Create VPC Peering Connection on AWS using CDK
Most users in AWS have multiple VPCs in their environment, sometimes spanning more than one account, so it’s not very common to have all of your resources in a single VPC in a single account. A VPC is an isolated network, and resources can only communicate from inside each VPC. So, what do you do when you want your AWS resources to communicate with each other? That’s where a VPC Peering Connection comes into play – and best of all, you can create and manage it with CDK!
What is a VPC?
An Amazon Virtual Private Cloud (VPC) is a secure and isolated section of the AWS cloud where you can launch AWS resources. It acts as your virtual network, providing control over your environment. With VPC, you can define your IP address range, create subnets, and configure routing tables. This allows you to customize network settings, ensuring private and controlled space for your applications in the AWS infrastructure.
VPC Peering Connection
VPC peering is beneficial when you need seamless and private connectivity between two Amazon Virtual Private Clouds (VPCs) within AWS. Use VPC peering to facilitate direct communication between resources in separate VPCs as if they were on the same network. There are two key things to remember when using VPC Peering to interconnect two VPCs.
- You Need to Create A VPC Peering Connection between two VPCs. The VPCs can be located in the same AWS or another AWS Account.
- Create Route tables at both sides of the VPC Peering Connection to allow traffic to flow between the two
How to Create a VPC Peering Connection
Before we start, I want you to consider this Account Configuration:
This is a very basic VPC Peering connection setup. We have 2 AWS accounts; each has a single VPC. Inside the VPC are two subnets. You can see the route table on each side of the VPC Peering Connection. If you are familiar with networking concepts, VPC Peering is basically setting up a WAN link between your VPCs. We don’t care how AWS route the traffic inside the Peered connection, that is their job not ours.
Step 1 – Create A VPC Peering Connection Request
In Account A (Requester Account):
- Sign in to AWS Console: Log in to the AWS Management Console using the credentials for Account A.
- Navigate to VPC Dashboard: Access the VPC dashboard from the AWS Management Console.
- Create Peering Connection: Click on “Peering Connections” in the left-hand navigation pane and then choose “Create Peering Connection.”
- Fill in Details:
- Peering Connection Name: Give it a meaningful name.
- Your VPC: Select the VPC in Account A.
- Account ID: Enter the AWS account ID of Account B.
- Peer VPC: Specify the VPC in Account B.
- Configure Options:
- Set any additional options as needed (e.g., enable DNS resolution).
- Choose whether to automatically accept the peering connection.
- Review and Create: Review the details and click “Create Peering Connection.”
Step 2 – Accept the VPC Request
In Account B (Accepter Account):
- Share Peering Connection Request:
- Navigate to the VPC dashboard.
- Go to “Peering Connections” and find the pending peering connection request from Account A.
- Click on it and choose “Actions” > “Accept Request.”
- Update Route Tables:
- In the route tables of both the VPCs involved, add routes for the CIDR block of the other VPC, pointing to the peering connection.
Back in Account A:
- Accept the Peering Connection:
- Go to the VPC dashboard and navigate to “Peering Connections.”
- Find the peering connection and confirm that its status is “Active.”
- Update Route Tables:
- Update the route tables in both VPCs to include routes for the CIDR block of the other VPC, pointing to the peering connection.
- Confirm Peering Status:
- In both Account A and Account B, check the peering connection status. It should be “Active.”
- Test Connectivity:
- Deploy resources in both VPCs.
- Ensure that security groups and network ACLs allow the necessary traffic.
- Test connectivity between resources in different VPCs using private IP addresses.