- Newest
- Most votes
- Most comments
Yes, you can configure your AWS resources to enable connectivity between VPCs in different regions (US and Europe). As mentioned in another answer, VPC Peering will not work for this as the VPC in Europe won't be able to use the S2S VPN connection in the US VPC. You should consider using AWS Transit Gateway with inter-region peering instead. This will allow the VPC in Europe to reach on-premise infrastructure in the US via the S2S VPN.
At a high-level, you will need to do the following:
- Create a Transit Gateway in both regions where you have VPCs deployed following design best practices
- Attach your VPCs to their corresponding Transit Gateways
- Create an inter-region peering attachment between Transit Gateways
- Configure route tables on each transit gateway
- Transit Gateway in US should have a route to Europe VPC CIDR
- Transit Gateway in Europe should have a route to US VPC and on-premise CIDR
- Europe VPC route table should have a route to on-premise CIDR pointing to the Transit Gateway attachment
- Configure on-premise router with a route to Europe VPC CIDR
- Modify the the S2S VPN target used to connect to on-premise as outlined here
You can reference this blog article for a more comprehensive description of this type of architecture. Note that there are costs (attachment hours and data processing charges) associated with using AWS Transit Gateway, please reference the pricing page for additional details.
VPC Peering is non-transitive so you wont be able to connect from on-premises via VPN and then peering to a VPC in Europe. Its called out here:
If VPC A has a VPN connection to a corporate network, resources in VPC B can't use the VPN connection to communicate with the corporate network.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
Note that you can "share" a VPN between multiple VPCs using Transit Gateway; and you can peer Transit Gateways between regions - so technically you can do this but it will increase the cost of the solution.
Correct, in addition to the additional cost it also creates regional dependency. It would be much better to create a new VPN for EU region.