AWS – utilizing VPC peering connection to connect different account RDS

A scenario is that my friend and I have two AWS free tier.
My friend want to connect to my RDS through private IP instead of public IP.
Because we think the speed and security will be better.
Let RDS be public sounds not like a good idea!

In the beginning, we have to understand some limitation about peering connection.
Because I got stuck these for many hours.

  • VPCs that have overlapping CIDR blocks we cannot create peering connection .
  • In different regions we cannot create a VPC peering connection.
  • For more detail, you can check AWS document by searching VPC Peering Limitations.

For example, my VPC CIDR is 172.31.0.0/16 that means that  your VPC is 172.31.0.0 – 172.31.255.255. My friend EC2 VPC have to avoid to overlap with mine.
Otherwise, we cannot create peering connection because overlapping CIDR blocks.

OK, we go to VPC console and click Peering Connections.
Chose own EC2 VPC and enter the friend Account ID and VPC ID.
And then the friend can accept it on his VPC Peering Connections console.

You think is this done? No. we have to update route table to let peering connection active.
For example, the friend can simply put my VPC CIDR to “Destination” attribute and “Target” set to pcx-xxxxxx your VPC Peering Connection.

Remember both side all need to update route table, because when my friend finish the setting. He connects to my mysql and get handshake error! The reason is that I don’t finish setting yet and the package can’t go back to his VPC.

If my friend CIRD is 172.32.0.0/16.  I put that to “Destination” attribute and “Target” set to pcx-xxxxxx your VPC Peering Connection.

OK, done!  Hope this can reduce the time you guys to spend on VPC peer connection.
If there are any error, feel free to let me know.