Establish a Private Database Connection through VPC Peering

Scenario:

Connection from AWS -> AWS

Pre-requisites:

Source (database for instance, Redshift) and Destination (Instances/Glue) VPCs with no colliding CIDR blocks.

For example,

• VPC-1 (source) with CIDR = 172.10.0.0/16
• VPC-2 (destination) with CIDR = 172.20.0.0/16

Steps to create VPC peering

Create a VPC peering connection

Go to Peering Connections in VPC-1, Create a VPC peering connection by selecting the VPC-1 id as requester and VPC-2 as accepter. Select Account and Region if necessary.

• Accept the newly created peering connection (for example, pcx-9876a0bc) in the VPC-2 peering connections list.

Enable DNS resolution

• In VPC-1, select the created VPC peering connection. In Actions dropdown, select ‘Edit DNS settings’ and select the ‘Requester DNS resolution’ checkbox and Save.

• In VPC-2, select the created VPC peering connection. In Actions dropdown, select ‘Edit DNS settings’ and select the ‘Accepter DNS resolution’ checkbox and Save.

Configure Route tables

• In VPC-2 (destination), select the respective route table associated with the Instances/Glue private subnet(s).
• Add a new route as:
  • Destination -> VPC-1 CIDR (172.10.0.0/16)
  • Target -> VPC peering connection (pcx-9876a0bc)

• Next, configure the same in VPC-1. In VPC-1 (source), select the respective route table associated with Database private subnet(s).

• Add a new route as:

  • Destination -> VPC-2 CIDR (172.20.0.0/16)
  • Target -> VPC peering connection (pcx-9876a0bc)

Configure Security Groups

• In VPC-1, select the respective database security group
• Add an Inbound rule to allow the connection from VPC-2 to access the database:
  • Type -> Redshift
  • Protocol -> TCP
  • Port Range -> 5439
  • Source -> VPC-2 CIDR (172.20.0.0/16)

Test the connection

Test the connection and check whether the connection is successful or not. If it is not, check the details again.

Note

Use the respective type, port range for different type of database.