Is It a Best/Recommended Practice to Use AWS VPC Peering Connections?

Problem scenario
You have heard about AWS VPC Peering Connections. Should you use them?

Solution
The short answer is "yes."

Some "best practices" for VPCs are merely step-by-step directions for setting it up while describing options that you may or may not want to take. This posting, on a technical blog of a large reputable company, was cited in The DevOps Handbook (on page 404). It provides numerous options as opposed to many hard-and-fast rules. Unfortunately, it was published in 2014. VPC Peering connections were widely available as of 2018 (according to Amazon).

Newer VPC "best practices" guides mention and suggest encouragement of peering connections:
https://cloudacademy.com/blog/top-13-amazon-virtual-private-cloud-best-practices/
https://www.buurst.com/2019/04/17/blog-aws-vpc-best-practices/
https://searchcloudsecurity.techtarget.com/feature/VPC-security-best-practices-and-how-to-implement-them-in-AWS

CockroachDB recommends peering connections to improve security. Another source recommends VPC peering connections.

In some instances, peering connections could be a security problem (according to stackarmor.com). In theory your VPC could be exposed to attacks from the intruders in other VPCs connected via peering connections. "Attack surface reduction is a cyber security best practice." (This quote was taken from https://www.anetworks.com/attack-surface-reduction/.)

We think VPC Peering Connections are great, but you always have to be reasonably sure each VPC is also properly configured because they could potentially increase your attack surface.

Leave a comment

Your email address will not be published.