Bird
Raised Fist0
AWScloud~5 mins

VPC peering concept in AWS - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is VPC peering in AWS?
VPC peering is a way to connect two Virtual Private Clouds (VPCs) so they can communicate with each other privately using private IP addresses, like two houses connected by a private road.
Click to reveal answer
intermediate
Can VPC peering connect VPCs across different AWS regions?
Yes, AWS supports inter-region VPC peering, allowing VPCs in different regions to connect securely and privately.
Click to reveal answer
intermediate
Does VPC peering allow transitive routing between VPCs?
No, VPC peering does not support transitive routing. If VPC A is peered with VPC B, and VPC B is peered with VPC C, VPC A cannot communicate with VPC C through VPC B.
Click to reveal answer
beginner
What must you update to allow traffic between peered VPCs?
You must update the route tables in each VPC to include routes pointing to the peered VPC's CIDR block, so traffic knows where to go.
Click to reveal answer
beginner
Is VPC peering a managed AWS service or does it require VPN or internet gateways?
VPC peering is a managed AWS service that creates a private connection between VPCs without needing VPNs, internet gateways, or physical hardware.
Click to reveal answer
What does VPC peering allow you to do?
AConnect two VPCs privately using private IP addresses
BConnect a VPC to the internet
CCreate a VPN connection to on-premises network
DShare public IP addresses between VPCs
Which of the following is NOT true about VPC peering?
AIt supports transitive routing between peered VPCs
BIt requires updating route tables to enable traffic
CIt can connect VPCs in different AWS regions
DIt does not require VPN or internet gateways
To allow communication between peered VPCs, you must:
ASet up a VPN connection
BCreate an internet gateway
CUpdate route tables with peered VPC CIDR blocks
DAssign public IP addresses
Can VPC peering connect VPCs in different AWS accounts?
AOnly if using VPN connections
BNo, only VPCs in the same account can be peered
COnly if both accounts are in the same region
DYes, VPC peering can connect VPCs across accounts
Which AWS service is required to create a VPC peering connection?
AAWS Direct Connect
BAmazon VPC
CAWS VPN
DAmazon Route 53
Explain what VPC peering is and how it helps connect two VPCs.
Think of it as a private road between two neighborhoods.
You got /4 concepts.
    Describe the limitations of VPC peering, especially about routing and transitive connections.
    Imagine direct roads only, no shortcuts through other neighborhoods.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main purpose of VPC peering in AWS?
      easy
      A. To connect two private networks securely within AWS
      B. To provide public internet access to a VPC
      C. To create a backup of a VPC in another region
      D. To launch virtual machines automatically

      Solution

      1. Step 1: Understand VPC peering concept

        VPC peering connects two private networks (VPCs) securely inside AWS without using the public internet.

      2. Step 2: Compare options

        Only To connect two private networks securely within AWS describes secure connection of private networks. Other options describe unrelated AWS features.

      3. Final Answer:

        To connect two private networks securely within AWS -> Option A

      4. Quick Check:

        VPC peering = secure private network connection [OK]
      Hint: VPC peering links private networks, not public access [OK]
      Common Mistakes:
      • Confusing VPC peering with internet gateway
      • Thinking VPC peering creates backups
      • Assuming it launches virtual machines
      2. Which of the following is the correct way to create a VPC peering connection using AWS CLI?
      easy
      A. aws ec2 create-route-table --vpc-id vpc-123abc
      B. aws ec2 create-vpc-peering-connection --vpc-id vpc-123abc --peer-vpc-id vpc-456def
      C. aws ec2 create-subnet --vpc-id vpc-123abc --cidr-block 10.0.0.0/24
      D. aws ec2 create-internet-gateway --vpc-id vpc-123abc

      Solution

      1. Step 1: Identify the correct AWS CLI command for VPC peering

        The command to create a VPC peering connection is create-vpc-peering-connection with source and peer VPC IDs.

      2. Step 2: Check options

        aws ec2 create-vpc-peering-connection --vpc-id vpc-123abc --peer-vpc-id vpc-456def uses the correct command and parameters. Other options create unrelated resources like internet gateway, subnet, or route table.

