VPC Peering - Amazon Virtual Private Cloud Connectivity Options

VPC Peering

A VPC peering connection is a networking connection between two VPCs that enables routing using each VPC’s private IP addresses as if they were in the same network. This is the AWS recommended method for connecting VPCs. VPC peering connections can be created between your own VPCs or with a VPC in another AWS account. VPC peering also supports inter-region peering. Traffic using inter-region VPC Peering always stays on the global AWS backbone and never traverses the public internet, thereby reducing threat vectors, such as common exploits and DDoS attacks.

Figure: VPC-to-VPC peering

AWS uses the existing infrastructure of a VPC to create VPC peering connections. These connections are neither a gateway nor a VPN connection and do not rely on a separate piece of physical hardware. Therefore, they do not introduce a potential single point of failure or network bandwidth bottleneck between VPCs. Additionally, VPC routing tables, security groups, and network access control lists can be leveraged to control which subnets or instances are able to utilize the VPC peering connection.

A VPC peering connection can help you to facilitate the transfer of data between VPCs. You can use them to connect VPCs when you have more than one AWS account, to connect a management or shared services VPC to application- or customer-specific VPCs, or to connect seamlessly with a partner’s VPC. For more examples of scenarios in which you can use a VPC peering connection, see the Amazon VPC Peering Guide.

Additional Resources