AWS VPC Peering

VPC Peering
A VPC peering link is a connection between two VPCs that allows routing traffic using private IPv4 or IPv6 addresses.
VPC instances can communicate with one another as if they were part of the same network
VPC peering can be established between your VPCs or with another AWS account in a different region.
A VPC peering link is a one to one relationship between two VPCs.
VPC peering eliminates the possibility of communication failures or bandwidth bottlenecks by eliminating one point of failure.
AWS uses the VPC infrastructure to create a VPC peering link. It is not a gateway or VPN connection and does NOT rely on any additional hardware.
VPC peering now supports interregion VPC peering. However, the introduction was limited to a single region.
All inter-region traffic is protected with no single point or bandwidth bottleneck. Traffic stays on the global AWS network backbone and never crosses the public internet. This reduces threats such as DDoS attacks and common exploits.
There are no additional charges for VPC peering. Data transfer charges apply.VPC Peering Connectivity
To establish a VPC peering link, the owner/requester VPC sends an email to the owner/recipient of the VPC.
Accepter VPCs can be owned by either the same account or another AWS account.
Once the Accepter VPC accepts a request for VPC peering, the VPC peering is activated.
To allow traffic, route tables should be manually updated on both VPCs
Security groups should allow traffic to and fro the VPCs.VPC peering limitations & rules
VPC peering connections can’t be established between VPCs with matching or overlapping IPv4 and IPv6 CIDR block blocks.
VPC peering connections can’t be established between VPCs located in different regions. VPC peering is now supported between regions.
VPC peering connection limits are set on the number of active or pending VPC peering contacts you can have per VPC.
VPC peering does NOT support transitive peering relationships. A VPC peering connection does not allow the VPC to peer with any other VPCs, even if it is established entirely within your AWS account.
VPC peering doesn’t support Edge to Edge Routing through a Gateway or Private Connection
The peer VPC is not allowed to access any other connections that the peer VPC may have, and vice versa. The peer VPC can connect to a corporate network via a VPN connection or AWS Direct Connect.
An Internet connection via an Internet gateway
A private subnet Internet connection via a NAT device
A ClassicLink connection to an EC2-Classic instance
A VPC endpoint to an AWS Service; for example, an Endpoint to S3.Only one VPC peering link can be established between two VPCs simultaneously
1500 bytes is the Maximum Transmission Unit (MTU), across a VPC peering link.
A placement group can span multiple VPCs in the same region. However, you don’t get full-bisection bandwidth among instances in peered PCs.
Any tags that are created for the VPC peering connections can only be used in the account or the region where they were created
It is not possible to reverse-path forward Unicast in VPC peering networks
Circa July 2016, Instance can now resolve its public DNS to its private IP address across all peered VPCs. Instance’s public DNS hostname doesn’t resolve to its private IP address across peer VPCs.
VPC Peering Troubleshooting
Verify that the VPC peering link is active.
Make sure you update the route tables for your VPC peering connections. Verify that the proper routes are in place for connections to the IP addresses of the peer VPCs via the appropriate gateway.
Verify that the network access control tab contains an ALLOW rule.