FoxuTech

How to Setup AWS Inter-Region VPC Peering

AWS Inter-Region VPC Peering

Amazon EC2 now allows peering relationships to be established between Virtual Private Clouds (VPCs) across different AWS regions. Inter-Region VPC Peering allows VPC resources like EC2 instances, RDS databases and Lambda functions running in different AWS regions to communicate with each other using private IP addresses, without requiring gateways, VPN connections or separate network appliances.

Inter-Region VPC Peering provides a simple and cost-effective way to share resources between regions or replicate data for geographic redundancy. Built on the same horizontally scaled, redundant, and highly available technology that powers VPC today, Inter-Region VPC Peering encrypts inter-region traffic with no single point of failure or bandwidth bottleneck. Traffic using Inter-Region VPC Peering always stays on the global AWS backbone and never traverses the public internet, thereby reducing threat vectors, such as common exploits and DDoS attacks.

Data transferred across Inter-Region VPC Peering connections is charged at the standard inter-region data transfer rates.

Inter-Region VPC Peering is available in AWS US East (N. Virginia), US East (Ohio), US West (Oregon) and EU (Ireland) with support for other regions coming soon.

This announcement really excited me in that I believe it really opens up continuity and DR options for those customers (yes, likely the smaller ones) who don’t necessarily have the resources to setup transit VPCs with Cisco CSRs.

The basic steps to setup VPC peering are shown below….and they really don’t change all that much to support inter-region VPC peering:

To establish a VPC peering connection, you do the following:

  1. The owner of the requester VPC sends a request to the owner of the accepter VPC to create the VPC peering connection. The accepter VPC can be owned by you, or another AWS account, and cannot have a CIDR block that overlaps with the requester VPC’s CIDR block.
  2. The owner of the accepter VPC accepts the VPC peering connection request to activate the VPC peering connection.
  3. To enable the flow of traffic between the VPCs using private IP addresses, the owner of each VPC in the VPC peering connection must manually add a route to one or more of their VPC route tables that points to the IP address range of the other VPC (the peer VPC).
  4. If required, update the security group rules that are associated with your instance to ensure that traffic to and from the peer VPC is not restricted. If both VPCs are in the same region, you can reference a security group from the peer VPC as a source or destination for ingress or egress rules in your security group rules.
  5. If both VPCs are in the same region, you can modify your VPC connection to enable DNS hostname resolution. By default, if instances on either side of a VPC peering connection address each other using a public DNS hostname, the hostname resolves to the instance’s public IP address.

However, to expand it out a little more just in case, the more specific steps using the AWS management console are:

 

Exit mobile version