VPC peering

VPC peering allows traffic to be freely routed between two VPCs. Once peered, the two VPCs act as one with respect to connectivity. However, Network Security Group rules are still observed. VPC peering is simple and easy to set up, but the limitation is that IP ranges of two peered VPCs can't overlap.

Example

This example shows how to connect using VPC peering.

Note

BigAnimal uses the 10.0.0.0/16 address space and can't be peered with VPCs using this same space. If they do, the status of the VPC peering connection immediately goes to failed.

Assume that your cluster is on an account called development and is being accessed from a Linux client on another account called test with the following properties:

  • Cluster:
    • AWS account name: development
    • Cluster ID: p-c4j0jfcmp3af2ieok5eg
    • Account ID: brcxzr08qr7rbei1
    • Organization's domain name: biganimal.io
    • VPC: vpc-cluster
  • Linux client:
    • Subscription: test
    • VPC: vpc-client
    • VPC subnet: snet-client

Prerequisites

To walk through an example in your own environment, you need:

  • Your cluster URL. You can find the URL in the Connect tab of your cluster instance in the BigAnimal portal.
  • A Postgresql client, such as psql, installed on your client VM.

You need to add two peering links, one from the client VPC vpc-client and the other from your cluster's VPC vnet-japaneast.

VPC peering connection with a VPC in another AWS account

You can create a VPC peering connection with a VPC in the same region or a different region.

Request a VPC peering connection with a VPC in another account

  1. Log in to the AWS account associated with your BigAnimal account.

  2. Open the Amazon VPC console.

  3. In the navigation pane, select Peering Connections, and then select Create Peering Connection.

  4. Enter a suitable name for the peering connection.

  5. For VPC (Requester), select the cluster's VPC in your account.

  6. Select Another account.

  7. Enter the AWS account ID of the owner of the accepter VPC.

  8. (Optional) Select Another region, and then select the region in which the accepter VPC resides.

  9. For VPC (Accepter), enter the ID of the client VPC.

  10. Select Create Peering Connection.

  11. In the confirmation, select OK.

  12. The VPC peering connection that you created isn't active. To activate it, the owner of the accepter VPC must accept the VPC peering connection request. To enable traffic to be directed to the peer VPC, update your VPC route table. There are three route tables created at BigAnimal VPC, all are required to be updated. For more information, see Update your route tables for a VPC peering connection and this FAQ article.

VPC peering connection with another VPC in your account

You can create a VPC peering connection with a VPC in the same region or a different region.

Create a VPC peering connection with a VPC in the same region

  1. Open the Amazon VPC console.

  2. In the navigation pane, select Peering Connections, and then select Create Peering Connection.

  3. For VPC (Requester), select the cluster VPC in your account.

  4. Ensure My account is selected.

  5. Select Another VPC to peer with. Then select Add tag and enter the key-value pair of the VPC you want to connect with.

  6. Select Create Peering Connection.

  7. In the confirmation, select OK.

  8. Select the VPC peering connection that you created, select Actions, and then select Accept Request.

    In the confirmation, select Yes, Accept. A second confirmation appears; select Modify my route tables now to go directly to the route tables page, or select Close to do this later.

  9. Now that your VPC peering connection is active, you must add an entry to your VPC route tables to enable traffic to be directed between the peered VPCs. For more information, see Update your route tables for a VPC peering connection. There are three route tables created at BigAnimal VPC, all are required to be updated. For more information, see this FAQ article.

  10. Access the cluster with its domain name from your cluster's connection string. It's accessible from vpc-client after peering.

    psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin
    Output
    Password for user edb_admin: 
    
    psql (13.4 (Ubuntu 13.4-1.pgdg28.84+1), server 13.4.8 (Debian 13.4.8-1+deb10)) 
    WARNING : psql major version 13, server major version 13. Some psql features might not work. 
    SSL connection (protocol : TLSV1.3cipherTLS_AES_256_GCM_SHA384, bits : 256, compression : off) Type "help" for help. 
    
    edb_admin=>

Create a VPC peering connection with a VPC in a different region

  1. Open the Amazon VPC console.

  2. In the navigation pane, select Peering Connections > Create Peering Connection.

  3. You can optionally name your VPC peering connection. Doing so creates a tag with a key of the name and a value that you specify.

  4. Select the requester VPC in your account with which to request the VPC peering connection.

  5. Ensure My account is selected.

  6. Select Another region, and then select the region in which the accepter VPC resides.

  7. Enter the ID of the client VPC.

  8. Select Create Peering Connection.

  9. In the confirmation, select OK.

  10. Select the region of the accepter VPC in the upper right corner of the AWS console.

  11. In the navigation pane, select Peering Connections. Select the VPC peering connection that you created, select Actions, and then select Accept Request.

  12. In the confirmation, select Yes, Accept. A second confirmation appears; select Modify my route tables now to go directly to the route tables page, or select Close to do this later.

  13. Now that your VPC peering connection is active, you must add an entry to your VPC route tables to enable traffic to be directed between the peered VPCs. For more information, see Update your route tables for a VPC peering connection. There are three route tables created at BigAnimal VPC, all are required to be updated. For more information, see this FAQ article.

  14. Access the cluster with its domain name from your cluster's connection string. It's accessible from vpc-client after peering.

    psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin
    Output
    Password for user edb_admin: 
    
    psql (13.4 (Ubuntu 13.4-1.pgdg28.84+1), server 13.4.8 (Debian 13.4.8-1+deb10)) 
    WARNING : psql major version 13, server major version 13. Some psql features might not work. 
    SSL connection (protocol : TLSV1.3cipherTLS_AES_256_GCM_SHA384, bits : 256, compression : off) Type "help" for help. 
    
    edb_admin=>