      3. Final Answer:

        aws ec2 create-vpc-peering-connection --vpc-id vpc-123abc --peer-vpc-id vpc-456def -> Option B

      4. Quick Check:

        VPC peering CLI = create-vpc-peering-connection [OK]
      Hint: Look for 'create-vpc-peering-connection' command [OK]
      Common Mistakes:
      • Using internet gateway or subnet commands instead
      • Confusing route table creation with peering
      • Missing peer VPC ID parameter
      3. After establishing a VPC peering connection between VPC A and VPC B, which step is necessary to enable communication between instances in both VPCs?
      medium
      A. Attach a NAT gateway to both VPCs
      B. Create an internet gateway in both VPCs
      C. Enable public IP addresses on all instances
      D. Update route tables in both VPCs to include routes to each other's CIDR blocks

      Solution

      1. Step 1: Understand VPC peering communication requirements

        VPC peering connects networks but does not automatically update routing. You must add routes to route tables for traffic to flow.

      2. Step 2: Analyze options

        Only Update route tables in both VPCs to include routes to each other's CIDR blocks correctly describes updating route tables with routes to the peer VPC's CIDR block. Other options relate to internet or NAT, not peering.

      3. Final Answer:

        Update route tables in both VPCs to include routes to each other's CIDR blocks -> Option D

      4. Quick Check:

        Route tables must include peer CIDR for communication [OK]
      Hint: Always update route tables after peering [OK]
      Common Mistakes:
      • Assuming internet gateway is needed for peering
      • Thinking public IPs are required
      • Confusing NAT gateway with peering setup
      4. You created a VPC peering connection but instances in VPC A cannot reach instances in VPC B. What is the most likely cause?
      medium
      A. Instances need public IP addresses to communicate over peering
      B. The VPC peering connection is automatically rejected after creation
      C. Route tables in VPC A or VPC B do not have routes to the peer VPC's CIDR block
      D. Security groups do not allow internet traffic

      Solution

      1. Step 1: Check common VPC peering issues

        Communication fails often because route tables lack routes to the peer VPC's CIDR block.

      2. Step 2: Evaluate other options

        The VPC peering connection is automatically rejected after creation is false; peering is not auto-rejected. Instances need public IP addresses to communicate over peering is wrong; public IPs are not needed. Security groups do not allow internet traffic is unrelated to peering communication.

      3. Final Answer:

        Route tables in VPC A or VPC B do not have routes to the peer VPC's CIDR block -> Option C

      4. Quick Check:

        Missing routes cause peering communication failure [OK]
      Hint: Check route tables first when peering fails [OK]
      Common Mistakes:
      • Assuming peering rejects automatically
      • Thinking public IPs are required for peering
      • Confusing security group rules with internet traffic
      5. You have two VPCs in different AWS regions and want to connect them using VPC peering. What is the correct approach?
      hard
      A. Create an inter-region VPC peering connection and update route tables accordingly
      B. Create a standard VPC peering connection; region does not matter
      C. Use an internet gateway to connect the two VPCs
      D. Launch VPN instances in both VPCs and connect them manually

      Solution

      1. Step 1: Understand VPC peering across regions

        A special inter-region VPC peering connection is required to connect VPCs in different AWS regions.

      2. Step 2: Analyze options

        Create an inter-region VPC peering connection and update route tables accordingly correctly states creating an inter-region peering and updating routes. Create a standard VPC peering connection; region does not matter is wrong because standard peering is regional. Use an internet gateway to connect the two VPCs and D describe unrelated or complex alternatives.

      3. Final Answer:

        Create an inter-region VPC peering connection and update route tables accordingly -> Option A

      4. Quick Check:

        Inter-region peering requires special connection and routing [OK]
      Hint: Use inter-region peering for different AWS regions [OK]
      Common Mistakes:
      • Trying standard peering across regions
      • Using internet gateway for private VPC connection
      • Ignoring route table updates after peering