for the DNS hostnames enabled. This can be done using the enable_dns_hostnames attribute in the aws_vpc resource. See Using DNS with Your VPC user guide for more information.

allow_remote_vpc_dns_resolution - (Optional) Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.
allow_classic_link_to_remote_vpc - (Optional) Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC.
allow_vpc_to_remote_classic_link - (Optional) Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection.

‍

Associating resources with a

VPC Peering

Resources do not "belong" to a

VPC Peering

Rather, one or more Security Groups are associated to a resource.

Create

VPC Peering

via Terraform:

The following HCL requests a peering connection between a VPC in region us-east-1 and a VPC in region us-west-2

Syntax:

resource "aws_vpc_peering_connection" "foo" {
peer_owner_id = var.peer_owner_id
peer_vpc_id = aws_vpc.bar.id
vpc_id = aws_vpc.foo.id
peer_region = "us-east-1"
}

resource "aws_vpc" "foo" {
provider = aws.us-west-2
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc" "bar" {
provider = aws.us-east-1
cidr_block = "10.2.0.0/16"
}

Create

VPC Peering

via CLI:

Parametres:

create-vpc-peering-connection
[--dry-run | --no-dry-run]
[--peer-owner-id <value>]
[--peer-vpc-id <value>]
[--vpc-id <value>]
[--peer-region <value>]
[--tag-specifications <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]