DEV Community

Cover image for 🚨 AWS 129: Bridging the Gap - Implementing VPC Peering
Hritik Raj
Hritik Raj

Posted on

🚨 AWS 129: Bridging the Gap - Implementing VPC Peering

#aws #networking #vpc #100daysofcloud

AWS

🌐 Network Fusion: Enabling Communication Between Isolated VPCs

Hey Cloud Architects πŸ‘‹

Welcome to Day 29 of the #100DaysOfCloud Challenge!
Today, we are solving a classic architectural puzzle for the Nautilus team: how to let a public-facing server talk to a private, isolated database server. We are setting up VPC Peering to create a secure bridge between our Default VPC and a custom Private VPC.

This task is part of my hands-on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real-world DevOps scenarios.

🎯 Objective

  • Establish a VPC Peering connection named datacenter-vpc-peering.
  • Connect the Default VPC (Requester) with the datacenter-private-vpc (Accepter).
  • Update Route Tables in both VPCs to allow cross-network traffic.
  • Configure Security Groups to allow ICMP (Ping) requests.
  • Verify connectivity by pinging the private instance from the public instance.

πŸ’‘ Why VPC Peering Matters

In production, you often keep sensitive data in a private VPC. VPC Peering allows your frontend apps to access that data securely without exposing the private resources to the public internet.

πŸ”Ή Key Concepts

  • VPC Peering Connection: A networking connection between two VPCs that enables you to route traffic between them using private IP addresses.

  • Non-Overlapping CIDRs: For peering to work, the two VPCs must have different IP ranges (e.g., 172.31.0.0/16 vs 10.1.0.0/16). If they overlap, they cannot peer! [Image showing non-overlapping CIDR blocks for VPC peering]

  • Route Table Propagation: Creating the connection is only half the battle. You must manually tell each VPC's Route Table how to find the other VPC's IP range.

πŸ› οΈ Step-by-Step: The Peering Workflow

We’ll move logically from Connection β†’ Routing β†’ Verification.

πŸ”Ή Phase A: Create and Accept the Peering Connection

  • Initiate Request: In the VPC Dashboard, go to Peering Connections and click "Create peering connection."
  • Configure:
    • Name: datacenter-vpc-peering
    • Requester: Select the Default VPC.
    • Accepter: Select datacenter-private-vpc.

  • Acceptance: Once created, select the connection, click Actions, and choose Accept Request.

πŸ”Ή Phase B: Configure Route Tables (The Traffic Map)

Both VPCs need to know that traffic for the "other side" should go through the Peering ID.

  • Public Route Table: Add a route to 10.1.0.0/16 (Private VPC) via the Peering Connection.
  • Private Route Table: Add a route to the Default VPC CIDR (usually 172.31.0.0/16) via the Peering Connection.

πŸ”Ή Phase C: Security Groups & Access

  • Private Instance SG: Update the security group of datacenter-private-ec2 to allow All ICMP - IPv4 from the Default VPC CIDR range.
  • Public Instance Access: Ensure your public key is added to authorized_keys on the public instance so you can SSH in from your client host.

βœ… Verify Success

  • SSH into Public: ssh ec2-user@<Public_IP>

  • Ping the Private: From the public terminal, run ping <Private_IP_of_datacenter-private-ec2>.

* Confirm: πŸŽ‰ If you see active "Reply from..." messages, your VPCs are successfully talking to each other!

πŸ“ Key Takeaways

  • πŸš€ Private Backbone: Traffic between peered VPCs stays on the AWS network and never traverses the public internet.
  • πŸ•’ Bi-directional Routing: You must update the route tables on BOTH sides, or traffic will be able to go out but never find its way back.
  • πŸ›‘οΈ Security Rules: Routing gets the packet to the server, but Security Groups decide if the server lets the packet in.

🚫 Common Mistakes

  • Overlapping CIDRs: Trying to peer two VPCs that both use 172.31.0.0/16.
  • Missing Acceptance: Forgetting that the "Accepter" VPC must manually approve the request.
  • One-Way Routing: Only updating the public route table and wondering why the private instance can't "talk back."

🌟 Final Thoughts

You’ve just built a secure, interconnected cloud network! VPC Peering is a building block for complex architectures, including centralized logging, shared services, and distributed microservices.

🌟 Practice Like a Pro

If you want to try these tasks yourself in a real AWS environment, check out:
πŸ‘‰ KodeKloud Engineer - Practice Labs

It’s where I’ve been sharpening my skills daily!

πŸ”— Let’s Connect

Top comments (0)