AWS - VPC Peering Restrictions

Posted August 22, 2018 by Matthew McGeehan

Not all AWS peering connections are created equal. Below are a few things to keep in mind when designing your AWS VPC environment.

Transitive Peering

In a traditional data center setup, the connected devices in A and C would be able communicate with each other. However, if you try to implement this setup with VPC peering you will be surprised to find out that it's not going to work. For resources in VPC A to communicate with devices located in VPC C a peering connection will need to be created between the two.


Edge to Edge Routing

This is similar to transitive peering between VPCs. Let's say that you have two VPCs, A and B, that have a peering connection. VPC A has a VPN, Direct Connect, or Internet connectivity. VPC B doesn’t have any of the connectivity setup. Is it possible for VPC B to access the Internet through VPC A? Nope.

Overlapping CIDR Blocks

For those of you who have worked in an organization that has acquired another company, I'm sure you are all too familiar with overlapping IP ranges. What happens if you have overlapping IP ranges in a pair of AWS VPCs that you want to peer? The unfortunate answer is that you are out of luck.