When designing a secure and scalable architecture in AWS, Virtual Private Clouds (VPCs) play a pivotal role in isolating resources. However, there are scenarios where resources across different VPCs need to communicate securely. This is where VPC Peering comes into play. VPC peering enables you to establish a direct network route between two VPCs, allowing instances in either VPC to communicate with each other. In this guide, we’ll walk you through the steps to set up a VPC peering connection between two VPCs in AWS, and demonstrate how to verify that the peering is working correctly.

Setting Up Your VPCs

Before creating a peering connection, you need two VPCs. Let’s start by creating Creating VPC A
  1. Log in to your AWS Management Console and navigate to the VPC Dashboard.
  2. Click on Create VPC.
  3. Enter the following details:
    1. Name tag: VPC-A
    2. IPv4 CIDR block: 10.0.0.0/16
    3. IPv6 CIDR block: No IPv6 CIDR block
    4. Tenancy: Default
  4. Click Create VPC.

With VPC-A created, let’s move on to creating the second VPC which is VPC B

Repeat the process to create the second VPC:

1.Name tag: VPC-B
2.IPv4 CIDR block: 10.1.0.0/16
3.IPv6 CIDR block: No IPv6 CIDR block
4.Tenancy: Default

With both VPCs created, we can now move on to creating subnets within each VPC.

Creating Subnets

Subnets are essential as they allow you to launch resources such as EC2 instances within your VPCs. Let’s create a subnet in VPC-A and VPC-B. Creating a subnet in VPC-A:
  1. In the VPC Dashboard, go to Subnets and click Create Subnet.
  2. Input the following:
    1. Name tag: Subnet-A
    2. VPC: Select VPC-A
    3. Availability Zone: Choose an availability zone (e.g., us-east-1a)
    4. IPv4 CIDR block: 10.0.1.0/24
  3. Click Create Subnet.
Repeat the process to create a subnet in VPC-B:
  1. Name tag: Subnet-B
  2. VPC: Select VPC-B
  3. Availability Zone: Choose an availability zone (e.g., us-east-1b)
  4. IPv4 CIDR block: 10.1.1.0/24

Your VPCs are now ready with subnets in place, and we can move forward to establishing the VPC peering connection.

Setting Up VPC Peering

VPC peering allows traffic to route between the two VPCs as if they were on the same network.
  1. Go to the Peering Connections section in the VPC Dashboard.
  2. Click Create Peering Connection and provide the following:
    1. Name tag: VPC-A-to-VPC-B
    2. VPC Requester: Select VPC-A
    3. VPC Accepter: Select VPC-B
  3. Click Create Peering Connection.

With the peering connection created, you need to accept the connection on the VPC-B side. To do this:

  1. Go to the Peering Connections section in the VPC Dashboard.
  2. Select the peering connection you created.
  3. Click Actions > Accept Request.

Configuring Route Tables

To enable traffic to flow between the two VPCs, you need to update the route tables in each VPC.
  1. Go to the Route Tables section in the VPC Dashboard.
  2. Click on the route table associated with VPC-A.
  3. Click on the Routes tab and then Edit routes.
  4. Add a new route with the following details:
    1. Destination: 10.1.0.0/16 (VPC-B’s CIDR block)
    2. Target: Peering Connection (select the peering connection you created)
  5. Click Save routes.
Repeat the process for VPC-B’s route table:
  1. Destination: 10.0.0.0/16 (VPC-A’s CIDR block)
  2. Target: Select the Peering Connection ID

Your route tables are now configured to direct traffic between the VPCs through the peering connection.

Modifying Security Groups

To allow traffic between instances in the peered VPCs, you need to update the security group rules.
  1. Go to the Security Groups section in the VPC Dashboard.
  2. Click on the security group associated with the instances in VPC-A.
  3. Click on the Inbound Rules tab and then Edit inbound rules.
  4. Add a new rule with the following details:
    1. Type: All traffic
    2. Source: 10.1.0.0/16 (VPC-B’s CIDR block)
  5. Click Save rules.

Repeat the process for the security group associated with VPC-B’s instances:

  1. Type: All traffic
  2. Source: 10.0.0.0/16 (VPC-A’s CIDR block)

Your security groups are now configured to allow traffic between instances in the peered VPCs.

Verifying the Peering Connection

To verify that the VPC peering connection is working correctly, you can launch an EC2 instance in each VjsonPC and test connectivity between them.
  1. Launch an EC2 instance in VPC-A.
  2. Launch an EC2 instance in VPC-B.
  3. SSH into the instance in VPC-A and ping the private IP address of the instance in VPC-B.
  4. If the ping is successful, the VPC peering connection is working as expected.

Conclusion

Setting up a VPC peering connection in AWS is a powerful way to enable secure communication between VPCs. Whether you're managing resources across different AWS accounts or within the same account, VPC peering provides the flexibility and security needed to maintain an effective network architecture. By following the steps outlined in this guide, you’ve successfully created a VPC peering connection, verified its functionality, and cleaned up the resources when done. This knowledge will empower you to design more complex and secure networks in your AWS environment. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.

Happy Coding