Setup VPC Peering to Link two AWS VPCs

Configure VPC Peering:

  • Go to AWS VPC > VPC Peering
  • Create Peering connection
  • From New VPC > Primary VPC
  • Select the Pending VPC Peering connection > Actions > Accept Request
  • Make a note of the Peering Connection Name (Eg pcx-1a23bcd456e789012 as you will require this later)

Setup Routing on Subnets:

For this guide, I will be using the following VPC Subnets:
New VPC: 10.90.0.0/16
Old VPC: 10.50.0.0/16

  • Go to VPC > Route Tables
  • Setup New > Old VPC Routes:
    • Select the Group from the list that contains your Subnets from your new VPC
    • Select Routes > Edit Routes at the bottom of the Window
    • Add a route for each Subnet that your new VPC will need to access on the old VPC (Eg 10.50.1.0/24). The Target will be the Peering Connection Name you copied earlier.
  • Setup Old > New VPC Routes:
    • Select the Group from the list that contains your Subnets from your old VPC that require access to the new VPC (Or allow routes back for traffic from the new VPC).
    • Select Routes > Edit Routes at the bottom of the Window
    • Add a route for each Subnet that your old VPC will need to access on the new VPC (Eg 10.90.1.0/24). The Target will be the Peering Connection Name you copied earlier.

Setup Firewalls to Allow connectivity:

The following steps will depend largely on what you will be using the peered connection for, but adjust as appropriate.

  • Setup Network ACLs to allow connections from the old VPC:
    • By Default the new VPC will allow traffic from all locations. Rules will be determined on the instances themselves (More Standard).
  • Setup Network ACLs to allow connections from the new VPC. NOTE: Network ACLs are Stateless Firewalls so you will need to ensure Inbound and Outbound rules are set correctly.:
    • Go to Subnets and search for the Subnet on your old VPC which should allow connections from the new VPC
    • Select the Subnet and click the link in the bottom to edit the Network ACL.
      • Edit the Inbound and Outbound rules as appropriate to allow your new Subnets connectivity to the correct ports on your Instances in this Subnet
      • Repeat for each Subnet Group on the old VPC that requires access from the new VPC.
  • Update Security Groups to allow access from your new Subnets to existing Instances:
    • Go to EC2 and find an instance that you require access to from the new VPC.
    • Select the instance and click the link to edit the “Security Group” for the instance.
    • Create a rule to allow access to the required ports on your Instance from the new VPC.

Any comments or questions? Get in touch here or Email me at [email protected]