VPC Peering Overview
- A VPC peering connection is a networking connection between two VPCs that enables routing of traffic between them using private IP addresses.
- Instances in either VPC can communicate with each other as if they are within the same network
- VPC peering connection can be established between your own VPCs, or with a VPC in another AWS account within a single region.
- AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.
VPC Peering Rules & Limitations
1. VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.
2. VPC peering connection cannot be created between VPCs in different regions. (NOTE – VPC Peering is now supported inter-region.)
3. VPC peering connection are limited on the number active and pending VPC peering connections that you can have per VPC.
4. VPC peering does not support transitive peering relationships
In a VPC peering connection, your VPC does not have access to any other VPCs that the peer VPC may be peered with even if established entirely within your own AWS account5. VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection
- A VPN connection or an AWS Direct Connect connection to a corporate network
- An Internet connection through an Internet gateway
- An Internet connection in a private subnet through a NAT device
- A ClassicLink connection to an EC2-Classic instance
- A VPC endpoint to an AWS service; for example, an endpoint to S3.
6. Only one VPC peering connection can be established between the same two VPCs at the same time
7. Maximum Transmission Unit (MTU) across a VPC peering connection is 1500 bytes.
8. A placement group can span peered VPCs; however, you do not get full-bisection bandwidth between instances in peered VPCs.
9. Unicast reverse path forwarding in VPC peering connections is not supported.
10. Instance’s public DNS hostname does not resolve to its private IP address across peered VPCs.
VPC Peering Architecture
- VPC Peering can be applied to create shared services or perform authentication with an on-premises instance
- This would help creating a single point of contact, as well limiting the VPN connections to a single account or VPC
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this?
- Create a new peering connection Between Prod and Dev along with appropriate routes.
- Create a new entry to Prod in the Dev route table using the peering connection as the target.
- Attach a second gateway to Dev. Add a new entry in the Prod route table identifying the gateway as the target.
- The VPCs have non-overlapping CIDR blocks in the same account. The route tables contain local routes for all VPCs.