By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How can I access resources in a peered VPC over site to site VPN?

0

Hi, I have a peering connection setup between VPC A and VPC B. And I've also setup a site to site VPN connection to VPC A. How can I access the resources in VPC B through the site to site VPN connection?

  • Lionel
    a year ago

    I have another questions, can we access VPC B trough the site to site VPN Connection if we have deployed an AWS Firewall network for routing purpose in VPC A?

Topics
Networking & Content Delivery
Tags
Amazon VPCNetworking & Content DeliveryAWS Virtual Private Network (VPN)
Language
English
blacktulip11
asked 3 years ago5.2K views
1 Answer
4
Accepted Answer

The short answer is you can't because VPC peering doesn't support transitive routing. The rule for transitive routing is that the traffic must either originate or terminate on a network interface in the VPC. This is why VPC Peering isn't transitive - no network interface is involved, so no route table. Also this is why Transit Gateway is transitive as its attachment points in a VPC use network interfaces.

The usual approach is for your site-to-site VPN to have VIFs to each VPC, or better still, to use Transit Gateway.

Another workaround is using a proxy instance to put a network interface into that VPC you want to transit through. See for example the standard "Transit VPC" Strategy that was more commonly used before Transit Gateway came along.

EXPERT
Steve Kinsman
answered 3 years ago
profile picture
EXPERT
Oleksii Bebych
reviewed a year ago
profile picture
EXPERT
Sedat Salman
reviewed 2 years ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content