AWS VPC Peering Connection

An AWS VPC Peering Connection is a networking connection between two VPCs that enables you to route traffic between them privately.

View Source Code
Deployments

42

Made by

Massdriver

Official

Yes

No

Compliance
No compliance
Clouds
AWS
Text Link
Tags
Networking
Text Link
Read me
Variables

aws-vpc-peering-connection

An AWS VPC peering connection is a networking connection between two AWS VPCs that enables communication between them using private IP addresses.

Use Cases

Network Migration

A peering connection can help facilitate a network migration by allowing services to be migrated from the old VPC to the new VPC individually over time while maintaining network connectivity, as opposed to a riskier all-at-once migration.

Multi-Region

By peering VPCs between two regions, they can both communicate privately and effectively act as a single multi-region private network.

Multi-Account

Peering connections can go accross AWS accounts, offering many benefits such as workload isolation, simplified account migration and enterprise capabilities (communicate across accounts without cloud account access).

Design

This bundle is designed for two scenarios:

  1. Peering two VPCs, both of which are provisioned by Massdriver and in the same account
  2. Peering two VPCs, only one of which is provisioned and managed by Massdriver

Both VPCs in Same Account Provisioned by Massdriver

In the first case, where both VPCs are managed by Massdriver and exist in the same AWS account, the user should connect both VPCs to the connection ports on the bundle (one to requester the other to accepter). The fields in the bundle configuration (“Remote VPC ARN” and “Remote VPC CIDR”) can be ignored since these values can be pulled from the accepter VPC. It doesn’t matter which VPC is the requester or accepter, they are functionally equivalent. In this scenario, the bundle will handle all the proper configuration for the peering connection, including establishing the connection, accepting it, and updating the route tables of both VPCs to enable communication across the VPCs.

VPCs in Separate Accounts, or Only One VPC Managed by Massdriver

In the second case, where one VPC isn’t managed by Massdriver, or the VPCs exist in a different account, only one of the connections is used: the requester connection. In this case, the bundle won’t be able to “accept” the peering connection on behalf of the “accepter” VPC. Additionally, the fields in the bundle configuration (“Remote VPC ARN” and “Remote VPC CIDR”) will need to be specified so the bundle can properly initiate the peering connection, and update the route tables of the Massdriver-managed requester VPC. Additional steps will need to be performed by the user in the AWS console to complete the peering connection.

Steps to Manually Accept Peering Connection

This is a summary of the tasks required to accept a peering connection and update the route tables of the VPC.

  1. Log into the AWS console for the “Accepter” account
  2. Navigate to the VPC configuration screen
  3. In the navigation pane, choose “Peering Connections”
  4. Select the pending VPC peering connection and choose “Actions” -> “Accept request”
  5. Choose “Modify route tables now”, or select “Route Tables” in the left side navigation pane
  6. Filter by the VPC ID of accepter
  7. For every route table associated with the VPC perform the following steps:
    1. Select the route table, and choose “Actions” -> “Edit Routes”
    2. Select Add Route
    3. For Destination, use the CIDR of the Requester VPC (the one managed by Massdriver)
    4. For Target, select “Peering Connection” and select the peering connection that was just created
    5. Select “Save changes”
  8. (Optional) If you would like DNS resolution across the peering connection, select the peering connection and choose “Actions” -> “Edit DNS settings” and select both “Allow accepter VPC” and “Allow requester VPC”.

Best Practices

Remote DNS Resolution

If both VPCs are managed by Massdriver, the peering connection will be configured to allow DNS resolution across the connection, allowing services to use private DNS names instead of IP addresses.

Route Table Management

Route tables will automatically be updated to allow proper routing across the peering connection (the requester VPC will always be updated, the accepter will only be updated if the VPC is in the same account and managed by Massdriver - see above)

VariableTypeDescription

| accepter_vpc_arn | string | IMPORTANT: Only set this value if you haven’t connected a remote “accepter” VPC to the bundle!!! If an accepter VPC is connected, this field is ignored and the value will be extracted from the connection artifact. Use this field if the remote VPC isn’t managed by Massdriver or exists in different AWS account than the requester VPC. This will require you to accept the peering connection and update the route tables of the accepter VPC manually! | | accepter_vpc_cidr | string | IMPORTANT: Only set this value if you haven’t connected a remote “accepter” VPC to the bundle!!! If an accepter VPC is connected, this field is ignored and the value will be extracted from the connection artifact. Use this field if the remote VPC isn’t managed by Massdriver or exists in different AWS account than the requester VPC. This will require you to accept the peering connection and update the route tables of the accepter VPC manually! |

System Operational

Marketplace

AWSGCPAzure

Solutions

Healthcare
Internal Developer Platform
Cost Management
DevOps Advisor
Platform Engineering Accelerator

Company

About UsJobsNewsContact UsNews

Resources

PricingBlogDocsWebinars
Get Started
Massdriver Reviews
Massdriver Reviews
© Massdriver, Inc. 2024
Terms of Service
Privacy Policy
Security
Healthcare
Internal Developer Platform
Cost Management
DevOps Advisor
Platform Engineering Accelerator
GameStake Achieves Zero-Downtime Deployments with a 25% Reduction in Cloud Costs
How AMD Global Telemedicine Reduced Software Release Effort by 89% With Massdriver
Writing Maintainable IaC: Use Case Specific OpenTofu / Terraform Modules
Open Office Hours
Airlock: Massdriver's New Open-Source Project
How to enable API endpoints with Massdriver apps
Open Office Hours
Generating OpenTofu / Terraform from Existing Cloud Resources
Running KubeVirt on AWS EKS
Scripting with Massdriver
Open Office Hours
Observability in Kubernetes using Jaeger
Debugging applications in Kubernetes
Observability in Kubernetes using Prometheus
Scaling Ops: Embracing platform engineering’s potential
Open Office Hours
AI Made Simple: Deploying Stable Diffusion with Massdriver and SageMaker
Test driven development with OpenTelemetry
Zero Down Time Deployments in Kubernetes
Writing Maintainable Infrastructure as Code
Massdriver Feature Showcase: Bundle Building
Massdriver Feature Showcase: Environmental Parity
AKS Made Easy on Massdriver
Best Practices for Containerizing Web Apps with Docker
Debugging Applications in Kubernetes
Best Practices for Containerizing Web Apps with Docker
Load Testing with Grafana K6
Debugging Applications in Kubernetes
Running Azure OpenAI with Massdriver
Best Practices for Containerizing Web Apps with Docker
Upgrading PostgreSQL Versions with Minimal Downtime
Deploying 3-tier Web Applications on Kubernetes with Massdriver
Massdriver Feature Showcase: Bundle Building
Massdriver Feature Showcase: Diffing Environments & Deployments
Networking
AWS