AWS::EC2::VPCPeeringConnection - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to a different Amazon Web Services account and can be in a different Region than the requester VPC.

The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

If the VPCs belong to different accounts, the acceptor account must have a role that allows the requester account to accept the VPC peering connection. For an example, see Walkthrough: Peer with a VPC in another Amazon Web Services account.

If the requester and acceptor VPCs are in the same account, the peering request is accepted without a peering role.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::EC2::VPCPeeringConnection", "Properties" : { "PeerOwnerId" : String, "PeerRegion" : String, "PeerRoleArn" : String, "PeerVpcId" : String, "Tags" : [ Tag, ... ], "VpcId" : String } }


Type: AWS::EC2::VPCPeeringConnection Properties: PeerOwnerId: String PeerRegion: String PeerRoleArn: String PeerVpcId: String Tags: - Tag VpcId: String



The Amazon Web Services account ID of the owner of the accepter VPC.

Default: Your Amazon Web Services account ID

Required: No

Type: String

Update requires: Replacement


The Region code for the accepter VPC, if the accepter VPC is located in a Region other than the Region in which you make the request.

Default: The Region in which you make the request.

Required: No

Type: String

Update requires: Replacement


The Amazon Resource Name (ARN) of the VPC peer role for the peering connection in another Amazon account.

This is required when you are peering a VPC in a different Amazon account.

Required: Conditional

Type: String

Update requires: Replacement


The ID of the VPC with which you are creating the VPC peering connection. You must specify this parameter in the request.

Required: Yes

Type: String

Update requires: Replacement


Any tags assigned to the resource.

Required: No

Type: Array of Tag

Update requires: No interruption


The ID of the VPC.

Required: Yes

Type: String

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPC peering connection.

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The ID of the peering connection.


Peer VPCs in the same account

This example shows how to peer two VPCs in the same account. It uses an existing VPC as the requester VPC and creates the accepter VPC.


"Resources": { "myVpc": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "", "EnableDnsSupport": true, "EnableDnsHostnames": true, "Tags": [ { "Key": "Name", "Value": "accepter-vpc" } ] } }, "vpcPeeringConnection": { "Type": "AWS::EC2::VPCPeeringConnection", "Properties": { "VpcId": "vpc-e03dd489", "PeerVpcId": { "Ref": "myVpc" }, "Tags": [ { "Key": "Name", "Value": "cfn-peering-example" } ] } } }


Resources: myVpc: Type: AWS::EC2::VPC Properties: CidrBlock: EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: accepter-vpc vpcPeeringConnection: Type: AWS::EC2::VPCPeeringConnection Properties: VpcId: vpc-e03dd489 PeerVpcId: !Ref myVpc Tags: - Key: Name Value: cfn-peering-example

See also