Vpc Peering Using Cloudformation

Using this aws walkthrough i can successfully add a vpc peering connection between different aws accounts.

Vpc peering using cloudformation. If you create a vpc peering connection request between vpcs with overlapping cidr blocks the vpc peering connection has a status of failed. If you are creating your vpc manually you will forget a routing table rule forgo a security group ingress allow access from the wrong port or do something else trivial that. In the picture below the red arrows represent the target vpcs and the green arrow represents the services vpc.

You also want to use cloudformation for creating the peer between the target vpcs and the services vpc because it s easier for you to manage and keep track of the peering connections if they are tied to a cloudformation stack. This creates a networking connection between two vpcs that enables you to route traffic between them so they can communicate as if they were within the same network. The first one within 1 az and 2nd one across 2 azs.

When creating a vpc always always always use a cloudformation template cft. For more information about vpc peering and its limitations see vpc peering overview in the amazon vpc peering guide. You have the ability to allow as much or as little external traffic into your vpc as you d like.

Aws creates a default vpc for you in every region but we will be creating a new vpc from the ground up to give ourselves complete control. Use aws cloudformation stacksets to deploy each application instance by using parameters to customize for each instance and use security groups to isolate each instance while permitting access to the central server. Create peering connections from each vpc to the central management vpc and accept those connections in the management vpc.

Each az will have two subnets public private and the public subnet associated with public route table which has internet gateway. To establish a vpc peering connection you need to authorize two separate aws accounts within a single aws cloudformation stack. You can peer with a virtual private cloud vpc in another aws account by using aws ec2 vpcpeeringconnection.

In this post we ll create a vpc via cloudformation templates. The connection is accepted automagically because of the iam role setup in the accepter account is given that permission and referenced in the requester account when requesting the connection. A vpc peering connection can help facilitate data access and data transfer.