- Published on
VPC Peering
- Authors
- Name
- Bowen Y
Configuration
- Have to add routes to both two subnets' route table.
| Route table | Destination | Target |
|---|---|---|
| VPC A | VPC A CIDR | Local |
| VPC B CIDR | pcx-11112222 | |
| VPC B | VPC B CIDR | Local |
| VPC A CIDR | pcx-11112222 |
- No unidirection access if only one route is added to one subnet's route table.
| Route table | Destination | Target |
|---|---|---|
| VPC A | VPC A CIDR | Local |
| VPC B CIDR | pcx-11112222 | |
| VPC B | VPC B CIDR | Local |
OR
| Route table | Destination | Target |
|---|---|---|
| VPC A | VPC A CIDR | Local |
| VPC B | VPC B CIDR | Local |
| VPC A CIDR | pcx-11112222 |
No traffic allowed from A -> B and B -> A.
Steps to create VPC peering
- Create VPC peering requests(in account A)
- Accept VPC peering requests(in account B)
- Update/Create route tables to transmit all requests to the peered CIDR to peered VPC(in account A)
- Update/Create route tables to transmit all requests to the peered CIDR to peered VPC(in account B)
- (Optional) Allow DNS resolving(in account A and B)
- (Optional) Associate Private Hosted Zone following the steps below(in account A and B)
- Update security groups (Can use
OTHER_AWS_ACCOUNT/SG_IDin the inbound/outbound rule to allow traffic from security group in other aws accounts)
VPC Peering with Private Hosted Zone
This process has to be done using command line.
# The AWS account that created the private hosted zone must first submit a CreateVPCAssociationAuthorization request
aws route53 create-vpc-association-authorization --hosted-zone-id HOSTED_ZONE_ID --vpc VPCRegion=us-west-2,VPCId=VPC_ID_IN_OTHER_ACCOUNT
# Then the account that created the VPC must submit an AssociateVPCWithHostedZone request.
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id SAME_HOSTED_ZONE_ID --vpc VPCRegion=us-west-2,VPCId=SAME_VPC_ID