- Newest
- Most votes
- Most comments
No, it is not possible to use VPC peering for centralised egress unless you put a proxy server (or load-balanced proxy servers for redundancy) in the egress VPC.
VPC Peering creates a direct network connection between two VPCs, allowing them to communicate using private IP addresses. However, it has a fundamental limitation: VPC Peering traffic cannot be redirected or "chained" through an intermediate VPC.
This means that:
- If VPC A is connected to VPC B, and VPC B is connected to VPC C
- VPC A cannot use VPC B as a "hub" to reach VPC C
This limitation is known as "transitive peering" and is a design restriction of the service.
To implement a centralized egress model, you have the following alternatives:
AWS Transit Gateway
- Allows you to create a central hub to manage traffic between multiple VPCs
- Supports transitive routing
- Offers more granular routing controls
AWS Cloud WAN
- Managed service to build, manage, and monitor a global WAN network
- Ideal for organizations with multi-region presence
AWS Network Firewall
- Enables implementation of centralized security controls
- Can be used in conjunction with Transit Gateway
This documentation details invalid VPC Peering configurations and explains why transitive routing is not supported: https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
Transit Gateway indeed allows transitive routing, but the question was essentially about avoiding paying for separate NAT gateways and public IP addresses for each VPC. Transit Gateway would incur both per-hour fees for each attachment (of the same price range as a NAT gateway) and per-gigabyte traffic fees for traffic passed between VPCs in addition to the cost of traffic passing through the NAT gateway (which is charged in both scenarios). The Transit Gateway approach would essentially defeat the whole purpose of centralising internet egress to save costs.