Need to communicate between 2 Amazon VPCs securely and privately?
Here’s some of my notes on setting up a VPC Peer Connection.
Ensure that your VPCs do not share the same CIDR block and can are in different subnets
Note, VPC Peering is one-way only so if you create a VPC peer connection from one VPC (lets call this A) and another VPC (B), only A will be able to communicate and access B. If you want to ensure two-way communication, remember to setup a VPC peer connection from B to A as well.
Ok, lets start.
- Go to the VPC section in your AWS Console
- Hit the Peering Connection link on the left navigation column
- Hit the Create VPC Peering Connection button on the top section
- A dialog box should appear asking you to fill in the necessary information. This should be pretty straightforward. The Local VPC to Peer should be the VPC that will be doing the communication to the other VPC.
- Once that is done and created, you’ll need to setup a route.
- Click on the Route Table link on the left navigation column
- Find your VPC in the menu and select it
- Go to the Routes tab and hit Edit
- Click on “Add Another Route”
- In Destination, provide the CIDR block of the VPC that you intend to communicate with.
- Target will be the name of the Peering Connection. It should have the prefix pcx
- Now you’ll need to do the same for the other VPC’s Route Table. The Destination will now be the local VPC CIDR block that will be communicating with it.
- Target should also be the same Peering Connection
Once this is setup, you should be able to ping a instance behind another VPC within your VPC. You’ll also notice you can’t do this from the other VPC.
This is where you need to repeat the above steps to create another Peering Connection and updating the routes, this time referencing the new Peering Connection for both VPC Route Tables.
And you’re done!
Now you can communicate with one another. Enjoy.
If you’re using an internal Route 53 DNS and you want to be able to be able to use them to connect between the two VPCs, remember to add your VPC into the Route53’s zone. You should also explore connecting to either VPC using a VPN.