AWS VPC Peering
This is a step-by-step guide to create VPC peering between 2 services (same or cross account). No conceptual explanation, just steps to follow.
Let’s call Requestor Service as A (in VPC Va) and Acceptor Service as B (in VPC Vb).
Step 1: Go to https://console.aws.amazon.com . Click on Services (on top left corner). Search for EC2.
Step 2: In left hand side options list, look for Load Balancers and then click on it.
Step 3: In search tab , search for B’ load balancer (make sure you are in the same region as that of B’s). Once found ,select it and then note down its VPC id i.e. Vb. Also note down its security group SGb (in case needed).
Step 4: Now go to A’s side (i.e. region and account , in case its different than B). Click on Services (on top left corner) and then, search for VPC.
Step 5: Click on Create Peering Connection Button. Fill the desired values like name tag, Va id , region and account id (in case its different) of Vb, and then, Vb id. Click on Create Peering Connection.
Step 6: Once created , you will get an id (something like connection id ,lets call it pcId). Note it down. (You can also search for in peering connections list in case forgotten).
Step 7: Now go to acceptor side (i.e. B’s side). Go to VPC -> peering connection.) search with pcId in the list. select the row and click on Actions , then accept it. Also, Note down both A’s and B’s CIDR.
Step 8: Now Route Table Entry. On VPC page, in left side search box, select Va to filter. Now click on subnets option.
Step 9: Now select your subnet (you can know subnets of a service in apps page of opsworks stack or in ec2/elb )
Step 10: Go to Route Table tab and click on route table link. Here, a route table page will open, with selected route table . Click on Routes tab (in bottom) and then, edit routes.
Step 11: Add a new entry with B’s CIDR and pcId and save it. Repeat it for other subnets of A(in case they have different route table).
Step 12: Repeat Steps 8–11 for B’s side too.
Step 13: Now Inbound Rules. Here, In case if one way communication is only happening (say, B to A and not A to B), then , we just need to create inbound rules in A’s side with B’s CIDR.
Step 14: Go to VPC page of A’s side. Filter with VPC Va (as done in Step 8) and then select Security Groups from left side options list.
Step 15: Search with SGa ( you can follow step similar to Step 3 to get security group id). Once found, select it and click on Inbound Rule tab from bottom and then, click on Edit Rules.
Step 16: Add an entry with protocol , B’s CIDR and description . Save it.
Test the reachability and then , its Done!
PS: In case you find any wrong/missing info, you are welcome to add it in comments. Thanks
