- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hi Mr Jimenez,
For starters I imagine you have multiple VPCs that you are trying to peer together. In that case you must configure them in a fully meshed configuration. VPC peering is not transitive. You need to peer them all together. Here is an example:
You have 7 different VPCs and you want to access all the resources in each VPC without restriction. After you create and accept all the peering connections, you need to ensure you update each VPC's route tables with the destination route (CIDR block or potion of the CIDR block) to the peer VPC and the target which is the ID of the VPC peering connection. Please see this link for examples (link).
Just a couple of things to consider as well:
- If you have overlapping or matching CIDR blocks, please ensure your route tables are configured to avoid sending the response traffic from the source VPC to the incorrect VPC.
- You account does have a quota for the number of entries per route table. If that becomes an issue there are a couple different workarounds that might work. Please open a support ticket if you need help with this.
If you have further questions regarding architecting your peering connections I would reach out to your account Solutions Architect and work with them. They should be able to help or engage a Networking specialist if needed.
Hope this helps.
After creating the VPC peering connection, you need to add routes in the route tables of both the peered VPCs with destination IP blocks of the other VPC and with the peering connection (starting with pcx-...) as the next hop.
This could be several reasons
- VPC peering isnt transitive. It means you cant hop via 1 VPC to another to another.
- You have to add routes to your route tables in each VPC to route traffic between VPCs
- VPC CIDR Ranges have to be different and cant overlap
- Security groups on resources need to allow traffic from the other VPC
- Network Access Control Lists on subnets need to allow traffic from the other VPC
- If you are using DNS resolution you have to enable Cross VPC DNS resoultion in the DNS settings of the Peer once accepted
Useful Doc https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html
Like other mentions but I wanted to add that you can create a "transit" vpc to route your traffic to. Essentially an unmanaged Transit Gateway but you'll have to be more hands-on
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren