How Do You Create Peering Connections to EC-2 Instances inside VPCs Can Communicate with Each Other?

Problem scenario
You want to use peering connections between two VPCs (in the same region) so that EC-2 instances in each VPC can communicate with each other. How do you do this?

Solution
Prerequisite

This assumes you have two VPCs already created in the same region. This assumes you have EC-2 instances also created.

i. Create one VPC. Go to VPC and give it a name. Create an IPv4 CIDR block (e.g., 55.55.0.0/24 or 66.66.0.0/16). We find it is easier if the VPC has "Edit DNS Hostnames" enabled; you can do this by going to the VPCs, clicking the radio button for the VPC, then going to Actions -> Edit DNS hostnames, and choose "enable", and clicking "Save."

ii. Create a second VPC as you did in step i.

iii. Create EC-2 instances in the VPCs above. When you create each one, make sure it is created in the VPC you want. Step 3 is "Configure Instance Details" (if you are using the web console). The "Network" drop down option should show the VPC you want. If you have to create a subnet, use one of the options in VPC CIDRs. We find it to be easier to choose the "Enable" drop down option for "Auto-assign Public IP".

iv. Ensure the NACLs that govern the subnets of your VPCs allow connectivity from your workstation. The inbound rules must have the IP address of your workstation even if there is a rule for 0.0.0.0 (allow all IP addresses). If you go to VPC -> Security -> Network ACLs, you can find one that governs a subnet. The website ipchicken.com can help you out with your public IP address (of your workstation). The format of the IP address in field will be like this: 123.123.123.123/32

v. Make sure the EC-2 instances have Security Groups with Inbound rules that permit connectivity from your workstation.

vi. Finally if you need to connect to these two EC-2 instances, you may want to create an Internet Gateway for each VPC. Then you will want to modify the Route table of the VPC to have traffic destined for 0.0.0.0/0 route to the internet gateway.

Procedures

  1. Create a Peering Connection. Go to VPC -> Virtual Private Cloud -> Peering Connections.
  2. Click "Create Peering Connection". Enter the necessary information.
  3. Click "Create Peering Connection".
  4. Click "Ok".
  5. Click the radio button near the Peering Connection. Go to Actions -> Accept Request.
  6. Click "Yes, Accept".
  7. Go to Virtual Private Cloud -> Route Tables.
  8. Expand the column for "VPC ID" to see the names of the VPCs.
  9. Click the radio button for one of the relevant VPCs.
  10. Click the "Routes" tab.
  11. Click "Edit Routes"
  12. In the "Destination" drop down text field, enter the internal IP address of the other EC-2 instance that is not in this VPC with a "/32" at the end (e.g., 55.55.123.123/32)
  13. For the "Target" drop down, choose "Peering Connection" and then click on the specific one that you just created.
  14. Click "Save routes".
  15. Click "Route Tables" near the upper right hand corner and repeat steps 8 through 14 for the other VPC that you have not done these steps for.
  16. Modify the respective Security Groups that govern each of the EC-2 instances to allow inbound connections from the internal IP addresses of each other.

In our experience modifications to Route Tables happen instantly; there is no delay.

Leave a comment

Your email address will not be published. Required fields are marked *