Menu
Amazon Virtual Private Cloud
VPC Peering Guide

Creating and Accepting a VPC Peering Connection

To create a VPC peering connection, first create a request to peer with another VPC. You can request a VPC peering connection with another VPC in your account, or with a VPC in a different AWS account. To activate the request, the owner of the accepter VPC must accept the request.

Creating a VPC Peering Connection with Another VPC in Your Account

To request a VPC peering connection with a VPC in your account, ensure that you have the IDs of the VPCs with which you are creating the VPC peering connection. You must both create and accept the VPC peering connection request yourself to activate it.

To create a VPC peering connection in your account

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Peering Connections, Create VPC Peering Connection.

  3. In the dialog, configure the following information, and choose Create VPC Peering Connection when you are done:

    • Name tag: You can optionally name your VPC peering connection. Doing so creates a tag with a key of Name and a value that you specify.

    • Local VPC to peer: Select the VPC in your account with which you want to create the VPC peering connection.

    • Select a VPC to peer with: Ensure My account is selected, and select another of your VPCs from VPC. Only VPCs in the current region are displayed.

      Important

      Ensure that your VPCs do not have overlapping IPv4 CIDR blocks. If they do, the status of the VPC peering connection immediately goes to failed. This limitation applies even if the VPCs have unique IPv6 CIDR blocks.

  4. In the confirmation dialog box, choose OK.

  5. Select the VPC peering connection that you've created, and choose Actions, Accept Request.

  6. In the confirmation dialog, choose Yes, Accept. A second confirmation dialog displays; choose Modify my route tables now to go directly to the route tables page, or choose Close to do this later.

Now that your VPC peering connection is active, you must add an entry to your VPC route tables to enable traffic to be directed between the peered VPCs. For more information, see Updating Your Route Tables for a VPC Peering Connection.

Creating a VPC Peering Connection with a VPC in Another AWS Account

You can request a VPC peering connection with a VPC that's in another AWS account. Before you begin, ensure that you have the AWS account number and VPC ID of the VPC to peer with. After you've created the request, the owner of the accepter VPC must accept the VPC peering connection to activate it.

To create a VPC peering connection with a VPC in another account

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Peering Connections, Create VPC Peering Connection.

  3. In the dialog, configure the information as follows, and choose Create VPC Peering Connection when you are done:

    • Name: You can optionally name your VPC peering connection. Doing so creates a tag with a key of Name and a value that you specify. This tag is only visible to you; the owner of the peer VPC can create their own tags for the VPC peering connection.

    • Local VPC to peer: Select the VPC in your account with which to create the VPC peering connection.

    • Select a VPC to peer with: Choose Another account, and enter the AWS account ID and the ID of the VPC with which to create the VPC peering connection.

      Important

      If your VPC and the peer VPC have overlapping IPv4 CIDR blocks, or if the account ID and VPC ID are incorrect or do not correspond with each other, the status of the VPC peering connection immediately goes to failed.

  4. In the confirmation dialog box, choose OK.

The VPC peering connection that you've created is not active. To activate it, the owner of the accepter VPC must accept the VPC peering connection request. To enable traffic to be directed to the peer VPC, update your VPC route table. For more information, see Updating Your Route Tables for a VPC Peering Connection.

To create a VPC peering connection using the command line or an API

Accepting a VPC Peering Connection

A VPC peering connection that's in the pending-acceptance state must be accepted by the owner of the accepter VPC to be activated. You cannot accept a VPC peering connection request that you've sent to another AWS account. If you are creating a VPC peering connection in the same AWS account, you must both create and accept the request yourself.

Important

Do not accept VPC peering connections from AWS accounts that you do not know. A malicious user may have sent you a VPC peering connection request to gain unauthorized network access to your VPC. This is known as peer phishing. You can safely reject unwanted VPC peering connection requests without any risk of the requester gaining access to any information about your AWS account or your VPC. For more information, see Rejecting a VPC Peering Connection. You can also ignore the request and let it expire; by default, requests expire after 7 days.

To accept a VPC peering connection

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Peering Connections.

  3. Select a pending VPC peering connection (the status is pending-acceptance), and choose Actions, Accept Request.

  4. In the confirmation dialog box, choose Yes, Accept. A second confirmation dialog displays; choose Modify my route tables now to go directly to the route tables page, or choose Close to do this later.

Now that your VPC peering connection is active, you must add an entry to your VPC route table to enable traffic to be directed to the peer VPC. For more information, see Updating Your Route Tables for a VPC Peering Connection.

To accept a VPC peering connection using the command line or an API

Viewing Your VPC Peering Connections

You can view all of your VPC peering connections in the Amazon VPC console. By default, the console displays all VPC peering connections in different states, including those that may have been recently deleted or rejected. For more information about the lifecycle of a VPC peering connection, see VPC Peering Connection Lifecycle.

To view your VPC peering connections

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Peering Connections.

  3. All of your VPC peering connections are listed. Use the filter search bar to narrow your results.

To describe a VPC peering connection using the command line or an API