AWScloud~5 mins

VPC peering concept in AWS - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you have two separate private networks in the cloud and you want them to talk to each other securely without using the internet. VPC peering connects these networks so resources in one can reach resources in the other as if they were in the same network.

When you have two applications running in different VPCs that need to share data privately.

When you want to connect a database in one VPC to an application server in another VPC without exposing it publicly.

When your company has multiple teams managing separate VPCs but they need to collaborate on shared services.

When you want to reduce internet traffic costs by routing traffic directly between VPCs.

When you want to keep network traffic secure and isolated within the cloud provider's network.

Config File - vpc-peering.yaml

vpc-peering.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template to create a VPC peering connection
Resources:
  VPCPeeringConnection:
    Type: AWS::EC2::VPCPeeringConnection
    Properties:
      PeerVpcId: vpc-0a1b2c3d4e5f67890
      VpcId: vpc-0123456789abcdef0
      Tags:
        - Key: Name
          Value: example-vpc-peering

This CloudFormation template creates a VPC peering connection between two existing VPCs.

VpcId is the ID of your VPC.

PeerVpcId is the ID of the other VPC you want to connect to.

The Tags section names the peering connection for easy identification.

Commands

This command creates a VPC peering connection between your VPC and the peer VPC in the us-east-1 region.

Terminal

aws ec2 create-vpc-peering-connection --vpc-id vpc-0123456789abcdef0 --peer-vpc-id vpc-0a1b2c3d4e5f67890 --region us-east-1

Expected OutputExpected

{ "VpcPeeringConnection": { "VpcPeeringConnectionId": "pcx-0abc123def456ghij", "Status": { "Code": "pending-acceptance", "Message": "Pending Acceptance by peer" }, "RequesterVpcInfo": { "VpcId": "vpc-0123456789abcdef0", "OwnerId": "123456789012", "Region": "us-east-1" }, "AccepterVpcInfo": { "VpcId": "vpc-0a1b2c3d4e5f67890", "OwnerId": "123456789012", "Region": "us-east-1" } } }

→

--vpc-id - Specifies your VPC ID to connect from

→

--peer-vpc-id - Specifies the peer VPC ID to connect to

→

--region - Specifies the AWS region where the VPCs exist

This command accepts the VPC peering connection request from the peer VPC side to establish the connection.

Terminal

aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-0abc123def456ghij --region us-east-1

Expected OutputExpected

{ "VpcPeeringConnection": { "VpcPeeringConnectionId": "pcx-0abc123def456ghij", "Status": { "Code": "active", "Message": "Active" }, "RequesterVpcInfo": { "VpcId": "vpc-0123456789abcdef0", "OwnerId": "123456789012", "Region": "us-east-1" }, "AccepterVpcInfo": { "VpcId": "vpc-0a1b2c3d4e5f67890", "OwnerId": "123456789012", "Region": "us-east-1" } } }

→

--vpc-peering-connection-id - Specifies the ID of the peering connection to accept

→

--region - Specifies the AWS region where the VPC peering connection exists

This command checks the status of the VPC peering connection to confirm it is active and ready to use.

Terminal

aws ec2 describe-vpc-peering-connections --vpc-peering-connection-ids pcx-0abc123def456ghij --region us-east-1

Expected OutputExpected

{ "VpcPeeringConnections": [ { "VpcPeeringConnectionId": "pcx-0abc123def456ghij", "Status": { "Code": "active", "Message": "Active" }, "RequesterVpcInfo": { "VpcId": "vpc-0123456789abcdef0", "OwnerId": "123456789012", "Region": "us-east-1" }, "AccepterVpcInfo": { "VpcId": "vpc-0a1b2c3d4e5f67890", "OwnerId": "123456789012", "Region": "us-east-1" } } ] }

→

--vpc-peering-connection-ids - Filters the output to show only the specified peering connection

→

--region - Specifies the AWS region to query

Key Concept

If you remember nothing else from this pattern, remember: VPC peering lets two private networks connect directly and securely inside the cloud without using the internet.

Common Mistakes

Trying to create a VPC peering connection between VPCs in different AWS regions without enabling inter-region peering.

VPC peering connections by default only work within the same region unless inter-region peering is explicitly supported and enabled.

Use inter-region VPC peering by specifying the correct region and ensuring both VPCs support it.

Not updating route tables in both VPCs after creating the peering connection.

Without route table updates, traffic won't know to use the peering connection to reach the other VPC.

Add routes in each VPC's route table pointing to the peering connection for the other VPC's CIDR block.

Not accepting the peering connection request from the peer VPC side.

The peering connection stays in pending state and is not usable until accepted.

Run the accept command from the peer VPC account or region to activate the connection.

Summary

Create a VPC peering connection request between two VPCs using the AWS CLI.

Accept the peering connection from the peer VPC to establish the link.

Verify the peering connection status is active before using it.