AWS::EC2::VPCPeeringConnection - AWS CloudFormation

AWS::EC2::VPCPeeringConnection

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to a different AWS account and can be in a different Region than the requester VPC.

The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

If the VPCs belong to different accounts, the acceptor account must have a role that allows the requester account to accept the VPC peering connection. For more information, see Walkthough: Peer with a VPC in another AWS account.

If the requester and acceptor VPCs are in the same account, the peering request is accepted without a peering role.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::VPCPeeringConnection", "Properties" : { "PeerOwnerId" : String, "PeerRegion" : String, "PeerRoleArn" : String, "PeerVpcId" : String, "Tags" : [ Tag, ... ], "VpcId" : String } }

YAML

Type: AWS::EC2::VPCPeeringConnection Properties: PeerOwnerId: String PeerRegion: String PeerRoleArn: String PeerVpcId: String Tags: - Tag VpcId: String

Properties

PeerOwnerId

The AWS account ID of the owner of the accepter VPC.

Default: Your AWS account ID

Required: No

Type: String

Update requires: Replacement

PeerRegion

The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

Required: No

Type: String

Update requires: Replacement

PeerRoleArn

The Amazon Resource Name (ARN) of the VPC peer role for the peering connection in another AWS account.

This is required when you are peering a VPC in a different AWS account.

Required: Conditional

Type: String

Update requires: Replacement

PeerVpcId

The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request.

Required: Yes

Type: String

Update requires: Replacement

Tags

Any tags assigned to the resource.

Required: No

Type: Array of Tag

Update requires: No interruption

VpcId

The ID of the VPC.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPC peering connection.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The ID of the peering connection.

Examples

Peer VPCs in the same account

This example shows how to peer two VPCs in the same account. It uses an existing VPC as the requester VPC and creates the accepter VPC.

JSON

"Resources": { "myVpc": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsSupport": true, "EnableDnsHostnames": true, "Tags": [ { "Key": "Name", "Value": "accepter-vpc" } ] } }, "vpcPeeringConnection": { "Type": "AWS::EC2::VPCPeeringConnection", "Properties": { "VpcId": "vpc-e03dd489", "PeerVpcId": { "Ref": "myVpc" }, "Tags": [ { "Key": "Name", "Value": "cfn-peering-example" } ] } } }

YAML

Resources: myVpc: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: accepter-vpc vpcPeeringConnection: Type: AWS::EC2::VPCPeeringConnection Properties: VpcId: vpc-e03dd489 PeerVpcId: !Ref myVpc Tags: - Key: Name Value: cfn-peering-example

See also