Menu
Amazon Virtual Private Cloud
VPC Peering Guide

Modifying VPC Peering Connection Options

You can modify a VPC peering connection to do the following:

  • Enable one or more EC2-Classic instances that are linked to your VPC via ClassicLink to communicate with instances in the peer VPC, or to enable instances in your VPC to communicate with linked EC2-Classic instances in the peer VPC. For more information, see Configurations with ClassicLink. You cannot enable EC2-Classic instances to communicate with instances in a peer VPC over IPv6.

  • Enable a VPC to resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC. For more information, see Enabling DNS Resolution Support for a VPC Peering Connection.

Enabling DNS Resolution Support for a VPC Peering Connection

To enable a VPC to resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC, you must modify the peering connection.

Both VPCs must be enabled for DNS hostnames and DNS resolution.

To enable DNS resolution support for the peering connection

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Peering Connections.

  3. Select the VPC peering connection, and choose Actions, Edit DNS Settings.

  4. To ensure that queries from the peer VPC resolve to private IP addresses in your local VPC, choose the option to enable DNS resolution for queries from the peer VPC.

  5. If the peer VPC is in the same AWS account, you can choose the option to enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peer VPC is in a different AWS account.

  6. Choose Save.

  7. If the peer VPC is in a different AWS account, the owner of the peer VPC must sign into the VPC console, perform steps 2 through 4, and choose Save.

To enable DNS resolution using the command line or an API

You must modify the requester VPC peering options if you are the requester of the VPC peering connection, and you must modify the accepter VPC peering options if you are the accepter of the VPC peering connection. You can use the describe-vpc-peering-connections or Get-EC2VpcPeeringConnections commands to verify which VPC is the accepter and the requester for a VPC peering connection.

In this example, you are the requester of the VPC peering connection, therefore modify the peering connection options using the AWS CLI as follows:

Copy
aws ec2 modify-vpc-peering-connection-options --vpc-peering-connection-id pcx-aaaabbbb --requester-peering-connection-options AllowDnsResolutionFromRemoteVpc=true