VPC Peering

Learn how to connect multiple VPCs using VPC peering.

We'll cover the following

VPC peering is a feature that allows us to connect different VPCs so that their resources communicate with each other such as they reside in the same VPC. These resources communicate with each other through private IP addresses over the AWS global network to route traffic between VPCs. Therefore, VPC peering doesn't use the public internet and is a highly secure mode of connection.

VPC peering has two modes of connection:

  • Intra-region connection: It allows us to connect VPCs within the same region. We need to ensure that the security groups allow the traffic to flow between the two VPCs.

  • Inter-region connection: If we connect the VPCs from different regions, we must use the CIDR address of the connecting VPC as the source or destination in the security group to control traffic. Resources use private IP addresses to communicate with each other and never use public IP addresses. Therefore, the data transferred over the network is encrypted.

How does VPC peering work?

VPC peering is based on the friendship model, where one VPC initiates a connection request, which the other VPC accepts to connect. Once the connection is established, we must update the route tables and security groups, if required, of both VPCs to allow the traffic to flow between them.

VPC peering between two VPCs is a one-to-one relationship, meaning a VPC can’t have multiple VPC peering connections with another VPC. It is not transitive peering; four VPCs in a region connected together to create a closed network doesn’t mean that the VPCs not connected directly can communicate with each other. In this case, we need a full mesh topology network.

To understand it further, let’s consider an example. The organization has offices worldwide, and its infrastructure is spread over three AWS Regions: us-east-1, eu-central-1, and us-west-1. The resources deployed in each region are performing different tasks and need to communicate with each other at some time to share data. The illustration below shows three VPCs from different AWS regions peered together with three peer connections.

Get hands-on with 1400+ tech skills courses.