Establishing a Private Database Connection through VPC Peering

Scenario:

Connection from AWS -> AWS

Pre-requisites:

Source (database for instance, Redshift) and Destination (Instances/Glue) VPCs with no colliding CIDR blocks.

For example,

  • VPC-1 (source) with CIDR = 172.10.0.0/16
  • VPC-2 (destination) with CIDR = 172.20.0.0/16

Steps to create VPC peering

Create a VPC peering connection between the VPC-1 and VPC-2

  • Go to Peering Connections in VPC-1, Create a VPC peering connection by selecting the VPC-1 id as requester and VPC-2 as accepter. Select Account and Region if necessary.
Create a peering connection

Create a peering connection
  • Accept the newly created peering connection (for example, pcx-9876a0bc) in the VPC-2 peering connections list.
Accept the peering connection

Enable DNS resolution

  • In VPC-1, select the created VPC peering connection. In Actions dropdown, select ‘Edit DNS settings’ and select the ‘Requester DNS resolution’ checkbox and Save.
Edit DNS settings
  • In VPC-2, select the created VPC peering connection. In Actions dropdown, select ‘Edit DNS settings’ and select the ‘Accepter DNS resolution’ checkbox and Save.

Configure Route tables

  • In VPC-2, select the respective route table associated with required private subnet.
  • Add a new route as:
    • Destination -> VPC-1 CIDR (172.10.0.0/16)
    • Target -> VPC peering connection (pcx-9876a0bc)
Edit route tables
  • Next, configure the same in VPC-1. In VPC-1, select the respective route table associated with Database private subnet(s).
  • Add a new route as:
    • Destination -> VPC-2 CIDR (172.20.0.0/16)
    • Target -> VPC peering connection (pcx-9876a0bc)

Configure Security Groups

  • In VPC-1, select the respective database security group
  • Add an Inbound rule to allow the connection from VPC-2 to access the database:
    • Type -> Redshift
    • Protocol -> TCP
    • Port Range -> 5439
    • Source -> VPC-2 CIDR (172.20.0.0/16)
Edit security groups

Test the connection.

Test the connection and check whether the connection is successful or not. If it is not, check the details again.

Note: Use the respective type, port range for different type of database.