Connect VPCs using VPC peering - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Connect VPCs using VPC peering

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another Amazon account, or with a VPC in a different Amazon Region.

Amazon uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor an Amazon Site-to-Site VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

For more information about working with VPC peering connections, and examples of scenarios in which you can use a VPC peering connection, see the Amazon VPC Peering Guide.

Examples: Services using VPC peering and Amazon PrivateLink

While VPC peering enables you to privately connect VPCs, Amazon PrivateLink enables you to configure applications or services in VPCs as endpoints that your VPC peering connections can connect to.

An Amazon PrivateLink service provider configures instances running services in their VPC with a Network Load Balancer as the front end. Use intra-region VPC peering (VPCs are in the same Region) and inter-region VPC peering (VPCs are in different Regions) with Amazon PrivateLink to allow private access to consumers across VPC peering connections.

Consumers in remote VPCs cannot use Private DNS names across peering connections. They can however create their own private hosted zone on Route 53, and attach it to their VPCs to use the same Private DNS name. For information about using transit gateway with Amazon Route 53 Resolver, to share PrivateLink interface endpoints between multiple connected VPCs and an on-premises environment, see Integrating Amazon Transit Gateway with Amazon PrivateLink and Amazon Route 53 Resolver.

For information about the following use-cases, see Securely Access Services Over Amazon PrivateLink:

  • Private Access to SaaS Applications

  • Shared Services

  • Hybrid Services

  • Inter-Region Endpoint Services

  • Inter-Region Access to Endpoint Services

Additional resources

The following topics can help you configure the components needed for the use-cases:

For more VPC peering examples, see the following topics in the Amazon VPC Peering Guide: