I need some help with VPC peering and VPN configurations in AWS. I have two VPCs:
Old VPC : This VPC has an existing Site-to-Site VPN connection.
New VPC: I want instances in this VPC to communicate with the Site-to-Site VPN connection in the old VPC.
I am considering setting up a VPC peering connection between these two VPCs. My question is: Can I use the Site-to-Site VPN connection in the old VPC from the new VPC via VPC peering? If yes, could someone guide me through the steps required to set this up?
Here’s a bit more context:
Both VPCs are in the same region (us-east-1).
I need the instances in the new VPC to access on-prem resources via the existing VPN in the old VPC.
I am familiar with basic AWS networking, route tables, and security groups.
Any detailed instructions, best practices, or potential pitfalls would be greatly appreciated!
Also, can you recommend any books on AWS network? I come from a SWE background and network is very complicated for me.
Thanks!!
Nope, unfortunately: `transitive peering relationships are not supported`. The official answer is that you should use Transit Gateway for this.
If your workload allows it though, you can throw a load balancer in the VPN-VPC and add your VPN targets there. The load balancer is “in” the VPC, so the peered VPC can reach it. Both solutions cost about the same though, so pick your poison.
As others mentioned above, you cannot use AWS-managed VPN via VPC Peering. It if you like you can do so via a VGW+IGW path. In this way you’ll rely upon the AWS Internet path within the region.
This will mitigate the need to use any TGW, or self-managed VPNs.
Nice, thanks.
Workload is quite low since this is just for our test environment.
In terms of setting it up, do you think the load balancer way is easier to set up? Transit Gateway seems very complex, but that may be due to my lack of familiarity with Network in general tho.
kind of the same, both VPC peering and TGW need you to set up all routes correctly, VPC peering and an ELB would add the ELB. Though if you already have an internal LB, you can of course utilize that.